use crate::app::AppConfig;

pub fn tls_config(app_config: &AppConfig) -> rustls::ServerConfig {
    let certs_dir = app_config.ssl_certs_dir.clone();
    let cert_file =
        &mut std::io::BufReader::new(std::fs::File::open(certs_dir.join("fullchain.pem")).unwrap());
    let key_file =
        &mut std::io::BufReader::new(std::fs::File::open(certs_dir.join("privkey.pem")).unwrap());

    let cert = rustls::Certificate(rustls_pemfile::certs(cert_file).unwrap().remove(0).to_vec());

    let key = rustls::PrivateKey(
        rustls_pemfile::pkcs8_private_keys(key_file)
            .unwrap()
            .remove(0)
            .to_vec(),
    );

    rustls::ServerConfig::builder()
        .with_safe_defaults()
        .with_no_client_auth()
        .with_single_cert(vec![cert], key)
        .expect("bad certificate/key")
}