2007-08-31 14:15:32

PGP auto decryption with bash

#!/bin/bash
#################################################################
# Who: James Conner
# When: Aug 29, 2007
# What: pgp_decrypter.sh
# Version: 0.1.1
# Why: Decrypt PGP files sent by external customers
#################################################################
# Updates:
# Ver  -  Who  -  When  -  Why
# 0.0.1 - James Conner - Aug 17 - Initial creation
# 0.0.2 - James Conner - Aug 20 - Added SCP retrieval
# 0.0.3 - James Conner - Aug 21 - Added SFTP deletion by batch
# 0.0.4 - James Conner - Aug 23 - Added PGP backups
# 0.0.5 - James Conner - Aug 24 - Added QA (PGP & ASCII)
# 0.1.0 - James Conner - Aug 27 - Code clean up & func comments
# 0.1.1 - James Conner - Aug 29 - Added verbose/debug option
#################################################################
# To Do List:
#################################################################


#################################################################
# Options
#################################################################
if [ $# -ne 0 ];then
while getopts "dv" OPTIONS
do
  case $OPTIONS in
  d|debug|v|verbose   ) set -x ;;
  *           ) printf "Bob's yer uncle\n"
              exit 90 ;;
  esac
done
fi

#################################################################
# Variables
#################################################################
LS=`/usr/bin/which ls`
RM=`/usr/bin/which rm`
REV=`/usr/bin/which rev`
CUT=`/usr/bin/which cut`
CAT=`/usr/bin/which cat`
SFTP=`/usr/bin/which sftp`
SCP=`/usr/bin/which scp`
DATE=`/usr/bin/which date`
CHOWN=`/usr/bin/which chown`
CHMOD=`/usr/bin/which chmod`
BASENAME=`/usr/bin/which basename`
CORPUSER="corpprod"
DONEARC="/usr/local/bin/done_arc -f"
DATE_OPTIONS="+%Y_%m_%d"
SFTP_TEMPLATE_FILE="/usr/local/corpbin/corp_download_template.txt"
SFTP_BATCH_FILE="/usr/local/corpbin/corp_download/corp_download_`${DATE} ${DATE_OPTIONS}`.txt"
SFTP_SERVER="ustransfer"
SFTP_OPTIONS="-b ${SFTP_BATCH_FILE}"
SCP_OPTIONS="-pr"
SFTP_USER="corp_transfer"
GREP="`/usr/bin/which grep` -q"
FILE=`/usr/bin/which file`
PGP=`/usr/bin/which pgp`
PGP_ENCRYPTED_EXTENSION=PGP
PGP_DECRYPTED_EXTENSION=decrypted
PGP_PASSPHRASE=internal-passwd
PGP_ENCRYPT_DIR=/corp/transfer
PGP_DECRYPT_DIR=/corp/transfer
LOG_DIR=/corp/transfer/logs
LOG_FILE="${LOG_DIR}/`${DATE} ${DATE_OPTIONS}`.txt"
declare -a PGP_FILE_ARRAY # Executed in func_run
declare -a FILES_TO_DELETE_ARRAY # Executed in func_create_sftp_batch_file
OMNI_JOB_NAME=CORP_Inbound
OMNI=/usr/omni/bin/omnib
OMNI_OPTIONS="-mode full"

#################################################################
# Functions
#################################################################
#----------------------------------------------------------------
# Performs a PGP decryption on a single file that is passed to
# the function as an argument
#----------------------------------------------------------------
func_pgp_decrypt () {
# Verify file doesn't already exist
if [ -f ${PGP_DECRYPT_DIR}/${1}.${PGP_DECRYPTED_EXTENSION} ];then
  # Return an error code to exit out of the loop for this file
  printf "${PGP_DECRYPT_DIR}/${1}.${PGP_DECRYPTED_EXTENSION} decrypted file already exists \n"
  pgpd=10
else
  # Perform decryption and set the error code variable
  ${PGP} --decrypt --passphrase ${PGP_PASSPHRASE} ${PGP_ENCRYPT_DIR}/${1} --output "${PGP_DECRYPT_DIR}/${1}.${PGP_DECRYPTED_EXTENSION}" 2> /dev/null
  pgpd=$?
fi
return $pgpd
}


#----------------------------------------------------------------
# Performs a qa check by verifying the file, whose name is passed
# to the function as an argument, is a PGP encrypted file
#----------------------------------------------------------------
func_check_pgp_file () {
# Looking for "PGP armored data message"
${FILE} ${PGP_ENCRYPT_DIR}/${1} | ${GREP} "PGP armored" 2> /dev/null
chkpgp=$?
return $chkpgp
}


