From 08016ed7b261f4d255aca9d4cf1ecd3ec2de48ed Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Tue, 16 Jul 2019 16:49:54 +0200
Subject: [PATCH] get_all_keys.sh: add support for new easyrsa layout.

---
 .get_all_keys.sh.swo | Bin 0 -> 32768 bytes
 get_all_keys.sh      |  89 +++++++++++++++++++++++++++++++------------
 2 files changed, 64 insertions(+), 25 deletions(-)
 create mode 100644 .get_all_keys.sh.swo

diff --git a/.get_all_keys.sh.swo b/.get_all_keys.sh.swo
new file mode 100644
index 0000000000000000000000000000000000000000..a2d555a4de526f3325782f3460e4df0647aa9de6
GIT binary patch
literal 32768
zcmeI43y@@0d4MnIqARe=BVa*k_DoN+GqY<?&&+}@!w#_S4!YT8W-~MFBQvwTce?NF
zw9|9Dz1_VJhY`?dA}LHHi4{`@lNbv~iieUCD~btAVhTzT(71pBW648ZB(X$|Mnb-G
z&ONtp_x3!NxTwkLs;~R@z2~0Cf1dw;|8pn0c5Jy)tnci0_?+Q5N4}LB|6bo&&W}Im
zI6<*kk*62?6nidOEQq?Eu9kyzp_p|G>2i=w7fYVMzvQR)d6kS?C}gI+L*>r$)RLmI
zfvg0q1dc}n)yiaQ{prrSp6)JrTWg|4oPE|+#}k7MYb9VMU?pHBU?pHBU?pHBU?pHB
z@GCBXO6e5m8p^ONEXS?k?@0~6uL=L39{%3kaQ#)`|1-niPc>XWIsD%r{{Cab^;5$C
z$_~Nt_ZzOiI{bfH_}dz0(Bv~bZGWr;tOTqCtOTqCtOTqCtOTqCtOTqCtOTqCtOS}!
zz|A?%X(-<tq=L`$f1{uO=Ss)<XSf$W5BI>wU?;pDPKFm(IL?>g&)|3Aeem1xc6b}C
zf-hn)xF2qX9JsI-w!m6A6aE{e{@d^fJPe<P8{zfvlT#h%>+mQXfm`4pycRz7I>-4S
zyaO_jhGp>Na>uy?J`R5hH^L2YCai$d;XAJ-P51)*4g59q!b$KoWN{bV1|@haNcp^o
zoF0HVXn}L#2!@jf;R|pd9EN+~kKuYK!+&AC_yK$rJ`BGH9;}C7hr<|8?uLU<gnf{M
zEbM`|z?<M4xCukbhv9PQg*3c^A0dR7ohph%!r^c-FTeTda~rdj{C-bt#g9Ww76UPe
zgU62T1ETB&`}0{(v?ar%jPK5PZ6fb;YIbmY{{W#fTl;rsHg6f4YwJ~Udxf&+sK|Bf
zDNiI8OJJ;P-MZ24nYv`uxfz+3I$GB=V?rI1vJR?~&rgbE#S3QgzFQENh{}}b%iNg4
zb9r=BBxhS)RpyKv1f!Ra&xzE&is%yK<KZ1LxZ`Ls<%+&3P$ah~Mh=F(Anz7>i8Qm{
