Add a makefile for creating keys and certs needed for a log.

3 files changed, 89 insertions, 3 deletions

diff --git a/Makefile b/Makefile
index 7bdec7b..2ff2935 100644
--- a/Makefile
+++ b/Makefile
@@ -5,4 +5,3 @@ catlfish:
 	FIXME
 
 .PHONY: catlfish-dev catlfish
-
diff --git a/README b/README
index 368a8a8..ebfe637 100644
--- a/README
+++ b/README
@@ -24,8 +24,7 @@ or
 Configuring a log
 -----------------
 
-XXX create CA and certs; create logkey (possibly in softhsm); create
-XXX auth keys; run compileconfig.py for each node
+mkdir mylog; cd mylog && make -f ../mklog.mk log
 
 
 Running
diff --git a/mklog.mk b/mklog.mk
new file mode 100644
index 0000000..33bbbf7
--- /dev/null
+++ b/mklog.mk
@@ -0,0 +1,88 @@
+# Include this file and set the following make variables or use the
+# defaults.
+
+# LOGNAME = name of the log to create
+LOGNAME ?= $$(basename $$PWD)
+
+# NODES = list of names of non-merge nodes
+NODES ?= $$(cd nodes; ls | egrep -v ^merge-)
+
+# MERGE_NODES = list of names of merge nodes
+MERGE_NODES ?= $$(cd nodes; ls merge-*)
+
+# HSM_SO_PIN = SoftHSM "security officer PIN"
+HSM_SO_PIN ?= f0f0
+
+# HSM_PIN = SoftHSM PIN
+HSM_PIN ?= fefe
+
+# SOFTHSM_BASE_DIR = base directory for SoftHSMv2 installation
+SOFTHSM_BASE_DIR ?= ~/usr
+
+# SOFTHSM_UTIL = full path to softhsm2-util from SoftHSMv2
+SOFTHSM_UTIL ?= $(SOFTHSM_BASE_DIR)/bin/softhsm2-util
+
+# CATLFISH_SRC = path to catlfish source code
+CATLFISH_SRC ?= ~/usr/src/catlfish
+
+test:
+	@echo LOGNAME = $(LOGNAME)
+	@echo NODES = $(NODES)
+	@echo MERGE_NODES = $(MERGE_NODES)
+.PHONY: test
+
+log: certs authkeys logkey.pem
+
+destdirs:
+	@for node in $(NODES) $(MERGE_NODES); do \
+	  if [ -d nodes.out/$${node} ]; then true; \
+	    else mkdir -p nodes.out/$${node}; \
+	  fi \
+	done
+
+tests privatekeys publickeys:
+	mkdir $@
+
+tests/httpsca/key.pem: tests
+	make -f $(CATLFISH_SRC)/Makefile INSTDIR=. tests-createca
+tests/httpscert:
+	mkdir $@
+certs: tests/httpsca/key.pem tests/httpscert destdirs
+	@for cn in $(NODES); do \
+	  openssl req -new -newkey rsa:2048 \
+		-keyout tests/httpscert/$${cn}-key.pem \
+		-out tests/httpsca/$${cn}.csr -nodes \
+		-subj "/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=$${cn}"; \
+	  (cd tests/httpsca; \
+	   openssl ca -in $${cn}.csr -keyfile key.pem -out $${cn}.pem -batch); \
+	  cp tests/httpsca/$${cn}.pem tests/httpscert/; \
+	done
+
+authkeys: privatekeys publickeys destdirs
+	for node in $(NODES) $(MERGE_NODES); do \
+	  (cd privatekeys; $(CATLFISH_SRC)/tools/create-key.sh $${node}); \
+	  mv privatekeys/$${node}.pem publickeys/; \
+	  cp privatekeys/$${node}-private.pem nodes.out/$${node}/; \
+	  cp tests/httpsca/demoCA/cacert.pem nodes.out/$${node}/; \
+	done
+	@for node in $(NODES) $(MERGE_NODES); do \
+	  cp -a publickeys nodes.out/$${node}/; \
+	done
+
+logkey.pem: destdirs $(SOFTHSM_UTIL)
+	! [ -f logkey-private.pem ]
+	$(CATLFISH_SRC)/tools/create-key.sh logkey
+	chmod 600 logkey-private.pem
+
+	openssl pkcs8 -topk8 -nocrypt \
+		-in logkey-private.pem -out logkey-private.pkcs8
+	$(SOFTHSM_UTIL) --init-token --slot 0 --label $(LOGNAME) \
+		--so-pin $(HSM_SO_PIN) --pin $(HSM_PIN)
+	$(SOFTHSM_UTIL) --import logkey-private.pkcs8 --slot 0 \
+		--label $(LOGNAME) --pin $(HSM_PIN) --id 00
+
+	for node in $(NODES) $(MERGE_NODES); do \
+	  cp logkey.pem nodes.out/$${node}/; \
+	done
+
+.PHONY: destdirs certs authkeys