.PHONY: help init cert-%

help:
	@echo "## Welcome, IAM Certificate Master! What's your target to make?"
	@echo ""
	@echo "init            Initialize Server CA, Server Certs and Client CA."
	@echo "cert-%          Generate certificate for a client with the given service name. (\"asn,swan\", \"license\")"
	@echo ""

init:
	#=== Generate Server CA ===
	@openssl genrsa -out server-ca.key 4096
	@openssl req -x509 -new -nodes -key server-ca.key -sha256 -days 3650 -out server-ca.crt -subj "/C=US/ST=California/L=Palo Alto/O=AmiaNetworks/OU=SapphireIAM/CN=SWAN"

	#=== Generate Server Cert ===
	@openssl genrsa -out server.key 2048
	@openssl req -new -key server.key -out server.csr -subj "/C=US/ST=California/L=Palo Alto/O=AmiaNetworks/OU=SapphireIAM/CN=SWAN"
	@openssl x509 -req -in server.csr -CA server-ca.crt -CAkey server-ca.key -CAcreateserial -out server.pem -days 825 -sha256 -extfile v3.ext

    #=== Generate Client CA ===
	@openssl genrsa -out client-ca.key 4096
	@openssl req -x509 -new -nodes -key client-ca.key -sha256 -days 3650 -out client-ca.crt -subj "/C=US/ST=California/L=Palo Alto/O=AmiaNetworks/OU=SapphireIAM/CN=SWAN"

cert-%:
	#=== Generate Client Cert ===
	@openssl genrsa -out client.key 2048
	@openssl req -new -key client.key -out client.csr -subj "/C=US/ST=California/L=Palo Alto/O=AmiaNetworks/OU=SapphireIAM/CN=$*"
	@openssl x509 -req -in client.csr -CA client-ca.crt -CAkey client-ca.key -CAcreateserial -out client.pem -days 3650 -sha256
	@rm client.csr
