From f6894345a06e8b18fa5c8bdc576005468d067424 Mon Sep 17 00:00:00 2001 From: INOPIAE Date: Thu, 7 Mar 2019 05:53:07 +0100 Subject: [PATCH] upd: change times to meet criteria from RFC5280 "CAs conforming to this profile MUST always encode certificate validity dates through the year 2049 as UTCTime ("YYMMDDhhmm[ss]Z"); certificate validity dates in 2050 or later MUST be encoded as GeneralizedTime ("YYYYMMDDHH[MM[SS[.fff]]]")." Change-Id: I3cb9378984b5c5fefa708f0d073850d10acec286 --- generateTime | 23 ++++++++++++++++++++--- structure.bash | 2 +- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/generateTime b/generateTime index 6f2572d..f59fc70 100755 --- a/generateTime +++ b/generateTime @@ -36,14 +36,31 @@ mkdir -p $year/ca for i in "${TIME_IDX[@]}"; do - point=${year}${points[${i}]} nextp=${points[$((${i} + 1))]} + # adjustment of year according to RFC 5280 GeneralizedTime (>=2050) and UTCTime (<2050) + if (( year >= 2050 )); then + yearT=$year + else + yearT=$((year - 2000)) + fi + + point=${yearT}${points[${i}]} + if [[ "$nextp" == "" ]]; then - epoint=$((${year} + 3 ))${epoints[${i}]} + eyear=$(( year + 3 )) else - epoint=$((${year} + 2 ))${epoints[${i}]} + eyear=$(( year + 2 )) fi + if (( eyear >= 2050 )); then + eyearT=$eyear + else + eyearT=$((eyear - 2000)) + fi + + + epoint=${eyearT}${epoints[${i}]} + for ca in "${STRUCT_CAS[@]}"; do . ../CAs/$ca genKey "/CN=$name ${year}-${i}" $year/ca/${ca}_${year}_${i} diff --git a/structure.bash b/structure.bash index a03a40e..a49802c 100644 --- a/structure.bash +++ b/structure.bash @@ -16,4 +16,4 @@ points[2]="0601000000Z" epoints[1]="0705000000Z" epoints[2]="0105000000Z" -ROOT_VALIDITY="-startdate 20150101000000Z -enddate 20300101000000Z" +ROOT_VALIDITY="-startdate 190101000000Z -enddate 340101000000Z" -- 2.47.3