SSLproxy/extra/pki/GNUmakefile

# inherited
VERSION?=	unknown
OPENSSL?=	openssl
MKDIR?=		mkdir

# OpenSSL settings
CA_SUBJECT?=	'/C=CH/O=SSLsplit Root CA/CN=SSLsplit Root CA/'
CA_DAYS?=	3650
CA_EXT:=	v3_ca
CRT_SUBJECT?=	'/C=CH/O=SSLsplit Test Certificate/CN=daniel.roe.ch/'
CRT_DAYS?=	365
CRT_EXT:=	v3_crt
CONFIG:=	x509v3ca.cnf
PASSWORD:=	test
DIGEST:=	-$(shell echo test | openssl dgst -sha256 2>/dev/null | grep -q f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2 && echo sha256 || echo sha1)

all: rsa dsa ec targets server pwd

testreqs: rsa targets server

session: session.pem

dh: dh512.param dh1024.param dh2048.param dh4096.param

rsa: rsa.pem

pwd: pwd.key

dsa: dsa.pem

ec: ec.pem

server: server.pem

dh512.param:
	$(OPENSSL) dhparam -out $@ -2 512

dh1024.param:
	$(OPENSSL) dhparam -out $@ -2 1024

dh2048.param:
	$(OPENSSL) dhparam -out $@ -2 2048

dh4096.param:
	$(OPENSSL) dhparam -out $@ -2 4096

dsa.param:
	$(OPENSSL) dsaparam -out $@ 1024

dsa.key: dsa.param
	$(OPENSSL) gendsa -out $@ $<

rsa.key:
	$(OPENSSL) genrsa -out $@ 1024

pwd.key: rsa.key
	echo $(PASSWORD) | $(OPENSSL) rsa -in $< -out $@ -aes128 -passout stdin

ec.key:
	$(OPENSSL) ecparam -out $@ -name prime192v1 -genkey

%.crt: %.key $(CONFIG)
	$(OPENSSL) req -new -nodes -x509 $(DIGEST) -out $@ -key $< \
		-config $(CONFIG) -extensions $(CA_EXT) \
		-subj $(CA_SUBJECT) \
		-set_serial 0 -days $(CA_DAYS)

server.key:
	$(OPENSSL) genrsa -out $@ 1024

server.crt: server.key $(CONFIG)
	$(OPENSSL) req -new -nodes -x509 $(DIGEST) -out $@ -key $< \
		-config $(CONFIG) -extensions $(CRT_EXT) \
		-subj $(CRT_SUBJECT) \
		-set_serial 42 -days $(CRT_DAYS)

%.pem: %.crt %.key
	cat $^ >$@

targets: targets/daniel.roe.ch.pem targets/wildcard.roe.ch.pem
	$(RM) rsa.srl

targets/daniel.roe.ch.pem: rsa.crt
	$(MKDIR) -p targets
	$(OPENSSL) genrsa -out targets/daniel.roe.ch.key 1024
	$(OPENSSL) req -new $(DIGEST) -subj '/C=CH/CN=daniel.roe.ch/' \
		-key targets/daniel.roe.ch.key \
		-out targets/daniel.roe.ch.csr
	$(OPENSSL) x509 -req $(DIGEST) -CAcreateserial -days 365 \
		-CA rsa.crt -CAkey rsa.key \
		-in targets/daniel.roe.ch.csr \
		-out targets/daniel.roe.ch.crt
	cat targets/daniel.roe.ch.crt targets/daniel.roe.ch.key rsa.crt \
		>targets/daniel.roe.ch.pem
	$(RM) targets/daniel.roe.ch.key targets/daniel.roe.ch.csr \
		targets/daniel.roe.ch.crt

targets/wildcard.roe.ch.pem: rsa.crt
	$(MKDIR) -p targets
	$(OPENSSL) genrsa -out targets/wildcard.roe.ch.key 1024
	$(OPENSSL) req -new $(DIGEST) -subj '/C=CH/CN=*.roe.ch/' \
		-key targets/wildcard.roe.ch.key \
		-out targets/wildcard.roe.ch.csr
	$(OPENSSL) x509 -req $(DIGEST) -CAcreateserial -days 365 \
		-CA rsa.crt -CAkey rsa.key \
		-in targets/wildcard.roe.ch.csr \
		-out targets/wildcard.roe.ch.crt
	cat targets/wildcard.roe.ch.crt targets/wildcard.roe.ch.key rsa.crt \
		>targets/wildcard.roe.ch.pem
	$(RM) targets/wildcard.roe.ch.key targets/wildcard.roe.ch.csr \
		targets/wildcard.roe.ch.crt