#----------------------------------------------------------------
# Performs a qa check by verifying the file, whose name is passed
# to the function as an argument, has been decrypted to a plain
# ascii text file
#----------------------------------------------------------------
func_check_ascii_file () {
# Looking for "ASCII text, with CRLF line terminators"
${FILE} ${PGP_DECRYPT_DIR}/${1}.${PGP_DECRYPTED_EXTENSION} | ${GREP} "ASCII text" 2> /dev/null
chkascii=$?
return $chkascii
}


#----------------------------------------------------------------
# After the batch file containing the filenames to delete has
# been created, perform the sftp connection to the FTP server
# and remove the old data
#----------------------------------------------------------------
func_sftp_delete () {
# Delete the PGP files from the FTP server
${SFTP} ${SFTP_OPTIONS} ${SFTP_USER}@${SFTP_SERVER}
}


#----------------------------------------------------------------
# Since the keypairs have been exchanged, this scp function does
# not require a password to pull down the contents of the FTP to
# the local incoming directory
#----------------------------------------------------------------
func_scp () {
# Get the PGP files from the FTP server
${SCP} ${SCP_OPTIONS} ${SFTP_USER}@${SFTP_SERVER}:* ${PGP_ENCRYPT_DIR}
}


#----------------------------------------------------------------
# Create the SFTP batch file which contains the list of PGP files
# to be deleted off the FTP server.
#----------------------------------------------------------------
func_create_sftp_batch_file () {
[ -f ${SFTP_BATCH_FILE} ] && ${RM} ${SFTP_BATCH_FILE}

${CAT} << END_WRITE >> ${SFTP_BATCH_FILE}
lcd ${PGP_ENCRYPT_DIR}
END_WRITE
createBatch=$?
return $createBatch
}
#----------------------------------------------------------------
# Get a list of files which have been decrypted, and chop off the
# decrypted extension
#----------------------------------------------------------------
func_write_sftp_batch_file () {
for f in $1
do
# Basename the file since the default dir on the SFTP is the
# correct directory
f=`${BASENAME} ${f}`
${CAT} << END_WRITE >> ${SFTP_BATCH_FILE}
rm ${f}
END_WRITE
done
writeBatch=$?
return $writeBatch
}


#----------------------------------------------------------------
# The general control function.  It initiates the PGP and ASCII
# qa checks, as well as the decrypt function
#----------------------------------------------------------------
func_run () {
# Begin decryption process by loading the file array
PGP_FILE_ARRAY=( `${LS} ${PGP_ENCRYPT_DIR}/*.${PGP_ENCRYPTED_EXTENSION}` )
for i in ${PGP_FILE_ARRAY[@]}
do
  # Basename the file
  i=`${BASENAME} ${i}`
  # Verify the file is PGP armor encrypted
  func_check_pgp_file ${i}
  if [ $? = "0" ];then
  # Perform the decryption process
  func_pgp_decrypt ${i}
  if [ $? = "0" ];then
    # QA the decrypted file to make sure it's ascii and done_arc the PGP file
    ${CHMOD} 660 ${i}*
    ${CHOWN} ${CORPUSER} ${i}*
    echo `${LS} -AFlh ${i}` >> $LOG_FILE
    func_write_sftp_batch_file ${i}
    ${DONEARC} ${i}
    func_check_ascii_file ${i}
    if [ $? = "0" ];then
      printf "${i} successfully processed \n"
      ${RM} -rf ${PGP_ENCRYPT_DIR}/${i}
    else
      printf "##############################################################\n"
      printf "# ERROR: ${i} is not an ASCII file \n"
      printf "##############################################################\n"
    fi
  else
    printf "##############################################################\n"
    printf "# ERROR: ${i} failed to decrypt \n"
    printf "##############################################################\n"
  fi
  else
  printf "##############################################################\n"
  printf "# ERROR: Check ${i}, it is not reporting as an PGP File \n"
  printf "##############################################################\n"
  fi
done
}


#----------------------------------------------------------------
# Prior to any work being performed on the PGP encrypted files
# which are downloaded via the func_scp function, they must be
# backed up to ensure data integrity in case of corruption
#----------------------------------------------------------------
func_omni_backup () {
${OMNI} -datalist ${OMNI_JOB_NAME} ${OMNI_OPTIONS}
dp=$?
return $dp
}

#################################################################
# Program Execution
#################################################################
# Download the files to work with
func_scp
echo "Starting backup"
if [ $? = 0 ];then
  # Create the batch file to delete the files off the FTP svr
  func_create_sftp_batch_file
  # Once the files are sucessfully downloaded, start a DP session
  func_omni_backup
  if [ $? = 0 ];then
  # Start the decryption process
  func_run
  if [ $? = 0 ];then
    echo "Completed"
    # Perform the deletion of PGP files from the FTP svr via
    # the sftp batch script that was successfully written
    func_sftp_delete
  else
    exit 97
  fi
  else
  exit 98
  fi
else
  exit 99
fi

Tags:   linux, bash     |    Perm Link:   PGP auto decryption with bash



James Conner