@echo off
chcp 65001 >nul 2>&1
REM Generate self-signed SSL certificate script (Windows)
REM Usage: scripts\generate_ssl_cert.bat

REM Enable error handling
setlocal enabledelayedexpansion

REM Change to script directory and then go up to project root
cd /d "%~dp0"
cd /d ".."
set "PROJECT_ROOT=%CD%"

REM Set certificate directory (relative to project root)
set "CERT_DIR=%PROJECT_ROOT%\certs"
if not exist "%CERT_DIR%" mkdir "%CERT_DIR%"

REM Certificate configuration
set DOMAIN=localhost
set DAYS=365
set KEY_SIZE=2048

echo Generating self-signed SSL certificate...
echo Domain: %DOMAIN%
echo Validity: %DAYS% days
echo Key size: %KEY_SIZE% bits
echo.

REM Check if OpenSSL is installed
set "OPENSSL_CMD="
where openssl >nul 2>&1
if !ERRORLEVEL! EQU 0 (
    REM OpenSSL found in PATH - capture output to temp file to avoid parsing issues with parentheses
    where openssl > "%TEMP%\openssl_path.txt" 2>nul
    if exist "%TEMP%\openssl_path.txt" (
        for /f "usebackq delims=" %%i in ("%TEMP%\openssl_path.txt") do (
            set "OPENSSL_CMD=%%i"
            goto :openssl_found
        )
        :openssl_found
        del /f /q "%TEMP%\openssl_path.txt" 2>nul
        REM Remove any trailing spaces and newlines
        set "OPENSSL_CMD=!OPENSSL_CMD: =!"
        if not "!OPENSSL_CMD!"=="" (
            echo [INFO] Found OpenSSL in PATH: !OPENSSL_CMD!
            goto :openssl_ready
        )
    )
)

REM Try common installation paths if not found in PATH
if "!OPENSSL_CMD!"=="" (
    echo [DEBUG] Checking common installation paths...
    if exist "C:\Program Files\OpenSSL-Win64\bin\openssl.exe" (
        set "OPENSSL_CMD=C:\Program Files\OpenSSL-Win64\bin\openssl.exe"
        echo [INFO] Found OpenSSL: !OPENSSL_CMD!
    ) else if exist "C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe" (
        set "OPENSSL_CMD=C:\Program Files (x86)\OpenSSL-Win32\bin\openssl.exe"
        echo [INFO] Found OpenSSL: !OPENSSL_CMD!
    ) else if exist "C:\OpenSSL-Win64\bin\openssl.exe" (
        set "OPENSSL_CMD=C:\OpenSSL-Win64\bin\openssl.exe"
        echo [INFO] Found OpenSSL: !OPENSSL_CMD!
    ) else if exist "D:\OpenSSL-Win64\bin\openssl.exe" (
        set "OPENSSL_CMD=D:\OpenSSL-Win64\bin\openssl.exe"
        echo [INFO] Found OpenSSL: !OPENSSL_CMD!
        goto :openssl_ready
    ) else (
        echo [ERROR] OpenSSL is not installed or not in PATH.
        echo.
        echo ========================================
        echo   QUICK INSTALL GUIDE
        echo ========================================
        echo.
        echo Method 1: Install Git for Windows (EASIEST)
        echo   1. Download: https://git-scm.com/download/win
        echo   2. Install with default options
        echo   3. OpenSSL will be automatically available
        echo.
        echo Method 2: Install OpenSSL manually
        echo   1. Download: https://slproweb.com/products/Win32OpenSSL.html
        echo   2. Install to: C:\Program Files\OpenSSL-Win64
        echo   3. Check: "Copy OpenSSL DLLs to The Windows system directory"
        echo   4. Add to PATH: C:\Program Files\OpenSSL-Win64\bin
        echo.
        echo Method 3: Use Chocolatey (if installed)
        echo   choco install openssl
        echo.
        echo ========================================
        echo After installation:
        echo   1. CLOSE this window
        echo   2. Open a NEW command prompt
        echo   3. Run: openssl version (to verify)
        echo   4. Run this script again
        echo ========================================
        echo.
        echo For detailed guide, see: docs/INSTALL_OPENSSL_WINDOWS.md
        echo.
        pause
        exit /b 1
    )
)

:openssl_ready
REM Generate private key
echo 1. Generating private key...
call "!OPENSSL_CMD!" genrsa -out %CERT_DIR%\server.key %KEY_SIZE%
if !ERRORLEVEL! NEQ 0 (
    echo [ERROR] Failed to generate private key. Error code: !ERRORLEVEL!
    echo [DEBUG] OpenSSL path: !OPENSSL_CMD!
    pause
    exit /b 1
)

REM Generate certificate signing request (CSR)
echo 2. Generating certificate signing request...
call "!OPENSSL_CMD!" req -new -key "%CERT_DIR%\server.key" -out "%CERT_DIR%\server.csr" -subj "/C=CN/ST=State/L=City/O=Organization/CN=%DOMAIN%"
if !ERRORLEVEL! NEQ 0 (
    echo [ERROR] Failed to generate CSR. Error code: !ERRORLEVEL!
    pause
    exit /b 1
)

REM Create configuration file
echo 3. Creating certificate configuration file...
(
echo [req]
echo distinguished_name = req_distinguished_name
echo req_extensions = v3_req
echo.
echo [req_distinguished_name]
echo.
echo [v3_req]
echo basicConstraints = CA:FALSE
echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment
echo subjectAltName = @alt_names
echo.
echo [alt_names]
echo DNS.1 = %DOMAIN%
echo DNS.2 = *.localhost
echo IP.1 = 127.0.0.1
echo IP.2 = ::1
) > "%CERT_DIR%\server.conf"

REM Generate self-signed certificate
echo 4. Generating self-signed certificate...
call "!OPENSSL_CMD!" x509 -req -days %DAYS% -in "%CERT_DIR%\server.csr" -signkey "%CERT_DIR%\server.key" -out "%CERT_DIR%\server.crt" -extensions v3_req -extfile "%CERT_DIR%\server.conf"
if !ERRORLEVEL! NEQ 0 (
    echo [ERROR] Failed to generate certificate. Error code: !ERRORLEVEL!
    echo [DEBUG] Check if config file exists: %CERT_DIR%\server.conf
    pause
    exit /b 1
)

REM Clean up temporary files
del /f /q "%CERT_DIR%\server.csr" "%CERT_DIR%\server.conf" 2>nul

echo.
echo [SUCCESS] Certificate generation completed!
echo Certificate files location:
echo   - Private key: "%CERT_DIR%\server.key"
echo   - Certificate: "%CERT_DIR%\server.crt"
echo.
echo [WARNING] This is a self-signed certificate. Browsers will show security warnings, this is normal.
echo           For production environments, please use a certificate issued by a trusted CA.
echo.

pause