# localhost network connectivity is required
session.pem:
	openssl s_server -accept 46143 -cert server.pem -quiet -no_ssl2 & \
		pid=$$! ; \
		sleep 1 ; \
		echo q | $(OPENSSL) s_client -connect localhost:46143 \
			-quiet -no_ign_eof -sess_out $@ ; \
		kill $$pid
	test -r $@

clean:
	rm -rf rsa.* dsa.* ec.* dh*.param targets *.srl session.pem server.*

.PHONY: all clean rsa dsa ec dh session targets
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`# inherited`
			`VERSION?= unknown`
			`OPENSSL?= openssl`
			`MKDIR?= mkdir`

			`# OpenSSL settings`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`CA_SUBJECT?= '/C=CH/O=SSLsplit Root CA/CN=SSLsplit Root CA/'`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`CA_DAYS?= 3650`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`CA_EXT:= v3_ca`
			`CRT_SUBJECT?= '/C=CH/O=SSLsplit Test Certificate/CN=daniel.roe.ch/'`
			`CRT_DAYS?= 365`
			`CRT_EXT:= v3_crt`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`CONFIG:= x509v3ca.cnf`
Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`PASSWORD:= test`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`DIGEST:= -$(shell echo test \| openssl dgst -sha256 2>/dev/null \| grep -q f2ca1bb6c7e907d06dafe4687e579fce76b37e4e93b7605022da52e6ccc26fd2 && echo sha256 \|\| echo sha1)`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`all: rsa dsa ec targets server pwd`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
Do not generate ECC keys for unit tests 2012-06-05 21:23:27 +00:00			`testreqs: rsa targets server`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`session: session.pem`

Add 4096-bit Diffie-Hellman to dh target 2012-10-02 22:50:50 +00:00			`dh: dh512.param dh1024.param dh2048.param dh4096.param`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
			`rsa: rsa.pem`

Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`pwd: pwd.key`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`dsa: dsa.pem`

			`ec: ec.pem`

Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`server: server.pem`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`dh512.param:`
			`$(OPENSSL) dhparam -out $@ -2 512`

			`dh1024.param:`
			`$(OPENSSL) dhparam -out $@ -2 1024`

			`dh2048.param:`
			`$(OPENSSL) dhparam -out $@ -2 2048`

Add 4096-bit Diffie-Hellman to dh target 2012-10-02 22:50:50 +00:00			`dh4096.param:`
			`$(OPENSSL) dhparam -out $@ -2 4096`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`dsa.param:`
			`$(OPENSSL) dsaparam -out $@ 1024`

			`dsa.key: dsa.param`
			`$(OPENSSL) gendsa -out $@ $<`

			`rsa.key:`
			`$(OPENSSL) genrsa -out $@ 1024`

Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`pwd.key: rsa.key`
			`echo $(PASSWORD) \| $(OPENSSL) rsa -in $< -out $@ -aes128 -passout stdin`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`ec.key:`
			`$(OPENSSL) ecparam -out $@ -name prime192v1 -genkey`

Rebuild certs after config changes 2012-04-17 22:04:10 +00:00			`%.crt: %.key $(CONFIG)`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`$(OPENSSL) req -new -nodes -x509 $(DIGEST) -out $@ -key $< \`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`-config $(CONFIG) -extensions $(CA_EXT) \`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`-subj $(CA_SUBJECT) \`
			`-set_serial 0 -days $(CA_DAYS)`

Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`server.key:`
			`$(OPENSSL) genrsa -out $@ 1024`

Rebuild certs after config changes 2012-04-17 22:04:10 +00:00			`server.crt: server.key $(CONFIG)`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`$(OPENSSL) req -new -nodes -x509 $(DIGEST) -out $@ -key $< \`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`-config $(CONFIG) -extensions $(CRT_EXT) \`
			`-subj $(CRT_SUBJECT) \`
			`-set_serial 42 -days $(CRT_DAYS)`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`%.pem: %.crt %.key`
			`cat $^ >$@`