zEvOi~h*5}519d06$LExQ<h?Z+nV6)QVv$8<jmN3W8OD5U2olgCOfvJxf(W);G2GYI
z+a?0f&54vNOe$i-h7BU2OQLft+k?C+D<U}?c>9afUM>>bB_daJh|h?Z!$?N@+>pNG
z1U9ZkQ!tW>H{wu~C#rQd%E>k_)iJ~d8c6d`)NHt1>zix)+GT5`=ICN`y~*}Uke?Ar
z9mRaNG*6)ZY;^CUX=Sp0N20^wcDhrG$QJ#IoA=B81#ialD|8kDBxIj4b)NN2_ejJB
zpjv`>%;_MiaAApRsgRI#s$*c9r|`9)i)2Vf(>ybr?n@-wr6XUtTo4B@>bh8nlwT}X
zD<W0#4)QI#dnW4z6>+uL7kDKxT%CA_m#y@g|EXfXNNgGyE3fH;(LHY(Uz^~Xdth3$
z&6a|^UrDZ;YwJijQgmSrlBlW73p&^60j74TeZnn!a)wbtCFz8``@mGb;Hd#C9IXP8
z%89l%p>wB3pm3zl`;*LY14RO=VM<8P#ApU#eu-v|q5d6%Tl+Uhb5}SVG@JYu7(Kj$
z`EsS)nQ+W_KF?GU)jg8n6R+N|^ij*MRjv*zhw%Q5!@GxuH)ghN+&y^JNM@jaXRKZ6
zVD)Wp-iAeB6VkM=1v6mEr4#XjfXRS%lXYdgFBJD>CaD`)OF96VWpYiG;}>glst&_<
z*q~B*QPyqBoY^#Bj#5RDs&8KDuzh7^6V0{twTaYZPn7Z!8}z*OpN`t)TxW82Xh&vK
z|IkRLf7i&I=($uxMHOSRq-sjkLsI>$sLz?+PbD!qYMHR$FoJIg)G#xIEqT(dFy%HC
z^}<4yEs#-mL)5pkK|ywA@;oE9_g`tcci7iuFW)q@EhDe=TpBN_sU&J)&scfwuo{8I
zKy_xq3woP%bSar*%cz=S*v1$|b!XPA4%QW+5Op8UdD(&+cyc*X8<d^+*=Rg#JWFGa
zpEB9dgI}{NwMuAqRYq4|5kqo7aVz<vFADT|mcOCY+Js-M&?2gSu2ZxRd!E?u2BOVe
zrGe`DYN5GOpW*ogy~6ZiJvf9F&JtYY@&V&)F*rmj4QuRqQfmwqPc=uX4cFtTJF>(2
z4LQ5|Y7u5s4%iKM&!uTnoh5IEv03Lm)?NA%>H<x{+@(4a>Op3>e`w3bZOtN7!-omq
zFfum}Z^os%l(S42vJsk?mXLB<PH^SS#39o{<M%HiC+V=I9UBj|zQDL`8kbSSOqN4c
zDqiTfZXE7c>Q!1!W~zXy^iuy{fu8Pz)c?)%`>&$ke;NJ?#zE@+BQOlB;Z!&UzRP{j
z!ZYwR{5{+RGQPF&Z|L`rg4F;20=@(Hf)CTM6;6Ry!O8FxI{yQ3Kim%2!%Fx*`u<no
zA^0-<Ih5dRxCfp8BTxlt3+RP2;5G0Py8ch${qSCR5A1<)=z}D*!d>Y7H^30ILlT}u
z=YIkog};Sc;YK(YR={28|F^+k!nH6A7sC_i{ExsNg0um=2d;s4!y))hxB}8}H~Rk_
zunUIZZO{TQpzA*l?}jp52y3Ag1gwJd;Ropd--d_bw_pf<hEv3k;Ap*b1Z{eL{c5At
z-5aJ*tGlBrse!`k?s{E+e3l`zdSDe`O+!mJ4TV~b64~Nrp^b%t$g&Qsc)1g38d_2+
