#!/bin/bash
set -e

echo "=== mTLS CA Setup ==="

# Create CA directory
mkdir -p certificates/ca

# Generate CA private key
echo "Generating CA private key..."
openssl genrsa -out certificates/ca/ca.key 2048
# Generate CA certificate
echo "Generating CA certificate..."
openssl req -new -x509 -days 3650 -key certificates/ca/ca.key -out certificates/ca/ca.crt \
    -subj "/DC=de/DC=hottis/DC=homea2/CN=Home Automation CA"

echo ""
echo "=== CA Setup Complete ==="
echo "CA Certificate: certificates/ca/ca.crt"
echo "CA Private Key: certificates/ca/ca.key"
echo ""
echo "Deploy to Kubernetes:"
echo "kubectl create secret generic mtls-ca-cert --from-file=ca.crt=certificates/ca/ca.crt -n homea2"