#!/bin/bash

SCRIPT_NAME=`basename $0`
OPENVPN_CLIENT=$1

if [ -z "$OPENVPN_CLIENT" ]; then
  echo "Usage : $SCRIPT_NAME client_name"
  exit 1
fi

source /etc/openvpn/easy-rsa/vars

CLIENT_KNOWN="0"

for KNOWN_CLIENT in $OPENVPN_CLIENTS; do
  [[ $KNOWN_CLIENT = $OPENVPN_CLIENT ]] && CLIENT_KNOWN="1"
done

if [[ $CLIENT_KNOWN = "1" ]]; then
  NEW_CLIENTS=""

  for KNOWN_CLIENT in $OPENVPN_CLIENTS; do
    [[ $KNOWN_CLIENT != $OPENVPN_CLIENT ]] && NEW_CLIENTS="$NEW_CLIENTS $KNOWN_CLIENT"
  done

  # OPENVPN_CLIENT is known. We remove it from the list
  sed -i -e "s/^export OPENVPN_CLIENTS=\".*\"/export OPENVPN_CLIENTS=\"$NEW_CLIENTS\"/" \
      /etc/openvpn/easy-rsa/vars

  # We revoke the client key.
  export KEY_COMMONNAME="$OPENVPN_CLIENT.client.$OPENVPN_SERVER";
  /etc/openvpn/easy-rsa/revoke-full $OPENVPN_CLIENT;

  # We delete the client key, now that it is revoked.
  rm /etc/openvpn/keys/$OPENVPN_CLIENT.key
  rm /etc/openvpn/keys/$OPENVPN_CLIENT.csr
  rm /etc/openvpn/keys/$OPENVPN_CLIENT.crt

else
  echo "Error : client '$OPENVPN_CLIENT' is not known."
fi