#!/usr/bin/python
#  Copyright (C) 2007, 2008, 2009, 2010 Dennis Gilmore
#  Copyright (C) 2009 Stewart Adam
#  This file is part of fedora-packager.

#  fedora-packager is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.

#  fedora-packager is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

#  You should have received a copy of the GNU General Public License
#  along with fedora-packager.  If not, see <http://www.gnu.org/licenses/>.

import os
import sys
import fedora_cert
import pycurl
import argparse


def generate_browser_cert():
    '''Convert the user cert to the format for importing into a browser'''
    os.system('/usr/bin/openssl pkcs12 -export -in ~/.fedora.cert -CAfile ~/.fedora-upload-ca.cert -out ~/fedora-browser-cert.p12')

    print("""

Browser certificate exported to ~/fedora-browser-cert.p12
To import the certificate into Firefox:

Edit -> Preferences -> Advanced
Click "View Certificates"
On "Your Certificates" tab, click "Import"
Select ~/fedora-browser-cert.p12
Type the export passphrase you chose earlier

Once imported, you should see a certificate named "Fedora Project".
Your username should appear underneath this.
 
You should now be able to click the "login" link at http://koji.fedoraproject.org/koji/ successfully.

importing the certificate is optional and not needed for daily use.
you should also import the ca cert at ~/.fedora-upload-ca.cert
    """)
    

def download_cert(location, file):
    '''Download the cert and write to file'''
    fp = open(file, 'wb')
    curl = pycurl.Curl()
    curl.setopt(pycurl.URL, location)
    curl.setopt(pycurl.FOLLOWLOCATION, 1)
    curl.setopt(pycurl.MAXREDIRS, 5)
    curl.setopt(pycurl.CONNECTTIMEOUT, 30)
    curl.setopt(pycurl.TIMEOUT, 300)
    curl.setopt(pycurl.NOSIGNAL, 1)
    curl.setopt(pycurl.WRITEDATA, fp)
    try:
        curl.perform()
    except:
        import traceback
        traceback.print_exc(file=sys.stderr)
        sys.stderr.flush()
    curl.close()
    fp.close()
    print("Saved: %s" % file)

def parse_args():
    parser = argparse.ArgumentParser()
    parser.add_argument(
        '-w', '--with-browser-cert', dest='browser_cert',
        default=False, action='store_true',
        help="Also generate a browser certificate"
    )
    parser.add_argument(
        '-U', '--url', dest='fas_url', metavar='url',
        default='https://admin.fedoraproject.org/accounts/',
        help='FAS URL (Default: https://admin.fedoraproject.org/accounts/'
    )
    return parser.parse_args()

def main():
    args = parse_args()
    user_home = os.path.expanduser('~')
    print('Setting up Fedora packager environment')
    user_cert = os.path.join(user_home, '.fedora.cert')
    upload_ca_cert = os.path.join(user_home, '.fedora-upload-ca.cert')
    server_ca_cert = os.path.join(user_home, '.fedora-server-ca.cert')
    if not os.path.isfile(user_cert):
        print('''You need a client certificate from the Fedora Account System, lets get one now''')
        try:
            fedora_cert.create_user_cert()
        except fedora_cert.fedora_cert_error as e:
            print(e)
            sys.exit(1)
    else:
        #check if the cert has expired  if it has lets get a new one
        try:
            if fedora_cert.certificate_expired():
                username = fedora_cert.read_user_cert()
                print("Certificate has expired, getting a new one")
                fedora_cert.create_user_cert(username)
        except fedora_cert.fedora_cert_error as e:
            print(e)
            sys.exit(1)

    download_cert(args.fas_url + '/fedora-server-ca.cert', server_ca_cert)
    if not os.path.islink(upload_ca_cert):
        print('Linking: ~/.fedora-server-ca.cert to ~/.fedora-upload-ca.cert')
        if os.path.exists(upload_ca_cert):
            os.unlink(upload_ca_cert)
        os.symlink(server_ca_cert, upload_ca_cert)

    if args.browser_cert:
        print('Setting up Browser Certificates')
        generate_browser_cert()

if __name__ == "__main__":
    main()
