diff --git a/build_key-pass.sh b/build_key-pass.sh index c4eb347..9304947 100755 --- a/build_key-pass.sh +++ b/build_key-pass.sh @@ -619,6 +619,13 @@ if $_copy_to_user_home_dir ; then if [[ $? -ne 0 ]] ; then _failed=true fi + + # - Configuration for Windows OpenVPN + # - + cp -a "$_client_conf_file" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.ovpn" + if [[ $? -ne 0 ]] ; then + _failed=true + fi cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true @@ -649,6 +656,50 @@ EOF else echo_ok fi + + # - Create a folder with suffix '.tblk' containing the openvpn configuration in + # - a subfolder 'Contents/Resources' (its MAC OS specific) + # - + # - If the configuration file contains all keys/certs, only the configuration file + # - with its suffix '.ovpn' is needed. + # - + echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .." + target_macos_tblk_dir="${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.tblk" + mkdir "$target_macos_tblk_dir" > $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + mkdir -p "${target_macos_tblk_dir}/Contents/Resources" >> $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + cp -a "$_client_conf_file" "${target_macos_tblk_dir}/Contents/Resources/config.ovpn" >> $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + if [[ $? -ne 0 ]] ; then + _failed=true + fi + cd "${_home_dir}/VPN/${KEY_CN}-${NEW_KEY_NAME}" + chown -R ${user_name}:$user_name "$target_macos_tblk_dir" >> $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + zip -r "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" \ + "${KEY_CN}-${NEW_KEY_NAME}.tblk" >> $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + chown ${user_name}:$user_name "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" >> $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + + rm -r "${target_macos_tblk_dir}" >> $log_file 2>&1 + if [[ $? -ne 0 ]] ; then + _failed=true + fi + fi diff --git a/create_key_config.sh b/create_key_config.sh index 42d4f64..b5a8ff3 100755 --- a/create_key_config.sh +++ b/create_key_config.sh @@ -575,6 +575,10 @@ cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/client-$(bas if [[ $? -ne 0 ]] ; then _failed=true fi +cp -a "$_client_conf_file" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.ovpn" +if [[ $? -ne 0 ]] ; then + _failed=true +fi cp -a "${OPENVPN_BASE_DIR}/keys/${NEW_KEY_NAME}.crt" "${target_dir}/${KEY_CN}-${NEW_KEY_NAME}" >> $log_file 2>&1 if [[ $? -ne 0 ]] ; then _failed=true @@ -606,97 +610,59 @@ else echo_ok fi + +# - Create a folder with suffix '.tblk' containing the openvpn configuration in +# - a subfolder 'Contents/Resources' (its MAC OS specific) +# - +# - If the configuration file contains all keys/certs, only the configuration file +# - with its suffix '.ovpn' is needed. +# - +echononl " Create zip archive '${KEY_CN}-${NEW_KEY_NAME}.tblk.zip' for MAC OS .." +target_macos_tblk_dir="${target_dir}/${KEY_CN}-${NEW_KEY_NAME}/${KEY_CN}-${NEW_KEY_NAME}.tblk" +mkdir "$target_macos_tblk_dir" > $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +mkdir -p "${target_macos_tblk_dir}/Contents/Resources" >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +cp -a "$_client_conf_file" "${target_macos_tblk_dir}/Contents/Resources/config.ovpn" >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +cd ${target_dir}/${KEY_CN}-${NEW_KEY_NAME} >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +chown -R ${user_name}:$user_name "$target_macos_tblk_dir" >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +zip -r "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" \ + "${KEY_CN}-${NEW_KEY_NAME}.tblk" >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +chown ${user_name}:$user_name "${KEY_CN}-${NEW_KEY_NAME}.tblk.zip" >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi + +rm -r "${target_macos_tblk_dir}" >> $log_file 2>&1 +if [[ $? -ne 0 ]] ; then + _failed=true +fi +if $_failed ; then + echo_failed + error "$(cat $log_file)" +else + echo_ok +fi + + + info "Key material and OpenVPN for key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m is stored at '${_home_dir}/VPN'" -clean_up 0 -# --- -# - Revoke Key -# --- -echo "" -echo -e "\033[32m--\033[m" -echo "Revoke Key ${NEW_KEY_NAME}.key .." -echo -e "\033[32m--\033[m" -echo "" - -echononl "Change into key directory '$KEY_DIR'.." -cd "$KEY_DIR" > "$log_file" 2>&1 -if [[ $? -eq 0 ]] ; then - echo_ok -else - echo_failed - fatal "$(cat $log_file)" -fi - -echononl "Set Defaults .." -CRL="crl.pem" -RT="revoke-test.pem" -export KEY_CN="" -export KEY_OU="" -export KEY_NAME="" -echo_ok - -echononl "Remove file '$RT'.." -rm -f "$RT" > "$log_file" 2>&1 -if [[ $? -eq 0 ]] ; then - echo_ok -else - echo_failed - fatal "$(cat $log_file)" -fi - -echononl "Revoke key ${NEW_KEY_NAME}.key and update data base .." -$OPENSSL ca -revoke "${NEW_KEY_NAME}.crt" -config "$KEY_CONFIG" > "$log_file" 2>&1 -if [[ $? -eq 0 ]] ; then - echo_ok -else - echo_failed - fatal "$(cat $log_file)" -fi - -echononl "Generate a new CRL -- try to be compatible with intermediate PKIs" -$OPENSSL ca -gencrl -out "$CRL" -config "$KEY_CONFIG" > "$log_file" 2>&1 -if [[ $? -eq 0 ]] ; then - echo_ok -else - echo_failed - fatal "$(cat $log_file)" -fi - - -# --- -# - Check if Revokation was sucessfully. -# --- -echo "" -echo -e "\033[32m--\033[m" -echo "Check if Revokation of Key ${NEW_KEY_NAME} was sucessfully.." -echo -e "\033[32m--\033[m" -echo "" - -echononl "Create CA file '$RT' from $CRL to check against.." -if [ -e export-ca.crt ]; then - cat export-ca.crt "$CRL" >"$RT" 2> "$log_file" - _retval=$? -else - cat ca.crt "$CRL" >"$RT" 2> "$log_file" - _retval=$? -fi -if [[ $_retval -eq 0 ]]; then - echo_ok -else - echo_failed - error "$(cat $log_file)" - fatal "Verifying the revocation is not possible!" -fi - -echononl "Verify the revocation.." -$OPENSSL verify -CAfile "$RT" -crl_check "${NEW_KEY_NAME}.crt" > "$log_file" 2>&1 -if [[ $? -eq 2 ]]; then - echo_ok - info "Key \033[37m\033[1m${NEW_KEY_NAME}.key\033[m successfully revoked." -else - echo_failed - error "$(cat $log_file)" -fi - clean_up 0