#!/usr/bin/python

import glob, os, re, string, sys, time, datetime
import requests, json

passwords   = {}    ## map gkg user name to password
zones       = {}    ## map of zone name to zone object
view_regex  = re.compile(r'view "(.*?)"', re.I)
zone_regex  = re.compile(r'zone "(.*?)" .*type master;.*file "(.*?)".*// (.*?);(.*?);(.*)', re.I)
named_dir   = '/var/named/'
gkgurl      = 'https://www.gkg.net/ws/domain/%s/ds'


class zone(object):
    def __init__(self, zkey, zname, vname, fname, registrar, username):
        self.zkey  = zkey       ## zone key (name/view)
        self.zname = zname      ## zone name
        self.zview = vname      ## view name
        self.fname = fname      ## zone filename used in named.conf
        self.regis = registrar  ## registrar to upload the ds record
        self.uname = username   ## username to authenticate upload
        self.passw = None
        if username in passwords.keys(): self.passw = passwords[username]

    def update(self):
        if self.passw:
            url = gkgurl % self.zname
            headers = {'Accept': 'application/json'}
            r = requests.get(url, headers=headers, auth=(self.uname, self.passw))
            if not r.status_code == 200:
                print "error %d fetching keys from gkg.net for %s" % (r.status_code, self.zname)
                return

            ## find the old keys that are already at gkg
            oldkeys = {}
            old = json.loads(r.content)
            for o in old:
                k = "%s;%s;%s" % (o['keyTag'], o['algorithm'], o['digestType'])
                oldkeys[k] = o

            ## find the new keys from the dsset file
            newkeys = {}
            for line in file('dsset-%s.' % self.zname):
                ds_domain, in_, ds_, keytag, algorithm, digest_type, digest = line.split(None, 6)
                k = "%s;%s;%s" % (keytag, algorithm, digest_type)
                d = {'digest'     : "".join(digest.split()),
                     'digestType' : digest_type,
                     'algorithm'  : algorithm,
                     'keyTag'     : keytag,
                     'maxSigLife' : str(3600*24*90),  # 90 days
                     }
                newkeys[k] = d

            ## remove old keys that don't exist anymore
            for k in oldkeys.keys():
                if not k in newkeys.keys():
                    print "remove", oldkeys[k]
                    headers = {'Accept': 'application/json', 'Content-Type' : 'application/json'}
                    r = requests.delete(url+'/'+oldkeys[k]['digest'], headers=headers, auth=(self.uname, self.passw))
                    if not r.status_code == 204:
                        print "error %d removing key %s from gkg.net for %s" % (r.status_code, k, self.zname)

            ## add new keys
            for k in newkeys.keys():
                if not k in oldkeys.keys():
                    print "add", newkeys[k]
                    headers = {'Accept': 'application/json', 'Content-Type' : 'application/json'}
                    r = requests.post(url, data=json.dumps(newkeys[k]), headers=headers, auth=(self.uname, self.passw))
                    if not r.status_code == 201:
                        print "error %d adding key %s to gkg.net for %s" % (r.status_code, k, self.zname)


f = open('/root/bin/gkg.passwords', 'r')
for text in f:
    u,p = text.rstrip('\n').split(':')
    passwords[u] = p
f.close()

f = open('/etc/named.conf', 'r')
for text in f:
    line = text.rstrip('\n')
    m = view_regex.search(line)
    if m: view = m.group(1)
    m = zone_regex.search(line)
    if m:
        zname = m.group(1)
        fname = m.group(2)
        who   = m.group(3)
        registrar = m.group(4)
        username  = m.group(5)
        if registrar == 'gkg':
            zkey = "%s.%s" % (zname,view)
            zones[zkey] = zone(zkey, zname, view, fname, registrar, username)
f.close()

os.chdir(named_dir)

if (len(sys.argv) >= 2):
    zk = sys.argv[1] + '.normal'
    if zk in zones.keys():
        zones[zk].update()