From d3fcec15f1eb153e3e8e88ad3435217785bcedac Mon Sep 17 00:00:00 2001
From: Nate Jones <nate@mediatemple.net>
Date: Wed, 11 May 2016 15:35:00 -0700
Subject: [PATCH] adding ovpn_listclients script

---
 bin/ovpn_listclients | 45 ++++++++++++++++++++++++++++++++++++++++++++
 docs/clients.md      |  6 ++++++
 tests/basic.sh       |  2 ++
 3 files changed, 53 insertions(+)
 create mode 100755 bin/ovpn_listclients

diff --git a/bin/ovpn_listclients b/bin/ovpn_listclients
new file mode 100755
index 0000000..120ab50
--- /dev/null
+++ b/bin/ovpn_listclients
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+if [ -z "$OPENVPN" ]; then
+    export OPENVPN="$PWD"
+fi
+if ! source "$OPENVPN/ovpn_env.sh"; then
+    echo "Could not source $OPENVPN/ovpn_env.sh."
+    exit 1
+fi
+if [ -z "$EASYRSA_PKI" ]; then
+    export EASYRSA_PKI="$OPENVPN/pki"
+fi
+
+cd "$EASYRSA_PKI"
+
+if [ -e crl.pem ]; then
+    cat ca.crt crl.pem > cacheck.pem
+fi
+
+echo "name,begin,end,status"
+for name in issued/*.crt; do
+    path=$name
+    begin=$(openssl x509 -noout -startdate -in $path | awk -F= '{ print $2 }')
+    end=$(openssl x509 -noout -enddate -in $path | awk -F= '{ print $2 }')
+
+    name=${name%.crt}
+    name=${name#issued/}
+    if [ "$name" != "$OVPN_CN" ]; then
+    if [ -e crl.pem ]; then
+        if openssl verify -crl_check -CAfile cacheck.pem $path &> /dev/null; then
+	status="VALID"
+        else
+	status="REVOKED"
+        fi
+    else
+        status="VALID"
+    fi
+
+        echo "$name,$begin,$end,$status"
+    fi
+done
+
+if [ -e crl.pem ]; then
+    rm cacheck.pem
+fi
diff --git a/docs/clients.md b/docs/clients.md
index 228916e..f6606e6 100644
--- a/docs/clients.md
+++ b/docs/clients.md
@@ -9,6 +9,12 @@ The [`ovpn_getclient`](/bin/ovpn_getclient) can produce two different versions o
 
 Note that some client software might be picky about which configuration format it accepts.
 
+## Client List
+
+See an overview of the configured clients, including revokation status:
+
+    docker run --rm -it --volumes-from $OVPN_DATA kylemanna/openvpn ovpn_listclients
+
 ## Batch Mode
 
 If you have more than a few clients, you will want to generate and update your client configuration in batch. For this task the script [`ovpn_getclient_all`](/bin/ovpn_getclient_all) was written, which writes out the configuration for each client to a separate directory called `clients/$cn`.
diff --git a/tests/basic.sh b/tests/basic.sh
index df2e1e1..44ee4b1 100755
--- a/tests/basic.sh
+++ b/tests/basic.sh
@@ -20,6 +20,8 @@ docker run --volumes-from $OVPN_DATA --rm -it $IMG easyrsa build-client-full $CL
 
 docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_getclient $CLIENT | tee client/config.ovpn
 
+docker run --volumes-from $OVPN_DATA --rm $IMG ovpn_listclients | grep $CLIENT
+
 #
 # Fire up the server
 #