src/seastar/tests/unit/mkcert.gmk


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

server  = $(shell hostname)
domain  = $(shell dnsdomainname)
name    = $(server)

country = SE
state   = Stockholm
locality= $(state)
org     = $(domain)
unit    = $(domain)
mail    = mx
common  = $(server).$(domain)
email   = postmaster@$(domain)
ckey    = ca$(key).pem

pubkey  = $(name).pub
prvkey  = $(name).key
width   = 4096

csr     = $(name).csr
crt     = $(name).crt

root    = ca$(name).pem
rootkey = ca$(name).key

config  = $(name).cfg
days    = 3650

alg 	= RSA
alg_opt = -pkeyopt rsa_keygen_bits:$(width)

hosts   =

all     	: $(crt)

clean		:
		@rm -f $(crt) $(csr) $(pubkey) $(prvkey)

%.key		: 
		@echo generating $@
		openssl genpkey -out $@ -algorithm $(alg) $(alg_opt)

%.pub  		: %.key
		@echo generating $@
		openssl pkey -in $< -out $@

$(config) 	: $(MAKEFILE_LIST)
		@echo generating $@
		@(										\
			echo [ req ]                                                    ;       \
			echo default_bits = $(width)                                    ;       \
			echo default_keyfile = $(prvkey)                                  ;       \
			echo default_md = sha256 ;	\
			echo distinguished_name = req_distinguished_name        	;       \
			echo req_extensions = v3_req                                    ;       \
			echo prompt = no                                                ;       \
			echo [ req_distinguished_name ]         			;       \
			echo C = $(country)     					;       \
			echo ST = $(state)      					;       \
			echo L = $(locality)            				;       \
			echo O = $(org)							;	\
			echo OU = $(unit)       					;       \
			echo CN= $(common)      					;       \
			echo emailAddress = $(email)            			;       \
			echo [v3_ca]            					;       \
			echo subjectKeyIdentifier=hash          			;       \
			echo authorityKeyIdentifier=keyid:always,issuer:always  	;       \
			echo basicConstraints = CA:true         			;       \
			echo [v3_req]           					;       \
			echo "# Extensions to add to a certificate request"       	;       \
			echo basicConstraints = CA:FALSE        			;       \
			echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment ;     \
			$(if $(hosts), echo subjectAltName = @alt_names         	;)      \
			$(if $(hosts), echo [alt_names]         			;)      \
			$(if $(hosts), index=1; for host in $(hosts);   			\
		        	do echo DNS.$$index = $$host.$(domain);         		\
				index=$$(($$index + 1));done    ;)      			\
		) > $@

%.csr		: %.key $(config)
	        @echo generating $@
	        openssl req -new -key $< -out $@ -config $(config) 

%.crt  		: %.csr $(root) $(rootkey)
		@echo generating $@
		openssl x509 -req -in $< -CA $(root) -CAkey $(rootkey) -CAcreateserial 		\
			-out $@ -days $(days)

%.pem		: %.key $(config)
	        @echo generating $@
		openssl req -x509 -new -nodes -key $< -days $(days) -config $(config) 		\
			-out $@

.PRECIOUS	: %.pem %.key %.pub %.crt %.csr