#! /bin/sh
#
# update CRL, possibly adding some certificate
#
# (c) 2001 Dr. Andreas Mueller, Beratung und Entwicklung
#
# $Id: updatecrl.in,v 1.6 2002/02/19 23:40:08 afm Exp $
#
transid=${1}

openscepdir=OPENSCEPDIR
scepconf=BINDIR/scepconf
openssl=`${scepconf} scepd openssl`
sbindir=SBINDIR
mv=MV

dercert=${openscepdir}/granted/${transid}.der
pemcert=${openscepdir}/granted/${transid}.pem
info=${openscepdir}/granted/${transid}.info
req=${openscepdir}/granted/${transid}.req

# convert the certificate to PEM format
${openssl} x509 -inform DER -in ${dercert} -out ${pemcert}

# revoke the certificate
${openssl} ca -config ${openscepdir}/openscep.cnf 			\
	-cert ${openscepdir}/cacert.pem 				\
	-keyfile ${openscepdir}/cakey.pem				\
	-revoke ${pemcert}						\
	-batch -policy policy_unstructured
if [ $? -gt 0 ]
then
	echo revokation failed >&2
	exit 1
fi
${mv} ${dercert} ${pemcert} ${info} ${req} ${openscepdir}/revoked

# recreate the certificate revocation list
${sbindir}/createcrl
if [ $? -gt 0 ]
then
	echo CRL recreation failed  >&2
	exit 1
fi

exit 0