sk4nz/skz-pki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0bb0583e54
skz-pki/Makefile

175 lines
7.1 KiB
Makefile
Raw Normal View History

sync
2023-12-23 14:10:48 +01:00
# skz-pki - PKI management with OpenSSL
# Samuel 'sk4nz' AUBERTIN - 2019
.PHONY: all clean banner epilogue revoke
# Run make, then add more USERS or SERVERS and re-make.
SERVERS =
USERS =
include src/pki.mk
include src/root.mk
include src/intermediate.mk
include src/server.mk
include src/user.mk
include src/magic.mk
all: banner dependencies $(addsuffix .cert.pem, $(SERVERS_LIST)) \
$(addsuffix .cert.pem, $(USERS_LIST)) epilogue
dependencies:
@which openssl > /dev/null || (echo -e "You need OpenSSL" && exit 1)
banner:
@echo -e "\033[1mskz-pki - PKI management with OpenSSL"
@echo -e "Samuel 'sk4nz' Aubertin - 2019\033[0m\n"
epilogue:
@echo -e "\033[3m[+] DONE [+]\033[0m"
### CA ###
$(PKI_CERTS_CA_ROOT_DIR):
@echo -e "\033[3m[+] $@ [+]\033[0m"
@echo -en "\tCreating CA dirs : "; mkdir $@ $@/certs \
$@/crl $@/newcerts $@/private && $(output)
@chmod ${PKI_PRIVATE_DIR_MODE} $@/private
$(PKI_CA_PATH)/index.txt $(PKI_INTERMEDIATE_CA_PATH)/index.txt: | \
$(PKI_CERTS_CA_ROOT_DIR)
@echo -en "\tCreating $@ : "; touch $@ && $(output)
$(PKI_CA_PATH)/serial $(PKI_INTERMEDIATE_CA_PATH)/serial \
$(PKI_INTERMEDIATE_CA_PATH)/crlnumber: | $(PKI_CERTS_CA_ROOT_DIR)
@echo -en "\tCreating $@ : "; cp src/serial $@ && $(output)
$(PKI_CA_CONFIG): export PKI_CA_CONFIG_CONTENT:=${PKI_CA_CONFIG_CONTENT}
$(PKI_CA_CONFIG):
@echo -en "\tTemplating $@ : "; echo "$${PKI_CA_CONFIG_CONTENT}" > $@ && \
$(output)
$(PKI_INTERMEDIATE_CONFIG): export PKI_INTERMEDIATE_CA_CONFIG_CONTENT:=\
${PKI_INTERMEDIATE_CA_CONFIG_CONTENT}
$(PKI_INTERMEDIATE_CONFIG):
@echo -en "\tTemplating $@ : "; echo \
"$${PKI_INTERMEDIATE_CA_CONFIG_CONTENT}" > $@ && $(output)
$(PKI_CA_KEY): | $(PKI_CERTS_CA_ROOT_DIR)
@echo -en "\tGenerating $@ : "; openssl genrsa -out $@ \
${PKI_CA_KEY_STRENGTH} 2> /dev/null && $(output)
@chmod ${PKI_CA_KEY_MODE} $@
$(PKI_CA_CERT): $(PKI_CA_KEY) | \
$(PKI_CA_CONFIG) $(PKI_CA_PATH)/index.txt $(PKI_CA_PATH)/serial
@echo -en "\tSelf-signing $@ : ";openssl req -config ${PKI_CA_CONFIG} \
-subj "${PKI_CA_FIELDS}" -key ${PKI_CA_KEY} -new -x509 \
-days ${PKI_CA_DAYS} -${PKI_HASH_TYPE} -extensions v3_ca -out $@ \
2> /dev/null && $(output)
@chmod ${PKI_CA_CERT_MODE} $@
### INTERMEDIATE CA ###
$(PKI_INTERMEDIATE_CA_ROOT_DIR):
@echo -e "\033[3m[+] $@ [+]\033[0m"
