diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index 491ea82..6ac77e8 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -33,6 +33,7 @@ A list of commands is shown below: build-client-full [ cmd-opts ] build-server-full [ cmd-opts ] build-serverClient-full [ cmd-opts ] + inline revoke [ cmd-opts ] renew revoke-renewed [ cmd-opts ] @@ -182,6 +183,15 @@ cmd_help() { * nopass - Do not encrypt the private key (Default: encrypted) (Equivalent to global option '--nopass|--no-pass')" ;; + inline) + text=" +* inline + + Print inline data for , with key and CA. + + * NOTE: To create an inline-file the output must be redirected. + If the output is incomplete then an error is retruned." + ;; revoke) text=" * revoke [reason] @@ -2589,27 +2599,81 @@ Inline file created: * $inline_out" else warn "\ -Failed to write inline file: +INCOMPLETE Inline file created: * $inline_out" fi return 0 } # => build_full() -# Create inline credentials file for this node -inline_creds () -{ - [ "$1" ] || die "inline_creds - Name missing" - printf "%s\n\n" "# $crt_type: $1" - printf "%s\n" "" - cat "$crt_out" - printf "%s\n\n" "" - printf "%s\n" "" - [ -e "$key_out" ] && cat "$key_out" - printf "%s\n\n" "" - printf "%s\n" "" - cat "$EASYRSA_PKI/ca.crt" - printf "%s\n\n" "" +# Print inline data for file_name_base +inline_creds () { + [ "$1" ] || die "inline_creds - Missing file_name_base" + + # Source files + crt_source="${EASYRSA_PKI}/issued/${1}.crt" + key_source="${EASYRSA_PKI}/private/${1}.key" + ca_source="$EASYRSA_PKI/ca.crt" + incomplete=0 + + # Generate data + if [ -e "$crt_source" ]; then + # Get EasyRSA cert type + ssl_cert_x509v3_eku "$1" type_data + + crt_data="\ + +$(cat "$crt_source") +" + else + # Set EasyRSA cert type to 'undefined' + type_data=undefined + incomplete=1 + crt_data="\ + +* Paste your user certificate here * +" + fi + + if [ -e "$key_source" ]; then + key_data="\ + +$(cat "$key_source") +" + else + incomplete=1 + key_data="\ + +* Paste your private key here * +" + fi + + if [ -e "$ca_source" ]; then + ca_data="\ + +$(cat "$ca_source") +" + else + incomplete=1 + ca_data="\ + +* Paste your CA certificate here * +" + fi + + # Print data + print "\ +# Easy-RSA Type: ${type_data} +# Name: ${1} + +$crt_data + +$key_data + +$ca_data +" + # If inline file is incomplete then return error + return "$incomplete" } # => inline_creds () # revoke backend @@ -2992,7 +3056,7 @@ Inline file created: * $inline_in" else warn "\ -Failed to write inline file: +INCOMPLETE Inline file created: * $inline_in" fi @@ -7249,6 +7313,11 @@ case "$cmd" in verify_working_env import_req "$@" ;; + inline) + verify_working_env + inline_creds "$@" || \ + easyrsa_exit_with_error=1 + ;; export-p12) verify_working_env export_pkcs p12 "$@"