SSLproxy/extra/pki/GNUmakefile

# inherited
VERSION?=	unknown
OPENSSL?=	openssl
MKDIR?=		mkdir

# OpenSSL settings
CA_SUBJECT?=	'/C=CH/O=SSLsplit Root CA/CN=SSLsplit Root CA/'
CA_DAYS?=	3650
CA_EXT:=	v3_ca
CRT_SUBJECT?=	'/C=CH/O=SSLsplit Test Certificate/CN=daniel.roe.ch/'
CRT_DAYS?=	365
CRT_EXT:=	v3_crt
CONFIG:=	x509v3ca.cnf
PASSWORD:=	test

all: rsa dsa ec targets server pwd

testreqs: rsa targets server

session: session.pem

dh: dh512.param dh1024.param dh2048.param

rsa: rsa.pem

pwd: pwd.key

dsa: dsa.pem

ec: ec.pem

server: server.pem

dh512.param:
	$(OPENSSL) dhparam -out $@ -2 512

dh1024.param:
	$(OPENSSL) dhparam -out $@ -2 1024

dh2048.param:
	$(OPENSSL) dhparam -out $@ -2 2048

dsa.param:
	$(OPENSSL) dsaparam -out $@ 1024

dsa.key: dsa.param
	$(OPENSSL) gendsa -out $@ $<

rsa.key:
	$(OPENSSL) genrsa -out $@ 1024

pwd.key: rsa.key
	echo $(PASSWORD) | $(OPENSSL) rsa -in $< -out $@ -aes128 -passout stdin

ec.key:
	$(OPENSSL) ecparam -out $@ -name prime192v1 -genkey

%.crt: %.key $(CONFIG)
	$(OPENSSL) req -new -nodes -x509 -sha1 -out $@ -key $< \
		-config $(CONFIG) -extensions $(CA_EXT) \
		-subj $(CA_SUBJECT) \
		-set_serial 0 -days $(CA_DAYS)

server.key:
	$(OPENSSL) genrsa -out $@ 1024

server.crt: server.key $(CONFIG)
	$(OPENSSL) req -new -nodes -x509 -sha1 -out $@ -key $< \
		-config $(CONFIG) -extensions $(CRT_EXT) \
		-subj $(CRT_SUBJECT) \
		-set_serial 42 -days $(CRT_DAYS)

%.pem: %.crt %.key
	cat $^ >$@

targets: rsa.crt
	$(MKDIR) -p targets
	$(OPENSSL) genrsa -out targets/daniel.roe.ch.key 1024
	$(OPENSSL) req -new -sha1 -subj '/C=CH/CN=daniel.roe.ch/' \
		-key targets/daniel.roe.ch.key \
		-out targets/daniel.roe.ch.csr
	$(OPENSSL) x509 -req -sha1 -CAcreateserial -days 365 \
		-CA rsa.crt -CAkey rsa.key \
		-in targets/daniel.roe.ch.csr \
		-out targets/daniel.roe.ch.crt
	cat targets/daniel.roe.ch.crt targets/daniel.roe.ch.key rsa.crt \
		>targets/daniel.roe.ch.pem
	$(RM) targets/daniel.roe.ch.{key,csr,crt}
	$(OPENSSL) genrsa -out targets/wildcard.roe.ch.key 1024
	$(OPENSSL) req -new -sha1 -subj '/C=CH/CN=*.roe.ch/' \
		-key targets/wildcard.roe.ch.key \
		-out targets/wildcard.roe.ch.csr
	$(OPENSSL) x509 -req -sha1 -CAcreateserial -days 365 \
		-CA rsa.crt -CAkey rsa.key \
		-in targets/wildcard.roe.ch.csr \
		-out targets/wildcard.roe.ch.crt
	cat targets/wildcard.roe.ch.crt targets/wildcard.roe.ch.key rsa.crt \
		>targets/wildcard.roe.ch.pem
	$(RM) targets/wildcard.roe.ch.{key,csr,crt} rsa.srl

# openssl s_server cannot be easily controlled from scripts; it is
# more robust to just connect to a real server to create a session
session.pem:
	( \
	echo 'GET /test/SSLsplit-$(VERSION) HTTP/1.1'; \
	echo 'Host: daniel.roe.ch'; \
	echo 'Connection: close'; \
	echo ) | $(OPENSSL) s_client -connect daniel.roe.ch:443 \
		-quiet -crlf -no_ign_eof -sess_out $@ >/dev/null 2>&1
	test -r $@

clean:
	rm -rf rsa.* dsa.* ec.* dh*.param targets *.srl session.pem server.*

.PHONY: all clean rsa dsa ec dh dhall session
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`# inherited`
			`VERSION?= unknown`
			`OPENSSL?= openssl`
			`MKDIR?= mkdir`

			`# OpenSSL settings`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`CA_SUBJECT?= '/C=CH/O=SSLsplit Root CA/CN=SSLsplit Root CA/'`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`CA_DAYS?= 3650`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`CA_EXT:= v3_ca`
			`CRT_SUBJECT?= '/C=CH/O=SSLsplit Test Certificate/CN=daniel.roe.ch/'`
			`CRT_DAYS?= 365`
			`CRT_EXT:= v3_crt`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`CONFIG:= x509v3ca.cnf`
Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`PASSWORD:= test`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`all: rsa dsa ec targets server pwd`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
Do not generate ECC keys for unit tests 2012-06-05 21:23:27 +00:00			`testreqs: rsa targets server`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`session: session.pem`

