#!/bin/bash
# requires bash regexes

SUPPLEMENTARY_CONFIG="$2"

set -e

. ./configure.sh

if [ $2 ]; then
  export CA=$2
fi

if [ -e "$1" ]; then # check by filename
  CERT="$1"
elif [ -e "$CA"/signed/"$1".crt ]; then # check by certificate name
  CERT="$CA"/signed/"$1".crt
elif [ -e "$CA"/certs/"$1".pem ]; then # check by serial
  CERT="$CA"/certs/"$1".pem
else
  echo "Please provide a certificate file, name, or serial to revoke as an argument."
  echo "$0 [certfile|certname|serial] (configfile)"
  exit 2
fi
 
echo -n Enter the passphrase for "$CA"/ca/"$CA".key:\ 
read -s PASS
echo
export PASS

# Gen signed key
echo Adding revocation to index...
openssl ca -config "$OPENSSL_CONFIG" -passin env:PASS -revoke "$CERT"
echo Building and signing CRL...
openssl ca -config "$OPENSSL_CONFIG" -passin env:PASS -gencrl -out "$CA"/ca/"$CA".crl
echo
openssl crl -in "$CA"/ca/"$CA".crl -text -noout
echo

export -n PASS

if [ -x ./post-revoke ]; then
  ./post-revoke "$CA"/ca/"$CA".crl "$CERT"
else
  echo Apache: SSLCARevocationFile "$PWD"/"$CA"/ca/"$CA".crl
  echo nginx: ssl_crl "$PWD"/"$CA"/ca/"$CA".crl
  echo Lighttpd: sucks to be you!
fi