year=$1
. structure
+cd generated
verify(){ # crt, [untrusted], additional
untrusted="$2"
X509v3 CRL Distribution Points:
Authority Information Access: "
- diff <(echo "$EXTLIST" | dos2unix) <(echo "$VAR" | dos2unix) || error "Extensions order is wrong for $ca"
+ diff <(echo "$EXTLIST") <(echo "$VAR") || error "Extensions order is wrong for $ca"
}
# Verify level-2 (time) structure
for ca in ${STRUCT_CAS}; do
for i in $TIME_IDX; do
- . CAs/$ca
+ . ../CAs/$ca
if [ "$ca" == "env" ]; then
CA_FILE=$year/ca/${ca}_${year}_${i}.ca/key.crt
else
echo "$EXT" | grep -A 2 "Basic Constraints" | grep "CA:TRUE" > /dev/null || error "Basic Constraints field is wrong for $ca"
echo "$EXT" | grep -A 2 "Key Usage" | grep "^ *Certificate Sign, CRL Sign$" > /dev/null || error "KeyUsage field is wrong for $ca"
- echo "$EXT" | grep -A 4 "CRL Distribution" | grep "g2.crl.cacert.org/g2/$ca.crl" > /dev/null || error "CRL field is wrong for $ca"
- echo "$EXT" | grep "CA Issuers" | grep "/$ca.crt" | grep "g2.crt.cacert.org/g2/" > /dev/null || error "CA Issuers field is wrong for $ca"
- echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.cacert.org" > /dev/null || error "OCSP field is wrong for $ca"
+ echo "$EXT" | grep -A 4 "CRL Distribution" | grep "g2.crl.${DOMAIN}/g2/$ca.crl" > /dev/null || error "CRL field is wrong for $ca"
+ echo "$EXT" | grep "CA Issuers" | grep "/$ca.crt" | grep "g2.crt.${DOMAIN}/g2/" > /dev/null || error "CA Issuers field is wrong for $ca"
+ echo "$EXT" | grep "OCSP" | grep "http://g2.ocsp.${DOMAIN}" > /dev/null || error "OCSP field is wrong for $ca"
done
done