# coding=utf8

import sys, os, ssl, time, socket, errno, signal
from Crypto.Cipher import DES3
from d import D
from parms import Parms


class Node():

	class AllPortsBusy(Exception):
		"""všechny TCP porty pro server longtasks nebo pro peering jsou obsazeny"""

	blocking = True   # select mode zatím není implementovaný
	useSSLContext = False
	ctx = None
	UDPbroadcastGO = False

	def __init__(self, d, chan=Parms.sslchannel, host=Parms.srvhost, port=None, conn=True, tryPort=True, peering=False):
		self._issl = Parms.ssl
		self._chan = chan
		self._bindhost = host
		self._baseport = Parms.baseport + (self._chan * 10) + (0 if self._issl else 1)
		self._minport = self._baseport + 1
		self._maxport = self._baseport + 9
		self._baseid = "netnode {}SSL".format("" if self._issl else "non")
		self.d = D("{} {}".format(d.debid, self._baseid))
		self._srv_side = None
		self._UDPpasswd = "heslo"
		self._UDPbroadcast_addr = Parms.broadcast
		self._UDPbroadcast_port = Parms.udpport
		self._UDP_key = "PEER_IP"
		self._UDPbroadcastGO = False
		self.sslContext()
		if conn:			# TCP connect
			if peering:
				host, port = self.get_peerport()
			self.conn(host=host, port=port)
		else:				# socket bind
			if tryPort:		# hledej volný port
				self.bindtrynext(self._bindhost)
				if peering: self.send_peerport()
			else:			# zkus bind a případně čekej na uvolnění
				self.bindwait(self._bindhost)


	def get(self, size):
		try:
			if self.d.ll(5): self.d.log("get data from scfile...")
			data = self._scfile.read(size)
			if self.d.ll(5): self.d.log("{} bytes read".format(len(data)))
			return data
		except Exception as e:
				self.d.abend("read from socket", e)
				return -1


	def genget(self, size=-1):
		rest = size
		while rest != 0:
			n = rest if 0 < rest < Parms.bufSize else Parms.bufSize
			data = self.get(n)
			r = len(data)
			if r < 1: break
			rest = rest - r
			yield data

	def getnum(self):
		b = self._scfile.read(12).decode()
		num = int(b) if b else -2   # -2 = EOD, -1 = directory, 0 and higher = data size
		if self.d.ll(5): self.d.log("getnum, got {:012d} (-2 means EOD)".format(num))
		return num

	def getstr(self, decode = True):
		lb = self.getnum()
		if lb < 1:
			return ""
		else:
			_data = self._scfile.read(int(lb))
			return _data.decode() if decode else _data

	def getfn(self):
		return self.getstr()

	def getcmd(self):
		try:
			return self._scfile.read(8).decode().rstrip('_')
		except Exception as e:
			if isinstance(e, socket.timeout):
				if self.d.ll(4): self.d.log("getcmd timeout")
			else:
				self.d.log("I/O err: {}".format(e))
			return ""

	def receive_dir(self, fp, size, timestamp):
		os.makedirs(fp, exist_ok=True)
		os.utime(fp, (timestamp, timestamp))
		return True

	def receive_file(self, fp, size, timestamp, counter=None):
		if os.path.dirname(fp): os.makedirs(os.path.dirname(fp), exist_ok=True)
		tempfp = fp + ".dejsem.partX"
		with open(tempfp, mode='w+b') as f:
			for data in self.genget(size = size):
				if counter: counter.update(len(data))
				f.write(data)
		if os.path.getsize(tempfp) == size:
			os.rename(tempfp, fp)
			os.utime(fp, (timestamp, timestamp))
		return True

	def receive_stream(self, fp, size, counter=None):
		if os.path.dirname(fp): os.makedirs(os.path.dirname(fp), exist_ok=True)
		tempfp = fp + ".{}.partX".format(Parms.applName)
		with open(tempfp, mode='w+b') as f:
			for data in self.genget(size = size):
				if counter: counter.update(len(data))
				f.write(data)
		if os.path.getsize(tempfp) == size:
			os.rename(tempfp, fp)
		return True

