#!/bin/bash

# Script to generate self-signed TLS certificates for MYP project
# RSA-2048 / SHA-256 certificates with complete DN information

set -e

echo "=== MYP TLS Certificate Generator ==="

# Create directories if they don't exist
mkdir -p backend/app/certs
mkdir -p frontend/certs

# Backend Certificate (raspberrypi)
echo "Generating Backend Certificate..."
openssl req -x509 -newkey rsa:2048 -keyout backend/app/certs/backend.key -out backend/app/certs/backend.crt -days 365 -nodes -sha256 \
  -subj "/C=DE/ST=Hamburg/L=Hamburg/O=MYP Reservation Platform/OU=Backend Services/CN=raspberrypi" \
  -addext "subjectAltName=DNS:raspberrypi,DNS:localhost,IP:192.168.0.105,IP:127.0.0.1"

# Set appropriate permissions
chmod 600 backend/app/certs/backend.key
chmod 644 backend/app/certs/backend.crt

# Frontend Certificate (m040tbaraspi001)
echo "Generating Frontend Certificate..."
openssl req -x509 -newkey rsa:2048 -keyout frontend/certs/frontend.key -out frontend/certs/frontend.crt -days 365 -nodes -sha256 \
  -subj "/C=DE/ST=Hamburg/L=Hamburg/O=MYP Reservation Platform/OU=Frontend Services/CN=m040tbaraspi001" \
  -addext "subjectAltName=DNS:m040tbaraspi001,DNS:m040tbaraspi001.de040.corpintra.net,DNS:localhost,IP:192.168.0.109,IP:127.0.0.1"

# Set appropriate permissions
chmod 600 frontend/certs/frontend.key
chmod 644 frontend/certs/frontend.crt

echo "=== Certificate Generation Complete ==="
echo "Backend certificates: backend/app/certs/"
echo "Frontend certificates: frontend/certs/"
echo ""
echo "Certificate information:"
echo "- Type: RSA-2048"
echo "- Hash: SHA-256"
echo "- Validity: 365 days"
echo "- Backend CN: raspberrypi"
echo "- Frontend CN: m040tbaraspi001"