acavella · acavella · Dec 29, 2023 · Dec 28, 2023 · Dec 28, 2023 · Dec 28, 2023
diff --git a/.gitignore b/.gitignore
@@ -11,7 +11,7 @@
 .nfs*
 
 # Script used to test random scraps of code
-/test/test.sh
+/logs/*.log
 
 # GitHub Probot configurations
 /.github/config.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/LICENSE b/LICENSE
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.2
+3.0.0-rc1
diff --git a/conf/revoke.conf b/conf/revoke.conf
diff --git a/conf/revoke.yml b/conf/revoke.yml
@@ -0,0 +1,11 @@
+---
+default:
+  gateway: google.com
+  www: /var/www/revoke/
+
+ca:
+  - id: x11
+    uri: https://ca.example.com/x11
+  - id: x21
+    uri: https://ca.example.com/x21
+
diff --git a/lib/.gitkeep b/lib/.gitkeep
diff --git a/lib/lighttpd b/lib/lighttpd
diff --git a/lib/yq4 b/lib/yq4
diff --git a/logs/.gitkeep b/logs/.gitkeep
diff --git a/revoke.sh b/revoke.sh
@@ -3,7 +3,7 @@
 # NAME: revoke.sh
 # DECRIPTION: Perform downloads of remote CRL data and host them locally via HTTPD.
 # AUTHOR: Tony Cavella ([email protected])
-# SOURCE: https://github.com/altCipher/revoke
+# SOURCE: https://github.com/acavella/revoke
 
 ## CONFIGURE DEFAULT ENVIRONMENT
 set -o errexit
@@ -12,65 +12,105 @@ set -o nounset
 #set -o xtrace
 
 ## VARIABLES
-__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-__bin="${__dir}/bin"
-__conf="${__dir}/conf"
-
 ver=$(<VERSION)
 
-scriptName=$0
-baseDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-confFile="$baseDIR""/conf/revoke.conf"
-logFile="/var/log/revoke.log"
-counterA=0
-timeDate=$(date '+%Y-%m-%d %H:%M:%S')
-fileDTG=$(date '+%Y%m%d-%H%M%S')
-defGW=$(/usr/sbin/ip route show default | /usr/bin/awk '/default/ {print $3}')
-
-# SCRIPT STARTUP
-echo "[$(date '+%Y-%m-%d %H:%M:%S')] [info] (00) revoke v$ver started" >> $logFile
+baseDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+dtg=$(date '+%Y%m%d-%H%M%S')
+config="${baseDir}/conf/revoke.yml"
+log="${baseDir}/logs/revoke_${dtg}.log"
+wwwdir=$(./lib/yq4 -r .default.www ${config})
+arraySize=$(./lib/yq4 '.ca | length' ${config})
+defgw=$(./lib/yq4 -r .default.gateway ${config})
 
+## FUNCTIONS
 
-## CHECK AND LOAD EXTERNAL CONFIG
-if [ ! -e $confFile ]
-then
-  echo "[$(date '+%Y-%m-%d %H:%M:%S')] [error] (64) Configuration file missing, please run setup.sh" >> $logFile
-  exit 64
-else
-  source $confFile
-  echo "[$(date '+%Y-%m-%d %H:%M:%S')] [info] (00) Configuration file loaded sucessfully, $confFile" >> $logFile
-fi
+show_version() {
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] Revoke version: ${ver}\n"
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] Bash version: ${BASH_VERSION}\n"
+}
 
+make_temporary_log() {
+    # Create a random temporary file for the log
+    TEMPLOG=$(mktemp /tmp/revoke_temp.XXXXXX)
+    # Open handle 3 for templog
+    exec 3>${TEMPLOG}
+    # Delete templog, but allow for addressing via file handle
+    rm ${TEMPLOG}
+}
 
-## CHECK FOR NETWORK CONNECTIVTY
-ping -c 1 $defGW >/dev/null 2>&1;
-pingExit=$?
-if [ $pingExit -eq 0 ]
-then
-   echo "[$(date '+%Y-%m-%d %H:%M:%S')] [info] (00) Default gateway available, $defGW" >> $logFile
-else
-  echo "[$(date '+%Y-%m-%d %H:%M:%S')] [error] (64) Default gateway is unreachable, $defGW" >> $logFile
-  exit 64
-fi
+copy_to_run_log() {
+    # Copy the contents of file descriptor 3 into the log
+    cat /proc/$$/fd/3 > "${log}"
+    chmod 644 "${log}"
+}
 
+check_config() {
+  if [ ! -e $config ]
+  then
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] unable to locate configuration ${config}\n"
+    exit 1
+  fi
+}
 
-# DOWNLOAD CRL(s)
-for i in "${crlURL[@]}"
-do
-  curl -k -s $i > $downloadDIR${crlName[$counterA]}
-  if [ ! -e $downloadDIR${crlName[$counterA]} ]
+check_network() {
+  ping -c 1 $defgw >/dev/null 2>&1;
+  pingExit=$?
+  if [ $pingExit -eq 0 ]
   then
-    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [error] (64) crl download failed, $i" >> $logFile
-  else 
-    if [ -s $downloadDIR${crlName[$counterA]} ]
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] received ping response from ${defgw}\n"
+  else
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] ping response not received from ${defgw}\n"
+    exit 1
+  fi
+}
+
+
+fix_permissions() {
+  printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] fixing permissions on ${wwwdir}\n"
+  chown apache:apache ${wwwdir} -R
+  restorecon -r ${wwwdir}
+}
+
+download_crl() {
+  local counterA=0
+  while [ ${counterA} -lt ${arraySize} ]
+  do
+    local crlSource=$(./lib/yq4 -r .ca[${counterA}].uri ${config})
+    local crlID=$(./lib/yq4 -r .ca[${counterA}].id ${config})
+    local tempfile=$(mktemp)
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] downloading ${crlID} source ${crlSource}\n"
+    curl -k -s ${crlSource} > ${tempfile} ${crlID}
+    if [ ! -e ${tempfile} ]
     then
-      echo "[$(date '+%Y-%m-%d %H:%M:%S')] [info] (00) crl download sucessful, $i" >> $logFile
-      mv $downloadDIR${crlName[$counterA]} $publicWWW
-    else
-      echo "[$(date '+%Y-%m-%d %H:%M:%S')] [error] (64) crl download failed (zero-byte file), $i" >> $logFile
+      printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] download failed ${crlID} missing ${tempfile}\n"
+      exit 1
     fi
-  fi
-let counterA=counterA+1
-done
+    if [ ! -s ${tempfile} ]
+    then
+      printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] download failed ${crlID} zero byte file ${tempfile}\n"
+      exit 1
+    fi
+    /usr/bin/openssl crl -inform DER -text -noout -in ${tempfile} | grep 'Certificate Revocation List' &> /dev/null
+    if [ $? == 1 ]
+    then
+      printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] download failed ${crlID} invalid crl ${tempfile}\n"
+      exit 1
+    fi
+    printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] copying ${tempfile} to ${wwwdir}/${crlID}.crl\n"
+    mv ${tempfile} ${wwwdir}/${crlID}.crl
+    let counterA=counterA+1
+  done
+}
+
+main() {
+  show_version
+  check_config
+  check_network
+  download_crl
+  fix_permissions
+}
 
-exit 0
+make_temporary_log
+main | tee -a /proc/$$/fd/3
+copy_to_run_log
+exit 0