namespace ZB.MOM.WW.MxGateway.Server.Configuration;

/// <summary>
/// Options controlling the gateway's self-signed certificate auto-generation.
/// Only consulted when a Kestrel HTTPS endpoint is configured without its own
/// certificate; plaintext deployments never trigger generation.
/// </summary>
public sealed class TlsOptions
{
    /// <summary>Path to the persisted self-signed PFX. Reused across restarts.</summary>
    public string SelfSignedCertPath { get; init; } =
        @"C:\ProgramData\MxGateway\certs\gateway-selfsigned.pfx";

    /// <summary>Lifetime in years of a freshly generated certificate.</summary>
    public int ValidityYears { get; init; } = 10;

    /// <summary>Extra DNS SANs to embed (e.g. a load-balancer name).</summary>
    public IReadOnlyList<string> AdditionalDnsNames { get; init; } = [];

    /// <summary>Regenerate the persisted certificate when it has expired.</summary>
    public bool RegenerateIfExpired { get; init; } = true;
}