Add initial 3.x codebase files

This is the initial re-write for the 3.x release series.

Signed-off-by: Josh Cepek <[email protected]>

COPYING

@@ -0,0 +1,32 @@
+Easy-RSA -- A Shell-based CA Utility
+
+Copyright (C) 2013 by the Open-Source OpenVPN development community
+
+Easy-RSA 3 license: GPLv2:
+-------------------------
+
+All the Easy-RSA code contained in this project falls under a GPLv2 license with
+full text available in the Licensing/ directory. Additional components used by
+this project fall under additional licenses:
+
+Additional licenses for external components:
+-------------------------------------------
+
+The following components are under different licenses; while not part of the
+Easy-RSA source code, these components are used by Easy-RSA or provided in
+platform distributions as described below:
+
+### OpenSSL
+
+  OpenSSL is not linked by Easy-RSA, nor is it currently provided in any release
+  package by Easy-RSA. However, Easy-RSA is tightly coupled with OpenSSL, so
+  effective use of this code will require your acceptance and installation of
+  OpenSSL.
+
+### Additional Windows Components
+
+  The Windows binary package includes mksh/Win32 and unxutils binary components,
+  with full licensing details available in the distro/windows/Licensing/
+  subdirectory of this project. mksh/Win32 is under a MirOS license (with some
+  additional component licenses present there) and unxutils is under a GPLv2
+  license.

ChangeLog

@@ -0,0 +1,7 @@
+Easy-RSA 3 ChangeLog
+
+3.x: (Current development cycle; upcoming release series)
+    * The 3.x release is a nearly complete re-write of the 2.x codebase
+    * Initial 3.x series code by Josh Cepek <josh.cepek AT usa.net> with
+      ongoing maintenance by the OpenVPN community development team and
+      associated contributors

README

@@ -0,0 +1,23 @@
+STRUCTURE:
+
+The easy-rsa master branch is currently tracking development for the 3.x release
+cycle. The prior 2.x and 1.x versions are available as release branches for
+tracking and possible back-porting of relevant fixes. Branch layout is:
+
+  release/1.x
+  release/2.x
+  master <- 3.x, at present
+
+DOWNLOADS:
+
+If you are looking for release downloads, please see the releases section on
+GitHub. Releases are also available as source checkouts using named tags.
+
+DOCUMENTATION:
+
+For 3.x project documentation and usage, see the README.quickstart.md file or
+the more detailed docs under the doc/ directory. The .md files are in Markdown
+format and can be converted to html files as desired for release packages, or
+read as-is in plaintext.
+
+LICENSING info for 3.x is in the COPYING file

README.quickstart.md

@@ -0,0 +1,84 @@
+Easy-RSA 3 Quickstart README
+============================
+
+This is a quickstart guide to using Easy-RSA version 3. Detailed help on usage
+and specific commands by running easyrsa with the 'help' command. Additional
+documentation can be found in the doc/ directory.
+
+Setup and signing the first request
+-----------------------------------
+
+A quick run-though of what needs to happen to start a new PKI and sign your
+first entity certificate.
+
+1. Choose a system to act as your CA and create a new PKI and CA:
+
+        ./easyrsa init-pki
+        ./easyrsa build-ca
+
+2. On the separate system that is requesting a certificate, init its own PKI and
+   generate a keypair/request. Note that the init-pki is used _only_ when this
+   is done on a separate system (or at least a separate PKI dir.) This is the
+   recommended procedure. If you are not using this recommended procedure, skip
+   the next import-req step as well.
+
+        ./easyrsa init-pki
+        ./easyrsa gen-req EntityName
+
+3. Transport the request (.req file) to the CA system and import it. The name
+   given here is arbitrary and only used to name the request file.
+
+        ./easyrsa import-req /tmp/path/to/import.req EntityName
+
+4. Sign the request as the correct type. This example uses a client type:
+
+        ./easyrsa sign-req client EntityName
+
+5. Transport the newly signed certificate to the requesting entity. This entity
+   may also need the CA cert (ca.crt) unless it had a prior copy.
+
+6. The entity now has its own keypair, and signed cert, and the CA.
+
+Signing subsequent requests
+---------------------------
+
+Follow steps 2-6 above to generate subsequent keypairs and have the CA returned
+signed certificates.
+
+Revoking certs and creating CRLs
+--------------------------------
+
+This is a CA-specific task.
+
+To permanently revoke an issued certificate, provide the short name used during
+import:
+
+        ./easyrsa revoke EntityName
+
+To create an updated CRL that contains all revoked certs up to that point:
+
+        ./easyrsa gen-crl
+
+After generation, the CRL will need to be sent to systems that reference it.
+
+Generating Diffie-Hellman (DH) params
+-------------------------------------
+
+After initializing a PKI, any entity can create DH params that needs them. This
+is normally only used by a TLS server. While the CA PKI can generate this, it
+makes more sense to do it on the server itself to avoid the need to send the
+files to another system after generation.
+
+DH params can be generated with:
+
+        ./easyrsa gen-dh
+
+Showing details of requests or certs
+------------------------------------
+
+To show the details of a request or certificate by referencing the short
+EntityName, use one of the following commands. It is an error to call these
+without a matching file.
+
+        ./easyrsa show-req EntityName
+        ./easyrsa show-cert EntityName

