blob: d3d9a186a20844d0b9ff813774f9a7e95194d616 [file] [log] [blame]
Stephane Barbarie6e1bd502018-11-05 22:44:45 -05001# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# VOLTHA pki makefile
16# Configuration is also given in voltha.cnf
17
18SHELL = bash -eu -o pipefail
19
20# parameters
21
22KEY_SIZE ?= 2048
23EXPIRATION_DAYS ?= 366
24
25
26# utility/validation targets
27
28help:
29 @echo "Usually you want to run 'make voltha.crt'"
30
31validate:
32 openssl verify -verbose -purpose sslserver -CAfile voltha-CA.pem voltha.crt
33
34printca: voltha-CA.pem
35 openssl x509 -in voltha-CA.pem -text -noout
36
37printkey: voltha.key
38 openssl rsa -in voltha.key -check
39
40printcsr: voltha.csr
41 openssl req -in voltha.csr -text -noout -verify
42
43printcrt: voltha.crt
44 openssl x509 -in voltha.crt -text -noout
45
46clean:
47 rm -rf root_ca voltha-CA.pem voltha.key voltha.csr voltha.crt
48
49# CA creation
50
51root_ca:
52 mkdir -p root_ca/private root_ca/newcerts
53 chmod 700 root_ca/private
54 echo 1000 > root_ca/serial
55 touch root_ca/index.txt
56
57root_ca/private/ca_root_phrase: root_ca
58 @echo "TestingVOLTHARootCAPassPhrase" > root_ca/private/ca_root_phrase
59
60root_ca/private/ca_key.pem: root_ca root_ca/private/ca_root_phrase
61 @echo "## Creating CA private key"
62 openssl genrsa -aes256 \
63 -passout file:root_ca/private/ca_root_phrase \
64 -out root_ca/private/ca_key.pem $(KEY_SIZE)
65
66voltha-CA.pem: voltha.cnf root_ca/private/ca_key.pem
67 @echo "## Creating self-signed CA public key: voltha-CA.pem"
68 openssl req -config voltha.cnf \
69 -new -x509 -days $(EXPIRATION_DAYS) -sha256 \
70 -extensions v3_ca \
71 -key root_ca/private/ca_key.pem \
72 -passin file:root_ca/private/ca_root_phrase \
73 -subj "/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Test Root CA" \
74 -out voltha-CA.pem
75
76# server cert creation
77
78voltha.key:
79 @echo "## Creating server private key: voltha.key"
80 openssl genrsa -out voltha.key $(KEY_SIZE)
81
82voltha.csr: voltha.cnf voltha.key
83 @echo "## Creating signing request voltha.csr from voltha.key"
84 openssl req -config voltha.cnf \
85 -new -sha256 -key voltha.key \
86 -subj "/C=US/ST=California/L=Menlo Park/O=ONF/OU=Testing Only/CN=VOLTHA Server" \
87 -out voltha.csr
88
89voltha.crt: voltha-CA.pem voltha.cnf voltha.key voltha.csr
90 @echo "## Signing voltha.csr to create signed public key: voltha.crt"
91 openssl ca -config voltha.cnf \
92 -batch -days $(EXPIRATION_DAYS) -md sha256 \
93 -passin file:root_ca/private/ca_root_phrase \
94 -extensions server_cert \
95 -in voltha.csr \
96 -out voltha.crt
97