3 [ "$1" == "" ] && echo "Usage: $0 <year>" && exit 1
8 verify(){ # CAfile, crt
9 openssl verify -CAfile "$1" "$2" || error "$2 did not verify"
18 verify root.ca/key.crt root.ca/key.crt
20 # Verify level-1 structure
21 for i in $STRUCT_CAS; do
22 verify root.ca/key.crt $i.ca/key.crt
25 # Verify level-2 (time) structure
26 for i in $STRUCT_CAS; do
28 if [ "$i" == "env" ]; then
29 CA_FILE=$year/ca/${i}_${year}_1.ca/key.crt
31 CA_FILE=$year/ca/${i}_${year}_1.crt
33 verify <(cat root.ca/key.crt $i.ca/key.crt) "$CA_FILE"
34 openssl x509 -in "$CA_FILE" -noout -text | grep "CA Issuers" | grep "/$i.crt" > /dev/null || error "CA Issuers field is wrong for $i"
35 openssl x509 -in "$CA_FILE" -noout -text | grep "Subject: " | grep "CN=$name" > /dev/null || error "Subject field did not verify"
39 cat root.ca/key.crt env.ca/key.crt $year/ca/env_${year}_1.ca/key.crt > envChain.crt
41 for i in $SERVER_KEYS; do
42 verify envChain.crt ${year}/keys/$i.crt