From ba6d753101acd2a5c0f5dec28eab3683366a8f8e Mon Sep 17 00:00:00 2001 From: Christoph Date: Mon, 15 Jul 2019 23:19:37 +0200 Subject: [PATCH] Add support for esyrsa new layout. --- build_key-pass.sh | 100 +++++++++++++++++++++++++++++----------------- 1 file changed, 63 insertions(+), 37 deletions(-) diff --git a/build_key-pass.sh b/build_key-pass.sh index a41ac31..573accf 100755 --- a/build_key-pass.sh +++ b/build_key-pass.sh @@ -233,8 +233,14 @@ fi EASY_RSA_DIR="${OPENVPN_BASE_DIR}/easy-rsa" +if [[ -d "${OPENVPN_BASE_DIR}/pki" ]] ; then + EASYRSA_LAYOUT_NEW=true +else + EASYRSA_LAYOUT_NEW=false +fi + if [[ -z "$OPENVPN_KEY_DIR" ]] ; then - if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 9 ]] ; then + if $EASYRSA_LAYOUT_NEW ; then OPENVPN_KEY_DIR="${OPENVPN_BASE_DIR}/pki" else OPENVPN_KEY_DIR="${OPENVPN_BASE_DIR}/keys" @@ -242,12 +248,14 @@ if [[ -z "$OPENVPN_KEY_DIR" ]] ; then fi if [[ -z "$OPENVPN_CCD_DIR" ]] ; then - if [[ "$os_dist" = "debian" ]] && [[ $os_version -gt 9 ]] ; then + if $EASYRSA_LAYOUT_NEW ; then OPENVPN_CCD_DIR="${OPENVPN_BASE_DIR}/ccd" else OPENVPN_CCD_DIR="${OPENVPN_BASE_DIR}/ccd/server-${OPENVPN_NAME}" fi fi +_CA_CERT="${OPENVPN_KEY_DIR}/ca.crt" +_TA_KEY="${OPENVPN_KEY_DIR}/ta.key" EMAIL_PREFIX="$(echo $KEY_EMAIL | cut -d '\' -f1)" @@ -271,6 +279,14 @@ if [ -z "$NEW_KEY_NAME" ]; then done fi +if $EASYRSA_LAYOUT_NEW ; then + _CLIENT_CERT="${OPENVPN_KEY_DIR}/issued/${KEY_CN}-${NEW_KEY_NAME}.crt" + _CLIENT__KEY="${OPENVPN_KEY_DIR}/private/${KEY_CN}-${NEW_KEY_NAME}.key" +else + _CLIENT_CERT="${OPENVPN_KEY_DIR}/${NEW_KEY_NAME}.crt" + _CLIENT__KEY="${OPENVPN_KEY_DIR}/${NEW_KEY_NAME}.key" +fi + for _name in $key_names_reserverd ; do [[ "$_name" = "$NEW_KEY_NAME" ]] && fatal "Name '$NEW_KEY_NAME' cannot be used - its a reserved name!" done @@ -315,10 +331,11 @@ echo "" echo "OpenVPN Base directory..: $OPENVPN_BASE_DIR" echo "" echo "" -echo "Key Name................: $NEW_KEY_NAME" +echo "Client Key..............: $(basename "$_CLIENT__KEY")" +echo "Client Cert.............: $(basename "$_CLIENT_CERT")" echo "Key Password............: $KEY_PW" -info "Going to create key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m.." +info "Going to create \033[37m\033[1m$(basename "$_CLIENT__KEY")/$(basename "$_CLIENT_CERT")\033[m.." echo -n "To continue type uppercase 'YES': " read OK echo "" @@ -340,12 +357,16 @@ echo "" # - source file vars # - echononl " Load configuration '${EASY_RSA_DIR}/vars'.." -source ${EASY_RSA_DIR}/vars > "$log_file" 2>&1 -if [[ $? -eq 0 ]] ; then - echo_ok +if $EASYRSA_LAYOUT_NEW ; then + echo_skipped else - echo_failed - error "$(cat $log_file)" + source ${EASY_RSA_DIR}/vars > "$log_file" 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + error "$(cat $log_file)" + fi fi @@ -363,15 +384,21 @@ echo "" echo -e " \033[32mNow create the key \033[37m${NEW_KEY_NAME}.key\033[32m. This is an interactive procedure.\033[m" echo "" echo -e " Enter \033[37m\033[1m${KEY_PW}\033[m for Password" -echo -e " Enter \033[37m\033[1m${KEY_CN}-${NEW_KEY_NAME}\033[m as commonName" -echo "" -echo " For all other entries simply type or confirm with 'y'" +if ! $EASYRSA_LAYOUT_NEW ; then + echo -e " Enter \033[37m\033[1m${KEY_CN}-${NEW_KEY_NAME}\033[m as commonName" + echo "" + echo " For all other entries simply type or confirm with 'y'" +fi echo "" echononl "Type to continue: " read ok echo "" -${EASY_RSA_DIR}/build-key-pass ${NEW_KEY_NAME} +if $EASYRSA_LAYOUT_NEW ; then + ${EASY_RSA_DIR}/easyrsa build-client-full ${KEY_CN}-${NEW_KEY_NAME} +else + ${EASY_RSA_DIR}/build-key-pass ${NEW_KEY_NAME} +fi if [[ $? -eq 0 ]] ; then info "Building key '${NEW_KEY_NAME}.key' was successfully." else @@ -386,8 +413,8 @@ echo "" echononl " Add new key credentials to file ${OPENVPN_BASE_DIR}/keys-created.txt" cat << EOF >> ${OPENVPN_BASE_DIR}/keys-created.txt -key...............: ${NEW_KEY_NAME}.key -common name.......: ${KEY_CN}-${NEW_KEY_NAME} +key...............: $(basename "$_CLIENT__KEY") +common name.......: $(basename "${_CLIENT__KEY%.