			`dh: dh512.param dh1024.param dh2048.param`

			`rsa: rsa.pem`

Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`pwd: pwd.key`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`dsa: dsa.pem`

			`ec: ec.pem`

Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`server: server.pem`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`dh512.param:`
			`$(OPENSSL) dhparam -out $@ -2 512`

			`dh1024.param:`
			`$(OPENSSL) dhparam -out $@ -2 1024`

			`dh2048.param:`
			`$(OPENSSL) dhparam -out $@ -2 2048`

			`dsa.param:`
			`$(OPENSSL) dsaparam -out $@ 1024`

			`dsa.key: dsa.param`
			`$(OPENSSL) gendsa -out $@ $<`

			`rsa.key:`
			`$(OPENSSL) genrsa -out $@ 1024`

Add generation of a password protected RSA key 2012-04-30 20:48:19 +00:00			`pwd.key: rsa.key`
			`echo $(PASSWORD) \| $(OPENSSL) rsa -in $< -out $@ -aes128 -passout stdin`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`ec.key:`
			`$(OPENSSL) ecparam -out $@ -name prime192v1 -genkey`

Rebuild certs after config changes 2012-04-17 22:04:10 +00:00			`%.crt: %.key $(CONFIG)`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`$(OPENSSL) req -new -nodes -x509 -sha1 -out $@ -key $< \`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`-config $(CONFIG) -extensions $(CA_EXT) \`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`-subj $(CA_SUBJECT) \`
			`-set_serial 0 -days $(CA_DAYS)`

Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`server.key:`
			`$(OPENSSL) genrsa -out $@ 1024`

Rebuild certs after config changes 2012-04-17 22:04:10 +00:00			`server.crt: server.key $(CONFIG)`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`$(OPENSSL) req -new -nodes -x509 -sha1 -out $@ -key $< \`
			`-config $(CONFIG) -extensions $(CRT_EXT) \`
			`-subj $(CRT_SUBJECT) \`
			`-set_serial 42 -days $(CRT_DAYS)`

Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`%.pem: %.crt %.key`
			`cat $^ >$@`

			`targets: rsa.crt`
Rebuild certs after config changes 2012-04-17 22:04:10 +00:00			`$(MKDIR) -p targets`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`$(OPENSSL) genrsa -out targets/daniel.roe.ch.key 1024`
			`$(OPENSSL) req -new -sha1 -subj '/C=CH/CN=daniel.roe.ch/' \`
			`-key targets/daniel.roe.ch.key \`
			`-out targets/daniel.roe.ch.csr`
			`$(OPENSSL) x509 -req -sha1 -CAcreateserial -days 365 \`
			`-CA rsa.crt -CAkey rsa.key \`
			`-in targets/daniel.roe.ch.csr \`
			`-out targets/daniel.roe.ch.crt`
			`cat targets/daniel.roe.ch.crt targets/daniel.roe.ch.key rsa.crt \`
			`>targets/daniel.roe.ch.pem`
			`$(RM) targets/daniel.roe.ch.{key,csr,crt}`
			`$(OPENSSL) genrsa -out targets/wildcard.roe.ch.key 1024`
			`$(OPENSSL) req -new -sha1 -subj '/C=CH/CN=*.roe.ch/' \`
			`-key targets/wildcard.roe.ch.key \`
			`-out targets/wildcard.roe.ch.csr`
			`$(OPENSSL) x509 -req -sha1 -CAcreateserial -days 365 \`
			`-CA rsa.crt -CAkey rsa.key \`
			`-in targets/wildcard.roe.ch.csr \`
			`-out targets/wildcard.roe.ch.crt`
			`cat targets/wildcard.roe.ch.crt targets/wildcard.roe.ch.key rsa.crt \`
			`>targets/wildcard.roe.ch.pem`
			`$(RM) targets/wildcard.roe.ch.{key,csr,crt} rsa.srl`

			`# openssl s_server cannot be easily controlled from scripts; it is`
			`# more robust to just connect to a real server to create a session`
			`session.pem:`
Avoid using the non-portable `echo -e` 2012-04-13 20:22:57 +00:00			`( \`
			`echo 'GET /test/SSLsplit-$(VERSION) HTTP/1.1'; \`
			`echo 'Host: daniel.roe.ch'; \`
			`echo 'Connection: close'; \`
			`echo ) \| $(OPENSSL) s_client -connect daniel.roe.ch:443 \`
			`-quiet -crlf -no_ign_eof -sess_out $@ >/dev/null 2>&1`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00			`test -r $@`

			`clean:`
Add test server cert with OCSP and CDP extensions 2012-04-17 20:27:30 +00:00			`rm -rf rsa.* dsa.* ec.* dh.param targets .srl session.pem server.*`
Initial import of sslsplit-0.4.2 2012-04-13 12:47:30 +00:00
			`.PHONY: all clean rsa dsa ec dh dhall session`