From 16eca2fd7ef07c583b581d68a3040688c264d440 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <dev@ddvo.net>
Date: Tue, 15 Oct 2024 08:19:29 +0200
Subject: [PATCH] Makefile_v1,demo.cnf: clean up setting EJBCA special imprint
 path and subject

---
 Makefile_v1     | 5 +++--
 config/demo.cnf | 8 ++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/Makefile_v1 b/Makefile_v1
index 879e91d..b3c4e2a 100644
--- a/Makefile_v1
+++ b/Makefile_v1
@@ -389,9 +389,10 @@ else ifeq ($(CA_SECTION),CloudCA)
     ifdef CMP_PROFILE
         PROFILE_PATH="/p/$(CMP_PROFILE)"
     endif
-    override EXTRA_OPTS += -path "/.well-known/cmp$(PROFILE_PATH)" -reqexts empty -subject /CN=CloudCA-Integration-Test-User
+    override EXTRA_OPTS += -path "/.well-known/cmp$(PROFILE_PATH)" -reqexts empty
 else
     CA_SECTION=EJBCA
+    EXTRA_OPTS_IMPRINT= -path "$(ENV::EJBCA_PATH_IMPRINT)" -subject "$(EJBCA_CMP_SUBJECT_IMPRINT)"
     CRL_SECTION=crls
     OCSP_CHECK=$(OPENSSL) ocsp -url $(EJBCA_OCSP_URL) \
         -CAfile $(EJBCA_CMP_TRUSTED) -issuer $(EJBCA_CMP_ISSUER) \
@@ -421,7 +422,7 @@ GENERATE_OPERATIONAL=$(OPENSSL) x509 -in creds/operational.crt -x509toreq -signk
 run_demo: $(OUT_DIR_BIN)
 	@which $(OPENSSL) >/dev/null || (echo "cannot find $(OPENSSL)"; false)
 	@/bin/echo -e "\n##### running cmpClient demo using $(CA_SECTION) #####\n"
-	$(CMPCLIENT) imprint -section $(CA_SECTION) $(EXTRA_OPTS)
+	$(CMPCLIENT) imprint -section $(CA_SECTION) $(EXTRA_OPTS) $(EXTRA_OPTS_IMPRINT)
 	@/bin/echo -e "\nValidating own CMP client cert"
     ifeq ($(CA_SECTION),EJBCA)
 	$(CMPCLIENT) validate -section $(CA_SECTION),$(CRL_SECTION) -cert $(EJBCA_CMP_CLIENT_CERT) -tls_cert "" -own_trusted $(EJBCA_CMP_TRUSTED),$(EJBCA_TRUSTED) -untrusted $(EJBCA_UNTRUSTED)
diff --git a/config/demo.cnf b/config/demo.cnf
index f42f67f..0753b42 100644
--- a/config/demo.cnf
+++ b/config/demo.cnf
@@ -120,7 +120,7 @@ out_trusted = creds/trusted/ENROLL_Root.pem
 
 [Insta]
 server = pki.certificate.fi:8700/pkix/
-# path = pkix/ # gets overridden by Makefile_v1
+path = pkix/ # gets partly overridden by Makefile_v1
 secret = pass:insta
 ref = 3078
 #would need to be updated every 3 months:
@@ -147,7 +147,7 @@ tls_used = 0
 [CloudCA]
 # Server
 server = broker.sdo-qa.siemens.cloud:443
-# path = /.well-known/cmp # gets overridden by Makefile_v1
+path = /.well-known/cmp # gets overridden by Makefile_v1
 tls_used = 1
 tls_trusted = creds/trusted/DigicertGlobalRootG2.crt
 
@@ -169,8 +169,8 @@ key = creds/manufacturer.pem
 keypass = pass:12345
 
 [imprint]
-path = ${ENV::EJBCA_PATH}/${ENV::EJBCA_PATH_IMPRINT}
-subject = ${ENV::EJBCA_CMP_SUBJECT_IMPRINT}
+# path = ${ENV::EJBCA_PATH}/${ENV::EJBCA_PATH_IMPRINT} # gets overridden by Makefile_v1 for EJBCA
+# subject = ${ENV::EJBCA_CMP_SUBJECT_IMPRINT} # gets overridden by Makefile_v1 for EJBCA
 cmd = ir
 cert =
 key =