
PASSWORD=changeit

ALIAS=demopvaserver
DNAME="CN=124.32.19.56, OU=Open Platform Trust Services, O=Demo Server, L=Tokyo, C=JP"
KEYSTORE=server.keystore
CERTFILE=server.cer
PKCS8=server.pkcs8
OPENSSL_KEY=server.key
CERTPEM=server.crt
PKCS12=server.pfx

CLIENT_KEYSTORE=client.keystore
CLIENT_ALIAS=demotpclient
CLIENT_DNAME="CN=Client, OU=Open Platform Trust Services, O=Demo Client, L=Tokyo, C=JP"
CLIENT_CERTFILE=client.cer
CERT_ALIAS=demopva


usage:
	@echo ""
	@echo "JAVA_HOME     : $JAVA_HOME"
	@echo "DNAME         : $DNAME"
	@echo "Keystore file : $KEYSTORE"
	
#new:
#	sh setupkey.sh

################################
# by keytool
################################
$(KEYSTORE):
	@echo "--- Gen Key for Server ---"
	keytool -genkey -alias $(ALIAS) -dname $(DNAME) -keyalg RSA -validity 356 -keypass $(PASSWORD) -storepass $(PASSWORD) -keystore $(KEYSTORE)

$(CERTFILE): $(KEYSTORE)
	@echo "--- Exporting the cert ---"
	keytool -export -alias $(ALIAS) -storepass $(PASSWORD) -file $(CERTFILE) -keystore $(KEYSTORE)

$(CLIENT_KEYSTORE):
	@echo "--- Gen Key for Client ---"
	keytool -genkey -alias $(CLIENT_ALIAS) -dname $(CLIENT_DNAME) -keyalg RSA -validity 356 -keypass $(PASSWORD) -storepass $(PASSWORD) -keystore $(CLIENT_KEYSTORE)

$(CLIENT_CERTFILE): $(CLIENT_KEYSTORE)
	@echo "--- Exporting the client cert ---"
	keytool -export -alias $(CLIENT_ALIAS) -storepass $(PASSWORD) -file $(CLIENT_CERTFILE) -keystore $(CLIENT_KEYSTORE)

new: $(CERTFILE) $(CLIENT_CERTFILE)
	@echo "--- Import client cert into server keystore ---"
	keytool -import -v -trustcacerts -alias $(CERT_ALIAS) -file $(CERTFILE) -keystore $(CLIENT_KEYSTORE) -keypass $(PASSWORD) -storepass $(PASSWORD)
	@echo "--- Import server cert into client keystore ---"
	keytool -import -v -trustcacerts -alias $(CERT_ALIAS) -file $(CLIENT_CERTFILE) -keystore $(KEYSTORE) -keypass $(PASSWORD) -storepass $(PASSWORD)

################################
# OpenSSL
################################
ExportPriv.java:
	wget http://mark.foster.cc/pub/java/ExportPriv.java
ExportPriv.class: ExportPriv.java
	javac ExportPriv.java
$(PKCS8): ExportPriv.class
	java ExportPriv $(KEYSTORE) $(ALIAS) $(PASSWORD) > $(PKCS8)
$(OPENSSL_KEY): $(PKCS8)
	openssl pkcs8 -inform PEM -nocrypt -in $(PKCS8) -out $(OPENSSL_KEY)
$(CERTPEM):
	openssl x509 -out $(CERTPEM) -outform pem -in $(CERTFILE) -inform der
$(PKCS12): $(OPENSSL_KEY) $(CERTPEM)
	openssl pkcs12 -export -out $(PKCS12) -inkey  $(OPENSSL_KEY) -in $(CERTPEM)
pkcs12: $(PKCS12)

################################
# by gkeytool GNU Classpath
################################
# TODO 
# gkeytool -import -keystore client.gkeystore -file cert.pem
# gkeytool -list -v -keystore client.gkeystore
#
	
################################
# Tomcat
################################

INSTALLED_KEYSTORE=/opt/OpenPlatformTrustServices/tcdemo/server.keystore

$(INSTALLED_KEYSTORE) : $(KEYSTORE)
	cp $(KEYSTORE) /opt/OpenPlatformTrustServices/tcdemo/server.keystore

install: $(INSTALLED_KEYSTORE)


clean:
	rm -f $(KEYSTORE)
	rm -f $(CERTFILE)
	rm -f $(CLIENT_CERTFILE)
	rm -f $(CLIENT_KEYSTORE)
	

# EOF