Untitled

@REM #######################################
@REM ############ CONFGURATION #############
@REM #######################################
@
@rem enable custom OpenVPN path usage ["default" | "custom"]
@set rfid.ovpn.use_path=custom
@
@rem path to your openvpn non standard directory (ATTENTION! no trailing slashes might be placed)
@set rfid.ovpn.path.custom=C:\Documents and Settings\dafanasiev\Рабочий стол\bin\OpenVPN
@set rfid.ovpn.path.1=C:\Documents and Settings\dafanasiev\Рабочий стол\bin\OpenVPN
@
@rem does script should check required files presence & versions
@set rfid.ovpn.check_bins=yes
@
@rem create list of certificates [boolean option]
@set rfid.ovpn.crt.multigen=yes
@set rfid.ovpn.crt.mgen_start=0
@set rfid.ovpn.crt.mgen_stop=30
@
@rem automate client number to subject CN option and output files names
@set rfid.ovpn.crt.mgen_autonum=yes
@
@rem enable this option if certificate should be signed, use "1" or "yes" without quotes
@set rfid.ovpn.crt.use_sign=yes
@
@rem --- CERTFICATE subject options ---
@    set rfid.ovpn.crt.CN.custom=
@
@rem trigger, enables using custom certificate subject options
@    set rfid.ovpn.crt.more_opts=
@
@rem RDN customization, e.g. CN -> CommonName for certificates
@rem RDN synthax: /C=CountryName/ST=Providence/..
@    set rfid.ovpn.crt.C.custom=
@    set rfid.ovpn.crt.ST.custom=
@    set rfid.ovpn.crt.L.custom=
@    set rfid.ovpn.crt.O.custom=
@    set rfid.ovpn.crt.OU.custom=
@    set rfid.ovpn.crt.EML.custom=

@rem verbosity level
@    set rfid.ovpn.ui.debug=0


@REM #######################################
@REM ############# PREPARING ###############
@REM #######################################
@echo off
echo.
chcp 1251>nul
setlocal enabledelayedexpansion
set rfid.ovpn.cd=%cd%

rem Ctrl+C fix
rem if not "%1" == "exec" (
rem         cmd /c "echo y | %0 exec %1"
rem         goto :EOF
rem )
rem shift

rem defaults
    set rfid.ovpn.path.default=%programfiles%\OpenVPN
    set rfid.ovpn.keys.path=keys
    set rfid.ovpn.ccd.path=config\ccd
rem static openssl options only
    set rfid.ovpn.ossl.lpath=bin\openssl.exe
    set rfid.ovpn.ossl.gendir=easy-rsa
    set rfid.ovpn.ossl.genreq_opts=req -config openssl.cnf -days 3650 -nodes -new -multivalue-rdn
    set rfid.ovpn.ossl.gencrt_opts=ca -days 3650 -config openssl.cnf
rem OpenVPN CCD configuration
    set rfid.ovpn.ccd.net.default=10.10.1.

rem cert req opts:     -keyout %rfid.ovpn.keys.path%\[client_name].key -out %rfid.ovpn.keys.path%\[client_name].csr -subj "/C=CountryName/ST=Providence/L=CityName/CN=[client_name]"
rem cert dynamic opts: -out %rfid.ovpn.keys.path%\%1.crt -in %rfid.ovpn.keys.path%\%1.csr


rem RDN certificate subject defaults
    set rfid.ovpn.crt.CN.default=client
    set rfid.ovpn.crt.C.default=RU
    set rfid.ovpn.crt.ST.default=NW
    set rfid.ovpn.crt.L.default=Saint-Petersburg
    set rfid.ovpn.crt.O.default=Radiofid
    set rfid.ovpn.crt.OU.default=development
    set rfid.ovpn.crt.EML.default=support@radiofid.ru

REM ############ proc start ###############

echo    iRZ® OpenVPN certificate generation ^& client configuration script
echo  =======================================================================
echo    Author: Afanasiev Danila
echo    iRZ® - is registred trademark of RADIOFID Corp. All rights reserved.
echo  -----------------------------------------------------------------------
echo.

