ntalbott/check-cert-revocation

## check-cert-revocation
#!/usr/bin/env ruby

require "open-uri"

text = `openssl x509 -text -in #{ARGV[0]}`
#puts text
raw_serial = text[/Serial Number:\s*\n?\s*(\d+ \(0x\w+\)|\w{2}(?::\w{2})+)/, 1]
puts "Raw serial: #{raw_serial}"
serial = case raw_serial
when %r{\d+ \(0x(\w+)\)}
  $1.rjust(6, "0")
when %r{\w{2}(?::\w{2})+}
  raw_serial.gsub(/:/, '').rjust(14, "0")
else
  abort "Unhandled raw serial format"
end.upcase
crl = text[/X509v3 CRL Distribution Points:\s*\n\s*URI:(http[^\s]+)\s*/, 1]
puts "Prepped serial: #{serial}"
puts "CRL URL: #{crl}"

revoked_serials = `curl #{crl} 2>/dev/null 1| openssl crl -inform DER -text -noout`.scan(/Serial Number: (\w+)/).flatten
#puts revoked_serials.first.inspect
abort "No revoked serials found" if revoked_serials.empty?

if(revoked_serials.include?(serial))
  puts "revoked"
else
  puts "NOT REVOKED!"
end
	#!/usr/bin/env ruby

	require "open-uri"

	text = `openssl x509 -text -in #{ARGV[0]}`
	#puts text
	raw_serial = text[/Serial Number:\s\n?\s(\d+ \(0x\w+\)\|\w{2}(?::\w{2})+)/, 1]
	puts "Raw serial: #{raw_serial}"
	serial = case raw_serial
	when %r{\d+ \(0x(\w+)\)}
	$1.rjust(6, "0")
	when %r{\w{2}(?::\w{2})+}
	raw_serial.gsub(/:/, '').rjust(14, "0")
	else
	abort "Unhandled raw serial format"
	end.upcase
	crl = text[/X509v3 CRL Distribution Points:\s\n\sURI:(http[^\s]+)\s*/, 1]
	puts "Prepped serial: #{serial}"
	puts "CRL URL: #{crl}"

	revoked_serials = `curl #{crl} 2>/dev/null 1\| openssl crl -inform DER -text -noout`.scan(/Serial Number: (\w+)/).flatten
	#puts revoked_serials.first.inspect
	abort "No revoked serials found" if revoked_serials.empty?

	if(revoked_serials.include?(serial))
	puts "revoked"
	else
	puts "NOT REVOKED!"
	end