CERTTOOL = certtool

GENERATED = \
	x509-ca-key.pem \
	x509-ca.pem \
	x509-ca-rsa-key.pem \
	x509-ca-rsa.pem \
	x509-server-key.pem \
	x509-server.pem \
	x509-chain-server.pem \
	x509-server2-key.pem \
	x509-server2.pem \
	x509-chain-server2.pem \
	x509-server3-key.pem \
	x509-server3.pem \
	x509-chain-server3.pem

all: $(GENERATED)

x509-ca-key.pem:
	$(CERTTOOL) --generate-privkey --dsa --outfile $@

x509-ca.pem: x509-ca-key.pem
	$(CERTTOOL) --generate-self-signed \
		--load-privkey x509-ca-key.pem \
		--outfile $@ \
		--template ca.cfg

x509-ca-rsa-key.pem:
	$(CERTTOOL) --generate-privkey --outfile $@

x509-ca-rsa.pem: x509-ca-rsa-key.pem
	$(CERTTOOL) --generate-self-signed \
		--load-privkey x509-ca-rsa-key.pem \
		--outfile $@ \
		--template ca.cfg

x509-server-key.pem:
	$(CERTTOOL) --generate-privkey --outfile $@

x509-server.pem: x509-server-key.pem x509-ca.pem
	$(CERTTOOL) --generate-certificate \
		--load-privkey x509-server-key.pem \
		--load-ca-privkey x509-ca-key.pem \
		--load-ca-certificate x509-ca.pem \
		--outfile $@ \
		--template server.cfg

x509-server2-key.pem:
	$(CERTTOOL) --generate-privkey --dsa --outfile $@

x509-server2.pem: x509-server2-key.pem x509-ca.pem
	$(CERTTOOL) --generate-certificate \
		--load-privkey x509-server2-key.pem \
		--load-ca-privkey x509-ca-key.pem \
		--load-ca-certificate x509-ca.pem \
		--outfile $@ \
		--template server2.cfg

x509-server3-key.pem:
	$(CERTTOOL) --generate-privkey --dsa --outfile $@

x509-server3.pem: x509-server3-key.pem x509-ca-rsa.pem
	$(CERTTOOL) --generate-certificate \
		--load-privkey x509-server3-key.pem \
		--load-ca-privkey x509-ca-rsa-key.pem \
		--load-ca-certificate x509-ca-rsa.pem \
		--outfile $@ \
		--template server3.cfg

x509-chain-server.pem: x509-server.pem x509-ca.pem
	cat $+ > $@

x509-chain-server2.pem: x509-server2.pem x509-ca.pem
	cat $+ > $@

x509-chain-server3.pem: x509-server3.pem x509-ca-rsa.pem
	cat $+ > $@

clean:
	rm -f $(GENERATED) *~