#!/usr/bin/env bash

working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf/get_revoked_keys.conf"

log_file=$(mktemp)

# -------------
# --- Some functions
# -------------
clean_up() {

   # Perform program exit housekeeping
   rm -f "$log_file"
   exit $1
}

fatal(){
   echo ""
   if $terminal ; then
      echo -e "[ \033[31m\033[1mError\033[m ]: $*"
      echo ""
      echo -e "   \033[31m\033[1mScript was interupted\033[m!"
   else
      echo "   [ Fatal ]: $*"
      echo ""
      echo "              Script was terminated...."
   fi
   echo ""
   clean_up 1
}

error (){
   echo ""
   if $terminal ; then
      echo -e "   [ \033[31m\033[1mError\033[m ]: $*"
   else
      echo "[ Error ]: $*"
   fi
   echo ""
}

warn (){
   echo ""
   if $terminal ; then
      echo -e "   [ \033[33m\033[1mWarning\033[m ]: $*"
   else
      echo "[ Warning ]: $*"
   fi
   echo ""
}

info (){
   if $terminal ; then
      echo ""
      echo -e "\t[ \033[32m\033[1mInfo\033[m ]: $*"
      echo ""
   fi
}



# -------------
# --- Check some prerequisites
# -------------

# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
      terminal=true
else
   terminal=false
fi


# -------------
# --- Read Configurations from $conf_file
# -------------

if [[ -f "$conf_file" ]] ; then
   source "$conf_file"
else
   warn "No configuration file 'conf_file' not found.\n                Loading defaults.."
fi


[[ -n "$KEY_DIR" ]] || KEY_DIR="/etc/openvpn/keys"
[[ -n "$CRL_PEM" ]] || CRL_PEM="${KEY_DIR}/crl.pem"

if [[ ! -d "$KEY_DIR" ]] ; then
   fatal "Key directory '$KEY_DIR' not found. (See var 'KEY_DIR')"
fi
if [[ ! -f "$CRL_PEM" ]] ; then
   fatal "Revokation list '$CRL_PEM' not found. (See var 'CRL_PEM')"
fi

declare -a revoked_serial_arr
declare -a revoked_cn_arr

while read -r _serial ; do
   revoked_serial_arr+=("$_serial")
done < <(openssl crl -inform PEM -text -noout -in $CRL_PEM 2>> $log_file | grep -E "^\s+Serial Number:" | awk '{print$3}')
if [[ -s "$log_file" ]]; then
   fatal "$(cat "$log_file")"
fi

if [[ ${#revoked_serial_arr[@]} -gt 0 ]]; then
   for _serial in ${revoked_serial_arr[@]} ; do
      _cn="$(openssl x509  -noout -text -in ${KEY_DIR}/${_serial}.pem 2> $log_file \
         | grep -i subject | grep CN | grep -o -E "CN=[^/]*" | cut -d'=' -f2)"
      if [[ -s "$log_file" ]]; then
         error "$(cat "$log_file")"
      else
         revoked_cn_arr+=("${_serial}:${_cn}")
      fi
   done
else
   info "No revoked OpenVPN keys exists"
fi

echo
for _val in ${revoked_cn_arr[@]} ; do
   IFS=':' read -a _val_arr <<< "${_val}"
   if $terminal ; then
      echo -e "   Serial: \033[1m${_val_arr[0]}\033[m   CN: \033[1m${_val_arr[1]}\033[m"
   else
      echo "   Serial: ${_val_arr[0]}   CN: ${_val_arr[1]}"
   fi
done

echo
exit