#!/bin/env python

# -*- coding: utf-8 -*-

# ------------------------------------------------------------

# opensecurityd

#   

# the opensecurityd as RESTful server

#

# Autor: Oliver Maurhart, <oliver.maurhart@ait.ac.at>

#        Mihai Bartha, <mihai.bartha@ait.ac.at>       

#

# Copyright (C) 2013 AIT Austrian Institute of Technology

# AIT Austrian Institute of Technology GmbH

# Donau-City-Strasse 1 | 1220 Vienna | Austria

# http://www.ait.ac.at

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation version 2.

# 

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

# 

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

# Foundation, Inc., 51 Franklin Street, Fifth Floor, 

# Boston, MA  02110-1301, USA.

# ------------------------------------------------------------

# ------------------------------------------------------------

# imports

import json

import os

import os.path

import subprocess

import sys

import tempfile

import web

import vmmanager

# local

import __init__ as opensecurity

from cygwin import Cygwin

from environment import Environment

from opensecurity_util import logger, showTrayMessage

# ------------------------------------------------------------

# const

"""All the URLs we know mapping to class handler"""

opensecurity_urls = (

    '/browsing',                        'os_browsing',          # http://localhost:8080/browsing                                GET

    '/fetch_initial_image',             'os_fetch_image',       # http://localhost:8080/fetch_initial_image                     GET

    '/init',                            'os_init',              # http://localhost:8080/init                                    GET

    '/initial_image',                   'os_initial_image',     # http://localhost:8080/initial_image                           GET

    '/sdvms',                           'os_sdvms',             # http://localhost:8080/sdvms                                   GET, PUT

    '/sdvms/(.*)/application/(.*)',     'os_sdvm_application',  # http://localhost:8080/sdvms/[VMNAME]/application/[COMMAND]    GET

    '/sdvms/(.*)/ip',                   'os_sdvm_ip',           # http://localhost:8080/sdvms/[VMNAME]/ip                       GET

    '/sdvms/(.*)/start',                'os_sdvm_start',        # http://localhost:8080/sdvms/[VMNAME]/start                    GET

    '/sdvms/(.*)/stop',                 'os_sdvm_stop',         # http://localhost:8080/sdvms/[VMNAME]/stop                     GET

    '/sdvms/(.*)',                      'os_sdvm',              # http://localhost:8080/sdvms/[VMNAME]                          GET, DELETE

    '/setup',                           'os_setup',             # http://localhost:8080/setup                                   GET

    '/vms',                             'os_vms',               # http://localhost:8080/vms                                     GET

    '/vms/(.*)',                        'os_vm',                # http://localhost:8080/vms/[VMNAME]                            GET

    '/update_template',                 'os_update_template',   # http://localhost:8080/update_template                         GET

    '/terminate',                       'os_terminate',         # http://localhost:8080/terminate                               GET

    '/initialize',                      'os_initialize',        # http://localhost:8080/initialize                               GET

    '/',                                'os_root'               # http://localhost:8080/                                        GET

)

# ------------------------------------------------------------

# vars

# Global VMManager instance

gvm_mgr = None

# server instance

server = None

# ------------------------------------------------------------

# code

class os_browsing:

    """OpenSecurity '/browsing' handler

    - GET: Start and prepare a new SecurityVM for Internet Browsing. Return the name of the VM.

    """

    def GET(self):

        args = web.input()

        log_call(web.ctx.environ)

        global gvm_mgr

        try:

            proxy = None

            if 'ProxyServer' in args:

                proxy = args['ProxyServer']

            result = gvm_mgr.handleBrowsingRequest(proxy)

            return result

        except:

            raise web.internalerror()

class os_fetch_image:

    """OpenSecurity '/fetch_initial_image' handler

    - GET: fetch the initial image from the X-Net Servers

            The initial image is stored in the

            Virtual Box default machine path.

            The result to this call is a temprary file

            which shows the progress (or error state)

            of this call.

