upd: change times to meet criteria from RFC5280

"CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime ("YYMMDDhhmm[ss]Z");
certificate validity dates in 2050 or later MUST be encoded as
GeneralizedTime ("YYYYMMDDHH[MM[SS[.fff]]]")."

Change-Id: I3cb9378984b5c5fefa708f0d073850d10acec286

diff --git a/generateTime b/generateTime
index 6f2572dee22e034ac92f5c22d08cdfeb56ded04d..f59fc70b867308e59e53314bbdaed3af00e1bebd 100755 (executable)
--- a/generateTime
+++ b/generateTime
@@ -36,14 +36,31 @@ mkdir -p $year/ca
 
 
 for i in "${TIME_IDX[@]}"; do
-    point=${year}${points[${i}]}
     nextp=${points[$((${i} + 1))]}
+    # adjustment of year according to RFC 5280 GeneralizedTime (>=2050) and UTCTime (<2050)
+    if (( year >= 2050 )); then
+        yearT=$year
+    else
+        yearT=$((year - 2000))
+    fi
+
+   point=${yearT}${points[${i}]}
+
     if [[ "$nextp" == "" ]]; then
-        epoint=$((${year} + 3 ))${epoints[${i}]}
+        eyear=$(( year + 3 ))
     else
-        epoint=$((${year} + 2 ))${epoints[${i}]}
+        eyear=$(( year + 2 ))
     fi
 
+    if (( eyear >= 2050 )); then
+        eyearT=$eyear
+    else
+        eyearT=$((eyear - 2000))
+    fi
+
+
+    epoint=${eyearT}${epoints[${i}]}
+
     for ca in "${STRUCT_CAS[@]}"; do
         . ../CAs/$ca
         genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i}

diff --git a/structure.bash b/structure.bash
index a03a40e4cf4bd1191b87e711d4a695589c4a3fbd..a49802c2ed8c45a8fb123805cbc0eab749efafb5 100644 (file)
--- a/structure.bash
+++ b/structure.bash
@@ -16,4 +16,4 @@ points[2]="0601000000Z"
 epoints[1]="0705000000Z"
 epoints[2]="0105000000Z"
 
-ROOT_VALIDITY="-startdate 20150101000000Z -enddate 20300101000000Z"
+ROOT_VALIDITY="-startdate 190101000000Z -enddate 340101000000Z"