create-cache-config-crl.sh

# make sure that this script runs with the time zone GMT
export TZ=GMT

config="crl-cache-headers.conf"

# swap the root directy every reload to make sure that
# the config alines with the files actually served
curdir=`cat lastroot.txt`
newdir=`expr $curdir + 1`
olddir=`expr $curdir - 1`

rm -rf dir$olddir
mkdir -p dir$newdir

# clear config
echo "" > $config

# loop all crls
for crl in *.crl
do
  if [ ! -f $crl ]; then
    echo "CRL file not found ($crl), please check input directory"
    continue
  fi

  # get lastupdate and nextupdate from crl and transform to required format
  LASTUPDATE=`openssl crl -inform der -noout -lastupdate -in $crl | awk -F'=' '{ print $2 }'`
  NEXTUPDATE=`openssl crl -inform der -noout -nextupdate -in $crl | awk -F'=' '{ print $2 }'`
  CRLNUMBER=`openssl crl -inform der -noout -crlnumber -in $crl | awk -F'=' '{ print $2 }'`
  NXTUPD=`date --date="$NEXTUPDATE" "+%a, %d %b %Y %T GMT"`
  LSTUPD=`date --date="$LASTUPDATE" "+%a, %d %b %Y %T GMT"`

  # set the correct last modified date on disk
  touch -m -t `date --date="$LASTUPDATE" "+%Y%m%d%H%M.%S"` $crl

  # move file to newdir
  mv $crl dir$newdir

  # add file to cache config
  echo "location /gs/$crl {" >> $config
  echo "    root dir$newdir;" >> $config
  echo "    expires off;" >> $config
  echo "    add_header ETag \"$CRLNUMBER\";" >> $config
  echo "    add_header Expires \"$NXTUPD\";" >> $config
  echo "    add_header Last-Modified \"$LSTUPD\";" >> $config
  echo "    add_header Cache-Control \"public, no-transform, must-revalidate, s-maxage=3600\";" >> $config
  echo "}" >> $config
done

echo $newdir > lastroot.txt