#!/usr/bin/env python3
"""
Generate RSA keypair for ActivityPub signing.

Usage:
    python setup_keys.py [--data-dir /path/to/data] [--user username]
"""

import argparse
import os
from pathlib import Path

from keys import generate_keypair, has_keys, get_keys_dir


def main():
    parser = argparse.ArgumentParser(description="Generate RSA keypair for L2 server")
    parser.add_argument("--data-dir", default=os.environ.get("ARTDAG_DATA", str(Path.home() / ".artdag" / "l2")),
                        help="Data directory")
    parser.add_argument("--user", default=os.environ.get("ARTDAG_USER", "giles"),
                        help="Username")
    parser.add_argument("--force", action="store_true",
                        help="Overwrite existing keys")

    args = parser.parse_args()
    data_dir = Path(args.data_dir)
    username = args.user

    print(f"Data directory: {data_dir}")
    print(f"Username: {username}")

    if has_keys(data_dir, username) and not args.force:
        print(f"\nKeys already exist for {username}!")
        print(f"  Private: {get_keys_dir(data_dir) / f'{username}.pem'}")
        print(f"  Public:  {get_keys_dir(data_dir) / f'{username}.pub'}")
        print("\nUse --force to regenerate (will invalidate existing signatures)")
        return

    print("\nGenerating RSA-2048 keypair...")
    private_pem, public_pem = generate_keypair(data_dir, username)

    keys_dir = get_keys_dir(data_dir)
    print(f"\nKeys generated:")
    print(f"  Private: {keys_dir / f'{username}.pem'} (chmod 600)")
    print(f"  Public:  {keys_dir / f'{username}.pub'}")
    print(f"\nPublic key (for verification):")
    print(public_pem)


if __name__ == "__main__":
    main()