all : gpgsm-params cert.der cert.pem cert.openssl-text key-cert.p12

subject-keygrip.hex :
	openssl genrsa 2048 \
		| openssl pkcs12 -export -nocerts -passout pass: \
		| gpgsm --import 2>&1 \
		| grep -Po 'keygrip=\s*\K.*' | sed 's/ //g' >$@

gpgsm-params : gpgsm-params-template subject-keygrip.hex issuer-keygrip.hex expiry-datetime
	./prepare-gpgsm-params --template gpgsm-params-template \
		--subject-keygrip "$(shell cat subject-keygrip.hex)" \
		--issuer-keygrip "$(shell cat issuer-keygrip.hex)" \
		--expiry-datetime "$(shell date --date="$(shell cat expiry-datetime)")" \
		> $@

cert.der : gpgsm-params
	gpgsm --gen-key --batch --output $@ < $^

cert.pem : cert.der
	openssl x509 -inform der -in $^ -outform pem -out $@

cert.openssl-text : cert.pem
	openssl x509 -in $^ -text -noout > $@

key-cert.p12 : cert.der subject-keygrip.hex
	gpgsm --import cert.der
	gpgsm --out $@ --export-secret-key-p12 '&$(shell cat subject-keygrip.hex)'

clean :
	-trash subject-keygrip.hex
	-trash gpgsm-params
	-trash cert.der
	-trash cert.pem
	-trash cert.openssl-text
	-shred key-cert.p12 && rm key-cert.p12