#
# Copyright 2011 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
#   1. Redistributions of source code must retain the above
#      copyright notice, this list of conditions and the following
#      disclaimer.
#
#   2. Redistributions in binary form must reproduce the above
#      copyright notice, this list of conditions and the following
#      disclaimer in the documentation and/or other materials
#      provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.

import base64
import binascii
import re

from hashlib import md5

from django.db import models
from django.conf import settings
from django.core.exceptions import ValidationError, NON_FIELD_ERRORS
from django.db.models.signals import pre_save

try:
    from paramiko import rsakey, dsskey, SSHException
except:
    pass


class ProfileModel(models.Model):
    """
    Abstract model, provides a basic interface for models that store
    user specific information
    """

    user = models.CharField(max_length=100)

    class Meta:
        abstract = True
        app_label = 'userdata'


class PublicKeyPair(ProfileModel):
    """
    Public key model
    """
    name = models.CharField(max_length=255, null=False, blank=False)
    content = models.TextField()
    fingerprint = models.CharField(max_length=100, null=False, blank=True)

    class Meta:
        app_label = 'userdata'

    def full_clean(self, *args, **kwargs):
        # update fingerprint before clean
        self.update_fingerprint()
        super(PublicKeyPair, self).full_clean(*args, **kwargs)

    def key_data(self):
        return self.content.split(" ", 1)

    def get_key_object(self):
        """
        Identify key contents and return appropriate paramiko public key object
        """
        key_type, data = self.key_data()
        data = base64.b64decode(data)

        if key_type == "ssh-rsa":
            key = rsakey.RSAKey(data=data)
        elif key_type == "ssh-dss":
            key = dsskey.DSSKey(data=data)
        else:
            raise Exception("Invalid key type")

        return key

    def clean_key(self):
        key = None
        try:
            key = self.get_key_object()
        except:
            raise ValidationError("Invalid SSH key")

    def clean(self):
        if PublicKeyPair.user_limit_exceeded(self.user):
            raise ValidationError("SSH keys limit exceeded.")

    def update_fingerprint(self):
        try:
            fp = binascii.hexlify(self.get_key_object().get_fingerprint())
            self.fingerprint = ":".join(re.findall(r"..", fp))
        except:
            self.fingerprint = "unknown fingerprint"

    def save(self, *args, **kwargs):
        self.update_fingerprint()
        super(PublicKeyPair, self).save(*args, **kwargs)

    @classmethod
    def user_limit_exceeded(cls, user):
        return (PublicKeyPair.objects.filter(user=user).count() >=
                settings.USERDATA_MAX_SSH_KEYS_PER_USER)