#!/bin/bash
# Script to generate self-signed certificates for HTTP/3 proxy testing

# Check if OpenSSL is installed
if ! command -v openssl &> /dev/null; then
    echo "Error: OpenSSL is not installed. Please install it first."
    exit 1
fi

# Set variables
DOMAIN="localhost"
CERT_PATH="cert.pem"
KEY_PATH="key.pem"

# Generate private key
echo "Generating private key..."
openssl genrsa -out $KEY_PATH 2048

# Generate self-signed certificate
echo "Generating self-signed certificate..."
openssl req -new -x509 -sha256 -key $KEY_PATH -out $CERT_PATH -days 365 -subj "/CN=$DOMAIN" \
    -addext "subjectAltName = DNS:$DOMAIN,IP:127.0.0.1"

# Check if files were created
if [ -f $CERT_PATH ] && [ -f $KEY_PATH ]; then
    echo "Certificate and key files created successfully:"
    echo " - Certificate: $CERT_PATH"
    echo " - Private key: $KEY_PATH"
    echo ""
    echo "Note: Since this is a self-signed certificate, browsers will show a security warning."
    echo "For production use, obtain a certificate from a trusted Certificate Authority."
else
    echo "Error: Failed to create certificate files."
    exit 1
fi