From 72b4079be7aa6bc560bc64549db086ab4459f576 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Thu, 7 Dec 2023 20:53:28 +0000 Subject: [PATCH] Remove function 'rewind_renew' Signed-off-by: Richard T Bonhomme --- ChangeLog | 1 + easyrsa3/easyrsa | 122 ----------------------------------------------- 2 files changed, 1 insertion(+), 122 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8364b1600..07dbac4e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,7 @@ Easy-RSA 3 ChangeLog 3.2.0 (TBD) + * Remove command 'rewind-renew' (#1045)' * Remove command 'rebuild' (#1045)' * Remove command 'upgrade' (#1045)' * Remove EASYRSA_NO_VARS; Allow graceful use without a vars file (#1043) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index b678fde1c..618acc944 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -3171,128 +3171,6 @@ revoke_renewed_move() { return 0 } # => revoke_renewed_move() -# Move renewed certs_by_serial to the new renew layout -rewind_renew() { - # pull filename base: serial number - [ "$1" ] || user_error "\ -Error: didn't find a serial number as the first argument. -Run easyrsa without commands for usage and command help." - - # Assign file_name_base and dust off! - file_name_base="$1" - shift "$#" # No options supported - - cert_serial="$file_name_base" - in_dir="$EASYRSA_PKI/renewed" - crt_in="$in_dir/certs_by_serial/${file_name_base}.crt" - key_in="$in_dir/private_by_serial/${file_name_base}.key" - req_in="$in_dir/reqs_by_serial/${file_name_base}.req" - - # referenced cert must exist: - [ -f "$crt_in" ] || user_error "\ -Unable to rewind as no certificate was found. -Certificate was expected at: -* $crt_in" - - # Verify certificate - verify_file x509 "$crt_in" || user_error "\ -Unable to rewind as the input file is not a valid certificate. -Certificate was expected at: -* $crt_in" - - # Verify request - if [ -e "$req_in" ]; then - verify_file req "$req_in" || user_error "\ -Unable to verify request. The file is not a valid request. -Request was expected at: -* $req_in" - fi - - # get the commonName of the certificate via DN - crt_cn="$( - easyrsa_openssl x509 -in "$crt_in" -noout \ - -subject -nameopt utf8,multiline | grep \ - '^[[:blank:]]*commonName[[:blank:]]*=[[:blank:]]' - )" || die "Failed to find commonName in certificate" - crt_cn="${crt_cn#*= }" - - # Set out_dir - out_dir="$EASYRSA_PKI/renewed" - crt_out="$out_dir/issued/${crt_cn}.crt" - key_out="$out_dir/private/${crt_cn}.key" - req_out="$out_dir/reqs/${crt_cn}.req" - - # Create out_dir - for newdir in issued private reqs; do - mkdir -p "$out_dir/$newdir" || \ - die "Failed to create: $out_dir/$newdir" - done - - # NEVER over-write a renewed cert, revoke it first - deny_msg="\ -Cannot rewind this certificate, a conflicting file exists. -*" - [ -e "$crt_out" ] && \ - user_error "$deny_msg certificate: $crt_out" - [ -e "$key_out" ] && \ - user_error "$deny_msg private key: $key_out" - [ -e "$req_out" ] && \ - user_error "$deny_msg request : $req_out" - unset -v deny_msg - - warn "\ -This process is destructive! - -These files will be MOVED to the 'renewed' sub-directory: -* $crt_in -* $key_in -* $req_in" - - confirm " Continue with rewind-renew: " "yes" " -Please confirm you wish to rewind-renew the certificate -with the following subject: - - $(display_dn x509 "$crt_in") - - serial-number: $cert_serial -" # => confirm end - - # move crt, key and req file to renewed folders - mv "$crt_in" "$crt_out" || die "Failed to move: $crt_in" - - # only move the key if we have it - if [ -e "$key_in" ]; then - if mv "$key_in" "$key_out"; then - : # ok - else - # Attempt restore - mv -f "$crt_out" "$crt_in" - die "Failed to move: $key_in" - fi - fi - - # only move the req if we have it - if [ -e "$req_in" ]; then - if mv "$req_in" "$req_out"; then - : # ok - else - # Attempt restore - mv -f "$crt_out" "$crt_in" - mv -f "$key_out" "$key_in" - die "Failed to move: $req_in" - fi - fi - - # Success message - notice "\ -Rewind is successful. - -Common Name : $crt_cn -Serial number: $cert_serial - -To revoke use: 'revoke-renewed $crt_cn'" -} # => rewind_renew() - # gen-crl backend gen_crl() { out_file="$EASYRSA_PKI/crl.pem"