	def put(self, data):
		if self.d.ll(5): self.d.log("PUT: data len={}, sending...".format(len(data)))
		try:
			l = self._scfile.write(data)
			if self.d.ll(5): self.d.log("PUT: data len={}, sent".format(l))
			self._scfile.flush()
		except Exception as e:
				self.d.abend("send err", e)
				return False
		return True

	def genput(self):
		try:
			while True:
				data = yield None
				self.put(data)
		except Exception as e:
			self.d.abend("write to socket", e)
			raise e
		finally:
			self._scfile.flush()

	def sendEOD(self):
		self.putnum(0)

	def putnum(self, n):
		if self.d.ll(5): self.d.log("putnum, num={:012d}".format(n))
		self._scfile.write(bytes("{:012d}".format(n), "utf8"))
		self._scfile.flush()

	def putstr(self, fn):
		b = bytes(str(fn), "utf8")
		self.putnum(len(b))
		if self.d.ll(5): self.d.log("putstr, string={}".format(fn))
		self._scfile.write(b)
		self._scfile.flush()

	def putcmd(self, act):
		if self.d.ll(3): self.d.log("action: " + act)
		# self._node.payload.data = bytes("{}".format(act), "utf8")
		self.put(bytes("{}".format(act.ljust(8, '_')), "utf8"))

	def sendport(self, port):
		"""send dynamically allocated port to client"""
		self.putnum(port)

	def putfileinfo(self, fp, relfp):
		if self.d.ll(5): self.d.log("putfileinfo fp={}, relfp={}...".format(fp, relfp))
		self.putstr(relfp)
		size = os.path.getsize(fp) if os.path.isfile(fp) else -1
		self.putnum(size)
		timestamp = int(os.path.getmtime(fp)) if os.path.exists(fp) else 0
		self.putnum(timestamp)
		if self.d.ll(4): self.d.log("fileinfo sent: fn={}, size={}, timestamp={}".format(relfp, size, timestamp))

	def digest(self):
		return self.data if len(self.data) < 24 else self.data[0:8].decode() + "--------" + self.data[-8:].decode()

	def sslContext(self):
		if self._issl:
			if Node.useSSLContext:
				if not Node.ctx:
					if self.d.ll(4): self.d.log(
						"setting SSL context: certfile={}, capath={}...".format(Parms.sslCert, Parms.sslCAPath))
					try:
						Node.ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)	# PROTOCOL_SSLv23
						Node.ctx.verify_mode = ssl.CERT_REQUIRED  		# CERT_REQUIRED	| CERT_OPTIONAL	| CERT_NONE
						Node.ctx.load_cert_chain(Parms.sslCert)
						Node.ctx.load_verify_locations(None, Parms.sslCAPath)
					except ssl.SSLError as e:
						self.d.abendHard("SSL context", e)

	def getssc(self):
		try:
			ssc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
			ssc.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
		except Exception as e:
			self.d.abendHard("ssc alloc", e)
		if self._issl:
			try:
				if Node.useSSLContext:
					ssc = Node.ctx.wrap_socket(ssc, server_side=True)
				else:
					ssc = ssl.wrap_socket(
						ssc,
						certfile=Parms.sslCert,
						ca_certs=Parms.sslCAPath,
						server_side=True,
						cert_reqs=ssl.CERT_REQUIRED,
						ssl_version=ssl.PROTOCOL_TLSv1)
			except ssl.SSLError as e:
				self.d.abendHard("ssc SSL wrap", e)
		return ssc

	def bindwait(self, host):
		port = self._baseport
		self.d.log("binding to {}:{}".format(host, port))
		ssc = self.getssc()
		tries = 0
		while True:
			try:
				ssc.bind((host, port))
				break
			except Exception as e:
				if e.strerror == "Address already in use":
					if not tries: self.d.log("Address {}:{} already in use, waiting 10 secs...".format(host, port))
					tries = tries + 1 if tries < 77 else 0
					try:
						time.sleep(10)
					except KeyboardInterrupt:
						raise
					continue
				self.d.abendHard("bind", e)
			except KeyboardInterrupt:
				raise
		ssc.listen(1)
		if self.d.ll(2): self.d.log("bound to {}:{}".format(host, port))
		self._ssc = ssc
		self.port = port
		return ssc

