# [START gae_python311_app]
from flask import Flask, render_template, request, jsonify, make_response
from ccadb.db import CCADB
from collections import Counter
from collections.abc import Iterable
import datetime
import itertools
import functools
from lint_dict import LintDict

app = Flask(__name__)
app.config.from_object('config.Config')

def get_lints_json(ca_ids):
    """
        Parses lint issue query options.
    """
    if not isinstance(ca_ids, Iterable) or isinstance(ca_ids, str):
        raise RuntimeError("Error! ca_ids needs to be an iterable - {} passed".format(type(ca_ids)))

    cb_to_bool = lambda x: x.lower() in [ 'on', 'true' ]

    #date ranges
    start   = request.args.get('start', default=None, type=datetime.datetime.fromisoformat)
    end     = request.args.get('end', default=None, type=datetime.datetime.fromisoformat)

    #cert options
    onecrl              = cb_to_bool( request.args.get('onecrl', default="off") )
    expired_certs       = cb_to_bool( request.args.get('expired_certs', default="off") )
    exclude_tech_constrained    = cb_to_bool( request.args.get('exclude_technically_constrained', default="off") )
    exclude_revoked     = cb_to_bool( request.args.get('exclude_revoked', default="off") )

    #lint options
    x509_lint   = cb_to_bool( request.args.get('x509_lint', default="on") )
    cab_lint    = cb_to_bool( request.args.get('cab_lint', default="on") )
    z_lint      = cb_to_bool( request.args.get('z_lint', default="on") )

    daterange   = (start, end)
    linters     = (cab_lint, z_lint, x509_lint)
    cert_options= (onecrl, expired_certs, exclude_revoked, exclude_tech_constrained)

    lint_issue  = request.args.get('lint_issue', default=-1, type=int)

    ccadb = CCADB()
    lint_issues = ccadb.lint_issues_for_ca_ids(map(lambda x: str(x), ca_ids), daterange, cert_options, linters)

    if lint_issue > 0:
        return list(filter(lambda x: x['lint_issue_id'] == lint_issue, lint_issues))

    return lint_issues

@app.route('/lint_issues/<ca_id>', methods=['GET'])
def get_lint_issues(ca_id):
    """
        Dump all lint issues for query options as JSON
    """
    ccadb = CCADB()

    ##max_depth of -1 is infinite
    max_depth = request.args.get('max_depth', default=-1, type=int)
    ca_tree, ca_cn_map = ccadb.build_ca_tree(ca_id, max_depth)
    cca_ids = CCADB._rec_get_keys(ca_tree)
    cca_ids.add(ca_id)

    lint_issues = get_lints_json(cca_ids)

    ##format lint issues by type, then by issue, by issuer
    #bucket into issuers
    ld = LintDict()
    for issue in lint_issues:
        k = issue['issuer_cn'] + issue['issue_text'] + issue['linter']
        ld[k] = ld[k] + [ issue ]

    return render_template( 'lint.html', issuers=ld )


@app.route('/raw_lint_issues/<ca_id>', methods=['GET'])
def get_raw_lint_issues(ca_id):
    """
        Dump all lint issues for query options as JSON
    """
    ccadb = CCADB()

    ##max_depth of -1 is infinite
    max_depth = request.args.get('max_depth', default=-1, type=int)
    ca_tree, ca_cn_map = ccadb.build_ca_tree(ca_id, max_depth)
    cca_ids = CCADB._rec_get_keys(ca_tree)
    cca_ids.add(ca_id)

    return jsonify( get_lints_json(cca_ids) )

def pprint_ca_cert(ccadb, ca_id):
    """
    Print CA cert to meaningful text.
    Strips a certificates public key modulus, signatures, algorithms, raw
    data etc.

    :param ccadb: ccadb instance
    :param ca_id: int(CA ID)
    :return: cert pprint
    :rtype: str
    """
    ca_print = ccadb.pprint_ca_id(ca_id)[0]
    summary_ind_end = ca_print.index("Subject Public Key Info:")
    short_ca_print = ca_print[:summary_ind_end].rstrip()
    lines = short_ca_print.split("\n")
    filt_lines = list(filter(lambda x: 'Certificate:' not in x and
                            'Signature Algorithm:' not in x and
                            'Data:' not in x, lines))
    return '\n'.join(filt_lines).rstrip()

def pprint_cert(ccadb, cert_id):
    """
    Print CA cert to meaningful text.
    Strips a certificates public key modulus, signatures, algorithms, raw
    data etc.

