all : cert-bundle.pem cert-openssl-text

keygrip.hex : cert-request.pem
	./sexp-gen/create-gpg-shadow-key-from-x509-cert-req.py \
  		--gpg-key-output-path '{keygrip_hex}.key' \
		--keygrip-hex-output-path '$@' \
		$^

gpgsm-params : gpgsm-params.template keygrip.hex
	sed "s/{{keygrip}}/$(shell cat keygrip.hex)/" $< > $@

cert.der : gpgsm-params keygrip.hex
	cat $^
	ln --symbolic --backup "${PWD}/$(shell cat keygrip.hex).key" ~/.gnupg/private-keys-v1.d/
	gpgsm --gen-key --batch --output $@ < $<

cert.pem : cert.der
	openssl x509 -inform DER -in $< -outform PEM -out $@

cert-openssl-text : cert.pem
	openssl x509 -in $< -text -noout

cert-bundle.pem : cert.pem gpgsm-params
	cat cert.pem > $@
	gpgsm --armor --export \
		\&$(shell grep --perl-regexp --only-matching 'Signing-Key: \K\w+' gpgsm-params) \
		>> $@

clean :
	-rm keygrip.hex "$(shell cat keygrip.hex).key" gpgsm-params \
		cert.der cert.pem cert-bundle.pem