#!python

import getpass
import logging
import netrc
import optparse
import os
import signal
import sys
import urllib2
import vos

def getCert(certHost=vos.vos.SERVER, certfile=None,
            certQuery="/cred/proxyCert?daysValid=",daysValid=2):
    """Access the cadc certificate server"""


    if certfile is None:
        certfile=os.path.join(os.getenv("HOME","/tmp"),".ssl/cadcproxy.pem")

    dirname=os.path.dirname(certfile)
    try:
        os.makedirs(dirname)
    except OSError as e:
        if os.path.isdir(dirname):
            pass
        elif e.errno==20 or e.errno==17:
            sys.stderr.write(e.strerror+": %s \n" %(dirname))
            sys.stderr.write("Expected %s to be a directory.\n" % ( dirname))
            sys.exit(e.errno)
        else:
            raise e
    
    
    ## Example taken from voidspace.org.uk
    # create a password manager
    password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm()

    (username,passwd)=getUserPassword(host=certHost)

    # Add the username and password.
    # If we knew the realm, we could use it instead of ``None``.
    top_level_url = "http://"+certHost
    password_mgr.add_password(None, top_level_url, username, passwd)
    
    handler = urllib2.HTTPBasicAuthHandler(password_mgr)
    
    # create "opener" (OpenerDirector instance)
    opener = urllib2.build_opener(handler)
    
    # Install the opener.   
    urllib2.install_opener(opener)

    # Now all calls to urllib2.urlopen use our opener.
    url="http://"+certHost+certQuery+str(daysValid)
    r= urllib2.urlopen(url)
    w= file(certfile,'w')
    while True:
        buf=r.read()
        if not buf:
            break
        w.write(buf)
    w.close()
    r.close()
    return 

def getUserPassword(host='www.cadc-ccda.hia-iha.nrc-cnrc.gc.ca'):
    """"Getting the username/password for host from .netrc filie """
    if os.access(os.path.join(os.environ.get('HOME','/'),".netrc"),os.R_OK):
        auth=netrc.netrc().authenticators(host)
    else:
        auth=False
    if not auth:
        sys.stdout.write("CADC Username: ")
        username=sys.stdin.readline().strip('\n')
        password=getpass.getpass().strip('\n')
    else:
        username=auth[0]
        password=auth[2]
    return (username,password)

def signal_handler(signal, frame):
    sys.stderr.write("\n")
    sys.exit(-1)

signal.signal(signal.SIGINT, signal_handler)


parser = optparse.OptionParser(description='Get CADC proxy certificate')
parser.add_option('--daysValid', type=int, default=10,
                   help='Number of days the cetificate should be valid (default: 10)')
parser.add_option('--dest', default=os.path.join(os.getenv('HOME','/tmp'),".ssl/cadcproxy.pem"),
                    help="Location to store the proxy certifacte")
parser.add_option('--verbose')
parser.add_option('--debug')
parser.add_option('--error')

(opt,args) = parser.parse_args()


if opt.verbose:
    log_level = logging.INFO
elif opt.debug:
    log_level = logging.DEBUG
else:
    log_level = logging.ERROR

logging.getLogger('vos').setLevel(log_level)
logging.getLogger('vos').addHandler(logging.StreamHandler())



if __name__=='__main__':
    retry=True
    while retry:
        try:
            getCert(daysValid=opt.daysValid,certfile=opt.dest)
            retry=False
        except urllib2.HTTPError as e:
            sys.stderr.write(str(e)+"\n")
            if "basic auth failed" not in str(e):
               sys.exit(1)
    sys.exit(0)
