#!/usr/bin/python -tt
# vim:set ts=4 sw=4 expandtab:
#
# $Id$
# $URL$
#
# NodeManager plugin for installing SFA GID's in slivers
# 

import os
import sys
sys.path.append('/usr/share/NodeManager')
import logger
import traceback
import tempfile
try:
    from sfa.util.namespace import *
    from sfa.util.config import Config
    import sfa.util.xmlrpcprotocol as xmlrpcprotocol
    from sfa.trust.certificate import Keypair, Certificate
    from sfa.trust.credential import Credential
    from sfa.trust.gid import GID
    from sfa.trust.hierarchy import Hierarchy
    from sfa.plc.api import ComponentAPI
    sfa = True      
except:
    sfa = None

def start():
    logger.log("sfagid: plugin starting up ...")
    if not sfa:
        return
    try:
        keyfile, certfile = get_keypair(None)
        api = ComponentAPI(key_file=keyfile, cert_file=certfile)
        api.get_node_key()
    except:
        return

def GetSlivers(data, config=None, plc=None):
    if not sfa:
        return 

    keyfile, certfile = get_keypair(config)
    api = ComponentAPI(key_file=keyfile, cert_file=certfile)
    slivers = [sliver['name'] for sliver in data['slivers']]
    install_gids(api, slivers)
    install_trusted_certs(api)
    
def install_gids(api, slivers):
    # install node gid
    node_gid_file = api.config.config_path + os.sep + "node.gid"
    node_gid = GID(filename=node_gid_file)
    node_gid_str = node_gid.save_to_string(save_parents=True)    
    node_hrn = node_gid.get_hrn()    

    # get currently installed slice and node gids 
    interface_hrn = api.config.SFA_INTERFACE_HRN
    slice_gids = {}
    node_gids = {}
    for slicename in slivers:
        slice_gid_filename = "/vservers/%s/etc/slice.gid" % slicename
        node_gid_filename = "/vservers/%s/etc/node.gid" % slicename
        if os.path.isfile(slice_gid_filename):
            gid_file = open(slice_gid_filename, 'r') 
            slice_gids[sliver] = gid_file.read()
            gid_file.close()
        if os.path.isfile(node_gid_filename):
            gid_file = open(node_gid_filename, 'r')
            node_gids[sliver] = gid_file.read()
            gid_file.close()

    # convert slicenames to hrns
    hrns = [slicename_to_hrn(interface_hrn, slicename) \
            for slicename in slivers]

    # get current gids from registry
    cred = api.getCredential()
    registry = api.get_registry()
    #records = registry.GetGids(cred, hrns)
    records = registry.get_gids(cred, hrns)
    for record in records:
        # skip if this isnt a slice record 
        if not record['type'] == 'slice':
            continue
        vserver_path = "/vservers/%(slicename)s" % locals()
        # skip if the slice isnt instantiated
        if not os.path.exists(vserver_path):
            continue
        
        # install slice gid if it doesnt already exist or has changed
        slice_gid_str = record['gid']
        slicename = hrn_to_pl_slicename(record['hrn'])
        if slicename not in slice_gids or slice_gids[slicename] != slice_gid_str:
            gid_filename = os.sep.join([vserver_path, "etc", "slice.gid"])
            GID(string=slice_gid_str).save_to_file(gid_filename, save_parents=True)

        # install slice gid if it doesnt already exist or has changed
        if slicename not in node_gids or node_gids[slicename] != node_gid_str:
            gid_filename = os.sep.join([vserver_path, "etc", "node.gid"])
            GID(string=node_gid_str).save_to_file(gid_filename, save_parents=True) 
        
def install_trusted_certs(api):
    cred = api.getCredential()
    registry = api.get_registry()
    trusted_certs = registry.get_trusted_certs(cred)
    trusted_gid_names = []
    for gid_str in trusted_certs:
        gid = GID(string=gid_str)
        gid.decode()
        relative_filename = gid.get_hrn() + ".gid"
        trusted_gid_names.append(relative_filename)
        gid_filename = trusted_certs_dir + os.sep + relative_filename
        if verbose:
            print "Writing GID for %s as %s" % (gid.get_hrn(), gid_filename)
        gid.save_to_file(gid_filename, save_parents=True)

    # remove old certs
    all_gids_names = os.listdir(trusted_certs_dir)
    for gid_name in all_gids_names:
        if gid_name not in trusted_gid_names:
            if verbose:
                print "Removing old gid ", gid_name
            os.unlink(trusted_certs_dir + os.sep + gid_name)
    



def get_keypair(config = None):
    if not config:
        config = Config()
    hierarchy = Hierarchy()
    key_dir= hierarchy.basedir
    data_dir = config.data_path
    keyfile =data_dir + os.sep + "server.key"
    certfile = data_dir + os.sep + "server.cert"

    # check if files already exist
    if os.path.exists(keyfile) and os.path.exists(certfile):
        return (keyfile, certfile)

    # create temp keypair server key and certificate
    (_, tmp_keyfile) = tempfile.mkstemp(suffix='.pkey', prefix='tmpkey', dir='/tmp')
    (_, tmp_certfile) = tempfile.mkstemp(suffix='.cert', prefix='tmpcert', dir='/tmp') 
    tmp_key = Keypair(create=True)
    tmp_key.save_to_file(tmp_keyfile)
    tmp_cert = Certificate(subject='subject')
    tmp_cert.set_issuer(key=tmp_key, subject='subject')
    tmp_cert.set_pubkey(tmp_key)
    tmp_cert.save_to_file(tmp_certfile, save_parents=True)

    # request real pkey from registry
    api = ComponentAPI(key_file=tmp_keyfile, cert_file=tmp_certfile)
    registry = api.get_registry()
    registry.get_key()
    key = Keypair(filename=keyfile)
    cert = Certificate(subject=hrn)
    cert.set_issuer(key=key, subject=hrn)
    cert.set_pubkey(key)
    cert.sign()
    cert.save_to_file(certfile, save_parents=True)
    return (keyfile, certfile)
    

if __name__ == '__main__':
    test_slivers = {'slivers': [
        {'name': 'tmacktestslice', 'attributes': []}
        ]}
    start()
    GetSlivers(test_slivers)