	def bindtrynext(self, host):
		for port in range(self._minport, self._maxport + 1):
			if self.d.ll(4): self.d.log("trying to bind to {}:{}...".format(host, port))
			try:
				ssc = self.getssc()
				ssc.bind((host, port))
				ssc.listen(1)
				break
			except Exception as e:
				if e.strerror == "Address already in use":
					if port < self._maxport:
						continue
					raise Node.AllPortsBusy
				self.d.abend("bind", e)
		if self.d.ll(2): self.d.log("bound to {}:{}".format(host, port))
		self._ssc = ssc
		self.port = port
		return (ssc, port)

	def send_peerport(self):
		"""UDP broadcast host:port pair for peer"""
		ipport = "{:012d}{}{:012d}{}{:012d}".format(len(self._UDP_key), self._UDP_key, len(self._bindhost), self._bindhost, self.port)

		c = DES3.new(self.rawKey(self._UDPpasswd, 24), DES3.MODE_ECB)
		data = ipport.encode()
		enc = c.encrypt(data + b' ' * (8 - len(data) % 8))
		if self.d.ll(4): self.d.log("len=%d, enc=[%s]" % (len(enc), enc.hex()))
		s = socket.socket(type=socket.SOCK_DGRAM)
		s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
		a = (self._UDPbroadcast_addr, self._UDPbroadcast_port)
		if self.d.ll(4): self.d.log("start udp sending to {}:{}: {}".format(self._UDPbroadcast_addr, Parms.udpport, data.decode()))

		pid = os.fork()
		if pid: self._UDPbroadcastPID = pid
		else:
			self.UDPbroadcastGO = True
			signal.signal(signal.SIGHUP, self.UDPstop)
			signal.pthread_sigmask(signal.SIG_UNBLOCK, {signal.SIGHUP})
			retries = 777
			while retries > 0 and self.UDPbroadcastGO:
				s.sendto(enc, a)
				time.sleep(1)
				retries -= 1
			sys.exit(0)

	def get_peerport(self):
		"""get peer host:port pair broadcasted by peer via UDP"""
		c = DES3.new(self.rawKey(self._UDPpasswd, 24), DES3.MODE_ECB)
		s = socket.socket(type=socket.SOCK_DGRAM)
		a = ('', self._UDPbroadcast_port)
		if self.d.ll(4): self.d.log("binding to udp-port {}:{}".format(a[0], a[1]))
		s.bind(a)
		s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
		while True:
			(dataBytes, (ip, port)) = s.recvfrom(512)
			try:	# ignore bad dgrams
				data = c.decrypt(dataBytes).decode().strip() if Parms.ssl else dataBytes.decode()
			except: continue
			if self.d.ll(5): self.d.log("datalen={}, data={}".format(len(data), data))
			strlen = int(data[:12])
			key = data[12:12+strlen]
			if not key == self._UDP_key: continue
			data = data[12+strlen:]
			strlen = int(data[:12])
			host = data[12:12+strlen]
			port = int(data[12+strlen:])
			if self.d.ll(4): self.d.log("peer listening on {}:{}".format(host, port))
			return (host, port)

	def rawKey(self, passwd, keylen):
		key = b''
		while len(key) < keylen:
			key = key + passwd.encode()
		return key[:keylen]

	def UDPstop(self, sign, frame):
		self.UDPbroadcastGO = False

	def UDPsignalHUP(self):
		os.kill(self._UDPbroadcastPID, signal.SIGHUP)		# stop UDP broadcast

