From d99153100a57669af9b2b03afa630de5e2ae6adf Mon Sep 17 00:00:00 2001
From: Tony Cavella <9434191+acavella@users.noreply.github.com>
Date: Thu, 28 Dec 2023 19:14:49 +0000
Subject: [PATCH] update revoke.sh add crl validation

---
 revoke.sh | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/revoke.sh b/revoke.sh
index 22bde66..745d207 100755
--- a/revoke.sh
+++ b/revoke.sh
@@ -45,7 +45,7 @@ copy_to_run_log() {
     chmod 644 "${log}"
 }
 
-check_config(){
+check_config() {
   if [ ! -e $config ]
   then
     printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] unable to locate configuration ${config}\n"
@@ -53,6 +53,11 @@ check_config(){
   fi
 }
 
+check_network() {
+  commands
+}
+
+
 fix_permissions() {
   printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] fixing permissions on ${wwwdir}\n"
   chown apache:apache ${wwwdir} -R
@@ -78,6 +83,12 @@ download_crl() {
       printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] download failed ${crlID} zero byte file ${tempfile}\n"
       exit 1
     fi
+    openssl crl -inform DER -text -noout -in ${tempfile} | grep 'Certificate Revocation List' &> /dev/null
+    if [ $? == 1 ]
+    then
+      printf "$(date '+%Y-%m-%dT%H:%M:%S') [error] download failed ${crlID} invalid crl ${tempfile}\n"
+      exit 1
+    fi
     printf "$(date '+%Y-%m-%dT%H:%M:%S') [info] copying ${tempfile} to ${wwwdir}/${crlID}.crl\n"
     mv ${tempfile} ${wwwdir}/${crlID}.crl
     let counterA=counterA+1