#
# $Id: Makefile 2318 2005-07-25 12:44:21Z root $
#
# CA for PVV.  denne make-filen finner alle requests i req-katalogen 
# og signererdem med et sertifikat i crt.
#
# nøklen må dere nesten holde styr på selv.
#

OPENSSL = openssl
SHELL = bash

extension = 

x509_args = -CA ca/crt.pem \
            -CAkey ca/key.pem \
            -days 730 -req -next_serial

ifdef extension
	x509_args += -extfile ca/extensions -extensions $(extension)
endif



.PHONY: default request sign all

all: default

#
# denne regelen signerer alle requests som ligger i req-katalogen.
crt/%.pem: req/%.pem
	$(OPENSSL) x509 $(x509_args) -in $< -out $@ -set_serial 0x$$(cat ca/serial)
	echo $$($(OPENSSL) x509 -noout -next_serial < $@) > ca/serial

#
# lager PKCS#12-pakke
p12/%.p12: key/%.pem crt/%.pem
	$(OPENSSL) pkcs12 -export \
		-inkey key/$(notdir $<) \
		-in crt/$(notdir $<) \
		-out $@


#
# request lager en ny request og nøkkel.  den vil spørre deg om relevant
# informasjon for å lage sertifikatet ditt.
request:
	@echo -n "Enter short name of certificate file: ";\
	read shortname ;\
	$(OPENSSL) genrsa 1024 > key/$$shortname.pem; \
	$(OPENSSL) req -new -config ca/config \
	            -key key/$$shortname.pem \
	            -out req/$$shortname.pem; \
	echo Your key is in key/$$shortname.pem.  Make a copy\!

#
# skriv ut litt hjelp til brukeren
default:
	@echo "This Makefile supports the following targets:"
	@echo
	@echo "   - request: generates a request and a key and asks for the"
	@echo "              input values it needs for the request."
	@echo "   - crt/name.pem: sign request with same name."
	@echo
	@echo "You can also add extensions to the certificate by giving which"
	@echo "section in ./ca/extensions the CA should use."
	@echo
	@echo "   $$ make crt/foo.host.pem extension=section_name"
	@echo