Remove function 'rewind_renew'

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
OpenVPN · Dec 7, 2023 · 72b4079 · 72b4079
1 parent 6a88edd
commit 72b4079
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 122 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,7 @@
 Easy-RSA 3 ChangeLog
 
 3.2.0 (TBD)
+   * Remove command 'rewind-renew' (#1045)'
    * Remove command 'rebuild' (#1045)'
    * Remove command 'upgrade' (#1045)'
    * Remove EASYRSA_NO_VARS; Allow graceful use without a vars file (#1043)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -3171,128 +3171,6 @@ revoke_renewed_move() {
 	return 0
 } # => revoke_renewed_move()
 
-# Move renewed certs_by_serial to the new renew layout
-rewind_renew() {
-	# pull filename base: serial number
-	[ "$1" ] || user_error "\
-Error: didn't find a serial number as the first argument.
-Run easyrsa without commands for usage and command help."
-
-	# Assign file_name_base and dust off!
-	file_name_base="$1"
-	shift "$#" # No options supported
-
-	cert_serial="$file_name_base"
-	in_dir="$EASYRSA_PKI/renewed"
-	crt_in="$in_dir/certs_by_serial/${file_name_base}.crt"
-	key_in="$in_dir/private_by_serial/${file_name_base}.key"
-	req_in="$in_dir/reqs_by_serial/${file_name_base}.req"
-
-	# referenced cert must exist:
-	[ -f "$crt_in" ] || user_error "\
-Unable to rewind as no certificate was found.
-Certificate was expected at:
-* $crt_in"
-
-	# Verify certificate
-	verify_file x509 "$crt_in" || user_error "\
-Unable to rewind as the input file is not a valid certificate.
-Certificate was expected at:
-* $crt_in"
-
-	# Verify request
-	if [ -e "$req_in" ]; then
-		verify_file req "$req_in" || user_error "\
-Unable to verify request. The file is not a valid request.
-Request was expected at:
-* $req_in"
-	fi
-
-	# get the commonName of the certificate via DN
-	crt_cn="$(
-		easyrsa_openssl x509 -in "$crt_in" -noout \
-		-subject -nameopt utf8,multiline | grep \
-			'^[[:blank:]]*commonName[[:blank:]]*=[[:blank:]]'
-		)" || die "Failed to find commonName in certificate"
-	crt_cn="${crt_cn#*= }"
-
-	# Set out_dir
-	out_dir="$EASYRSA_PKI/renewed"
-	crt_out="$out_dir/issued/${crt_cn}.crt"
-	key_out="$out_dir/private/${crt_cn}.key"
-	req_out="$out_dir/reqs/${crt_cn}.req"
-
-	# Create out_dir
-	for newdir in issued private reqs; do
-		mkdir -p "$out_dir/$newdir" || \
-			die "Failed to create: $out_dir/$newdir"
-	done
-
-	# NEVER over-write a renewed cert, revoke it first
-	deny_msg="\
-Cannot rewind this certificate, a conflicting file exists.
-*"
-	[ -e "$crt_out" ] && \
-		user_error "$deny_msg certificate: $crt_out"
-	[ -e "$key_out" ] && \
-		user_error "$deny_msg private key: $key_out"
-	[ -e "$req_out" ] && \
-		user_error "$deny_msg request    : $req_out"
-	unset -v deny_msg
-
-	warn "\
-This process is destructive!
-
-These files will be MOVED to the 'renewed' sub-directory:
-* $crt_in
-* $key_in
-* $req_in"
-
-	confirm "  Continue with rewind-renew: " "yes" "
-Please confirm you wish to rewind-renew the certificate
-with the following subject:
-
-  $(display_dn x509 "$crt_in")
-
-  serial-number: $cert_serial
-"	# => confirm end
-
-	# move crt, key and req file to renewed folders
-	mv "$crt_in" "$crt_out" || die "Failed to move: $crt_in"
-
-	# only move the key if we have it
-	if [ -e "$key_in" ]; then
-		if mv "$key_in" "$key_out"; then
-			: # ok
-		else
-			# Attempt restore
-			mv -f "$crt_out" "$crt_in"
-			die "Failed to move: $key_in"
-		fi
-	fi
-
-	# only move the req if we have it
-	if [ -e "$req_in" ]; then
-		if mv "$req_in" "$req_out"; then
-			: # ok
-		else
-			# Attempt restore
-			mv -f "$crt_out" "$crt_in"
-			mv -f "$key_out" "$key_in"
-			die "Failed to move: $req_in"
-		fi
-	fi
-
-	# Success message
-	notice "\
-Rewind is successful.
-
-Common Name  : $crt_cn
-Serial number: $cert_serial
-
-To revoke use: 'revoke-renewed $crt_cn'"
-} # => rewind_renew()
-
 # gen-crl backend
 gen_crl() {
 	out_file="$EASYRSA_PKI/crl.pem"