makefile.certs

#this is macos/linux makefile to build the test keys


define DEFAULTEXT
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName =DNS:localhost
endef
export DEFAULTEXT

define CAEXT
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyCertSign
endef
export CAEXT

all: misc/testcerts/localhost.pem
	

misc/testcerts/localhost.pem: misc/testcerts/localhost.csr misc/testcerts/localhost.ext misc/testcerts/root.pem
	openssl  x509 -req -sha256 -days 730 -CAkey misc/testcerts/rootkey.pem -CA misc/testcerts/root.pem -set_serial 12312389324 -out misc/testcerts/localhost.pem -in misc/testcerts/localhost.csr  -extfile misc/testcerts/localhost.ext


misc/testcerts/localhost.csr: misc/testcerts/eekey.pem
	openssl req -new -key misc/testcerts/eekey.pem -batch -out misc/testcerts/localhost.csr -utf8 -subj '/CN=localhost'

misc/testcerts/localhost.ext:
	echo "$$DEFAULTEXT" >> $@

misc/testcerts/eekey.pem:
	openssl genpkey -algorithm RSA -out misc/testcerts/eekey.pem -pkeyopt rsa_keygen_bits:2048

misc/testcerts/root.pem: misc/testcerts/root.csr misc/testcerts/rootkey.pem   misc/testcerts/root.ext
	openssl x509 -req -sha256 -days 7300 -in misc/testcerts/root.csr -signkey misc/testcerts/rootkey.pem -set_serial 10  -out misc/testcerts/root.pem -extfile misc/testcerts/root.ext

misc/testcerts/root.csr: misc/testcerts/rootkey.pem
	openssl req -new -key misc/testcerts/rootkey.pem  -out misc/testcerts/root.csr -utf8 -subj '/C=US/O=TestOrg/OU=Test CA'

misc/testcerts/root.ext:
	echo "$$CAEXT" > $@

misc/testcerts/rootkey.pem:
	openssl genpkey -algorithm RSA -out misc/testcerts/rootkey.pem -pkeyopt rsa_keygen_bits:4096

clean-all: clean cleanint

clean: 
	rm -f cmd/keymaster/testcerts_test.go
	rm -f cmd/keymasterd/testcerts_test.go
	rm -f lib/vip/testcerts_test.go
	rm -f lib/authutil/testcerts_test.go
	rm -f lib/pwauth/ldap/testcerts_test.go
	rm -f lib/client/twofa/testcerts_test.go


cleanint:
	rm -f misc/testcerts/root.csr
	rm -f misc/testcerts/rootkey.pem
	rm -f misc/testcerts/root.ext
	rm -f misc/testcerts/root.pem
	rm -f misc/testcerts/eekey.pem
	rm -f misc/testcerts/localhost.csr
	rm -f misc/testcerts/localhost.ext
	rm -f misc/testcerts/localhost.pem