#!/bin/bash

DOMAIN=$(/sbin/e-smith/db configuration get DomainName)

for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
    URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
    AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)

    if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then

        /usr/bin/wget --timeout=5 $URL -O /tmp/cacrl.pem > /dev/null 2>&1

        /usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1

        if [ "$?" -eq "0" ]; then
            /bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
        else
            cat > /tmp/crlmail <<END

An error occured while updating the CRL for the VPN ID $VPN
because openssl didn't recognize the file as a valid CRL.
Below is the copy of the latest CRL downloaded from
$URL

END
            cat /tmp/cacrl.pem >> /tmp/crlmail
            mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
        fi

    rm -f /tmp/cacrl.pem
    rm -f /tmp/crlmail
    fi
done

