from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import pkcs12
from cryptography.hazmat.backends import default_backend
import sys

p12_path = sys.argv[1] if len(sys.argv) > 1 else "data/certs/personal.p12"
password = sys.argv[2] if len(sys.argv) > 2 else "Mecedora12"
key_path = sys.argv[3] if len(sys.argv) > 3 else "data/certs/cert_key.pem"
cert_path = sys.argv[4] if len(sys.argv) > 4 else "data/certs/cert_cert.pem"

with open(p12_path, "rb") as f:
    p12_data = f.read()

private_key, certificate, additional_certs = pkcs12.load_key_and_certificates(
    p12_data,
    password.encode(),
    default_backend()
)

key_pem = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)

cert_pem = certificate.public_bytes(serialization.Encoding.PEM)

with open(key_path, "wb") as f:
    f.write(key_pem)

with open(cert_path, "wb") as f:
    f.write(cert_pem)

print(f"OK: {key_path} {cert_path}")