@echo -en "\tCreating Intermediate CA dirs : "; mkdir $@ $@/certs $@/crl \
$@/csr $@/newcerts $@/private && $(output)
@chmod ${PKI_PRIVATE_DIR_MODE} $@/private
$(PKI_INTERMEDIATE_KEY): | $(PKI_INTERMEDIATE_CA_ROOT_DIR)
@echo -en "\tGenerating $@ : "; openssl genrsa -out $@ \
${PKI_INTERMEDIATE_KEY_STRENGTH} 2> /dev/null && $(output)
@chmod ${PKI_INTERMEDIATE_KEY_MODE} $@
$(PKI_INTERMEDIATE_CSR): $(PKI_INTERMEDIATE_KEY) | $(PKI_INTERMEDIATE_CONFIG) \
$(PKI_INTERMEDIATE_CA_PATH)/index.txt \
$(PKI_INTERMEDIATE_CA_PATH)/serial $(PKI_INTERMEDIATE_CA_PATH)/crlnumber
@echo -en "\tEmitting intermediate CSR $@ : "; openssl req \
-config ${PKI_INTERMEDIATE_CONFIG} -new -${PKI_HASH_TYPE} \
-subj "${PKI_INTERMEDIATE_FIELDS}" -key ${PKI_INTERMEDIATE_KEY} -out \
$@ && $(output)
@chmod ${PKI_INTERMEDIATE_CERT_MODE} $@
$(PKI_INTERMEDIATE_CERT): $(PKI_CA_CERT) $(PKI_INTERMEDIATE_CSR)
@echo -en "\tSigning intermediate $@ : "; openssl ca -batch -config \
${PKI_CA_CONFIG} -extensions v3_intermediate_ca -days \
${PKI_INTERMEDIATE_CERT_DAYS} -notext -md ${PKI_HASH_TYPE} \
-in ${PKI_INTERMEDIATE_CSR} -out $@ 2> /dev/null && $(output)
@chmod ${PKI_INTERMEDIATE_CERT_MODE} $@
@echo -en "\tVerifying $@ : "; openssl verify -CAfile ${PKI_CA_CERT} $@ \
> /dev/null && $(output)
$(PKI_INTERMEDIATE_CHAIN): $(PKI_INTERMEDIATE_CERT) $(PKI_CA_CERT)
@echo -en "\tCreating $@ : "; cat ${PKI_INTERMEDIATE_CERT} ${PKI_CA_CERT} \
> $@ && $(output)
@chmod ${PKI_INTERMEDIATE_CHAIN_MODE} $@
### SERVERS ###
$(PKI_CERTS_MACHINE_ROOT_DIR) $(addprefix ${PKI_SERVER_CA_PATH},${SERVERS}) \
$(PKI_CERTS_USER_ROOT_DIR) $(addprefix ${PKI_USER_CA_PATH},${USERS}):
@echo -en "\tCreating dirs $@ : "; mkdir $@ && $(output)
$(PKI_SERVER_CONFIG): export PKI_SERVER_CONFIG_CONTENT:=\
${PKI_SERVER_CONFIG_CONTENT}
$(PKI_SERVER_CONFIG): | $(PKI_CERTS_MACHINE_ROOT_DIR)
@echo -en "\tTemplating $@ : "; echo "$${PKI_SERVER_CONFIG_CONTENT}" > $@ \
&& $(output)
$(addsuffix .key.pem, $(SERVERS_LIST)): | $(PKI_SERVER_CONFIG) \
$(addprefix ${PKI_SERVER_CA_PATH},${SERVERS})
@echo -en "\tGenerating $@ : "; openssl genrsa -out $@ \
${PKI_SERVER_KEY_STRENGTH} 2> /dev/null && $(output)
@chmod ${PKI_SERVER_KEY_MODE} $@
$(addsuffix .csr.pem, $(SERVERS_LIST)): | $(addsuffix .key.pem, $(SERVERS_LIST))
@echo -en "\tEmitting CSR $@ : "; openssl req -config ${PKI_SERVER_CONFIG} \
-subj "${PKI_COMMON_FIELDS}/CN=$(notdir $(@:.csr.pem=))" \
