#!/bin/bash -eu

fatal() { echo "FATAL: $@" 1>&2; exit 1; }
warn() { echo "WARN: $@"; }
info() { echo "INFO: $@"; }

usage() {
cat<<EOF
Syntax: $0 client-name
Revoke a client's certificate

Arguments:

    client-name         Unique name for client
EOF
exit 1
}

if [[ "$#" < "1" ]] || [[ "$#" > "1" ]]; then
    usage
fi

client_name=$1
shift # remove processed arguments

for item in "$@"; do
    case $item in
        *)
            echo "what? $item"
            usage
    esac
done

EASY_RSA=/etc/openvpn/easy-rsa
export EASYRSA_VARS_FILE=$EASY_RSA/vars

read_var() {
    name=$1
    sed -n 's/set_var '"$name"' "\(.*\)"/\1/p' $EASY_RSA/vars
}

export EASYRSA_PKI=$EASY_RSA/keys
cd $EASY_RSA
$EASY_RSA/easyrsa revoke $client_name
$EASY_RSA/easyrsa gen-crl
mv $EASYRSA_PKI/crl.pem $EASYRSA_PKI/crl.jail/etc/openvpn
chown nobody:nogroup $EASYRSA_PKI/crl.jail/etc/openvpn/crl.pem
chmod +r $EASYRSA_PKI/crl.jail/etc/openvpn/crl.pem

rm "$EASYRSA_PKI/$client_name.ovpn"
info "revoked $EASYRSA_PKI/$client_name.ovpn"


