#!/bin/sh
# vi:set filetype=makefile
NULL=0  exec make "CALL=$0" "EXE=`which $0`" -f "`which $0`" -- "$@"

BITS  ?= 4096
EXE   ?= sslmake
CALL  ?= `which $(EXE)`
DEFAULTOPENSSLCNF ?= /etc/ssl/openssl.cnf
S     ?= .

OPENSSL ?= /usr/bin/openssl
GENRSA  ?= $(OPENSSL) genrsa
GENDH   ?= $(OPENSSL) gendh
GENREQ  ?= $(OPENSSL) req
SIGN    ?= $(OPENSSL) x509

all: help
--help -h: help
--renew -r: renew
--build -b: build

help:
	@echo -e "\
Creates SSL-keys and -certificate requests named %.key/%.csr (replace % by name)\n\
	BITS=strength: for setting bit-strength (default $(BITS))\n\
  --help -h: Display this help message.\n\
  --renew -r:  Renews %.csr for all %.key.\n\
  --build -b:  Builds %.csr and %.key for every %.cnf if doesn't exist.\n\
  %.cnf:  Copies /etc/ssl/openssl.cnf to %.cnf.\n\
  %.key:  Creates %.key.\n\
  %.csr:  Creates %.csr and if doesn't exists %.key."

renew: $(patsubst %.key,%.csr.new,$(wildcard *.key))
build: $(patsubst %.cnf,%csr,$(wildcard *.cnf))

root.key:
	@echo "root.crt keeper"
root.crt:
	@echo "root.crt keeper"

%.del:
	[ ! -e "$(*)" ] || mv --backup=numbered "$(*)" "$(*).`date +%Y-%m-%d`"
	
%.new: %.del
	$(CALL) "$*"

%.cnf:
	cp "$(DEFAULTOPENSSLCNF)" "$(@)"

%.key:
	umask 177 ; $(GENRSA) -out "$(@)" $(BITS)

%.dh:
	umask 177 ; $(GENDH) -out "$(@)" $(BITS)

%.csr: %.cnf %.key
	$(GENREQ) -config "$(*).cnf" -batch -nodes -new -key$$([ -e "$(*).key" ] || echo out ) "$(*).key" -out "$(@)"

%.crt: %.csr serial root.crt root.key
	$(SIGN) -req -days 365 -in "$(*).csr" -CA root.crt -CAkey root.key -CAserial "serial" -out "$(@)"

%.pem: %.crt %.key
	umask 177 ; cat $(^) > "$(@).bk"
	mv "$(@).bk" "$(@)"

.PHONY: all help build renew %.new %.del
.PRECIOUS: %.csr %.key %.cnf %.pem