	def acc(self, acc_TO=Parms.peer_accept_timeout):
		if self.d.ll(4): self.d.log("accepting on {} ...".format(self.port))
		self._ssc.settimeout(acc_TO)
		try:
			self._sc, (froma, fromp) = self._ssc.accept()
		except KeyboardInterrupt:
			if self.d.ll(4): self.d.log("KeyboardInterrupt")
			raise
		except Exception as e:
			self.d.abend("accept", e)
			return False
		# fileno = self._sc.fileno()
		if self.d.ll(2): self.d.log("conn request on {}SSL port {} from {}:{}"
								.format("" if self._issl else "non", self.port, froma, fromp))
		if Node.blocking:
			self._sc.settimeout(Parms.blockTimeout)
		else:   # select mode není zatím implementovaný
			self._srv_side[self._sc] = self._sc
			if self.d.ll(3): self.d.log("srv side={}".format(*(sc.fileno() for sc in self._srv_side.values())))
		accepted = False
		commonName = "nonSSL"
		certSubject = {}
		if self._chan > 0 and self._issl:
			certSubject.update(i for (i,) in self._sc.getpeercert()['subject'])
			self.d.log("client certificate subject:", certSubject, sev=4)
			if "commonName" in certSubject: commonName = certSubject["commonName"]
			if commonName == "{:02d}".format(self._chan): accepted = True
			# alternativa
			# for ((key, value),) in sc.getpeercert().get("subject"):
			# 	if key == "commonName":
			# 		commonName = value
			# 		if commonName == "{:02d}".format(self._chan): accepted = True
		else:
			accepted = True
		if self.d.ll(2): self.d.log("client {} {}".format(certSubject["commonName"], "accepted" if accepted else "rejected"))
		try:
			self._scfile = self._sc.makefile("rwb")
		except Exception as e:
			self.d.abendMsg("socket-makefile", e=e)
			self.close_sc()
			return False
		if accepted:
			try:
				if self.d.ll(4): self.d.log("confirming accept")
				self._scfile.write(b"ACCEPTED")
				self._scfile.flush()
				return True
			except Exception as e:
				self.d.abendMsg("send confirm", e=e)
				self.close_sc()
				return False
		else:	
			self._scfile.write(b"REJECTED")
			self.close_sc()
		return False

	def conn(self, host=Parms.srvhost, port=None):
		if not port: port = self._baseport
		if self.d.ll(4): self.d.log("connecting to {}:{}...".format(host, port))
		try:
			self._sc = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		except Exception as e:
			self.d.abend("socket alloc", e)
		if self._issl:
			if self.d.ll(4): self.d.log("sc SSL wrap, homedir={}, certfile={}, ca_certs={}"
									.format(os.getcwd(), Parms.sslCert, Parms.sslCAPath))
			try:
				if Node.useSSLContext:
					self._sc = Node.ctx.wrap_socket(self._sc)
				else:
					self._sc = ssl.wrap_socket(
						self._sc,
						certfile=Parms.sslCert,
						ca_certs=Parms.sslCAPath,
						cert_reqs=ssl.CERT_REQUIRED,
						ssl_version=ssl.PROTOCOL_TLSv1)
			except Exception as e:
				self.d.abend("sc SSL wrap", e)
		retry = Parms.connThreshold
		connected = False
		while not connected and retry > 0:
			try:
				self._sc.connect((host, port))
				connected = True
			except Exception as e:
				if e.errno == errno.ECONNREFUSED:
					retry = retry - 1
					time.sleep(Parms.connTimeout)
				else:
					self.d.abend("connect to {}".format(host), e)
		if retry == 0: self.d.abend("connection to {} refused, threshold {} reached".format(host, Parms.connThreshold), None)
		fileno = self._sc.fileno()
		if Node.blocking: self._sc.settimeout(Parms.blockTimeout)
		try:
			self._scfile = self._sc.makefile("rwb")
		except Exception as e:
			self.d.abend("connect makefile", e)
		try:
			if self._scfile.read(8) != b"ACCEPTED": self.d.abend("connection not accepted by server", None)
		except Exception as e:
			self.d.abend("read socket", e)
		if self.d.ll(2): self.d.log("connected to {}:{} after {} retries, via fd {}"
									.format(host, port, Parms.connThreshold - retry, fileno))

	def close_sc(self):
		if self.d.ll(4): self.d.log("closing socket...")
		try:
			if hasattr(self, '_scfile'): self._scfile.close()
			if hasattr(self, '_sc'): self._sc.close()
		except Exception as e:
			self.d.abend("closing socket", e)

	def close_ssc(self):
		if self.d.ll(4): self.d.log("closing SSL socket...")
		if hasattr(self, "_ssc"):
			try: self._ssc.close()
			except Exception as e: self.d.abend("closing SSL socket", e)

	def close(self):
		self.close_sc()
		self.close_ssc()