z3n+Le$~+X8RnyTcTE<W2{Tz0;h6MuF#gtZ*FS~3^t;Ix2soY&CP~{>@d+J@H!&%Py
zZ29uqVtQeN!gAIuFVnuUJS@<{2{4Z>QBV6h86K90%R0H93J<l}A$H*vG&&eV`H3|)
znBi*?8xxgbLjM0Y1(;fin*dN^tls|%(ECk`T$18$lqhW~8Tw_@(CJ`&2Dh7E{jh9N
zrPKsBze~Jr2(`S4F8gwFuuxQWPyCvzsio<>T6`|70c)!Wv(&=YiLj23wSe|by7C#C
zF$6RTPzkDDXnet59J6E8G-{dEm?g$ED5I5!HW~9YR9dH%aYor@q}iutpD}U93^Xl9
z3RqaM{>1GtCbUf4Ja7!32rioDKAzP2#4Yvz>(JBXb9|})qiU<q*U{~7hd+Y#kb>t4
zBX#^I;Bj~i9t3%>{Iwq|0V@G30V@G30V@G30V@G30V@G30V@G3fmcQX*@EZ#nQBS!
zjw|g{Fpn#heh`XTLp!9@IoST6^}4ND@M}+3r2hX9mGcKYOP2cotzktyhrWLl?t{Z{
z2S|IsP4EFY1O=Fe&5(u`I2V2m&W2aR_pl3m1Ej6s2z(8sz2NU)3eJI(!GV`}{{K^W
z4vxYn;Wqda_z>)dG{}7eZSV&8E(Qy^ci>rg96k&0f-x9@_0R)vfb-!zI0Kf!^Y{*Y
z7H$I{CgJVS3(Mdo{0CluXW%LL7CZ(I!rgEk9D+Tt3$BE%@EfoZ-VCeYS^NvW0f*sp
z@JW#S6K;o3zz5-4*b34o;Vp0xTnK46A6CM{_$2%j+y{r@Uib&N6Fvmj!L{Il3)|ol
zcr!?Uh87U83Rc3?_%Qqnd=)+eAB7?4gynD)Uxo)k`Z(MIH^bGi8+O1|FarIs8P0<h
z@Fac>Ux816^moXE3nQ=%E`(KZ27C!$hmS)ACSWIQhBv}#@I3AEX?Ozu6^_8CLAKZ5
zhu?wshsW3RyAn==Q{icRA=Iadm9UBJEF3WoxB-q#14ZegJDJ~C4Ya?ObWs#-@|^Nk
zY^&{X7#xtJNYfn-+M#RA*H+lt_qL*&%lrF8&YN_rg-Tgo!Ix}*K03&HYLkStjjA-|
zV>;y#$mpajf>BQT!VofpCWJO<I>ffX_~#dWd;|N*hdbf*3KgqNzs^l0c0z6~7^_@?
z!8AMNiSRz5?US)!3HBd2;s3h*37NsIeaf1uFY>L5Ja0*pnJojgy$%GQzsNeMqa&ua
z^W}`MTnsVT5=%m?Uaee8<=%rR79}iwXU%}BqfnlO+$dwzzJ@KhF%NFlzL=bp^G7rJ
zDW?&x%d%?IGJj%q(B3ZcYuAbn<p>_e!-kE~<ZOO!++;4QYjrl}gArw2`-?_@>s>{o
zXjP5snQrG)K075g)wSsIRIysfi3v{>XpUa)vRHWIZ-~R`v8l*M&E0W>cjR1|7x_M>
zUSk2*k5mQ*8xmH%f_9_3W%DEojY)*NXH;&CfV5X=Wu~P1iuSJ0n7{Ok=(u%FYR*9}
z(Fu9cxQSmNALgp7=1gC*_Ba>sb<^inrA7aw(8CAS(YZPDpuA<GGqR@k7RprZfnqRC
zU(4W^$wL<6Ov~o)1*tWi@*fWh(>ZT{+OHN0dv!aD#Oms%Z;IX5-Vt{<jna}ilGmJ8
