ntalbott · April 15, 2014 19:31
diff --git a/check-cert-revocation b/check-cert-revocation
 #!/usr/bin/env ruby

 require "open-uri"

 text = `openssl x509 -text -in #{ARGV[0]}`
 #puts text
 raw_serial = text[/Serial Number:\s*\n?\s*(\d+ \(0x\w+\)|\w{2}(?::\w{2})+)/, 1]
 puts "Raw serial: #{raw_serial}"
 serial = case raw_serial
 when %r{\d+ \(0x(\w+)\)}
  $1.rjust(6, "0")
 when %r{\w{2}(?::\w{2})+}
  raw_serial.gsub(/:/, '').rjust(14, "0")
 else
  abort "Unhandled raw serial format"
 end.upcase
 crl = text[/X509v3 CRL Distribution Points:\s*\n\s*URI:(http[^\s]+)\s*/, 1]
 puts "Prepped serial: #{serial}"
 puts "CRL URL: #{crl}"

 revoked_serials = `curl #{crl} 2>/dev/null 1| openssl crl -inform DER -text -noout`.scan(/Serial Number: (\w+)/).flatten
 #puts revoked_serials.first.inspect
 abort "No revoked serials found" if revoked_serials.empty?

 if(revoked_serials.include?(serial))
  puts "revoked"
 else
  puts "NOT REVOKED!"
 end
	#!/usr/bin/env ruby

	require "open-uri"

	text = `openssl x509 -text -in #{ARGV[0]}`
	#puts text
	raw_serial = text[/Serial Number:\s\n?\s(\d+ \(0x\w+\)\|\w{2}(?::\w{2})+)/, 1]
	puts "Raw serial: #{raw_serial}"
	serial = case raw_serial
	when %r{\d+ \(0x(\w+)\)}
	$1.rjust(6, "0")
	when %r{\w{2}(?::\w{2})+}
	raw_serial.gsub(/:/, '').rjust(14, "0")
	else
	abort "Unhandled raw serial format"
	end.upcase
	crl = text[/X509v3 CRL Distribution Points:\s\n\sURI:(http[^\s]+)\s*/, 1]
	puts "Prepped serial: #{serial}"
	puts "CRL URL: #{crl}"

	revoked_serials = `curl #{crl} 2>/dev/null 1\| openssl crl -inform DER -text -noout`.scan(/Serial Number: (\w+)/).flatten
	#puts revoked_serials.first.inspect
	abort "No revoked serials found" if revoked_serials.empty?

	if(revoked_serials.include?(serial))
	puts "revoked"
	else
	puts "NOT REVOKED!"
	end