bzed/ssl_certificate_handling.make

## ssl_certificate_handling.make
#!/usr/bin/make -f

CRTS := $(wildcard *.crt)
PEMS := $(shell echo $(CRTS) | sed 's,\.crt,.pem,g')
OCSPS := $(shell echo $(CRTS) | sed 's,\.crt,.ocsp,g')
DHS := $(shell echo $(CRTS) | sed 's,\.crt,.dh,g')


all: $(PEMS) $(OCSPS) $(DHS)
	chmod 600 *.key
	chmod 640 *.pem
	chmod 660 *.ocsp

%.pem: %.key %.crt %.ca %.dh
	cat $*.key $*.crt $*.ca $*.dh > $@
	chmod 640 $@

%.ca: %.crt
	wget -q -O - $$(openssl x509 -in $*.crt -text | grep 'CA Issuer' | sed 's,.*URI:,,') | openssl x509 -inform DER -outform pem -out $@

%.csr %.key:
	openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout $*.key -out $*.csr

%.ocsp: FORCE %.crt
	openssl ocsp -noverify -issuer $*.ca -cert $*.crt -url $$(openssl x509 -in $*.crt -text | grep OCSP | sed 's,.*URI:,,') -no_nonce -header Host=$$(openssl x509 -in $*.crt -text | grep OCSP | sed 's,.*URI:,,;s,^http://,,') -respout $*.ocsp.new 1>/dev/null
	mv $*.ocsp.new $*.ocsp
	touch $@
	chmod 660 $@
FORCE:


%.dh:
	openssl dhparam 2048 > $@
	#!/usr/bin/make -f

	CRTS := $(wildcard *.crt)
	PEMS := $(shell echo $(CRTS) \| sed 's,\.crt,.pem,g')
	OCSPS := $(shell echo $(CRTS) \| sed 's,\.crt,.ocsp,g')
	DHS := $(shell echo $(CRTS) \| sed 's,\.crt,.dh,g')


	all: $(PEMS) $(OCSPS) $(DHS)
	chmod 600 *.key
	chmod 640 *.pem
	chmod 660 *.ocsp

	%.pem: %.key %.crt %.ca %.dh
	cat $.key $.crt $.ca $.dh > $@
	chmod 640 $@

	%.ca: %.crt
	wget -q -O - $$(openssl x509 -in $.crt -text \| grep 'CA Issuer' \| sed 's,.URI:,,') \| openssl x509 -inform DER -outform pem -out $@

	%.csr %.key:
	openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout $.key -out $.csr

	%.ocsp: FORCE %.crt
	openssl ocsp -noverify -issuer $.ca -cert $.crt -url $$(openssl x509 -in $.crt -text \| grep OCSP \| sed 's,.URI:,,') -no_nonce -header Host=$$(openssl x509 -in $.crt -text \| grep OCSP \| sed 's,.URI:,,;s,^http://,,') -respout $*.ocsp.new 1>/dev/null
	mv $.ocsp.new $.ocsp
	touch $@
	chmod 660 $@
	FORCE:


	%.dh:
	openssl dhparam 2048 > $@