zk&1uxe=#IC>1>KO0k&xcMfO2NF&uNJsY<gIs^NJ_bUOZ&q`v0Ji;PtaRefI$dC0>R
z=Dy43%j>2oFFTD30#5v;zze*0R`cb2#Va?-prh(8@G4ct?QU6*vIabv5QFFCy*+aY
z=|>{_e<JB6L|-4j-Rgl2qe6IJmkgr!XQ>wy3(r9)bvrcLJH)KhDvP62)ay%<(>=@#
zpXy(@3v0A-&)F6nsKdwh<E%N?)ZL`_)X^!9*?6WlB(!(ThAGDqY{<l@*vafA#axTt
zJlirkZOGd?vmY+J^O)>4%aDnSEUW2qX?g2cj{i%}S+~iVy6<@NrFR+BG8U-@s)@`m
zLW&mq3}=IUsUi-zWz%NyH0tEjq~^FyN6W#exIztnixyTDYh6^-SbFSy@q%iJ^mNgq
zi8hvZlccOu)7YZ8UY6L@gTtEC@b*tLpr*@HB}R%;C7E<cGir6Zz@)Bxzt<#0_ob_Q
zWQZn>P6rtq%hp242|(;UkQJ$HV=_1(#kK&6WcOU#UXk+NDJPzW?U=iWQ(W2@fg{Bv
zr)UZz!j2PmcD8?cINv9dmnT$|>VOE$@XJuVy1U~NhgAfXp!z*Ua`2XtMPmns8fud5
z`iZQ3_B`9&+PY@6r7LyuINOn!8r4+Mx<CNAA~9o+z)?OtR*h4RF)|@WO%_{4Q7V?p
z`H6zsJt{9m8BoRGp>UHdG%1cOk6sm-A{n`a)hGu{wjJoE&4FBe@^gXyQ6(JhEtlM^
z*E`O_jDpHc2Hs4OUB8vU%@^dz!+ME)$xtFY<pwC7UQm|VmRlOaC|kprFBom9#faqU
zqePiktK|7()MK@dm%&u->QiN#e}rx}noSg3e>y|vz1Yoc%Bs-pWX5aP<v+TF+Jh18
zTaqVR#da@Hn`7uF`vP}HsQX!AmAz@tD<K&6bBERml?t^R|LBQL49gjBvg+fFUG$sG
zb|z6)C^OR)Z>Gd-A6r-;-ged(a-krS?W|%8CATsql3g9_<#1YC)EoFG@_w2(?+aEt
zQ|kHuH_-*}MZc8#zj^=O&(PhC&VN0}*T57!ho1fvd;s1H2Vn<vz)H9ao%|NagWTu8
z3$B6@7zCrYFXQ+Ibny2<C$z&G;m7FR55S!;0$bp9a1#6kUHV7xL--H4A3hH^Ll?Be
zBb4KdAj|U^D8eL2efo!#^8wfiJ77JW4QIho^xbFRn_xdy0#*W60#*W60>APSU~%GQ
zYhR1MyM?fNJ-FaIUKS3tv^aj=?}=GLwsn#VXMXXWaL0XrbVGEY7TJ*=rB%A)*@H(!
z(I=)5{x4#*Z{!IDs>R74tortiJZRC)-}a<D<xl9gt3^{#hLKnHeNSd<f!)=2TrYfz
z?^Lt9`WAVmn0{?fvrVIpG*YYgax`q{YuFD`+t{~efqi`paZ3OH7<&7^gVg^~%hl&a
zbbV<9cmW=Rhv6Z(6FvfRU%+`FpZA{w>i+Ov`(q_wC153BC153BC153BC153BC153B
zC154+3zmTNIN?o&@%IJ%a(Mzv&m!YIQ!Z8myeJYi|2*R}sT>d@uf4jL4;W*x`jvh`
V+QX=4CY92DM8qH3^rV~S{{S2-7|j3x

