--hp-socket-TCP--ssl--/generate-and-convert.ps1

# 一键生成证书并转换为C++代码
# 使用方法：powershell -ExecutionPolicy Bypass -File .\generate-and-convert.ps1

param(
    [string]$CertDir = ".\certs",
    [string]$ServerPass = "MyServerPass123",
    [string]$ClientPass = "MyClientPass123",
    [string]$Country = "CN",
    [string]$State = "Beijing",
    [string]$City = "Beijing",
    [string]$Organization = "MyCompany",
    [string]$OrgUnit = "IT",
    [string]$ServerCN = "localhost",
    [string]$ClientCN = "MyClient",
    [string]$CACN = "MyCA"
)

Write-Host "=====================================" -ForegroundColor Cyan
Write-Host "  HP-Socket SSL证书生成工具" -ForegroundColor Cyan
Write-Host "=====================================" -ForegroundColor Cyan
Write-Host ""

# 创建证书目录
if (Test-Path $CertDir) {
    Write-Host "警告: 目录 $CertDir 已存在" -ForegroundColor Yellow
    $confirm = Read-Host "是否删除并重新生成? (y/n)"
    if ($confirm -eq 'y') {
        Remove-Item -Recurse -Force $CertDir
    } else {
        Write-Host "已取消" -ForegroundColor Red
        exit
    }
}

New-Item -ItemType Directory -Force -Path $CertDir | Out-Null
Push-Location $CertDir

Write-Host "[1/5] 生成CA证书..." -ForegroundColor Green

# 生成CA私钥
openssl genrsa -out ca-key.pem 4096 2>&1 | Out-Null

# 生成CA证书
openssl req -new -x509 -days 3650 -key ca-key.pem -out ca-cert.pem `
    -subj "/C=$Country/ST=$State/L=$City/O=$Organization/OU=$OrgUnit/CN=$CACN" 2>&1 | Out-Null

Write-Host "✓ CA证书生成完成" -ForegroundColor Green

Write-Host "[2/5] 生成服务器证书..." -ForegroundColor Green

# 生成服务器私钥
openssl genrsa -aes256 -passout pass:$ServerPass -out server-key.pem 2048 2>&1 | Out-Null

# 生成服务器CSR
openssl req -new -key server-key.pem -passin pass:$ServerPass -out server-csr.pem `
    -subj "/C=$Country/ST=$State/L=$City/O=$Organization/OU=$OrgUnit/CN=$ServerCN" 2>&1 | Out-Null

# 签发服务器证书
openssl x509 -req -days 3650 -in server-csr.pem `
    -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem 2>&1 | Out-Null

Write-Host "✓ 服务器证书生成完成" -ForegroundColor Green

Write-Host "[3/5] 生成客户端证书..." -ForegroundColor Green

# 生成客户端私钥
openssl genrsa -aes256 -passout pass:$ClientPass -out client-key.pem 2048 2>&1 | Out-Null

# 生成客户端CSR
openssl req -new -key client-key.pem -passin pass:$ClientPass -out client-csr.pem `
    -subj "/C=$Country/ST=$State/L=$City/O=$Organization/OU=$OrgUnit/CN=$ClientCN" 2>&1 | Out-Null

# 签发客户端证书
openssl x509 -req -days 3650 -in client-csr.pem `
    -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem 2>&1 | Out-Null

Write-Host "✓ 客户端证书生成完成" -ForegroundColor Green

Write-Host "[4/5] 验证证书..." -ForegroundColor Green

$serverVerify = openssl verify -CAfile ca-cert.pem server-cert.pem 2>&1
$clientVerify = openssl verify -CAfile ca-cert.pem client-cert.pem 2>&1

if ($serverVerify -like "*OK*" -and $clientVerify -like "*OK*") {
    Write-Host "✓ 证书验证通过" -ForegroundColor Green
} else {
    Write-Host "✗ 证书验证失败" -ForegroundColor Red
    Write-Host $serverVerify
    Write-Host $clientVerify
    Pop-Location
    exit 1
}

Write-Host "[5/5] 转换为C++代码..." -ForegroundColor Green

# 读取证书内容
$serverCert = Get-Content "server-cert.pem" -Raw
$serverKey = Get-Content "server-key.pem" -Raw
$clientCert = Get-Content "client-cert.pem" -Raw
$clientKey = Get-Content "client-key.pem" -Raw
$caCert = Get-Content "ca-cert.pem" -Raw

# 转换函数
function Convert-ToCppString {
    param([string]$content)
    
    $lines = $content -split "`n" | ForEach-Object { $_.TrimEnd("`r") }
    $cppLines = $lines | ForEach-Object { "`t`"$_\n`"" }
    return ($cppLines -join "`n")
}

