
export


install-server-certs: built-$(SERVER)-server-post
install-client-certs: built-$(CLIENT)-client-post
install-master-certs: built-master
install-all-certs: install-server-certs install-client-certs
install-clean: clean


IS_SRV:=$(shell [ localhost = $(SERVER) -o `hostname -s` = $(SERVER) ] && echo yes || echo no)
IS_CLI:=$(shell [ localhost = $(CLIENT) -o `hostname -s` = $(CLIENT) ] && echo yes || echo no)

ifeq ($(IS_SRV),yes)
  SRVCMD:= sh -c 
  SRVCMI:= sh -c
  SRVCPY:= cp -a
  SRVYPC:= cp -a
else
  SRVCMD:= ssh -n $(SERVER)
  SRVCMI:= ssh $(SERVER)
  define SRVCPY
    copy(){ \
      rsync    -uav --rsh=ssh "$$1" "$(SERVER):$$2" ; \
    } ; \
    copy 
  endef
  define SRVYPC
    copy(){ \
      rsync    -uav --rsh=ssh "$(SERVER):$$1" "$$2" ; \
    } ; \
    copy
  endef
endif
ifeq ($(IS_CLI),yes)
  CLICMD:= sh -c 
  CLICMI:= sh -c
  CLICPY:= rsync -uav --rsh=ssh 
  CLIYPC:= rsync -uav --rsh=ssh
else
  CLICMD:= ssh -n $(CLIENT)
  CLICMI:= ssh $(CLIENT)
  define CLICPY
    copy(){ \
      rsync    -uav --rsh=ssh "$$1" "$(CLIENT):$$2" ; \
    } ; \
    copy 
  endef
  define CLIYPC
    copy(){ \
      rsync    -uav --rsh=ssh "$(CLIENT):$$1" "$$2" ; \
    } ; \
    copy 
  endef
endif


# this makes demoCA/private/cakey.pem and demoCA/cacert.pem
# cacert.pem is the cert that will be needed in the negotiation
built-master:
	-mkdir -p demoCA ; \
	rsync -uav --exclude demoCA $(VPATH)/ ./ ; \
	sh testca -ca ; \
	touch $@

# client stuff
# make CLIENT_c_req.pem, CLIENT_client.pem, built-CLIENT-client-*

built-$(CLIENT)-client-pre: built-master
	-$(CLICMD) "mkdir -p $(BUILD)" ; \
	$(CLICPY) client.cnf $(BUILD)/ ; \
	$(CLICPY) testca $(BUILD)/ ; \
	$(CLICPY) miCA.sh $(BUILD)/ ; \
	$(CLICMD) "cd $(BUILD); sh testca -req $(CLIENT)_c" ; \
	touch $@

$(CLIENT)_c_cert.pem: built-master $(CLIENT)_c_req.pem
	-sh testca -cert $(CLIENT)_c

$(CLIENT)_client.pem: built-master $(CLIENT)_c_cert.pem
	-cat $(CLIENT)_c_cert.pem $(CLIENT)_c_req.pem > $@ 

built-$(CLIENT)-client-post: built-master $(CLIENT)_client.pem
	-$(CLICPY) $(CLIENT)_client.pem $(BUILD)/ ; \
	$(CLICPY) demoCA/cacert.pem $(BUILD)/ ; \
	touch $@

$(CLIENT)_c_req.pem: built-$(CLIENT)-client-pre
	-$(CLIYPC) $(BUILD)/$@ $@

# server stuff

built-$(SERVER)-server-pre: built-master 
	-$(SRVCMD) "mkdir -p $(BUILD)" ; \
	$(SRVCPY) server.cnf $(BUILD)/ ;\
	$(SRVCPY) testca $(BUILD)/ ;\
	$(SRVCPY) miCA.sh $(BUILD)/ ;\
	$(SRVCMD) "cd $(BUILD); sh testca -req $(SERVER)_s server" ; \
	touch $@

$(SERVER)_s_req.pem: built-$(SERVER)-server-pre
	-$(SRVYPC) $(BUILD)/$@ $@

$(SERVER)_s_cert.pem: built-master $(SERVER)_s_req.pem
	-sh testca -cert $(SERVER)_s server

$(SERVER)_server.pem: built-master $(SERVER)_s_cert.pem $(SERVER)_s_req.pem 
	-cat $(SERVER)_s_cert.pem $(SERVER)_s_req.pem > $@ 

built-$(SERVER)-server-post: built-master $(SERVER)_server.pem
	-$(SRVCPY) $(SERVER)_server.pem $(BUILD)/ ; \
	$(SRVCPY) demoCA/cacert.pem $(BUILD)/ ; \
	touch $@


demoCA/cacert.pem: built-master

clean:
	rm -f built-* *.pem ; \
	find $(BUILD) -type f -name "*.pem" -exec rm {} \;