literal 0
HcmV?d00001

diff --git a/get_all_keys.sh b/get_all_keys.sh
index 5edfffb..12d874a 100755
--- a/get_all_keys.sh
+++ b/get_all_keys.sh
@@ -11,9 +11,16 @@ clean_up() {
 
    # Perform program exit housekeeping
    rm -f "$log_file"
+   blank_line
    exit $1
 }
 
+blank_line() {
+   if $terminal ; then
+      echo ""
+   fi
+}
+
 trim() {
     local var="$*"
     var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
@@ -98,7 +105,6 @@ containsElement () {
 
 
 
-
 # -------------
 # --- Check some prerequisites
 # -------------
@@ -131,8 +137,6 @@ if [[ ${#conf_file_arr[@]} -lt 1 ]] ; then
 fi
 
 
-echo ""
-
 declare -i i=0
 
 if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
@@ -162,6 +166,7 @@ if [[ ${#conf_file_arr[@]} -gt 1 ]] ; then
 
 else
    conf_file=${conf_file_arr[0]}
+   service_name="${conf_name_arr[0]}"
 fi
 
 echo ""
@@ -181,18 +186,47 @@ else
       fatal "OpenVPN base diretory not '$OPENVPN_BASE_DIR' not found!"
    fi
 fi
-[[ -n "$KEY_DIR" ]] || KEY_DIR="${OPENVPN_BASE_DIR}/keys"
-[[ -n "$CRL_PEM" ]] || CRL_PEM="${KEY_DIR}/crl.pem"
 
-if [[ ! -d "$KEY_DIR" ]] ; then
-   fatal "Key directory '$KEY_DIR' not found. (See var 'KEY_DIR')"
+if [[ -d "${OPENVPN_BASE_DIR}/pki" ]] ; then
+   EASYRSA_LAYOUT_NEW=true
+else
+   EASYRSA_LAYOUT_NEW=false
+fi
+
+
+if [[ -z "$OPENVPN_KEY_DIR" ]] ; then
+   if $EASYRSA_LAYOUT_NEW ; then
+      OPENVPN_KEY_DIR="${OPENVPN_BASE_DIR}/pki"
+   else
+      OPENVPN_KEY_DIR="${OPENVPN_BASE_DIR}/keys"
+   fi
+fi
+
+if $EASYRSA_LAYOUT_NEW ; then
+   OPENVPN_REVOKED_KEY_DIR="${OPENVPN_KEY_DIR}/revoked/certs_by_serial"
+   OPENVPN_CERT_DIR_SERIAL="${OPENVPN_KEY_DIR}/certs_by_serial"
+   RV_CERT_EXT="crt"
+else
+   OPENVPN_REVOKED_KEY_DIR="${OPENVPN_KEY_DIR}"
+   OPENVPN_CERT_DIR_SERIAL="${OPENVPN_KEY_DIR}"
+   RV_CERT_EXT="pem"
+fi
+
+[[ -n "$CRL_PEM" ]] || CRL_PEM="${OPENVPN_KEY_DIR}/crl.pem"
+
+if [[ ! -d "$OPENVPN_KEY_DIR" ]] ; then
+   fatal "Key directory '$OPENVPN_KEY_DIR' not found. (See var 'OPENVPN_KEY_DIR')"
 fi
 if [[ ! -f "$CRL_PEM" ]] ; then
    fatal "Revokation list '$CRL_PEM' not found. (See var 'CRL_PEM')"
 fi
 
+declare -a revoked_arr
 declare -a revoked_serial_arr
 declare -a revoked_cn_arr
+declare -a all_arr
+declare -a all_cn_arr
+declare -a active_arr
 
 while read -r _serial ; do
    revoked_serial_arr+=("$_serial")
@@ -203,38 +237,44 @@ fi
 
 if [[ ${#revoked_serial_arr[@]} -gt 0 ]]; then
    for _serial in ${revoked_serial_arr[@]} ; do
-      _cn="$(openssl x509  -noout -text -in ${KEY_DIR}/${_serial}.pem 2> $log_file \
+      _cn="$(openssl x509  -noout -text -in ${OPENVPN_REVOKED_KEY_DIR}/${_serial}.${RV_CERT_EXT} 2> $log_file \
          | grep -i subject | grep CN | grep -o -E "CN\s*=\s*[^/,]+" | cut -d'=' -f2)"
       if [[ -s "$log_file" ]]; then
          error "$(cat "$log_file")"
       else
          revoked_arr+=("$_serial:$(trim $_cn)")
          revoked_cn_arr+=("$(trim $_cn)")
+         if $EASYRSA_LAYOUT_NEW ; then
+            all_arr+=("$_serial:$(trim $_cn)")
+         fi
       fi
    done
 else
-   info "No revoked keys in \033[1m${KEY_DIR}\033[m for OpenVPN service \033[1m$service_name\033[m exists."
+   info "No revoked keys in \033[1m${OPENVPN_REVOKED_KEY_DIR}\033[m for OpenVPN service \033[1m$service_name\033[m exists."
 fi
 
 while IFS= read -r -d '' _cert ; do
 
-	_serial="$(basename "$_cert")"
-	_serial="${_serial%.*}"
+   _serial="$(basename "$_cert")"
+   _serial="${_serial%.*}"
 