distro/README

@@ -0,0 +1,5 @@
+This distro/ directory contains distro/platform specific tools.
+
+Components that are not platform neutral end up here, sorted into further dirs
+based on the platform.
+

distro/windows/EasyRSA Start.bat

@@ -0,0 +1,2 @@
+@echo OFF
+bin\sh.exe bin\easyrsa-shell-init.sh

distro/windows/Licensing/mksh-Win32.txt

@@ -0,0 +1,148 @@
+Licence
+-------
+
+mksh/Win32 is a derived work of The MirBSD Korn Shell and
+recognised by The MirOS Project but realised by an independent
+developer with support and legal permit by Scalaris AG.
+
+
+The shell itself comes under The MirOS Licence:
+
+Copyright (c) 2002-2013
+	The MirOS Project
+Copyright (c) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+	Thorsten Glaser <[email protected]>
+Copyright (c) 2010, 2011, 2012, 2013
+	Michael Langguth <[email protected]>
+
+Provided that these terms and disclaimer and all copyright notices
+are retained or reproduced in an accompanying document, permission
+is granted to deal in this work without restriction, including un-
+limited rights to use, publicly perform, distribute, sell, modify,
+merge, give away, or sublicence.
+
+This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
+the utmost extent permitted by applicable law, neither express nor
+implied; without malicious intent or gross negligence. In no event
+may a licensor, author or contributor be held liable for indirect,
+direct, other damage, loss, or other issues arising in any way out
+of dealing in the work, even if advised of the possibility of such
+damage or existence of a defect, except proven that it results out
+of said person's immediate fault when using the work as intended.
+
+
+The shell contains strlcpy() under the ISC licence:
+
+Copyright (c) 2006, 2008, 2009
+	Thorsten Glaser <[email protected]>
+Copyright (c) 1998 Todd C. Miller <[email protected]>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+This version of the shell contains setmode() under the UCB BSD licence:
+
+Copyright (c) 1989, 1993, 1994
+	The Regents of the University of California.  All rights reserved.
+
+This code is derived from software contributed to Berkeley by
+Dave Borman at Cray Research, Inc.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of the University nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+
+The shell includes nedmalloc under the Boost Software License which,
+in turn, includes dlmalloc under CC0 (eventually) in its binary.
+
+
+The "liblan" portability library is covered by The MirOS Licence:
+
+Copyright (c) 1996, 1998, 2003, 2004, 2005, 2010, 2011, 2012, 2013
+	Scalaris AG, Author: Michael Langguth <[email protected]>
+
+Provided that these terms and disclaimer and all copyright notices
+are retained or reproduced in an accompanying document, permission
+is granted to deal in this work without restriction, including un-
+limited rights to use, publicly perform, distribute, sell, modify,
+merge, give away, or sublicence.
+
+This work is provided "AS IS" and WITHOUT WARRANTY of any kind, to
+the utmost extent permitted by applicable law, neither express nor
+implied; without malicious intent or gross negligence. In no event
+may a licensor, author or contributor be held liable for indirect,
+direct, other damage, loss, or other issues arising in any way out
+of dealing in the work, even if advised of the possibility of such
+damage or existence of a defect, except proven that it results out
+of said person's immediate fault when using the work as intended.
+
+
+It includes an implementation of POSIX directory browsing functions
+and types for Win32 under a Historical Permission Notice variant:
+
+Copyright Kevlin Henney, 1997, 2003. All rights reserved.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose is hereby granted without fee, provided
+that this copyright and permissions notice appear in all copies and
+derivatives.
+
+This software is supplied "as is" without express or implied warranty.
+
+But that said, if there are any problems please get in touch.
+
+
+The program shortcut (mkshicon1.ico) is an unregistered trademark:
+
+Copyright (c) 2013 Michael Langguth
+Copyright (c) 2006 Benny Siegert
+Copyright (c) 2005 Thorsten Glaser
+
+This icon may be used to refer to The MirBSD Korn Shell and
+its Win32 port. Distribution patches are acceptable as long
+as they modify $KSH_VERSION according to the guidelines that
+are published on the website; forks and works that are not
+derivates are not allowed to use it.
+
+The BSD daemon is Copyright (c) 1988 by Marshall Kirk McKusick.
+All Rights Reserved.  Individuals may use the daemon for their
+personal use within the bounds of good taste.  When reasonably
+possible, the text shown above is to be included.
+
+The Shilouette daemon is Copyright (c) 2003 by Rick Collette.
+The MirOS Project may freely use the former ekkoBSD Logo,
+the shilouette Daemon, for MirBSD, on anything the project
+leader sees fit, so long as it pertains to MirBSD in some
+way and the leader gives credit for the original daemon to
+Marshall Kirk McKusick.

