# Makefile for catlfish

PREFIX=.
INSTDIR=$(PREFIX)/catlfish
SOFTHSM=/usr/local/bin/softhsm2-util

build all:
	./make.erl

clean:
	-rm ebin/*.beam

release: all
	rm -rf $(INSTDIR)
	mkdir $(INSTDIR)
	./makerelease.erl $(INSTDIR)

-include test/test.mk

tests-prepare:
	rm -r $(INSTDIR)/tests || true
	mkdir $(INSTDIR)/tests
	make tests-createca
	make tests-createcert
	mkdir $(INSTDIR)/tests/keys
	(cd $(INSTDIR)/tests/keys ; ../../../tools/create-key.sh logkey)
	openssl pkcs8 -topk8 -nocrypt -in $(INSTDIR)/tests/keys/logkey-private.pem -out $(INSTDIR)/tests/keys/logkey-private.pkcs8
	mkdir $(INSTDIR)/tests/mergedb
	mkdir $(INSTDIR)/tests/mergedb/chains
	touch $(INSTDIR)/tests/mergedb/logorder
	mkdir $(INSTDIR)/tests/known_roots
	cp tools/testcerts/roots/* $(INSTDIR)/tests/known_roots
	@for machine in $(MACHINES); do \
	  (cd $(INSTDIR); ../tools/compileconfig.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-$$machine.cfg) ; \
	  mkdir -p $(INSTDIR)/tests/machine/machine-$$machine/db ; \
	  touch $(INSTDIR)/tests/machine/machine-$$machine/db/index ; \
	  touch $(INSTDIR)/tests/machine/machine-$$machine/db/newentries ; \
	done
	(cd $(INSTDIR); ../tools/compileconfig.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-signing.cfg)
	mkdir $(INSTDIR)/tests/privatekeys
	mkdir $(INSTDIR)/tests/publickeys
	@for node in $(NODES); do \
	  (cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh $$node) ; \
	  mv $(INSTDIR)/tests/privatekeys/$$node.pem $(INSTDIR)/tests/publickeys/ ; \
	  mkdir -p test/nodes/$$node/log ; \
	done
	(cd $(INSTDIR)/tests/privatekeys ; ../../../tools/create-key.sh merge-1)
	mv $(INSTDIR)/tests/privatekeys/merge-1.pem $(INSTDIR)/tests/publickeys/
	-test -x $(SOFTHSM) && $(SOFTHSM) --init-token --slot=0 --label=mylabel --so-pin=ffff --pin=ffff
	-test -x $(SOFTHSM) && $(SOFTHSM) --import $(INSTDIR)/tests/keys/logkey-private.pkcs8 --slot 0 --label mylabel --pin ffff --id 00

tests-start:
	@for node in $(NODES); do \
	  (cd $(INSTDIR) ; bin/run_erl -daemon ../test/nodes/$$node/ ../test/nodes/$$node/log/ "exec bin/erl -config $$node") \
	done
	@for i in 1 2 3 4 5 6 7 8 9 10; do \
	  echo "waiting for system to start" ; \
	  sleep 0.5 ; \
	  allstarted=1 ; \
	  notstarted= ; \
	  for testurl in $(TESTURLS); do \
	    if curl -s --cacert $(INSTDIR)/tests/httpsca/demoCA/cacert.pem -4 https://$$testurl > /dev/null ; then : ; else allstarted=0 ; notstarted="$$testurl $$notstarted" ; fi ; \
	    : ; \
	  done ; \
	  if [ $$allstarted -eq 1 ]; then break ; \
	  elif [ $$i -eq 10 ]; then echo Not started: $$notstarted ; fi ; \
	done

tests-run:
	@(cd $(INSTDIR) && python ../tools/testcase1.py https://localhost:8080/ tests/keys/logkey.pem tests/httpsca/demoCA/cacert.pem) || (echo "Tests failed" ; false)
	@(cd $(INSTDIR) && python ../tools/fetchallcerts.py $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Verification failed" ; false)
	@(cd $(INSTDIR) && rm -f submittedcerts)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert3.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert4.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/cert5.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre1.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/submitcert.py --parallel=1 --store ../tools/testcerts/pre2.txt --check-sct --sct-file=submittedcerts $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || (echo "Submission failed" ; false)
	@(cd $(INSTDIR) && python ../tools/merge.py --config ../test/catlfish-test.cfg --localconfig ../test/catlfish-test-local-merge.cfg) || (echo "Merge failed" ; false)

tests-run2:
	@(cd $(INSTDIR) ; python ../tools/verifysct.py --sct-file=submittedcerts --parallel 1 $(BASEURL) --publickey=tests/keys/logkey.pem --cafile tests/httpsca/demoCA/cacert.pem) || echo "Verification of SCT:s failed"

tests-stop:
	@for node in $(NODES); do \
	  ./tools/to_catlfish.py to_erl test/nodes/$$node/ "init:stop()"; \
	done

tests-wait:
	sleep 5

tests-makemk:
	tools/compileconfig.py --config=test/catlfish-test.cfg --testmakefile=test/test.mk --machines 1

tests:
	@make tests-makemk
	@make tests-prepare
	@make tests-start
	@make tests-run || (make tests-stop ; false)
	@make tests-wait
	@make tests-stop
	@make tests-wait
	@make tests-start
	@make tests-run2 || (make tests-stop ; false)
	@make tests-wait
	@make tests-stop

tests-createca:
	mkdir $(INSTDIR)/tests/httpsca
	( cd $(INSTDIR)/tests/httpsca ; \
	  mkdir -p demoCA/newcerts ; \
	  touch demoCA/index.txt ; \
	  echo 00 > demoCA/serial ; \
	  echo '[ req ]' > caconfig.txt ; \
	  echo 'distinguished_name = req_distinguished_name' >> caconfig.txt ; \
	  echo 'x509_extensions = v3_ca' >> caconfig.txt ; \
	  echo 'string_mask = utf8only' >> caconfig.txt ; \
	  echo '[ req_distinguished_name ]' >> caconfig.txt ; \
	  echo '[ v3_ca ]' >> caconfig.txt ; \
	  echo 'basicConstraints=CA:true' >> caconfig.txt ; \
	  openssl req -newkey rsa:2048 -keyout key.pem -out req.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/commonName=ca/O=ca' -config caconfig.txt ; \
	  openssl ca -in req.csr -selfsign -keyfile key.pem -out demoCA/cacert.pem -batch \
	)

tests-createcert:
	mkdir $(INSTDIR)/tests/httpscert
	openssl req -new -newkey rsa:2048 -keyout $(INSTDIR)/tests/httpscert/httpskey-1.pem -out $(INSTDIR)/tests/httpsca/httpscert-1.csr -nodes -subj '/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=localhost'
	( cd $(INSTDIR)/tests/httpsca ; \
	  openssl ca -in httpscert-1.csr -keyfile key.pem -out httpscert-1.pem -batch \
	)
	cp $(INSTDIR)/tests/httpsca/httpscert-1.pem $(INSTDIR)/tests/httpscert/

dialyze: build
	dialyzer ebin

tags:
	etags src/*.[he]rl

# Unit testing.
check: all
	test/check.erl