rem applying configured paths
if "%1" == "" (
    if "%rfid.ovpn.use_path%" == "" set rfid.ovpn.use_path=default
    set rfid.ovpn.path=!rfid.ovpn.path.%rfid.ovpn.use_path%!
) else (
    set rfid.ovpn.path=!rfid.ovpn.path.%1!
)

rem checking selected path to OpenVPN directory
echo   [i] checking %rfid.ovpn.use_path% OpenVPN path
if not exist "!rfid.ovpn.path!" (
    if "%rfid.ovpn.use_path%" == "custom" (
        if "%rfid.ovpn.path%" == "" (
            set /p rfid.runvar=  [?] undefined custom path, use default OpenVPN path instead? [y/n]
            if "!rfid.runvar!" == "y" (
                echo   [i] checking default OpenVPN path
                set rfid.ovpn.path=%rfid.ovpn.path.default%
                if exist "!rfid.ovpn.path!" goto cert_prep
                echo       [E] directory "!rfid.ovpn.path!" not found
                echo.
            )
        )
    ) else (
        echo       [E] directory "%rfid.ovpn.path%" not found
        echo.
    )
    echo   [E] unable to continue, install OpenVPN first, or verify option
    echo       'rfid.ovpn.use_path', acceptable values: 'default', 'custom'
    echo   [i] if you are selected custom path you also must set option
    echo       'rfid.ovpn.path.custom' with real path to your OpenVPN binaries
    echo.
    goto unload
) else (
    if "%rfid.ovpn.check_bins%" == "yes" (
        goto check_bins
    ) else if "%rfid.ovpn.check_bins%" == "1" (
        goto check_bins
    )
    echo   [i] binaries check disabled
    goto cert_prep
)

REM ####### checking binaries ##########
:check_bins
echo   [#] checking for neccessary binaries ^& directories..
echo.
rem echo rfid.ovpn.path = %rfid.ovpn.path%
rem echo.
if exist "%rfid.ovpn.path%\bin\openssl.exe" (
    set rfid.ovpn.ossl.path=%rfid.ovpn.path%\%rfid.ovpn.ossl.lpath%
    rem version info
    rem         for /F "delims=" %%i in ('"dir /b"') do echo i - %%i
    rem         set v=%%~i
    rem         echo v - %v%
    echo         * openssl.exe   - [OK]
    if exist "%rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%" (
        echo         * easy-rsa\         -  [OK]
        goto cert_prep
    ) else (
        echo         * easy-rsa\         - [NOT FOUND]
    )
) else (
    echo         * openssl.exe     -      [NOT FOUND]
)
echo.
echo   [E] unable to continue, seems your OpenVPN installation is corrupted,
echo       please reinstall OpenVPN first and try again
goto unload


REM ### certificate preparing section ###
:cert_prep
echo.
echo    ^<^<^< Certificate user information ^>^>^>
echo    ------------------------------------

rem setting Common Name
if "%rfid.ovpn.crt.CN.custom%" == "" (
    set rfid.runvar=
    set /p rfid.runvar=  [?] Common Name option not set, enter name [%rfid.ovpn.crt.CN.default%]:
    if "!rfid.runvar!" == "" (
        echo   [i] using default CN
        set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.default%
    ) else (
        set rfid.ovpn.crt.CN=!rfid.runvar!
    )
) else (
    set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.custom%
)

rem customize additional certificate options [TODO, currently unsupported]
if "%rfid.ovpn.crt.more_opts%" == "1" (
    goto more_cert_opts
) else if "%rfid.ovpn.crt.more_opts%" == "yes" (
    goto more_cert_opts
)

rem apply default RDNs
echo   [i] using default certificate subject RDN
set rfid.ovpn.crt.C=%rfid.ovpn.crt.C.default%
set rfid.ovpn.crt.ST=%rfid.ovpn.crt.ST.default%
set rfid.ovpn.crt.L=%rfid.ovpn.crt.L.default%
set rfid.ovpn.crt.O=%rfid.ovpn.crt.O.default%
set rfid.ovpn.crt.OU=%rfid.ovpn.crt.OU.default%
set rfid.ovpn.crt.EML=%rfid.ovpn.crt.EML.default%
set rfid.ovpn.crt.rdn=/C=%rfid.ovpn.crt.C%/ST=%rfid.ovpn.crt.ST%/L=%rfid.ovpn.crt.L%/O=%rfid.ovpn.crt.O%/OU=%rfid.ovpn.crt.OU%/CN=%rfid.ovpn.crt.CN%
if "%rfid.ovpn.ui.debug%" GEQ "1" (
    goto sh_opts
) else (
    goto cert_gen
)


:more_cert_opts
set rfid.ovpn.crt.CN=%rfid.ovpn.crt.CN.custom%


:sh_opts
echo.
echo     • CommonName is set to         '%rfid.ovpn.crt.CN%'
echo     • Country is set to            '%rfid.ovpn.crt.C%'
echo     • Providence is set to         '%rfid.ovpn.crt.ST%'
echo     • City is set to               '%rfid.ovpn.crt.L%'
echo     • Organization is set to       '%rfid.ovpn.crt.O%'
echo     • Organization Unit is set to  '%rfid.ovpn.crt.OU%'
echo     • Support E-mail is set to     '%rfid.ovpn.crt.EML%'
goto cert_gen


