generateTime

   1 #!/bin/bash
   2
   3 . structure.bash
   4 . commonFunctions.bash
   5
   6 [ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
   7 year=$1
   8
   9 cd generated
  10
  11 genTimeCA(){ #csr,ca to sign with,start,end
  12     KNAME=$2
  13     . ../CAs/${KNAME}
  14     cat <<TESTCA > timesubca.cnf
  15 basicConstraints=critical,CA:true
  16 keyUsage=critical,keyCertSign, cRLSign
  17
  18 subjectKeyIdentifier = hash
  19 authorityKeyIdentifier = keyid:always
  20
  21 crlDistributionPoints=URI:http://g2.crl.${DOMAIN}/g2/$2.crl
  22 authorityInfoAccess = OCSP;URI:http://g2.ocsp.${DOMAIN},caIssuers;URI:http://g2.crt.${DOMAIN}/g2/$2.crt
  23
  24 certificatePolicies=@polsect
  25
  26 [polsect]
  27 policyIdentifier = 1.3.6.1.4.1.18506.9.2.${CPSID}
  28 CPS.1="http://g2.cps.${DOMAIN}/g2/${KNAME}.cps"
  29
  30 TESTCA
  31     caSign $1 $2 timesubca.cnf "$3" "$4"
  32     rm timesubca.cnf
  33 }
  34
  35 mkdir -p $year/ca
  36
  37
  38 for i in "${TIME_IDX[@]}"; do
  39     nextp=${points[$((${i} + 1))]}
  40     # adjustment of year according to RFC 5280 GeneralizedTime (>=2050) and UTCTime (<2050)
  41     if (( year >= 2050 )); then
  42         yearT=$year
  43     else
  44         yearT=$((year - 2000))
  45     fi
  46
  47    point=${yearT}${points[${i}]}
  48
  49     if [[ "$nextp" == "" ]]; then
  50         eyear=$(( year + 3 ))
  51     else
  52         eyear=$(( year + 2 ))
  53     fi
  54
  55     if (( eyear >= 2050 )); then
  56         eyearT=$eyear
  57     else
  58         eyearT=$((eyear - 2000))
  59     fi
  60
  61
  62     epoint=${eyearT}${epoints[${i}]}
  63
  64     for ca in "${STRUCT_CAS[@]}"; do
  65         . ../CAs/$ca
  66         genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
  67         genTimeCA $year/ca/${ca}_${year}_${i} $ca "$point" "$epoint"
  68     done
  69 done