*}") password..........: ${KEY_PW} EOF if [[ $? -eq 0 ]] ; then @@ -470,7 +497,8 @@ persist-tun EOF -_file="${OPENVPN_BASE_DIR}/keys/ca.crt" + +_file="${_CA_CERT}" _found=false while IFS='' read -r line || [[ -n $line ]]; do if [[ "$line" =~ "-----BEGIN" ]] ; then @@ -491,7 +519,7 @@ cat << EOF >> "$_client_conf_file" 2> $log_file EOF -_file="${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" +_file="${_CLIENT_CERT}" _found=false while IFS='' read -r line || [[ -n $line ]]; do if [[ "$line" =~ "-----BEGIN" ]] ; then @@ -512,7 +540,7 @@ cat << EOF >> "$_client_conf_file" 2> $log_file EOF -_file="${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.key" +_file="${_CLIENT__KEY}" _found=false while IFS='' read -r line || [[ -n $line ]]; do if [[ "$line" =~ "-----BEGIN" ]] ; then @@ -561,7 +589,7 @@ key-direction 1 EOF -_file="${OPENVPN_BASE_DIR}/keys/ta.key" +_file="${_TA_KEY}" _found=false while IFS='' read -r line || [[ -n $line ]]; do if [[ "$line" =~ "-----BEGIN" ]] ; then @@ -696,26 +724,23 @@ fi if $_copy_to_user_home_dir ; then _home_dir=$(eval echo "~$user_name") + _target_dir="${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" _failed=false echo "" - echononl " Copy key material into dir '${_home_dir}/${KEY_CN}-${NEW_KEY_NAME}'.." + echononl " Copy key material into dir '${_target_dir}'.." mkdir -p "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true fi - cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.key" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 + cp -a "${_CLIENT__KEY}" "${_target_dir}/" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true fi if [[ -n "$ORG_SHORTCUT" ]]; then - cp -a "$_client_conf_file" \ - "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${ORG_SHORTCUT}-$(basename $_client_conf_file)" \ - >> $log_file 2>&1 + cp -a "$_client_conf_file" "${_target_dir}/${ORG_SHORTCUT}-$(basename $_client_conf_file)" >> $log_file 2>&1 else - cp -a "$_client_conf_file" \ - "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN/VPN-/}-$(basename $_client_conf_file)" \ - >> $log_file 2>&1 + cp -a "$_client_conf_file" "${_target_dir}/${KEY_CN/VPN-/}-$(basename $_client_conf_file)" >> $log_file 2>&1 fi if [[ $? -ne 0 ]] ; then _failed=true @@ -723,28 +748,29 @@ if $_copy_to_user_home_dir ; then # - Configuration for Windows OpenVPN # - - cp -a "$_client_conf_file" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.ovpn" + cp -a "$_client_conf_file" "${_target_dir}/${KEY_CN}-${NEW_KEY_NAME}.ovpn" if [[ $? -ne 0 ]] ; then _failed=true fi - cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 + cp -a "${_CLIENT_CERT}" "${_target_dir}/" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true fi - cp -a "${OPENVPN_BASE_DIR}/keys/ca.crt" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 + cp -a "${_CA_CERT}" "${_target_dir}" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true fi - cp -a "${OPENVPN_BASE_DIR}/keys/ta.key" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 + cp -a "${_TA_KEY}" "${_target_dir}" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true fi - cat << EOF > "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/passwd.txt" - key...............: ${NEW_KEY_NAME}.key - common name.......: ${KEY_CN}-${NEW_KEY_NAME} + cat << EOF > "${_target_dir}/passwd.txt" + key...............: $(basename "$_CLIENT__KEY") + common name.......: $(basename "${_CLIENT__KEY%.*}") password..........: ${KEY_PW} EOF - echo "${KEY_PW}" > "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/ovpn_pass" + + echo "${KEY_PW}" > "${_target_dir}/ovpn_pass" if [[ $? -ne 0 ]] ; then _failed=true fi @@ -770,7 +796,7 @@ EOF # - _failed=false echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .." - target_macos_tblk_dir="${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.tblk" + target_macos_tblk_dir="${_target_dir}/${KEY_CN}-${NEW_KEY_NAME}.tblk" mkdir "$target_macos_tblk_dir" > $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true @@ -786,7 +812,7 @@ EOF if [[ $? -ne 0 ]] ; then _failed=true fi - cd "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" + cd "${_target_dir}" chown -R ${user_name}:$user_name "$target_macos_tblk_dir" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true