Added soft-reset option for init-pki subcommand.

easyrsa3/easyrsa

@@ -26,7 +26,7 @@ For a listing of options that can be supplied before the command, use:
 Here is the list of commands available with a short syntax reminder. Use the
 'help' command above to get full usage details.
 
-  init-pki
+  init-pki [ cmd-opts ]
   build-ca [ cmd-opts ]
   gen-dh
   gen-req <filename_base> [ cmd-opts ]
@@ -64,7 +64,10 @@ cmd_help() {
 	case "$1" in
 		init-pki|clean-all) text="
   init-pki [ cmd-opts ]
-      Removes & re-initializes the PKI dir for a clean PKI" ;;
+      Removes & re-initializes the PKI dir for a clean PKI"
+      				opts="
+        hard-reset  - Recursively deletes the PKI directory if it exists.
+        soft-reset  - Keeps the vars file and the PKI directory itself intact." ;;
 		build-ca) text="
   build-ca [ cmd-opts ]
       Creates a new CA"
@@ -390,6 +393,16 @@ $help_note"
 init_pki() {
 	vars_source_check
 
+	reset="soft"
+	while [ -n "$1" ]; do
+		case "$1" in
+			hard-reset|hard) reset="hard" ;;
+			soft-reset|soft) reset="soft" ;;
+			*) warn "Ignoring unknown command option: '$1'" ;;
+		esac
+		shift
+	done
+
 	# If EASYRSA_PKI exists, confirm before we rm -rf (skiped with EASYRSA_BATCH)
 	if [ -e "$EASYRSA_PKI" ]; then
 		confirm "Confirm removal: " "yes" "
@@ -398,7 +411,20 @@ WARNING!!!
 You are about to remove the EASYRSA_PKI at: $EASYRSA_PKI
 and initialize a fresh PKI here."
 		# now remove it:
-		rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above"
+		case "$reset" in
+			hard)
+				rm -rf "$EASYRSA_PKI" || die "Removal of PKI dir failed. Check/correct errors above"
+				;;
+			soft)
+				files="ca.crt certs_by_serial ecparams index.txt issued private reqs serial"
+				for i in $files; do
+					rm -rf "$EASYRSA_PKI/$i" || die "Removal of PKI dir failed. Check/correct errors above"
+				done
+				;;
+			*)
+				die "Removal of PKI dir failed. Unknown reset type."
+				;;
+		esac
 	fi
 
 	# new dirs: