-for i in $STRUCT_CAS; do
- . CAs/$i
- if [ "$i" == "env" ]; then
- CA_FILE=$year/ca/${i}_${year}_1.ca/key.crt
- else
- CA_FILE=$year/ca/${i}_${year}_1.crt
- fi
- verify <(cat root.ca/key.crt $i.ca/key.crt) "$CA_FILE"
- openssl x509 -in "$CA_FILE" -noout -text | grep "CA Issuers" | grep "/$i.crt" > /dev/null || error "CA Issuers field is wrong for $i"
- openssl x509 -in "$CA_FILE" -noout -text | grep "Subject: " | grep "CN=$name" > /dev/null || error "Subject field did not verify"
+for ca in ${STRUCT_CAS}; do
+ for i in $TIME_IDX; do
+ . CAs/$ca
+ if [ "$ca" == "env" ]; then
+ CA_FILE=$year/ca/${ca}_${year}_${i}.ca/key.crt
+ else
+ CA_FILE=$year/ca/${ca}_${year}_${i}.crt
+ fi
+ time=${year:2}${points[${i}]}
+ timestamp=$(date --date="${time:2:2}/${time:4:2}/${time:0:2} 03:00:00 UTC" +"%s")
+ verify "$CA_FILE" "$ca.ca/key.crt" "-attime ${timestamp}"
+ openssl x509 -in "$CA_FILE" -noout -text | grep "CA Issuers" | grep "/$ca.crt" > /dev/null || error "CA Issuers field is wrong for $ca"
+ openssl x509 -in "$CA_FILE" -noout -text | grep "Subject: " | grep "CN=$name" > /dev/null || error "Subject field did not verify"
+ done