distro/windows/bin/easyrsa-shell-init.sh

@@ -0,0 +1,65 @@
+#!/bin/sh
+
+# This script is a frontend designed to create & launch a POSIX shell
+# environment suitable for use with Easy-RSA. mksh/Win32 is used with this
+# project; use with other POSIX shells for Windows may require modification to
+# this wrapper script.
+
+setup_path="${EASYRSA:-$PWD}"
+export PATH="$setup_path;$setup_path/bin;$PATH"
+export HOME="$setup_path"
+
+# This prevents reading from a user's .mkshrc if they have one.
+# A user who runs mksh for other purposes might have it
+export ENV="/disable-env"
+
+# Verify required externals are present
+extern_list="which awk cp mkdir printf rm"
+for f in $extern_list; do
+	if ! which "${f}.exe" >/dev/null 2>&1; then
+		echo ""
+		echo "FATAL: EasyRSA Shell init is missing a required external file:"
+		echo "  ${f}.exe"
+		echo "  Your installation is incomplete and cannot function without the required"
+		echo "  files."
+		echo ""
+		echo "  Press enter to exit."
+		read x
+		exit 1
+	fi
+done
+
+# set_var is defined as any vars file needs it.
+# This is the same as in easyrsa, but we _don't_ export
+set_var() {
+        local var=$1
+        shift
+        local value="$*"
+        eval "$var=\"\${$var-$value}\""
+} #=> set_var()
+
+# Check for a usable openssl bin, referencing vars if present
+[ -r "vars" ] && EASYRSA_CALLER=1 . "vars" 2>/dev/null
+if [ -z "$EASYRSA_OPENSSL" ] && ! which openssl.exe >/dev/null 2>&1; then
+	echo "WARNING: openssl isn't in your system PATH. The openssl binary must be"
+	echo "  available in the PATH, defined in the 'vars' file, or defined in the"
+	echo "  OPENSSL environment variable. See README-Windows.txt for more info."
+fi
+
+[ -f "$setup_path/easyrsa" ] || {
+	echo "Missing easyrsa script. Expected to find it at: $setup_path/easyrsa"
+	exit 2
+}
+
+# Set prompt and welcome message
+export PS1='
+EasyRSA Shell
+# '
+echo ""
+echo "Welcome to the EasyRSA 3 Shell for Windows."
+echo "Easy-RSA 3 is available under a GNU GPLv2 license."
+echo ""
+echo "Invoke './easyrsa' to call the program. Without commands, help is displayed."
+
+# Drop to a shell and await input
+bin/sh