clean:
	rm -rf test-certs

setup:
	mkdir -p test-certs


generate-certs:	setup generate-ca-crt generate-intermediate-ca-crt generate-server-crt generate-intermediate-chain generate-client-crt generate-pk12-certs

# run generate-certs first
generate-pk12-certs:	generate-server-pk12 generate-client-pk12

### CA Generation

generate-ca-key:	
	openssl genrsa  -out test-certs/ca.key 4096

generate-ca-crt:	generate-ca-key
	openssl req -x509 -new -nodes -key test-certs/ca.key -out test-certs/ca.crt \
		-subj /C=US/ST=CA/L=Sunnyvale/O=Fluvio/OU=Eng/CN=fluvio.io

### Intermediate CA Generation

generate-intermediate-ca-key:	
	openssl genrsa  -out test-certs/intermediate-ca.key 4096

generate-intermediate-ca-csr: generate-intermediate-ca-key
	openssl req -new \
    -key test-certs/intermediate-ca.key \
    -out test-certs/intermediate-ca.csr \
    -subj /C=US/ST=CA/L=Sunnyvale/O=Fluvio/OU=Eng/CN=intermediate.fluvio.io \
    -config intermediate-cert.conf

generate-intermediate-ca-crt: generate-intermediate-ca-csr
	openssl x509 -req \
    -in test-certs/intermediate-ca.csr \
    -out test-certs/intermediate-ca.crt \
		-CA test-certs/ca.crt \
		-CAkey test-certs/ca.key \
		-CAcreateserial  \
		-days 500 \
		-extensions v3_inter \
		-extfile openssl.cnf

### Non-Intermediate Chain Server

generate-server-key:
	openssl genrsa -out test-certs/server.key 4096


generate-server-csr:	generate-server-key
	openssl req -new -key test-certs/server.key \
		-out test-certs/server.csr \
		-config  cert.conf


### Intermediate Chain Server

generate-intermediate-server-key:	
	openssl genrsa -out test-certs/intermediate-server.key 4096


generate-intermediate-server-csr:	generate-intermediate-server-key
	openssl req -new -key test-certs/intermediate-server.key \
		-out test-certs/intermediate-server.csr \
		-config  cert.conf 

# generate anonymous pk12
.PHONY: generate-server-pk12
generate-server-pk12:	
	openssl pkcs12 -export -out test-certs/server.pfx -inkey test-certs/server.key -in test-certs/server.crt -certfile  test-certs/ca.crt -passout pass:test



verify-csr:
	openssl req -in test-certs/server.csr -noout -text

### Non-Intermediate Chain

decrypt-server-crt:
	openssl x509 -in test-certs/server.crt   -noout -text

generate-server-crt:	generate-server-csr
	openssl x509 -req \
		-in test-certs/server.csr \
		-out test-certs/server.crt \
		-CA test-certs/ca.crt \
		-CAkey test-certs/ca.key \
		-CAcreateserial  \
		-days 500 \
		-extensions v3_end \
		-extfile openssl.cnf

### Intermediate Chain

decrypt-intermediate-server-crt:
	openssl x509 -in test-certs/intermediate-server.crt   -noout -text

generate-intermediate-server-crt:	generate-intermediate-server-csr
	openssl x509 -req \
		-in test-certs/intermediate-server.csr \
		-out test-certs/intermediate-server.crt \
		-CA test-certs/intermediate-ca.crt \
		-CAkey test-certs/intermediate-ca.key \
		-CAcreateserial  \
		-days 500 \
		-extensions v3_end \
		-extfile openssl.cnf

generate-intermediate-chain: generate-intermediate-ca-crt generate-intermediate-server-crt
	cat test-certs/ca.crt test-certs/intermediate-ca.crt test-certs/intermediate-server.crt > test-certs/intermediate-full.crt

#################################
#
#  Client Certificates
#

generate-client-key:
	openssl genrsa -out test-certs/client.key 4096

generate-client-csr:	generate-client-key
	openssl req -new -key test-certs/client.key -out test-certs/client.csr \
		-subj "/C=US/ST=CA/O=MyOrg, Inc./CN=client.com"

generate-client-crt:	generate-client-csr
	openssl x509 -req \
		-days 365 -in test-certs/client.csr \
		-out test-certs/client.crt \
		-CA test-certs/ca.crt -CAkey test-certs/ca.key -CAcreateserial \
		-extensions v3_end \
		-extfile openssl.cnf

generate-client-pk12:
	openssl pkcs12 -export -out test-certs/client.pfx -inkey test-certs/client.key -in test-certs/client.crt -certfile  test-certs/ca.crt -passout pass:test


# for non mac
test-curl:
	curl -v -s -k --key client.key --cert client.crt "https://127.0.0.1:8443/hello/world"

install-curl-ssl:
	 brew upgrade curl-openssl

test-mac-curl:
	 /usr/local/opt/curl-openssl/bin/curl -v -k -s --key certs/client.key --cert certs/client.crt "https://127.0.0.1:8443/hello/world"


MAKE_DIR = $(dir $(realpath $(firstword $(MAKEFILE_LIST))))

start-nginx:
	nginx -c $(MAKE_DIR)/nginx.conf

start-intermediate-nginx:
	nginx -c $(MAKE_DIR)/intermediate-nginx.conf 

stop-nginx:
	nginx -s quit

