#  Licensed to the Apache Software Foundation (ASF) under one or more
#  contributor license agreements.  See the NOTICE file distributed with
#  this work for additional information regarding copyright ownership.
#  The ASF licenses this file to You under the Apache License, Version 2.0
#  (the "License"); you may not use this file except in compliance with
#  the License.  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
#

import logging

import OpenSSL
import requests
import os
import datetime
from urllib3.exceptions import InsecureRequestWarning
import warnings

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
from custos.transport.settings import CustosServerClientSettings
import custos.clients.utils.utilities as utl

logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class CertificateFetchingRestClient(object):

    def __init__(self, custos_server_setting):
        self.custos_settings = custos_server_setting
        self.target = self.custos_settings.CUSTOS_SERVER_HOST + ":" + str(self.custos_settings.CUSTOS_SERVER_PORT)
        self.url = "https://" + self.target + "/resource-secret-management/v1.0.0/secret"
        self.ownertype = "CUSTOS"
        self.resource_type = "SERVER_CERTIFICATE"
        self.params = {
            'metadata.owner_type': self.ownertype,
            'metadata.resource_type': self.resource_type
        }

        self.rootdir = os.path.abspath(os.curdir)
        encodedStr = utl.get_token(self.custos_settings)
        self.header = {'Authorization': 'Bearer {}'.format(encodedStr)}

    def load_certificate(self):
        if not self.__is_certificate_valid():
            self.__download_certificate()

    def __download_certificate(self):
        r = requests.get(url=self.url, params=self.params, headers=self.header, stream=True, timeout=60, verify=False)
        value = r.json()['value']
        path = self.custos_settings.CUSTOS_CERT_PATH
        f = open(path, "w+")
        f.write(value)


    def __is_certificate_valid(self):
        if os.path.isfile(self.custos_settings.CUSTOS_CERT_PATH):
            file = open(self.custos_settings.CUSTOS_CERT_PATH)
            x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM,
                                                   file.read())
            expires = datetime.datetime.strptime(x509.get_notAfter().decode('ascii'), '%Y%m%d%H%M%SZ')
            now = datetime.datetime.now()

            if now > expires:
                return False
            else:
                return True
        else:
            return False