use std::fs;

use rcgen::{
    BasicConstraints, Certificate, CertificateParams,
    DistinguishedName, DnType, IsCa, KeyPair, PKCS_ECDSA_P256_SHA256,
};

fn main() {
    let key_pair = KeyPair::generate(&PKCS_ECDSA_P256_SHA256).expect("Generate key pair failed");
    let key_pem = key_pair.serialize_pem();
    let mut certificate_params = CertificateParams::default();
    certificate_params.key_pair = Some(key_pair);
    certificate_params.is_ca = IsCa::Ca(BasicConstraints::Constrained(0));
    let mut distinguished_name = DistinguishedName::new();
    distinguished_name.push(DnType::CommonName, "Proxy Inspector Test CA");
    certificate_params.distinguished_name = distinguished_name;

    let certificate = Certificate::from_params(certificate_params)
        .unwrap_or_else(|e| panic!("Generate cert failed: {}", e));
    let certificate_pem = certificate.serialize_pem_with_signer(&certificate).expect("Sign cert failed");
    println!("CERTIFICATE:\n{}", certificate_pem);
    println!("KEY:\n{}", key_pem);

    if fs::metadata("cert.pem").is_ok() || fs::metadata("cert.key").is_ok() {
        println!("[ERROR] cert.pem or cert.key exists!");
        return;
    }
    fs::write("cert.pem", certificate_pem).expect("Write cert.pem failed");
    println!("Write cert.pem succeed");
    fs::write("cert.key", key_pem).expect("Write cert.key failed");
    println!("Write cert.key succeed");
}