    """

    def GET(self):

        log_call(web.ctx.environ)

        global gvm_mgr

        trace_file_name = os.path.join(Environment('OpenSecurity').log_path, 'OpenSecurity_fetch_image.log')

        trace_file = open(trace_file_name, 'w+')

        machine_folder = Cygwin.cygPath(gvm_mgr.getMachineFolder()) 

        download_initial_image_script = Cygwin.cygPath(os.path.abspath(os.path.join(os.path.split(__file__)[0], 'download_initial_image.sh')))

        Cygwin.bashExecute('\\"' + download_initial_image_script + '\\" \'' + machine_folder + '\'', wait_return = False, stdout = trace_file, stderr = trace_file) 

        res = '{ "fetch_log": "' + trace_file_name.replace('\\', '\\\\') + '" }'

        return res

class os_init:

    """OpenSecurity '/init' handler

    - GET: Do initial import of OsecVM.ova

    """

    def GET(self):

        global gvm_mgr

        log_call(web.ctx.environ)

        gvm_mgr.startInitialImport()

        res = '{ "init_log": "' + (Environment('OpenSecurity').log_path+'\\OpenSecurity_initial_import.log').replace('\\', '\\\\') + '" }'

        return res

class os_update_template:

    """OpenSecurity '/update_template' handler

    - GET: update template vm

    """

    def GET(self):

        global gvm_mgr

        log_call(web.ctx.environ)

        gvm_mgr.startUpdateTemplate()

        res = '{ "init_log": "' + (Environment('OpenSecurity').log_path+'\\OpenSecurity_initial_import.log').replace('\\', '\\\\') + '" }'

        return res

class os_initial_image:

    """OpenSecurity '/initial_image' handler

    - GET: Return what we have as initial image.

    """

    def GET(self):

        log_call(web.ctx.environ)

        global gvm_mgr

        t = os.path.join(gvm_mgr.systemProperties['Default machine folder'], 'OsecVM.ova')

        res = ''

        if os.path.isfile(t):

            res = '{"initial_template": { '

            res += '"name": "OsecVM.ova", '

            res += '"path": "' + t.replace('\\', '\\\\') + '", '

            res += '"size": ' + str(os.path.getsize(t)) + ', ' 

            res += '"date": ' + str(os.path.getmtime(t)) + ''

            res += '}}'

        return res

class os_root:

    """OpenSecurity '/' handler

    - GET: give information about current installation.

    """

    def GET(self):

        log_call(web.ctx.environ)

        global gvm_mgr

        # create a json string and pretty print it

        res = '{"os_server": { '

        res += '"version": "' + opensecurity.__version__ + '" '

        res += ', "virtual box systemproperties": ' + str(gvm_mgr.systemProperties).replace("'", '"') 

        res += ', "current temporary folder": "' + tempfile.gettempdir().replace('\\', '\\\\') + '"'

        res += ', "current log folder": "' + Environment('OpenSecurity').log_path.replace('\\', '\\\\') + '"'

        try:

            res += ', "whoami": "' + Cygwin.bashExecute('whoami')[1].strip() + '"'

        except:

            res += ', "whoami": "FAILED"'

        try:

            res += ', "mount": ' + str(Cygwin.bashExecute('mount')[1].split('\n')[:-1]).replace("'", '"')

        except:

            res += ', "mount": "FAILED"'

        try:

            res += ', "cygpath --windows ~": "' + Cygwin.bashExecute('cygpath --windows ~')[1].strip().replace('\\', '\\\\') + '"'

        except:

            res += ', "cygpath --windows ~": "FAILED"'

        res += ', "status message": "' + gvm_mgr.status_message.replace('"', "'") + '"'

        res += '}}'

        # loading it into json and print it again ensures

        # we really do have a valid RFC conform json string

        # created (as long as the python json module is RFC conform)

        return json.dumps(json.loads(res), indent = 4)

class os_sdvm:

    """OpenSecurity '/sdvms/[VM]' handler

    - GET: Information about a specific SecurityVM

    - DELETE: Remove a specific

    """

    def GET(self, name):

        log_call(web.ctx.environ)

        global gvm_mgr

        return json.dumps(gvm_mgr.getVMInfo(name), indent = 4)

    def DELETE(self, name):

        log_call(web.ctx.environ)

        global gvm_mgr

        return gvm_mgr.removeVM(name)

class os_sdvm_application:

    """OpenSecurity '/sdvms/[VM]/application/[CMD]' handler

    - GET: start application with given command in the VM.

    """

    def GET(self, name, command):

        log_call(web.ctx.environ)

        global gvm_mgr

        command = '/' + command

        showTrayMessage('Launching application in isolated VM...', 7000)

        result = Cygwin.sshExecuteX11(command, gvm_mgr.getHostOnlyIP(name), 'osecuser', Cygwin.cygPath(gvm_mgr.getMachineFolder()) + '/' + name + '/dvm_key'  )

        return 'Command ' + str(command) + ' started on VM "' + name + '" with IP ' + gvm_mgr.getHostOnlyIP(name)

class os_sdvm_ip:

    """OpenSecurity '/sdvms/[VM]/ip' handler

    - GET: give IP of SecurityVM.

