# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import sys

import gssapi

from phoenixdb import errors, types
from phoenixdb.avatica import AvaticaClient
from phoenixdb.connection import Connection
from phoenixdb.errors import *  # noqa: F401,F403
from phoenixdb.types import *  # noqa: F401,F403

from requests.auth import HTTPBasicAuth, HTTPDigestAuth

from requests_gssapi import HTTPSPNEGOAuth

if sys.version_info.major == 3:
    from urllib.parse import urlencode, urlparse, urlunparse, parse_qs
else:
    from urllib import urlencode
    from urlparse import urlparse, urlunparse, parse_qs

__all__ = ['connect', 'apilevel', 'threadsafety', 'paramstyle'] + types.__all__ + errors.__all__


apilevel = "2.0"
"""
This module supports the `DB API 2.0 interface <https://www.python.org/dev/peps/pep-0249/>`_.
"""

threadsafety = 1
"""
Multiple threads can share the module, but neither connections nor cursors.
"""

paramstyle = 'qmark'
"""
Parmetrized queries should use the question mark as a parameter placeholder.

For example::

 cursor.execute("SELECT * FROM table WHERE id = ?", [my_id])
"""


def connect(url, max_retries=None, auth=None, authentication=None, avatica_user=None, avatica_password=None,
            truststore=None, verify=None, do_as=None, user=None, password=None, extra_headers=None, **kwargs):
    """Connects to a Phoenix query server.

    :param url:
        URL to the Phoenix query server, e.g. ``http://localhost:8765/``

    :param autocommit:
        Switch the connection to autocommit mode.

    :param readonly:
        Switch the connection to readonly mode.

    :param max_retries:
        The maximum number of retries in case there is a connection error.

    :param cursor_factory:
        If specified, the connection's :attr:`~phoenixdb.connection.Connection.cursor_factory`
        is set to it.

    :param auth:
        Authentication configuration object as expected by the underlying python_requests and
        python_requests_gssapi library

    :param verify:
        The path to the PEM file for verifying the server's certificate. It is passed directly to
        the `~verify` parameter of the underlying python_requests library.
        Setting it to False disables the server certificate verification.

    :param do_as:
        Username to impersonate (sets the Hadoop doAs URL parameter)

    :param authentication:
        Alternative way to specify the authentication mechanism that mimics
        the semantics of the JDBC drirver

    :param avatica_user:
        Username for BASIC or DIGEST authentication. Use in conjunction with the
        `~authentication' option.

    :param avatica_password:
        Password for BASIC or DIGEST authentication. Use in conjunction with the
        `~authentication' option.

    :param user
        If `~authentication' is BASIC or DIGEST then alias for `~avatica_user`
        If `~authentication' is NONE or SPNEGO then alias for `~do_as`

    :param password
        If `~authentication' is BASIC or DIGEST then is alias for `~avatica_password`

    :param truststore:
        Alias for verify

    :param extra_headers:
        Additional HTTP headers as a dictionary

    :returns:
        :class:`~phoenixdb.connection.Connection` object.
    """

    (url, auth, verify) = _process_args(
        url, auth=auth, authentication=authentication,
        avatica_user=avatica_user, avatica_password=avatica_password,
        truststore=truststore, verify=verify, do_as=do_as, user=user, password=password)

    client = AvaticaClient(url, max_retries=max_retries, auth=auth, verify=verify, extra_headers=extra_headers)
    client.connect()
    return Connection(client, **kwargs)


def _get_SPNEGOAuth():
    try:
        spnego = gssapi.mechs.Mechanism.from_sasl_name("SPNEGO")
    except AttributeError:
        spnego = gssapi.OID.from_int_seq("1.3.6.1.5.5.2")
    return HTTPSPNEGOAuth(opportunistic_auth=True, mech=spnego)


def _process_args(
        url, auth=None, authentication=None, avatica_user=None, avatica_password=None,
        truststore=None, verify=None, do_as=None, user=None, password=None):
    url_parsed = urlparse(url)
    url_params = parse_qs(url_parsed.query, keep_blank_values=True)

    # Parse supported JDBC compatible parameters from URL. args have precendece
    # Unlike the JDBC driver, we are expecting these as query params, as the avatica java client
    # has a different idea of what an URL param is than urlparse. (urlparse seems just broken
    # in this regard)
    params_changed = False
    if auth is None and authentication is None and 'authentication' in url_params:
        authentication = url_params['authentication'][0]
        del url_params['authentication']
        params_changed = True

    if avatica_user is None and 'avatica_user' in url_params:
        avatica_user = url_params['avatica_user'][0]
        del url_params['avatica_user']
        params_changed = True

    if avatica_password is None and 'avatica_password' in url_params:
        avatica_password = url_params['avatica_password'][0]
        del url_params['avatica_password']
        params_changed = True

    if verify is None and truststore is None and 'truststore' in url_params:
        truststore = url_params['truststore'][0]
        del url_params['truststore']
        params_changed = True

    if authentication == 'BASIC' or authentication == 'DIGEST':
        # Handle standard user and password parameters
        if user is not None and avatica_user is None:
            avatica_user = user
        if password is not None and avatica_password is None:
            avatica_password = password
    else:
        # interpret standard user parameter as do_as for SPNEGO and NONE
        if user is not None and do_as is None:
            do_as = user

    # Add doAs
    if do_as:
        url_params['doAs'] = do_as
        params_changed = True

    if params_changed:
        url_parsed = url_parsed._replace(query=urlencode(url_params))
        url = urlunparse(url_parsed)

    if auth == "SPNEGO":
        # Special case for backwards compatibility
        auth = _get_SPNEGOAuth()
    elif auth is None and authentication is not None:
        if authentication == "SPNEGO":
            auth = _get_SPNEGOAuth()
        elif authentication == "BASIC" and avatica_user is not None and avatica_password is not None:
            auth = HTTPBasicAuth(avatica_user, avatica_password)
        elif authentication == "DIGEST" and avatica_user is not None and avatica_password is not None:
            auth = HTTPDigestAuth(avatica_user, avatica_password)

    if verify is None and truststore is not None:
        verify = truststore

    return (url, auth, verify)