    :param ccadb: ccadb instance
    :param ca_id: int(CA ID)
    :return: cert pprint
    :rtype: str
    """
    cert_info = ccadb.cert_info(cert_id)
    #cert_info['issuer'] = ccadb.cert_info(ccabd. cert_info['id'])
    print(cert_info)
    return cert_info

@app.route('/summary/<ca_id>')
def summary(ca_id):
    """
        Produce a summary of lint issues for a given CA ID.
        This recursively finds lint issues for intermediate 
        and leaf certs.

        :param ca_id: CA ID to build summary
    """
    try:
        ca_id = int(ca_id)
    except ValueError:
        return "Error! Invalid CA ID - {}. Please specify an integer.".format(ca_id), 400

    ##max_depth of -1 is infinite
    max_depth = request.args.get('max_depth', default=-1, type=int)

    #confusion of cert id and ca id 
    #2 different concepts
    ccadb = CCADB()
    ca_tree, ca_cn_map = ccadb.build_ca_tree(ca_id, max_depth)
    cca_ids = CCADB._rec_get_keys(ca_tree)
    cca_ids.add(ca_id)


    cert_id = ccadb.cert_id_from_ca_id(ca_id)

    cert_info = pprint_cert(ccadb, cert_id)
    #except:
    #    return "Error parsing certificate for CA ID {}".format(ca_id), 500

    lints = get_lints_json(cca_ids)
    x509s = list(filter(lambda x: x['linter'] == 'x509lint', lints))
    zs = list(filter(lambda x: x['linter'] == 'zlint', lints))
    cabs = list(filter(lambda x: x['linter'] == 'cablint', lints))

    x509_it = list(map(lambda x: (x['severity'], x['lint_issue_id'], x['issue_text']), x509s))
    x509_issues = Counter(x509_it)

    zs_it = list(map(lambda x: (x['severity'], x['lint_issue_id'], x['issue_text']), zs))
    zs_issues = Counter(zs_it)

    cabs_it = list(map(lambda x: (x['severity'], x['lint_issue_id'], x['issue_text']), cabs))
    cabs_issues = Counter(cabs_it)

    return render_template( 'summary.html', CA_ID=ca_id, x509_issues=x509_issues.items(),
            zs_issues=zs_issues.items(), cabs_issues=cabs_issues.items(), ca_tree=ca_tree, 
            cca_ids=cca_ids, ca_cn_map=ca_cn_map, cert_info=cert_info)

@app.route('/ca_id', methods=['GET'])
def get_ca_id():
    """
        Converts a hex-encoded cert fingerprint to the certs issuing CA ID.
        SHA-256 or SHA-1 may be used.
    """
    sha256_fingerprint  = request.args.get('sha256_fingerprint')
    sha1_fingerprint    = request.args.get('sha1_fingerprint') 

    if not sha1_fingerprint and not sha256_fingerprint:
        return "Error! Please supply a SHA-1 or SHA-256 fingerprint", 400

    digest_type = "sha256" if sha256_fingerprint else "sha1"
    fp = sha256_fingerprint if sha256_fingerprint else sha1_fingerprint

    if len(fp) % 2 != 0:
        return "Error! Odd number of hex characters provided. {}".format(fp), 400

    ccadb = CCADB()
    #return ccadb.issuer_ca_id_from_digest(digest_type, fp)
    return ccadb.ca_id_from_digest(digest_type, fp)

@app.route('/cert/<cert_id>', methods=['GET'])
def get_cert_info(cert_id):
    """
        Dumps JSON certificate information from a cert id
    """
    ccadb = CCADB()
    return jsonify( ccadb.cert_info(int(cert_id)) )

@app.route('/ca_cert/<ca_id>', methods=['GET'])
def get_ca_cert_info(ca_id):
    """
        Dumps JSON certificate information from a cert id
    """
    ccadb = CCADB()
    cert_id = ccadb.cert_id_from_ca_id(int(ca_id))
    return jsonify( ccadb.cert_info(int(cert_id)) )
    
@app.route('/')
def root():
    """
        Renders CAChecker index page.
    """
    resp = make_response( render_template( 'index.html' ) )
    #resp.headers['Access-Control-Allow-Origin'] = '*'
    #resp.headers['Access-Control-Allow-Headers'] = 'x-requested-with'
    return resp

if __name__ == '__main__':
    app.run(host='127.0.0.1', port=8080, debug=True)
# [END gae_python311_app]