#!/usr/bin/python

# ------------------------------------------------------------

# opensecurity package file

#

# Autor: X-Net Services GmbH <office@x-net.at>

#

# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology

#

#

#     X-Net Technologies GmbH

#     Elisabethstrasse 1

#     4020 Linz

#     AUSTRIA

#     https://www.x-net.at

#

#     AIT Austrian Institute of Technology

#     Donau City Strasse 1

#     1220 Wien

#     AUSTRIA

#     http://www.ait.ac.at

#

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#    http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.

# ------------------------------------------------------------

import subprocess

import web

import netifaces

import os

import sys

import base64

import thread

import urllib3

import netaddr

opensecurity_urls = (

    '/password',                'os_password',

    '/init',                    'os_init'

)

STATUS_CODE_OK = 200

def sendDataToRest (urlpath, data):

    netifaces.ifaddresses("eth0")[2][0]["addr"]

    # Get first address in network (0 = network ip -> 192.168.0.0)

    remote_ip = netaddr.IPNetwork("%s/%s" %(netifaces.ifaddresses("eth0")[2][0]["addr"], netifaces.ifaddresses("eth0")[2][0]["netmask"]))[1]

    url = ("http://%s:8090//%s" %(remote_ip, urlpath))

    try:

        response = httpPool.request_encode_body("POST", url, fields=data, retries=0)

    except Exception, e:

        return

    if response.status == STATUS_CODE_OK:

        return True

    else:

        return False

def sendNotification (type, message):

    data = {"msgtype" : type, "text" : message}

    if (type == "information"):

        sendDataToRest ("message", data)

    else:

        sendDataToRest ("notification", data)

def sendInitialisationFailedError():

    sendNotification("critical", "Initialisation of the stick failed.")

class os_password:

    # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)

    def deleteKeyfile(self, keyfilepath):

        filesize = os.path.getsize(keyfilepath)

        keyfile = open (keyfilepath, "w+")

        for i in range (0, 10):

            keyfile.seek(0)

            keyfile.write(os.urandom(filesize))

            keyfile.flush()

        keyfile.close()

        os.remove(keyfilepath)

    def GET(self, settings):

        return self.POST(settings)

    def POST(self, settings):

        # pick the arguments

        args = web.input()

        if not "password" in args:

            raise web.badrequest()

        if "keyfile" in args:

            keyfile = open (settings["keyfilepath"], "w+")

            keyfile.write(base64.b64decode(args["keyfile"]))

            keyfile.close()

            command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]

        else:

            command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]

        process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

        retval = process.wait()

        ( stdout, stderr ) = process.communicate()

        if "keyfile" in args:

            self.deleteKeyfile(settings["keyfilepath"])

        if (retval != 0):

            raise web.badrequest(stderr)

        return "Success: Encrypted Stick is mounted"

class os_init:

    # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)

    def deleteKeyfile(self, keyfilepath):

        filesize = os.path.getsize(keyfilepath)

        keyfile = open (keyfilepath, "w+")

        for i in range (0, 10):

            keyfile.seek(0)

            keyfile.write(os.urandom(filesize))

            keyfile.flush()

        keyfile.close()

        os.remove(keyfilepath)

    def runPreInitScript(self, preinitscript, device):

        command = [preinitscript, device]

        process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

        retval = process.wait()

        ( stdout, stderr ) = process.communicate()

        if (retval != 0):

            raise web.badrequest(stderr)

    def runPostInitScript(self, postinitscript):

        command = [postinitscript]

        process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

        retval = process.wait()

        ( stdout, stderr ) = process.communicate()

        if (retval != 0):

            return False

        else:

            return True

    def GET(self, settings):

        return self.POST(settings)

    def POST(self, settings):

        # pick the arguments

        args = web.input()

        if not "password" in args:

            raise web.badrequest()

        # Do the preinit stuff

        self.runPreInitScript(settings["preinitscript"], settings["device"])

        if "keyfile" in args:

            keyfile = open (settings["keyfilepath"], "w+")

            keyfile.write(base64.b64decode(args["keyfile"]))

            keyfile.close()

            command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]

        else:

            command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]

        thread.start_new_thread(self.initStick, (command,settings,args,))

        return "Success: Init started"

    def initStick(self, command, settings, args):

        process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

        retval = process.wait()

        ( stdout, stderr ) = process.communicate()

        if "keyfile" in args:

            self.deleteKeyfile(settings["keyfilepath"])

        if (retval != 0):

            sendInitialisationFailedError();

        # Do the postinit stuff

        if (self.runPostInitScript(settings["postinitscript"]) != True):

            sendInitialisationFailedError();

class MyRestListener(web.application):

    def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None, preinitscript=None, postinitscript=None):

        web.application.__init__(self, mapping, fvars, autoreload)

        self.device = device

        self.mountpoint = mountpoint

        self.script = script

        self.tries = tries

        self.keyfilepath = keyfilepath

        self.preinitscript = preinitscript

        self.postinitscript = postinitscript

    def run(self, interface, port, *middleware):

        func = self.wsgifunc(*middleware)

        ifaceip = netifaces.ifaddresses(interface)[2][0]["addr"]

        return web.httpserver.runsimple(func, (ifaceip, port))

    def handle(self):

        fn, args = self._match(self.mapping, web.ctx.path)

        args.append({"script": self.script, "device": self.device, "mountpoint": self.mountpoint, "tries": self.tries, "keyfilepath": self.keyfilepath, "preinitscript": self.preinitscript, "postinitscript": self.postinitscript})

        return self._delegate(fn, self.fvars, args)