
<project name="Build KS" basedir="." default="test-all" >


    <taskdef resource="net/sf/fikin/ant/cert/antlib.xml" />

    <!-- ******************************** -->
    <!-- ******************************** -->
    <!-- load customizable build settings -->
    <property file="build.properties"/>


    <!-- ================================= 
          target: init-env
         ================================= -->
    <target name="init-env" 
        depends="" 
        description="--> init certificate repository and keystore"
    >
        <tstamp></tstamp>
        
        <property name="store-loc-openssl" location="${store.openssl}"/>

    </target>

    <!-- ================================= 
          target: init-store              
         ================================= -->
    <target name="clear-store" 
        depends="init-env" 
        description="--> init certificate repository and keystore"
    >
        <delete dir="${store-loc-openssl}"/>
        
    </target>


    <!-- ================================= 
          target: init-store              
         ================================= -->
    <target name="init-store" 
        depends="clear-store" 
        description="--> init certificate repository and keystore"
    >

        <available file="${store-loc-openssl}" property="openssl-rep-exists" />
        
    </target>


   
    <!-- ================================= 
          target: build-certificates
         ================================= -->
    <target name="build-certificates" 
        depends="init-store" 
        description="--> Create built time certificate store and create all
        required certificates"
        unless="openssl-rep-exists"
    >
        <openssl-create-store store-dir="${store-loc-openssl}" />
        
        <create-new-rootca
            openssl="${openssl.binary}"
            store-dir="${store-loc-openssl}"
            store-pass="${pass.openssl}"
            key-name="ca"
            name="CA-Tre"
            country="TT"
            state="Tre"
            city="Tre"
            company="Tre"
            department="CATre"
            email="ca@tre"
            days="1"
        />

        <create-new-serverca
            openssl="${openssl.binary}"
            store-dir="${store-loc-openssl}"
            store-pass="${pass.openssl}"
            parent-key-name="ca"
            key-name="subca"
            name="Sub CA-Tre"
            country="TT"
            state="Tre"
            city="Tre"
            company="Tre"
            department="Tre"
            email="tre@tre"
            days="1"
        />
        
    </target>
    
    <!-- ================================= 
          target: openssl-to-ks-certificates              
         ================================= -->
    <target name="openssl-to-ks-certificates" 
        depends="build-certificates" 
        description="--> Export PEM format data into more convenient format for keystore imoprt"
        unless="openssl-rep-exists"
    >
        <pem-to-der
            openssl="${openssl.binary}"
            store-dir="${store-loc-openssl}"
            store-pass="${pass.openssl}"
            cert-name="ca" 
        />

        <pem-to-der
            openssl="${openssl.binary}"
            store-dir="${store-loc-openssl}"
            store-pass="${pass.openssl}"
            cert-name="subca" 
        />

        <pem-to-p12
            openssl="${openssl.binary}"
            store-dir="${store-loc-openssl}"
            store-pass="${pass.openssl}"
            key-name="ca"
            key-pass="secret"
            p12-alias="rootca"
        />

        <pem-to-p12
            openssl="${openssl.binary}"
            store-dir="${store-loc-openssl}"
            store-pass="${pass.openssl}"
            key-name="subca"
            key-pass="secret"
            p12-alias="subca"
        />

    </target>


    <!-- ================================= 
          target: build-build-ks              
         ================================= -->
    <target name="build-ks" 
        depends="openssl-to-ks-certificates" 
        description="--> Create build time keystore with right certificates"
        unless="openssl-rep-exists"
    >
        <ks-import-certificate-chain
            alias="rootca"
            certificate="${store-loc-openssl}/ca.der"
            keystore="${store-loc-openssl}/imp-der.ks"
            keystore-pass="secret"
        />
        
        <ks-copy-aliases
            from-keystore="${store-loc-openssl}/subca.p12"
            from-keystore-pass="secret"
            from-keystore-type="PKCS12"
            to-keystore="${store-loc-openssl}/imp-p12.ks"
            to-keystore-pass="secret"
            include-private-keys="true"
        />

    </target>

    
    <!-- ================================= 
          target: test-all
         ================================= -->
    <target name="test-all" depends="build-ks" description="--> description">
        
        <!-- verify ks content -->
        
        <!-- ??? -->
        
    </target>




</project>