#!/usr/bin/python
# Copyright 2019 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# pylint: disable=line-too-long

import logging
import json
import pytz
import yaml
import requests
from django.core.validators import URLValidator
from django.core.exceptions import ValidationError

from cmframework.apis import cmvalidator
from cmdatahandlers.api import validation


class TimeValidation(cmvalidator.CMValidator):
    domain = 'cloud.time'
    supported_authentication_types = ['none', 'crypto', 'symmetric']

    def get_subscription_info(self):
        logging.debug('get_subscription info called')
        return r'^cloud\.time$'

    def validate_set(self, dict_key_value):
        ntp_attr = 'ntp_servers'
        logging.debug('validate_set called with %s' % str(dict_key_value))

        for key, value in dict_key_value.iteritems():
            value_dict = json.loads(value)
            if not value_dict:
                raise validation.ValidationError('No value for %s' % key)
            if not isinstance(value_dict, dict):
                raise validation.ValidationError('%s value is not a dict' % self.domain)

            if key == self.domain:
                ntp_list = value_dict.get(ntp_attr)

                self.validate_ntp(ntp_list)

                attr = 'zone'
                zone = value_dict.get(attr)
                if zone:
                    self.validate_timezone(zone)
                else:
                    raise validation.ValidationError('Missing timezone %s' % attr)

                auth_type = value_dict.get('auth_type')
                if auth_type:
                    self.validate_authtype(auth_type)
                else:
                    raise validation.ValidationError('Missing authentication type for NTP')

                filepath = value_dict.get('serverkeys_path')
                if auth_type != 'none' and filepath == '':
                    raise validation.ValidationError('The serverkeys_path is missing')
                elif auth_type == 'none':
                    pass
                else:
                    self.validate_filepath(filepath)
                    self.validate_yaml_format(filepath, auth_type)
            else:
                raise validation.ValidationError('Unexpected configuration %s' % key)

    def validate_delete(self, dict_key_value):
        logging.debug('validate_delete called with %s' % str(dict_key_value))
        raise validation.ValidationError('%s cannot be deleted' % self.domain)

    def validate_ntp(self, ntp_list):
        if not ntp_list:
            raise validation.ValidationError('Missing NTP configuration')

        if not isinstance(ntp_list, list):
            raise validation.ValidationError('NTP servers value must be a list')
        utils = validation.ValidationUtils()
        for ntp in ntp_list:
            utils.validate_ip_address(ntp)

    def validate_timezone(self, value):
        try:
            pytz.timezone(value)
        except pytz.UnknownTimeZoneError as exc:
            raise validation.ValidationError("Invalid time zone: {0}".format(exc))

    def validate_authtype(self, auth_type):
        if auth_type not in TimeValidation.supported_authentication_types:
            raise validation.ValidationError(
                'The provided authentication method for NTP is not supported')

    def validate_filepath(self, filepath):
        try:
            val = URLValidator()
            val(filepath)
        except ValidationError:
            raise validation.ValidationError('The url: "%s" is not a valid url!' % filepath)

    def validate_yaml_format(self, url, auth_type):
        if url.startswith("file://"):
            path = url.lstrip("file://")
            try:
                with open(path) as f:
                    f_content = f.read()
            except IOError:
                raise validation.ValidationError('The file: "%s" is not present on the system!'
                                                 % url)
        else:
            try:
                r = requests.get(url)
                if r['status_code'] != 200:
                    raise requests.exceptions.ConnectionError()
                f_content = r['content']
            except requests.exceptions.ConnectionError:
                raise validation.ValidationError('The url: "%s" is not reachable!' % url)
        try:
            yaml_content = yaml.load(f_content)
        except yaml.YAMLError:
            raise validation.ValidationError('The validation of the yamlfile failed!')
        for item in yaml_content:
            srv = item.keys()[0]
            if auth_type == 'symmetric' and not isinstance(item[srv], str):
                raise validation.ValidationError('The yamlfile contains invalid data! '
                                                 '(The authentication method looks like it\'s symmetric.)')
            elif auth_type == 'crypto' and isinstance(item[srv], dict):
                if (item[srv]['type'] != 'iff' or item[srv]['type'] != 'gq' or
                    item[srv]['type'] != 'mv')\
                   and (not isinstance(item[srv]['keys'], list)):
                    raise validation.ValidationError('The yamlfile contains invalid data! '
                                                     '(The authentication method looks like it\'s crypto.)')
            else:
                raise validation.ValidationError('The yamlfile contains invalid data!')