$serverCertCpp = Convert-ToCppString $serverCert
$serverKeyCpp = Convert-ToCppString $serverKey
$clientCertCpp = Convert-ToCppString $clientCert
$clientKeyCpp = Convert-ToCppString $clientKey
$caCertCpp = Convert-ToCppString $caCert

# 生成C++头文件
$cppCode = @"
// ============================================
// SSL证书配置
// 自动生成时间: $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
// ============================================
//
// 证书信息:
//   CA CN: $CACN
//   服务器 CN: $ServerCN
//   客户端 CN: $ClientCN
//   有效期: 10年
//
// 使用说明:
//   1. 将此文件内容复制到 Server/main.cpp 和 Client/main.cpp 的证书定义部分
//   2. 服务器使用: g_s_lpszPemCert, g_s_lpszPemKey, g_s_lpszCAPemCert
//   3. 客户端使用: g_c_lpszPemCert, g_c_lpszPemKey, g_c_lpszCAPemCert
//   4. 修改密码: g_s_lpszKeyPassword, g_c_lpszKeyPassword
//
// ============================================

// CA证书（服务器和客户端共用）
static const char* g_s_lpszCAPemCert =
$caCertCpp;

// 服务器证书
static const char* g_s_lpszPemCert =
$serverCertCpp;

// 服务器私钥（密码保护）
static const char* g_s_lpszPemKey =
$serverKeyCpp;

// 服务器私钥密码
static const char* g_s_lpszKeyPassword = "$ServerPass";

// ============================================

// CA证书（客户端使用，与服务器相同）
static const char* g_c_lpszCAPemCert = g_s_lpszCAPemCert;

// 客户端证书
static const char* g_c_lpszPemCert =
$clientCertCpp;

// 客户端私钥（密码保护）
static const char* g_c_lpszPemKey =
$clientKeyCpp;

// 客户端私钥密码
static const char* g_c_lpszKeyPassword = "$ClientPass";

// ============================================
// 配置参数
// ============================================

// 服务器验证模式：要求客户端提供证书并验证
static const int g_s_iVerifyMode = SSL_VM_PEER | SSL_VM_FAIL_IF_NO_PEER_CERT;

// 客户端验证模式：验证服务器证书
static const int g_c_iVerifyMode = SSL_VM_PEER;

// 服务器监听地址和端口
static const LPCTSTR ADDRESS = _T("0.0.0.0");
static const USHORT PORT = 5555;

// 客户端连接地址和端口
static const LPCTSTR DEFAULT_ADDRESS = _T("127.0.0.1");
static const USHORT DEFAULT_PORT = 5555;
"@

$cppCode | Out-File -FilePath "certificates.h" -Encoding utf8 -NoNewline

Write-Host "✓ C++代码生成完成: certificates.h" -ForegroundColor Green

Pop-Location

# 生成摘要信息
Write-Host ""
Write-Host "=====================================" -ForegroundColor Cyan
Write-Host "  生成完成！" -ForegroundColor Cyan
Write-Host "=====================================" -ForegroundColor Cyan
Write-Host ""
Write-Host "证书目录: $CertDir" -ForegroundColor Yellow
Write-Host ""
Write-Host "生成的文件:" -ForegroundColor Yellow
Get-ChildItem $CertDir -Filter *.pem | Format-Table Name, @{Label="大小"; Expression={"{0:N0} bytes" -f $_.Length}}
Write-Host ""
Write-Host "下一步操作:" -ForegroundColor Cyan
Write-Host "  1. 查看 $CertDir\certificates.h" -ForegroundColor White
Write-Host "  2. 复制证书代码到 Server\main.cpp 和 Client\main.cpp" -ForegroundColor White
Write-Host "  3. 重新编译项目" -ForegroundColor White
Write-Host ""
Write-Host "快速查看C++代码:" -ForegroundColor Cyan
Write-Host "  notepad $CertDir\certificates.h" -ForegroundColor White
Write-Host ""
Write-Host "证书信息:" -ForegroundColor Cyan
Write-Host "  CA通用名称: $CACN" -ForegroundColor White
Write-Host "  服务器通用名称: $ServerCN" -ForegroundColor White
Write-Host "  客户端通用名称: $ClientCN" -ForegroundColor White
Write-Host "  服务器密钥密码: $ServerPass" -ForegroundColor White
Write-Host "  客户端密钥密码: $ClientPass" -ForegroundColor White
Write-Host "  证书有效期: 10年" -ForegroundColor White
Write-Host ""

# 询问是否打开certificates.h
$openFile = Read-Host "是否打开 certificates.h 文件? (y/n)"
if ($openFile -eq 'y') {
    notepad "$CertDir\certificates.h"
}