#!/bin/bash

#
# Revoke a client certificate
#

if [ "$DEBUG" == "1" ]; then
    set -x
fi

set -e

if [ -z "$OPENVPN" ]; then
    export OPENVPN="$PWD"
fi
if [ -z "$EASYRSA_PKI" ]; then
    export EASYRSA_PKI="$OPENVPN/pki"
fi

cn="$1"

if [ ! -f "$EASYRSA_PKI/private/${cn}.key" ]; then
    echo "Unable to find \"${cn}\"" >&2
    exit 1
fi

export EASYRSA_BATCH="True"

easyrsa revoke "$cn"
echo "Revoked $cn"

echo "Updating crl.pem"
easyrsa gen-crl

rm -f $OPENVPN/pki/issued/$cn.crt $OPENVPN/pki/private/$cn.key $OPENVPN/pki/reqs/$cn.req $OPENVPN/otp/$cn.google_authenticator