#!/usr/bin/env python3
# -*- coding: UTF-8 -*-
# © 2012, Multapplied Networks, Inc.
"""
Create a basic self-signed SSL certificate to be used with the web server
"""

import os
import sys
import subprocess
import configparser

BONDINGADMIN_CONFIG = '/etc/bondingadmin/bondingadmin.conf'
OPENSSL_CMD = '/usr/bin/openssl'
CERT_FILE = '/etc/bondingadmin/crt.pem'
KEY_FILE = '/etc/bondingadmin/key.pem'
CSR_FILE = '/etc/bondingadmin/csr.pem'


def load_config():
    parser = configparser.ConfigParser()
    try:
        parser.read(BONDINGADMIN_CONFIG)
    except configparser.Error as e:
        print('Unable to parse {file}: {error}'.format(file=BONDINGADMIN_CONFIG, error=e), file=sys.stderr)
        sys.exit(1)
    return parser


def create_self_signed_cert(country, province, city, name, hostname, email):
    subject_string = '/C={country}/ST={province}/L={city}/O={name}/CN={hostname}/emailAddress={email}'.format(
        country=country,
        province=province,
        city=city,
        name=name,
        hostname=hostname,
        email=email
    )
    try:
        if not os.path.exists(KEY_FILE):
            print('Creating key file')
            previous_mask = os.umask(0o177)
            try:
                subprocess.check_output(
                    [
                        OPENSSL_CMD,
                        'genrsa',
                        '-out',
                        KEY_FILE,
                        '2048',
                    ],
                    stderr=subprocess.STDOUT
                )
            finally:
                os.umask(previous_mask)
        if not os.path.exists(CSR_FILE):
            print('Creating csr file')
            subprocess.check_output(
                [
                    OPENSSL_CMD,
                    'req',
                    '-new',
                    '-key',
                    KEY_FILE,
                    '-out',
                    CSR_FILE,
                    '-subj',
                    subject_string
                ],
                stderr=subprocess.STDOUT
            )
        if not os.path.exists(CERT_FILE):
            print('Creating cert file')
            previous_mask = os.umask(0o133)
            try:
                subprocess.check_output(
                    [
                        OPENSSL_CMD,
                        'x509',
                        '-req',
                        '-days',
                        '3653',
                        '-in',
                        CSR_FILE,
                        '-signkey',
                        KEY_FILE,
                        '-out',
                        CERT_FILE
                    ],
                    stderr=subprocess.STDOUT
                )
            finally:
                os.umask(previous_mask)
    except subprocess.CalledProcessError as e:
        print('{command} failed to create certificate: {error}'.format(command=e.cmd, error=e.output), file=sys.stderr)
        sys.exit(e.returncode)


def main():
    config = load_config()
    country = config.get('partner', 'country')
    province = config.get('partner', 'province')
    city = config.get('partner', 'city')
    full_name = config.get('partner', 'full_name')
    mgmt_server_url = config.get('partner', 'mgmt_server_url')
    email = config.get('partner', 'email')
    create_self_signed_cert(country, province, city, full_name, mgmt_server_url, email)


if __name__ == '__main__':
    main()
