# Include this file and set the following make variables or use the
# defaults.

# LOGNAME = name of the log to create
LOGNAME ?= $$(basename $$PWD)

# NODES = list of names of non-merge nodes
NODES ?= $$(cd nodes; ls | egrep -v ^merge-)

# MERGE_NODES = list of names of merge nodes
MERGE_NODES ?= $$(cd nodes; ls merge-*)

# HSM_SO_PIN = SoftHSM "security officer PIN"
HSM_SO_PIN ?= f0f0

# HSM_PIN = SoftHSM PIN
HSM_PIN ?= fefe

# SOFTHSM_BASE_DIR = base directory for SoftHSMv2 installation
SOFTHSM_BASE_DIR ?= ~/usr

# SOFTHSM_UTIL = full path to softhsm2-util from SoftHSMv2
SOFTHSM_UTIL ?= $(SOFTHSM_BASE_DIR)/bin/softhsm2-util

# CATLFISH_SRC = path to catlfish source code
CATLFISH_SRC ?= ~/usr/src/catlfish

test:
	@echo LOGNAME = $(LOGNAME)
	@echo NODES = $(NODES)
	@echo MERGE_NODES = $(MERGE_NODES)
.PHONY: test

log: certs authkeys logkey.pem

destdirs:
	@for node in $(NODES) $(MERGE_NODES); do \
	  if [ -d nodes.out/$${node} ]; then true; \
	    else mkdir -p nodes.out/$${node}; \
	  fi \
	done

tests privatekeys publickeys:
	mkdir $@

tests/httpsca/key.pem: tests
	make -f $(CATLFISH_SRC)/Makefile INSTDIR=. tests-createca
tests/httpscert:
	mkdir $@
certs: tests/httpsca/key.pem tests/httpscert destdirs
	@for cn in $(NODES); do \
	  openssl req -new -newkey rsa:2048 \
		-keyout tests/httpscert/$${cn}-key.pem \
		-out tests/httpsca/$${cn}.csr -nodes \
		-subj "/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=$${cn}"; \
	  (cd tests/httpsca; \
	   openssl ca -in $${cn}.csr -keyfile key.pem -out $${cn}.pem -batch); \
	  cp tests/httpsca/$${cn}.pem tests/httpscert/; \
	done

authkeys: privatekeys publickeys destdirs
	for node in $(NODES) $(MERGE_NODES); do \
	  (cd privatekeys; $(CATLFISH_SRC)/tools/create-key.sh $${node}); \
	  mv privatekeys/$${node}.pem publickeys/; \
	  cp privatekeys/$${node}-private.pem nodes.out/$${node}/; \
	  cp tests/httpsca/demoCA/cacert.pem nodes.out/$${node}/; \
	done
	@for node in $(NODES) $(MERGE_NODES); do \
	  cp -a publickeys nodes.out/$${node}/; \
	done

logkey.pem: destdirs $(SOFTHSM_UTIL)
	! [ -f logkey-private.pem ]
	$(CATLFISH_SRC)/tools/create-key.sh logkey
	chmod 600 logkey-private.pem

	openssl pkcs8 -topk8 -nocrypt \
		-in logkey-private.pem -out logkey-private.pkcs8
	$(SOFTHSM_UTIL) --init-token --slot 0 --label $(LOGNAME) \
		--so-pin $(HSM_SO_PIN) --pin $(HSM_PIN)
	$(SOFTHSM_UTIL) --import logkey-private.pkcs8 --slot 0 \
		--label $(LOGNAME) --pin $(HSM_PIN) --id 00

	for node in $(NODES) $(MERGE_NODES); do \
	  cp logkey.pem nodes.out/$${node}/; \
	done

.PHONY: destdirs certs authkeys