#!/usr/bin/python
# -*- coding: utf-8 -*-

import sys
import sqlite3
import re

from arv.db.initialize import initialize_database, commit_database
from arv.db.edge import *
from arv.db.node import *
from arv.config import (sqlite_database, strongswan_database,
                strongswan_tmpconfigs_directory, arv_address_ip)
from arv.lib.util import cred_end_validity_date

from creole import cert
from pyeole.ihm import question_ouinon
from pyeole.service import unmanaged_service

import glob
from os.path import isfile, join
from os import unlink, listdir

def gen_local_ca():
    try:
        cert.load_conf({'ssl_dir': ssl_dir, 'start_index': "01",
            'ca_conf_file': ca_conf_file, 'ca_file': join(ssl_dir, 'certs/CaCert.pem'),
            'ssl_default_key_bits': x509_default_key_bits,
            'ssl_default_cert_time': '5475'})
        cert.gen_ca()
    except Exception, e:
        print "ERROR: --- unable to create the certificate --- : %s " % str(e)
        sys.exit(1)

def populate_database():
    initialize_database(create=True)
    #add TmplNode Sphynx and Etablissement
    tmplnode1 = add_tmpl_node(name=u"Sphynx", mimetype=u'sphynx')
    tmplnode2 = add_tmpl_node(name=u"Etablissement", mimetype=u'etablissement')

    #add node Sphynx
    node1 = tmplnode1.add_node(name=u"Sphynx", uai="0000000A")
    if arv_address_ip != None:
        node1.add_extremity(pub_ip=arv_address_ip)

    #add authority credential
    credential = open(cert.ca_file, 'r').read()
    credauth = add_credential_auth(credential=credential, local=True)
    add_credential('sphynx', 'eole', node1, 'autosigned')
init = False
#seulement à l'instance
if 'instance' in sys.argv:
    if isfile(sqlite_database):
        question = 'Voulez-vous réinitialiser la base ARV et perdre vos modifications ?'
        if question_ouinon(question, level='warn') == 'oui':
            init = True
            unlink(sqlite_database)
            if isfile(strongswan_database):
                unlink(strongswan_database)
            for filename in glob.glob('%s*.db'% strongswan_tmpconfigs_directory):
                unlink(filename)

rc3=listdir('/etc/rc3.d')
if not isfile(sqlite_database):
    try:
        unmanaged_service('stop', 'arv', 'service')
    except Exception, e:
        print e
        sys.exit(1)
    gen_local_ca()
    populate_database()
    commit_database()
    for file in rc3:
        if re.match( r'(.*)arv', file):
            try:
                unmanaged_service('start', 'arv', 'service')
            except Exception, e:
                print e
                sys.exit(1)
            break
else:
    if not init:
        initialize_database()
    conn = sqlite3.connect(sqlite_database)
    c = conn.cursor()
    expiration_date_exception = False
    id_zephir_exception = False
    eole_version_exception = False
    tmplconnect_leftsendcert_exception = False
    connect_leftsendcert_exception = False
    try:
        c.execute('ALTER TABLE arv_db_edge_credential ADD COLUMN expiration_date TEXT')
    except sqlite3.OperationalError, err:
        if str(err) == 'duplicate column name: expiration_date':
            expiration_date_exception = True
    try:
        c.execute('ALTER TABLE arv_db_node_node ADD COLUMN id_zephir INTEGER')
    except sqlite3.OperationalError, err:
        if str(err) == 'duplicate column name: id_zephir':
            id_zephir_exception = True
    try:
        c.execute('ALTER TABLE arv_db_node_node ADD COLUMN eole_version TEXT')
    except sqlite3.OperationalError, err:
        if str(err) == 'duplicate column name: eole_version':
            eole_version_exception = True
    try:
        c.execute('ALTER TABLE arv_db_edge_tmplconnect ADD COLUMN leftsendcert TEXT')
    except sqlite3.OperationalError, err:
        if str(err) == 'duplicate column name: leftsendcert':
            tmplconnect_leftsendcert_exception = True
    try:
        c.execute('ALTER TABLE arv_db_edge_connect ADD COLUMN leftsendcert TEXT')
    except sqlite3.OperationalError, err:
        if str(err) == 'duplicate column name: leftsendcert':
            connect_leftsendcert_exception = True
    if expiration_date_exception and tmplconnect_leftsendcert_exception and connect_leftsendcert_exception:
        conn.close()
        try:
            unmanaged_service('stop', 'arv', 'service')
        except Exception, e:
            print e
            sys.exit(1)
        for file in rc3:
            if re.match( r'(.*)arv', file):
                try:
                    unmanaged_service('start', 'arv', 'service')
                except Exception, e:
                    print e
                    sys.exit(1)
                break
        sys.exit(0)
    conn.close()
    try:
        unmanaged_service('stop', 'arv', 'service')
    except Exception, e:
        print e
        sys.exit(1)
    if not expiration_date_exception:
        for cred in get_all_credentials():
            cred.expiration_date = cred_end_validity_date(cred.credential)
    if not tmplconnect_leftsendcert_exception:
        for tmplconnect in get_tmpl_connects():
            tmplconnect.leftsendcert = 'always'
    if not connect_leftsendcert_exception:
        for connect in get_connects():
            connect.leftsendcert = 'always'
    commit_database()
    for file in rc3:
        if re.match( r'(.*)arv', file):
            try:
                unmanaged_service('start', 'arv', 'service')
            except Exception, e:
                print e
                sys.exit(1)
            break