Improve dependency tracking for targets/ certs 2014-01-29 20:20:16 +00:00			`targets: targets/daniel.roe.ch.pem targets/wildcard.roe.ch.pem`
Fix glob to be compatible with /bin/dash 2014-01-29 20:25:19 +00:00			`$(RM) rsa.srl`
Improve dependency tracking for targets/ certs 2014-01-29 20:20:16 +00:00
			`targets/daniel.roe.ch.pem: rsa.crt`
Rebuild certs after config changes 2012-04-17 22:04:10 +00:00			`$(MKDIR) -p targets`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`$(OPENSSL) genrsa -out targets/daniel.roe.ch.key 1024`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`$(OPENSSL) req -new $(DIGEST) -subj '/C=CH/CN=daniel.roe.ch/' \`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`-key targets/daniel.roe.ch.key \`
			`-out targets/daniel.roe.ch.csr`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`$(OPENSSL) x509 -req $(DIGEST) -CAcreateserial -days 365 \`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`-CA rsa.crt -CAkey rsa.key \`
			`-in targets/daniel.roe.ch.csr \`
			`-out targets/daniel.roe.ch.crt`
			`cat targets/daniel.roe.ch.crt targets/daniel.roe.ch.key rsa.crt \`
			`>targets/daniel.roe.ch.pem`
Fix glob to be compatible with /bin/dash 2014-01-29 20:25:19 +00:00			`$(RM) targets/daniel.roe.ch.key targets/daniel.roe.ch.csr \`
			`targets/daniel.roe.ch.crt`
Improve dependency tracking for targets/ certs 2014-01-29 20:20:16 +00:00
			`targets/wildcard.roe.ch.pem: rsa.crt`
			`$(MKDIR) -p targets`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`$(OPENSSL) genrsa -out targets/wildcard.roe.ch.key 1024`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`$(OPENSSL) req -new $(DIGEST) -subj '/C=CH/CN=*.roe.ch/' \`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`-key targets/wildcard.roe.ch.key \`
			`-out targets/wildcard.roe.ch.csr`
Move from sha1 to sha256 in examples and tests Note that OpenSSL may not support -sha256 on all platforms so we actually check for support before using it in `make test`. For the examples, a modern version of OpenSSL that supports -sha256 is assumed. Issue: #83 2015-03-24 19:31:38 +00:00			`$(OPENSSL) x509 -req $(DIGEST) -CAcreateserial -days 365 \`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`-CA rsa.crt -CAkey rsa.key \`
			`-in targets/wildcard.roe.ch.csr \`
			`-out targets/wildcard.roe.ch.crt`
			`cat targets/wildcard.roe.ch.crt targets/wildcard.roe.ch.key rsa.crt \`
			`>targets/wildcard.roe.ch.pem`
Fix glob to be compatible with /bin/dash 2014-01-29 20:25:19 +00:00			`$(RM) targets/wildcard.roe.ch.key targets/wildcard.roe.ch.csr \`
			`targets/wildcard.roe.ch.crt`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
Create session.pem without Internet connectivity Use openssl s_server in order to create a temporary SSL server for creating an SSL session dump for the unit tests to work with. This removes the requirement of having Internet connectivity for running the test suite, which prevented package builds from running the unit tests. 2014-01-11 20:49:05 +00:00			`# localhost network connectivity is required`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`session.pem:`
Make session.pem generation more portable 2014-01-14 16:37:17 +00:00			`openssl s_server -accept 46143 -cert server.pem -quiet -no_ssl2 & \`
Create session.pem without Internet connectivity Use openssl s_server in order to create a temporary SSL server for creating an SSL session dump for the unit tests to work with. This removes the requirement of having Internet connectivity for running the test suite, which prevented package builds from running the unit tests. 2014-01-11 20:49:05 +00:00			`pid=$$! ; \`
			`sleep 1 ; \`
Make session.pem generation more portable 2014-01-14 16:37:17 +00:00			`echo q \| $(OPENSSL) s_client -connect localhost:46143 \`
			`-quiet -no_ign_eof -sess_out $@ ; \`
Create session.pem without Internet connectivity Use openssl s_server in order to create a temporary SSL server for creating an SSL session dump for the unit tests to work with. This removes the requirement of having Internet connectivity for running the test suite, which prevented package builds from running the unit tests. 2014-01-11 20:49:05 +00:00			`kill $$pid`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`test -r $@`

			`clean:`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`rm -rf rsa.* dsa.* ec.* dh.param targets .srl session.pem server.*`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
Add targets to .PHONY 2014-01-29 20:14:39 +00:00			`.PHONY: all clean rsa dsa ec dh session targets`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00