all : key.enc.pem gpgsm-params cert.der cert.pem cert.openssl-text

key.enc.pem :
	openssl genrsa -out "$@" -aes256 2048

subject-keygrip.hex : key.enc.pem
	openssl rsa -in "$<" \
		| openssl pkcs12 -export -nocerts -passout pass: \
		| gpgsm --import 2>&1 \
		| grep -Po 'keygrip=\s*\K.*' | sed 's/ //g' >$@

gpgsm-params : gpgsm-params-template subject-keygrip.hex issuer-keygrip.hex expiry-datetime
	./prepare-gpgsm-params --template gpgsm-params-template \
		--subject-keygrip "$(shell cat subject-keygrip.hex)" \
		--issuer-keygrip "$(shell cat issuer-keygrip.hex)" \
		--expiry-datetime "$(shell date --iso-8601=seconds --date="$(shell cat expiry-datetime)")" \
		> $@

cert.der : gpgsm-params
	gpgsm --gen-key --batch --output $@ < $^

cert.pem : cert.der
	openssl x509 -inform der -in $^ -outform pem -out $@

cert.openssl-text : cert.pem
	openssl x509 -in $^ -text -noout > $@

clean :
	-shred key.enc.pem && rm key.enc.pem
	-trash subject-keygrip.hex
	-trash gpgsm-params
	-trash cert.der
	-trash cert.pem
	-trash cert.openssl-text