generateTime.sh

   1 #!/bin/bash
   2
   3 . structure
   4 . commonFunctions
   5
   6 [ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
   7 year=$1
   8
   9 genTimeCA(){ #csr,ca to sign with,start,end
  10     cat <<TESTCA > timesubca.cnf
  11 basicConstraints = CA:true
  12 keyUsage = keyCertSign, cRLSign
  13
  14 subjectKeyIdentifier = hash
  15 authorityKeyIdentifier = keyid:always
  16
  17 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$2.crl
  18 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$2.crt
  19 TESTCA
  20     caSign $1 $2 timesubca.cnf "$3" "$4"
  21     rm timesubca.cnf
  22 }
  23
  24 mkdir -p $year/ca
  25
  26
  27 for i in $TIME_IDX; do
  28     point=${year}${points[${i}]}
  29     nextp=${points[$((${i} + 1))]}
  30     if [[ "$nextp" == "" ]]; then
  31         epoint=$((${year} + 3 ))${epoints[${i}]}
  32     else
  33         epoint=$((${year} + 2 ))${epoints[${i}]}
  34     fi
  35
  36     . CAs/env
  37     genca "/CN=$name ${year}-${i}" $year/ca/env_${year}_${i}
  38     genTimeCA $year/ca/env_${year}_${i}.ca/key env "$point" "$epoint"
  39
  40     for ca in $STRUCT_CAS; do
  41         [ "$ca" == "env" ] && continue
  42         . CAs/$ca
  43         genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
  44         genTimeCA $year/ca/${ca}_${year}_${i} $ca "$point" "$epoint"
  45     done
  46 done