    """

    def GET(self, name):

        log_call(web.ctx.environ)

        global gvm_mgr

        return gvm_mgr.getHostOnlyIP(name)

class os_sdvm_start:

    """OpenSecurity '/sdvms/[VM]/start' handler

    - GET: Start specific SecuirtyVM.

    """

    def GET(self, name):

        log_call(web.ctx.environ)

        global gvm_mgr

        return gvm_mgr.startVM(name)

class os_sdvm_stop:

    """OpenSecurity '/sdvms/[VM]/stop' handler

    - GET: stop specific Secuirty VM.

    """

    def GET(self, name):

        log_call(web.ctx.environ)

        global gvm_mgr

        return gvm_mgr.stopVM(name)

class os_sdvms:

    """OpenSecurity '/sdvms' handler

    - GET: list all available secuirty VMs.

    - POST: create new security vm.

    """

    def GET(self):

        """get the list of SDVMs"""

        log_call(web.ctx.environ)

        global gvm_mgr

        d = {}

        for sdvm in gvm_mgr.listSDVM():

            d[sdvm] = gvm_mgr.getHostOnlyIP(sdvm)

        return json.dumps(d, indent = 4)

    def POST(self):

        """create a new SDVM"""

        log_call(web.ctx.environ)

        global gvm_mgr

        # get a new vm-name

        name = gvm_mgr.generateSDVMName()

        try:

            gvm_mgr.createVM(name)

        except:

            raise web.internalerror()

        return name

class os_setup:

    """OpenSecurity '/setup' handler

    - GET: Give user some info how to setup the OpenSecurity environment

    """

    def GET(self):

        log_call(web.ctx.environ)

        page = """

        <html>

        <body>

        <h1>Setup OpenSecurity</h1>

        In order to setup OpenSecurity an inital VM image has to be downloaded and imported:<br/>

        <ul>

            <li>Download initial VM image: <a href="/fetch_initial_image">fetch_initial_image</a>

            <li>Import initial VM: <a href="/init">init</a>

        </ul>

        </body>

        </html>

        """

        return page

class os_terminate:

    """OpenSecurity '/terminate' handler

    - GET: terminate the opensecurityd.

    TODO: need to find a better way doing this, and not via the

          REST api. Maybe hack web.py server code?

    """

    def GET(self):

        log_call(web.ctx.environ)

        global gvm_mgr

        gvm_mgr.stop()

        gvm_mgr.cleanup()

        global server

        server.stop()

        return None

class os_initialize:

    """OpenSecurity '/initialize' handler

    - GET: initialize / starts the vmmanager.

    """

    def GET(self):

        log_call(web.ctx.environ)

        global gvm_mgr

        gvm_mgr.cleanup()

        gvm_mgr.start()

        #global server

        #server.run()

        return None

class os_vm:

    """OpenSecurity '/vms/[VM]' handler

    - GET: list information of arbitrary VM.

    """

    def GET(self, name):

        log_call(web.ctx.environ)

        global gvm_mgr

        return gvm_mgr.getVMInfo(name)

class os_vms:

    """OpenSecurity '/vms' handler

    - GET: list all (also non Security) VMs.

    """

    def GET(self):

        log_call(web.ctx.environ)

        global gvm_mgr

        return str(gvm_mgr.listVM()).replace("'",'"')

def log_call(web_environ):

    """log the incoming call to the REST api"""

    try:

        call = 'REST ' +  web_environ['REQUEST_METHOD'] + ' ' + web_environ['REQUEST_URI'] + ' from ' + web_environ['REMOTE_ADDR'] + ':' + web_environ['REMOTE_PORT']

        logger.debug(call)

    except:

        pass

def main():

    """main startup for the opensecuirityd"""

    global gvm_mgr

    global server

    logger.debug('Starting OpenSecurity REST server')

    # ensure a VMManger is yet loaded

    gvm_mgr = vmmanager.VMManager.getInstance()

    gvm_mgr.start()

    # tweak sys.argv to control wep.py server start behavior

    sys.argv = [__file__, "8080"]

    server = web.application(opensecurity_urls, globals(), autoreload = False)

    server.run()

    logger.debug('Stopped OpenSecurity REST server')

def stop():

    """stop the opensecuirityd"""

    # calling sys.exit() raises a SystemExit exception

    # of the WSGI Server to let it wind down

    # gracefully

    sys.exit(0)

# start

if __name__ == "__main__":

    main()

    sys.exit(0)