REM ######## generation section ############
:cert_gen
echo.
echo    ^<^<^< Certificate generation ^>^>^>
echo    ------------------------------
cd /d %rfid.ovpn.path%
if "%rfid.ovpn.ui.debug%" GEQ "1" (
    if not errorlevel == 1 (
        echo   [D] current directory changed to '%rfid.ovpn.path%'
    ) else (
        echo   [E] unable to enter OpenVPN directory, please check if it was
        echo       deleted during script execution befor this call
    )
)
echo   [i] using following RDN map:
echo.
echo       %rfid.ovpn.crt.rdn%
echo.
echo   [*] assembling OpenSSL call

rem updating RDN because CRT.MGEN enabled
if "%rfid.ovpn.crt.multigen%" == "yes" (
    goto cert_mgen
) else if "%rfid.ovpn.crt.multigen%" == "1" (
    goto cert_mgen
)


:cert_mgen

set rfid.ovpn.crt.rdn.orig=%rfid.ovpn.crt.rdn%
echo   [D] entering easy-rsa directory
cd %rfid.ovpn.path%\%rfid.ovpn.ossl.gendir%
for /l %%i in (%rfid.ovpn.crt.mgen_start%,1,%rfid.ovpn.crt.mgen_stop%) do (
    if "%rfid.ovpn.ui.debug%" GEQ "2" (
        echo   [D] genstart ^(%%i of %rfid.ovpn.crt.mgen_stop% - %rfid.ovpn.crt.mgen_start%^)
    )
    if "%rfid.ovpn.ui.debug%" GEQ "1" (
        echo   [*] appending number postfix in RDN CN option
    )

    if "%rfid.ovpn.crt.mgen_autonum%" == "yes" (
        set rfid.ovpn.crt.rdn=%rfid.ovpn.crt.rdn.orig%_%%i
        set rfid.ovpn.crt.updated_CN=%rfid.ovpn.crt.CN%_%%i
    ) else if "%rfid.ovpn.crt.mgen_autonum%" == "1" (
        set rfid.ovpn.crt.rdn=%rfid.ovpn.crt.rdn.orig%_%%i
        set rfid.ovpn.crt.updated_CN=%rfid.ovpn.crt.CN%_%%i
    )
    rem rfid.ovpn.ossl.genreq_opts=req -config openssl.cnf -days 3650 -nodes -new -batch -multivalue-rdn
    rem rfid.ovpn.ossl.gencrt_opts=ca -days 3650 -config openssl.cnf
    set rfid.ovpn.ossl.genreq="%rfid.ovpn.ossl.path%" %rfid.ovpn.ossl.genreq_opts%^
     -keyout %rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.key^
     -out %rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.csr^
     -subj %rfid.ovpn.crt.rdn%

    echo   [K] generating key for %rfid.ovpn.crt.CN%_%%i..
    if "%rfid.ovpn.ui.debug%" GEQ "2" (
        set
        echo rfid.ovpn.crt.updated_CN   -   !rfid.ovpn.crt.updated_CN!
        echo rfid.ovpn.ossl.genreq      -   !rfid.ovpn.ossl.genreq!
        echo rfid.ovpn.ossl.path        -   %rfid.ovpn.ossl.path%
    )

    rem GENERATOR
    if "%rfid.ovpn.ui.debug%" GEQ "2" (
        !rfid.ovpn.ossl.genreq! > ossl_%rfid.ovpn.crt.CN%_%%i_keygen.log ^
    ) else (
        !rfid.ovpn.ossl.genreq! >nul 2<&1
    )

    if "%rfid.ovpn.ui.debug%" GEQ "1" echo   [i] checking if CSR ^& KEY files exist
    if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.key" (
        echo   [E] exiting, keyfile '!rfid.ovpn.crt.updated_CN!.key' not found & goto unload
    )
    if not exist "%rfid.ovpn.keys.path%\!rfid.ovpn.crt.updated_CN!.csr" (
        echo   [E] exiting, request file'!rfid.ovpn.crt.updated_CN!.csr' not found & goto unload
    )
)
rem cert req opts:     -keyout %rfid.ovpn.keys.path%\[client_name].key -out %rfid.ovpn.keys.path%\[client_name].csr -subj "/C=CountryName/ST=Providence/L=CityName/CN=[client_name]"
rem cert dynamic opts: -out %rfid.ovpn.keys.path%\%1.crt -in %rfid.ovpn.keys.path%\%1.csr

goto :unload


REM ########## unload routine ##############
:unload
echo   [ ] work complete
echo.
endlocal
color
title %CD%
:EOF