#!/usr/bin/env python3

import hashlib
import hmac
import sys
import urllib.parse
from optparse import OptionParser
from datetime import datetime, timedelta
import base64
from email.utils import formatdate
import requests
from time import mktime
from urllib.parse import urlparse
import json


def checksum(content:bytes) -> str:
    """
    Calculates the SHA-384 checksum of the given content and returns the base64 encoded representation as a string
    :param content: the content to hash
    :return: a string representing the checksum
    """
    digest = hashlib.sha384(content).digest()
    return base64.b64encode(digest).decode("UTF-8")


def get_token(uri:str, secret:str, method:str, content:bytes, checksum:str) -> (str, str):
    """
    Generates an HMAC token
    :param uri:  URI that is going to be accessed
    :param secret: Shared secret with the server
    :param method: HTTP method for the request
    :param content: byte string of the request body. Can be empty.
    :param checksum: SHA-384 checksum of the body content. If content is empty then this should be the SHA checksum of an empty string
    :return: tuple consisting of the body of an "Authorization" header and the HTTP style date/time of the request.
    """
    t = datetime.now()
    httpdate = formatdate(timeval=mktime(t.timetuple()),localtime=False,usegmt=True)
    url_parts = urlparse(uri)

    content_length = len(content)

    string_to_sign = "{}\n{}\n{}\n{}\n{}".format(httpdate, content_length, checksum, method, url_parts.path + "?" + url_parts.query)
    hm = hmac.digest(secret.encode("UTF-8"), msg=string_to_sign.encode("UTF-8"), digest=hashlib.sha384)
    return "HMAC {0}".format(base64.b64encode(hm).decode("UTF-8")), httpdate


def get_next_page(start_at: int, page_size: int) -> bool:
    method = "POST"
    uri = "https://{host}/api/search/browser?start={start}&size={size}".format(host=options.host,
                                                                               start=start_at,
                                                                               size=page_size)

    content_body = json.dumps({"collection": options.dest}).encode("UTF-8")
    content_hash = checksum(content_body)

    authtoken, httpdate = get_token(uri, options.secret, method, content_body, content_hash)

    headers = {
        'Date': httpdate,
        'Authorization': authtoken,
        'X-Sha384-Checksum': content_hash,
        'Content-Type': "application/json"
    }

    extra_kwargs = {}
    if options.sslnoverify:
        extra_kwargs['verify'] = False

    response = requests.post(uri, data=content_body, headers=headers, **extra_kwargs)

    if response.status_code==200:
        content = response.json()
        sys.stderr.write("Total hits: {0}\n".format(content["entryCount"]))
        if len(content["entries"])==0:
            return False
        for e in content["entries"]:
            if not e["beenDeleted"]:
                print(e["id"])
        return True
    else:
        print(response.text)


if __name__=="__main__":
    parser = OptionParser()
    parser.add_option("--host", dest="host", help="host to access", default="archivehunter.local.dev-gutools.co.uk")
    parser.add_option("--no-verify", dest="sslnoverify", action="store_true", default="false", help="set this to disable SSL cert checking")
    parser.add_option("-s", "--secret", dest="secret", help="shared secret to use")
    parser.add_option("-c", "--collection", dest="dest", help="Collection (bucket) name to list")
    parser.add_option("--page-size", dest="page_size", default=100, help="page size")
    (options, args) = parser.parse_args()

    if options.secret is None:
        print("You must supply the password in --secret")
        exit(1)

    ctr = 0
    while True:
        if get_next_page(ctr, int(options.page_size)):
            ctr += options.page_size
        else:
            break