WGET=/usr/bin/wget
OPENSSL=/usr/bin/openssl
RM=/bin/rm
LOGGER=/usr/bin/logger
MAIL=/usr/bin/mail
CAT=/bin/cat
GREP=/bin/grep
APACHECTL=/etc/init.d/apache2
CP=/bin/cp

CERTS=/etc/apache2/crls/crl-issuers.pem
REASON=/tmp/reason.$$

CRLPATH_MISP=/etc/apache2/crls
CRLPATH_SK=http://www.sk.ee

ADMIN=mart@loomaaed.tartu.ee

fail()
{
        if [ x != "x$1" ]; then
                TEXT=$1
        else
                TEXT="Internal error"
        fi
        ${LOGGER} -p user.err $1
        if [ x != "x$2" ]; then
	    ${CAT} ${REASON} | ${MAIL} -s "CRL update failed: ${TEXT}" "${ADMIN}"
            ${CAT} ${REASON} >> /var/log/updatecrl.log
        else
	    echo "Reason unkwown" | ${MAIL} -s "CRL update failed: ${TEXT}" "${ADMIN}"
	    echo "Reason unkwown" >> /var/log/updatecrl.log
        fi

        exit 1;
}

update_crl()
{
    rc=0
	
    crl=$1
    crl_filename=`echo ${crl} | sed 's/^.*_//'`
    oldcrl="${CRLPATH_MISP}/${crl}.der"
    newcrl=${crl}
    crl_into_uri=`echo ${crl} | sed 's/_/\//g'`
    url=${CRLPATH_SK}/${crl_into_uri}
    pemcrl=${CRLPATH_MISP}/${crl}

    cd /tmp
    ${RM} -f ${REASON} ${newcrl}
    if [ $? != 0 ]; then
        fail "Unable to remove old temporary file"
    fi 
    ${CP} -fp ${oldcrl} ${crl_filename} > ${REASON} # 2>&1
 

    oldstamp=`ls -l ${crl_filename} 2>&1`
    ${WGET} -N --cache=off ${url} > ${REASON} 2>&1

    if [ $? != 0 ]; then
        fail "Unable to retrieve new CRL" 1
    fi
    newstamp=`ls -l ${crl_filename} 2>&1`

    if [ "$oldstamp" != "$newstamp" ]
    then
	${CP} -fp ${crl_filename} ${oldcrl} > ${REASON} 2>&1
	${OPENSSL} crl -CAfile ${CERTS} -noout -inform DER < ${crl_filename} > ${REASON} 2>&1
	${GREP} "verify OK" ${REASON} >>/var/log/updatecrl.log 2>&1
	if [ $? != 0 ]; then
       		fail "Unable to verify CRL" 1
	fi

	${RM} -f ${pemcrl}
	${OPENSSL} crl -inform DER -outform PEM < ${crl_filename} > "${pemcrl}.pem"

	rc=1
    fi

    if [ -f ${REASON} ]
    then
	${RM} -f ${REASON}
    fi
    return $rc
}

dorestart=0
for crl in crls_esteid_esteid2007.crl crls_esteid_esteid2015.crl crls_juur_crl.crl crls_eeccrca_eeccrca.crl repository_crls_esteid2011.crl crls_klass3_klass3-2010.crl repository_crls_eid2011.crl crls_eid_eid2007.crl
do
  date >> /var/log/updatecrl.log
  echo $crl >> /var/log/updatecrl.log
  update_crl $crl

  if [ $PIPESTATUS == 1 ]
  then
    dorestart=1
  fi
done

if [ $dorestart == 1 -a ! "$1" = "norestart" ]
then
    ${APACHECTL} restart 1>>/var/log/updatecrl.log 2>&1
fi