all: server1-cert.pem server2-cert.pem proxy1-cert.pem proxy2-cert.pem client1-cert.pem client2-cert.pem


#
# Create Certificate Authority: ca1
# ('password' is used for the CA password.)
#
ca1-cert.pem: ca1.cnf
	openssl req -new -x509 -days 9999 -config ca1.cnf -keyout ca1-key.pem -out ca1-cert.pem

#
# Create Certificate Authority: ca2
# ('password' is used for the CA password.)
#
ca2-cert.pem: ca2.cnf
	openssl req -new -x509 -days 9999 -config ca2.cnf -keyout ca2-key.pem -out ca2-cert.pem

#
# Create Certificate Authority: ca3
# ('password' is used for the CA password.)
#
ca3-cert.pem: ca3.cnf
	openssl req -new -x509 -days 9999 -config ca3.cnf -keyout ca3-key.pem -out ca3-cert.pem

#
# Create Certificate Authority: ca4
# ('password' is used for the CA password.)
#
ca4-cert.pem: ca4.cnf
	openssl req -new -x509 -days 9999 -config ca4.cnf -keyout ca4-key.pem -out ca4-cert.pem


#
# server1 is signed by ca1.
#
server1-key.pem:
	openssl genrsa -out server1-key.pem 1024

server1-csr.pem: server1.cnf server1-key.pem
	openssl req -new -config server1.cnf -key server1-key.pem -out server1-csr.pem

server1-cert.pem: server1-csr.pem ca1-cert.pem ca1-key.pem
	openssl x509 -req \
		-days 9999 \
		-passin "pass:password" \
		-in server1-csr.pem \
		-CA ca1-cert.pem \
		-CAkey ca1-key.pem \
		-CAcreateserial \
		-out server1-cert.pem

#
# server2 is signed by ca1.
#
server2-key.pem:
	openssl genrsa -out server2-key.pem 1024

server2-csr.pem: server2.cnf server2-key.pem
	openssl req -new -config server2.cnf -key server2-key.pem -out server2-csr.pem

server2-cert.pem: server2-csr.pem ca1-cert.pem ca1-key.pem
	openssl x509 -req \
		-days 9999 \
		-passin "pass:password" \
		-in server2-csr.pem \
		-CA ca1-cert.pem \
		-CAkey ca1-key.pem \
		-CAcreateserial \
		-out server2-cert.pem

server2-verify: server2-cert.pem ca1-cert.pem
	openssl verify -CAfile ca1-cert.pem server2-cert.pem

#
# proxy1 is signed by ca2.
#
proxy1-key.pem:
	openssl genrsa -out proxy1-key.pem 1024

proxy1-csr.pem: proxy1.cnf proxy1-key.pem
	openssl req -new -config proxy1.cnf -key proxy1-key.pem -out proxy1-csr.pem

proxy1-cert.pem: proxy1-csr.pem ca2-cert.pem ca2-key.pem
	openssl x509 -req \
		-days 9999 \
		-passin "pass:password" \
		-in proxy1-csr.pem \
		-CA ca2-cert.pem \
		-CAkey ca2-key.pem \
		-CAcreateserial \
		-out proxy1-cert.pem

#
# proxy2 is signed by ca2.
#
proxy2-key.pem:
	openssl genrsa -out proxy2-key.pem 1024

proxy2-csr.pem: proxy2.cnf proxy2-key.pem
	openssl req -new -config proxy2.cnf -key proxy2-key.pem -out proxy2-csr.pem

proxy2-cert.pem: proxy2-csr.pem ca2-cert.pem ca2-key.pem
	openssl x509 -req \
		-days 9999 \
		-passin "pass:password" \
		-in proxy2-csr.pem \
		-CA ca2-cert.pem \
		-CAkey ca2-key.pem \
		-CAcreateserial \
		-out proxy2-cert.pem

proxy2-verify: proxy2-cert.pem ca2-cert.pem
	openssl verify -CAfile ca2-cert.pem proxy2-cert.pem

#
# client1 is signed by ca3.
#
client1-key.pem:
	openssl genrsa -out client1-key.pem 1024

client1-csr.pem: client1.cnf client1-key.pem
	openssl req -new -config client1.cnf -key client1-key.pem -out client1-csr.pem

client1-cert.pem: client1-csr.pem ca3-cert.pem ca3-key.pem
	openssl x509 -req \
		-days 9999 \
		-passin "pass:password" \
		-in client1-csr.pem \
		-CA ca3-cert.pem \
		-CAkey ca3-key.pem \
		-CAcreateserial \
		-out client1-cert.pem

#
# client2 is signed by ca4.
#
client2-key.pem:
	openssl genrsa -out client2-key.pem 1024

client2-csr.pem: client2.cnf client2-key.pem
	openssl req -new -config client2.cnf -key client2-key.pem -out client2-csr.pem

client2-cert.pem: client2-csr.pem ca4-cert.pem ca4-key.pem
	openssl x509 -req \
		-days 9999 \
		-passin "pass:password" \
		-in client2-csr.pem \
		-CA ca4-cert.pem \
		-CAkey ca4-key.pem \
		-CAcreateserial \
		-out client2-cert.pem


clean:
	rm -f *.pem *.srl

test: client-verify server2-verify proxy1-verify proxy2-verify client-verify