    _cn="$(openssl x509  -noout -text -in $_cert | grep Subject: | grep -oE "CN\s*=\s*[^,]+" | awk '{print$3}')"
-	all_arr+=("${_serial}:$(trim $_cn)")
-	if ! containsElement "$_cn" "${revoked_cn_arr[@]}" ; then
-		active_arr+=("${_serial}:$(trim $_cn)")
-	fi
-done < <(find ${KEY_DIR}  -name "??\.pem" -print0 | sort -z )
+   if ! containsElement "$_cn" "${all_cn_arr[@]}" ; then
+      all_arr+=("${_serial}:$(trim $_cn)")
+      all_cn_arr+=("$(trim $_cn)")
+   fi
+   if ! containsElement "$_cn" "${revoked_cn_arr[@]}" ; then
+      active_arr+=("${_serial}:$(trim $_cn)")
+   fi
+   
+done < <(find ${OPENVPN_CERT_DIR_SERIAL}  -name "*\.pem" -print0 | sort -z )
 
-echo
 if [[ ${#all_arr[@]} -gt 0 ]]; then
    echo ""
    if $terminal ; then
-      echo -e "All created Keys for OpenVPN service \033[1m$service_name\033[m in \033[32m\033[1m${KEY_DIR}\033[m:"
+      echo -e "All created Keys for OpenVPN service \033[1m$service_name\033[m in \033[32m\033[1m${OPENVPN_KEY_DIR}\033[m:"
    else
-      echo "All created Keys for OpenVPN service '$service_name' in '${KEY_DIR}':"
+      echo "All created Keys for OpenVPN service '$service_name' in '${OPENVPN_KEY_DIR}':"
    fi
    echo ""
    for _val in ${all_arr[@]} ; do
@@ -251,9 +291,9 @@ echo
 if [[ ${#revoked_arr[@]} -gt 0 ]]; then
    echo ""
    if $terminal ; then
-      echo -e "Revoked Keys for OpenVPN service \033[1m$service_name\033[m in \033[32m\033[1m${KEY_DIR}\033[m:"
+      echo -e "Revoked Keys for OpenVPN service \033[1m$service_name\033[m in \033[32m\033[1m${OPENVPN_KEY_DIR}\033[m:"
    else
-      echo "Revoked Keys for OpenVPN service '$service_name' in '${KEY_DIR}':"
+      echo "Revoked Keys for OpenVPN service '$service_name' in '${OPENVPN_KEY_DIR}':"
    fi
    echo ""
    for _val in ${revoked_arr[@]} ; do
@@ -270,9 +310,9 @@ echo
 if [[ ${#active_arr[@]} -gt 0 ]]; then
    echo ""
    if $terminal ; then
-      echo -e "Active Keys for OpenVPN service \033[1m$service_name\033[m in \033[32m\033[1m${KEY_DIR}\033[m:"
+      echo -e "Active Keys for OpenVPN service \033[1m$service_name\033[m in \033[32m\033[1m${OPENVPN_KEY_DIR}\033[m:"
    else
-      echo "Active Keys for OpenVPN service '$service_name' in '${KEY_DIR}':"
+      echo "Active Keys for OpenVPN service '$service_name' in '${OPENVPN_KEY_DIR}':"
    fi
    echo ""
    for _val in ${active_arr[@]} ; do
@@ -285,6 +325,5 @@ if [[ ${#active_arr[@]} -gt 0 ]]; then
    done
 fi
 
-echo
-exit
+clean_up 0