#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from playhouse.gfk import *

import os
import os.path
import subprocess

from models.authority import Authority
from models.certificate import Certificate
from models.request import SignRequest
from paths import *

import json

class HostSSLRequest(SignRequest):
    def __init__(self, req_id, host_name, key_data):
        super(HostSSLRequest, self).__init__(req_id)

        self.host_name = host_name
        self.key_data = key_data

    @property
    def name(self):
        return "Hostname: %s" % self.host_name

    @property
    def fields(self):
        return [
            ("Hostname", self.host_name)
        ]

    @property
    def receiver(self):
        return self.host_name

class CASSLRequest(SignRequest):
    def __init__(self, req_id, ca_name, key_data):
        super(CASSLRequest, self).__init__(req_id)

        self.ca_name = ca_name
        self.key_data = key_data

    @property
    def name(self):
        return "CA name: %s" % self.ca_name

    @property
    def fields(self):
        return [
            ("CA name", self.ca_name)
        ]

    @property
    def receiver(self):
        return self.ca_name

class SSLAuthority(Authority):
    request_allowed = [ HostSSLRequest, CASSLRequest, ]

    ca_key_algorithm = 'des3'
    key_length = '4096'

    key_algorithm = 'sha256'
    ca_validity = '365'
    cert_validity = '365'

    def generate(self):
        if os.path.exists(self.path):
            raise ValueError("A CA with the same id and type already exists")
        confirm = input('Is a root CA? [y/N]> ')
        if confirm == 'y':
            self.isRoot = True
        else:
            self.isRoot = False

        subprocess.check_output(['openssl',
            'genrsa',
            '-%s'%self.ca_key_algorithm,
            '-out', '%s'%(self.path),
            self.key_length])
        print(self.isRoot)
        if self.isRoot:
            subprocess.check_output(['openssl',
                'req',
                '-extensions', 'v3_root_ca',
                '-config', './openssl-config/openssl.cnf',
                '-new',
                '-x509',
                '-days', self.ca_validity,
                '-key', self.path,
                # '-extensions', 'v3_ca'
                '-out', "%s.pub"%self.path,
                # '-config', "%s.conf"%self.path
                ])
        else:
            subprocess.check_output(['openssl',
                'req',
                '-new',
                #'-x509',
                # '-days', self.ca_validity,
                '-key', self.path,
                # '-extensions', 'v3_ca'
                '-out', "%s.csr"%self.path,
                # '-config', "%s.conf"%self.path
                ])
            result_dict = {}
            result_dict['keyType'] = 'ssl_ca'
            result_dict['caName'] = self.ca_id
            with open("%s.csr"%self.path, 'r') as f:
                result_dict['keyData'] = "".join(f.readlines())

            request = { 'type': 'sign_request', 'request': result_dict }
            print("Please sign the following request:")
            print(json.dumps(request))

        with open(self.path + '.serial', 'w') as stream:
            stream.write(str(0))


    def generate_certificate(self, request):
        """
        Sign a *SSLRequest with this certification authority
        """

        pub_key_path = request.destination
        cert_path = request.cert_destination

        with open(pub_key_path, 'w') as stream:
            stream.write(request.key_data)

        subprocess.check_output(['openssl',
                        'x509',
                        '-req',
                        '-days', self.ca_validity,
                        '-in', pub_key_path,
                        '-CA', "%s.pub"%self.path,
                        '-CAkey', self.path,
                        '-CAcreateserial',
                        '-out', cert_path,
                        '-%s'%self.key_algorithm])

        return self.ca_validity