-key ${@:.csr.pem=.key.pem} -new -${PKI_HASH_TYPE} -out $@ && $(output)
$(addsuffix .cert.pem, $(SERVERS_LIST)): | \
$(addsuffix .csr.pem, $(SERVERS_LIST)) $(PKI_INTERMEDIATE_CERT) \
$(PKI_INTERMEDIATE_CHAIN)
@echo -en "\tSigning $@ : "; openssl ca -batch -config \
${PKI_INTERMEDIATE_CONFIG} -extensions server_cert -days \
${PKI_SERVER_CERT_DAYS} -notext -md ${PKI_HASH_TYPE} \
-in $(@:.cert.pem=.csr.pem) -out $@ 2> /dev/null && $(output)
@chmod ${PKI_SERVER_CERT_MODE} $@
@echo -en "\tVerifying $@ : "; openssl verify -CAfile \
${PKI_INTERMEDIATE_CHAIN} $@ > /dev/null && $(output)
### USERS ###
$(PKI_USER_CONFIG): export PKI_USER_CONFIG_CONTENT:=\
${PKI_SERVER_CONFIG_CONTENT}
$(PKI_USER_CONFIG): | $(PKI_CERTS_USER_ROOT_DIR)
@echo -en "\tTemplating $@ : "; echo "$${PKI_USER_CONFIG_CONTENT}" > $@ && \
$(output)
$(addsuffix .key.pem, $(USERS_LIST)): | $(PKI_USER_CONFIG) \
$(addprefix ${PKI_USER_CA_PATH},${USERS})
@echo -en "\tGenerating $@ : "; openssl genrsa -out $@ \
${PKI_USER_KEY_STRENGTH} 2> /dev/null && $(output)
@chmod ${PKI_USER_KEY_MODE} $@
$(addsuffix .csr.pem, $(USERS_LIST)): | $(addsuffix .key.pem, $(USERS_LIST))
@echo -en "\tEmitting CSR $@ : "; openssl req -config ${PKI_USER_CONFIG} \
-subj "${PKI_COMMON_FIELDS}/CN=$(notdir $(@:.csr.pem=))" \
-key ${@:.csr.pem=.key.pem} -new -${PKI_HASH_TYPE} -out $@ && $(output)
$(addsuffix .cert.pem, $(USERS_LIST)): | $(addsuffix .csr.pem, $(USERS_LIST)) \
$(PKI_INTERMEDIATE_CERT) $(PKI_INTERMEDIATE_CHAIN)
@echo -en "\tSigning $@ : "; openssl ca -batch -config \
${PKI_INTERMEDIATE_CONFIG} -extensions usr_cert \
-days ${PKI_USER_CERT_DAYS} -notext -md ${PKI_HASH_TYPE} \
-in $(@:.cert.pem=.csr.pem) -out $@ 2> /dev/null && $(output)
@chmod ${PKI_USER_CERT_MODE} $@
@echo -en "\tVerifying $@ : "; openssl verify -CAfile \
${PKI_INTERMEDIATE_CHAIN} $@ > /dev/null && $(output)
revoke:
@SERIAL=$$(cat ${PKI_INTERMEDIATE_CA_NAME}/index.txt | grep ${TO_REVOKE} | \
awk '{print $$3}') && echo -en "Press [ENTER] to revoke ${TO_REVOKE} :"\
&& read; openssl ca -config ${PKI_INTERMEDIATE_CONFIG} \
-revoke ${PKI_INTERMEDIATE_CA_NAME}/newcerts/$$SERIAL.pem
clean:
@echo -e "\033[31mWARNING - ALL THE PKI WILL BE DELETED - WARNING\033[0m"
@echo -en "Press [ENTER] to delete the PKI : "; read
@rm -rf ${PKI_CERTS_CA_ROOT_DIR} ${PKI_INTERMEDIATE_CA_ROOT_DIR} \
${PKI_CERTS_MACHINE_ROOT_DIR} ${PKI_CERTS_USER_ROOT_DIR}
@echo -e "PKI deleted"
Reference in New Issue Copy Permalink