# compatibile Windows 11
# compatibile Ubuntu 24.10
# compatibile python 3.12.7

from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import datetime
import os

def generate_self_signed_cert():
    """Genera una chiave privata RSA e un certificato autofirmato X.509."""

    # Chiave Privata
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=2048
    )

    # Nome del soggetto (e sarà anche l'emittente per certificato autofirmato)
    subject = x509.Name([
        x509.NameAttribute(NameOID.COUNTRY_NAME, "IT"),
        x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Lombardia"),
        x509.NameAttribute(NameOID.LOCALITY_NAME, "Milano"),
        x509.NameAttribute(NameOID.ORGANIZATION_NAME, "Test Server"),
        x509.NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "IT"),
        x509.NameAttribute(NameOID.COMMON_NAME, "localhost"), # o 127.0.0.1
    ])

    # Certificato
    builder = x509.CertificateBuilder()
    builder = builder.subject_name(subject) # Usa l'oggetto Name creato
    builder = builder.issuer_name(subject)  # Riusa lo stesso oggetto Name per l'emittente
    builder = builder.not_valid_before(datetime.datetime.utcnow())
    builder = builder.not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365)) # Valido per 365 giorni
    builder = builder.serial_number(x509.random_serial_number())
    builder = builder.public_key(private_key.public_key())
    builder = builder.add_extension(
        x509.BasicConstraints(ca=True, path_length=None), critical=True,
    )

    certificate = builder.sign(
        private_key=private_key, algorithm=hashes.SHA256()
    )

    # Salva la chiave privata su file (server.key)
    with open("server.key", "wb") as f:
        f.write(private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption() # In ambiente di test, no encryption per semplicità
        ))

    # Salva il certificato su file (server.crt)
    with open("server.crt", "wb") as f:
        f.write(certificate.public_bytes(
            encoding=serialization.Encoding.PEM,
        ))

    print("Certificato autofirmato e chiave privata generati (server.crt, server.key)")

if __name__ == "__main__":
    generate_self_signed_cert()