genTimeCA(){ #csr,ca to sign with,start,end
cat <<TESTCA > timesubca.cnf
basicConstraints = CA:true
-subjectKeyIdentifier = hash
keyUsage = keyCertSign, cRLSign
+
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+
crlDistributionPoints=URI:http://g2.crl.cacert.org/g2/$2.crl
authorityInfoAccess = OCSP;URI:http://g2.ocsp.cacert.org,caIssuers;URI:http://g2.crt.cacert.org/$2.crt
TESTCA
mkdir -p $year/ca
-STARTDATE="${year:2}0101000000Z"
-ENDDATE="$((${year:2} + 2))0101000000Z"
-. CAs/env
-genca "/CN=$name ${year}-1" $year/ca/env_${year}_1
-genTimeCA $year/ca/env_${year}_1.ca/key env "$STARTDATE" "$ENDDATE"
+STARTDATE="${year}"
+ENDDATE="$((${year} + 3))"
-for ca in $STRUCT_CAS; do
- [ "$ca" == "env" ] && continue
- . CAs/$ca
- genKey "/CN=$name ${year}-1" $year/ca/${ca}_${year}_1
- genTimeCA $year/ca/${ca}_${year}_1 $ca "$STARTDATE" "$ENDDATE"
+for i in $TIME_IDX; do
+ point=${points[${i}]}
+ . CAs/env
+ genca "/CN=$name ${year}-${i}" $year/ca/env_${year}_${i}
+ genTimeCA $year/ca/env_${year}_${i}.ca/key env "$STARTDATE$point" "$ENDDATE$point"
+
+ for ca in $STRUCT_CAS; do
+ [ "$ca" == "env" ] && continue
+ . CAs/$ca
+ genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}
+ genTimeCA $year/ca/${ca}_${year}_${i} $ca "$STARTDATE$point" "$ENDDATE$point"
+ done
done