# Copyright (c) 2013-2014 Rackspace, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from contextlib import contextmanager
import datetime
import functools
import os
from os import path
import time
import types
from unittest import mock

from OpenSSL import crypto
from oslo_config import cfg
from oslo_utils import uuidutils
import oslotest.base as oslotest
from oslotest import createfile
import six
from six.moves.urllib import parse
import webtest

from barbican.api import app
from barbican.common import config
import barbican.context
from barbican.model import repositories
from barbican.plugin.crypto import manager as cm
from barbican.plugin.crypto import p11_crypto
from barbican.plugin.interface import secret_store
from barbican.plugin import kmip_secret_store as kss
from barbican.tests import database_utils


def mock_pecan_request(test_instance, host=None):
    patcher_obj = mock.patch('pecan.request')
    mock_req = patcher_obj.start()
    test_instance.addCleanup(patcher_obj.stop)
    mock_req.url = host
    mock_req.environ = os.environ.copy()
    mock_req.application_url = host


@contextmanager
def pecan_context(test_instance, host=None):
    mock_pecan_request(test_instance, host=host)
    yield


class BarbicanAPIBaseTestCase(oslotest.BaseTestCase):
    """Base TestCase for all tests needing to interact with a Barbican app."""
    root_controller = None

    def _build_context(self, project_id, roles=None, user=None, is_admin=True,
                       policy_enforcer=None):
        context = barbican.context.RequestContext(
            roles=roles,
            user=user,
            project_id=project_id,
            is_admin=is_admin
        )
        context.policy_enforcer = policy_enforcer
        return context

    def setUp(self):
        super(BarbicanAPIBaseTestCase, self).setUp()
        # Make sure we have a test db and session to work with
        database_utils.setup_in_memory_db()

        # Generic project id to perform actions under
        self.project_id = generate_test_valid_uuid()

        # Build the test app
        wsgi_app = app.build_wsgi_app(
            controller=self.root_controller,
            transactional=True
        )

        self.app = webtest.TestApp(wsgi_app)
        self.app.extra_environ = {
            'barbican.context': self._build_context(self.project_id)
        }

    def tearDown(self):
        database_utils.in_memory_cleanup()
        super(BarbicanAPIBaseTestCase, self).tearDown()


class BaseTestCase(oslotest.BaseTestCase):
    """DEPRECATED - Will remove in future refactoring."""
    def setUp(self):
        super(BaseTestCase, self).setUp()
        self.order_id = 'order1234'
        self.external_project_id = 'keystone1234'
        self.request_id = 'request1234'

    def tearDown(self):
        super(BaseTestCase, self).tearDown()
        ss_conf = config.get_module_config('secretstore')
        ss_conf.clear_override("enable_multiple_secret_stores",
                               group='secretstore')


class MockModelRepositoryMixin(object):
    """Class for setting up the repo factory mocks

    This class has the purpose of setting up the mocks for the model repository
    factory functions. This is because they are intended to be singletons, and
    thus called inside the code-base, and not really passed around as
    arguments. Thus, this kind of approach is needed.

    The functions assume that the class that inherits from this is a test case
    fixture class. This is because as a side-effect patcher objects will be
    added to the class, and also the cleanup of these patcher objects will be
    added to the tear-down of the respective classes.
    """

    def setup_container_consumer_repository_mock(
            self, mock_container_consumer_repo=mock.MagicMock()):
        """Mocks the container consumer repository factory function

        :param mock_container_consumer_repo: The pre-configured mock
                                             container consumer repo to be
                                             returned.
        """
        self.mock_container_consumer_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_container_consumer_repository',
            mock_repo_obj=mock_container_consumer_repo,
            patcher_obj=self.mock_container_consumer_repo_patcher)

    def setup_secret_consumer_repository_mock(
            self, mock_secret_consumer_repo=mock.MagicMock()):
        """Mocks the secret consumer repository factory function

        :param mock_secret_consumer_repo: The pre-configured mock
                                          secret consumer repo to be
                                          returned.
        """
        self.mock_secret_consumer_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_secret_consumer_repository',
            mock_repo_obj=mock_secret_consumer_repo,
            patcher_obj=self.mock_secret_consumer_repo_patcher)

    def setup_container_repository_mock(self,
                                        mock_container_repo=mock.MagicMock()):
        """Mocks the container repository factory function

        :param mock_container_repo: The pre-configured mock
                                    container repo to be returned.
        """
        self.mock_container_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_container_repository',
            mock_repo_obj=mock_container_repo,
            patcher_obj=self.mock_container_repo_patcher)

    def setup_container_secret_repository_mock(
            self, mock_container_secret_repo=mock.MagicMock()):
        """Mocks the container-secret repository factory function

        :param mock_container_secret_repo: The pre-configured mock
                                           container-secret repo to be
                                           returned.
        """
        self.mock_container_secret_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_container_secret_repository',
            mock_repo_obj=mock_container_secret_repo,
            patcher_obj=self.mock_container_secret_repo_patcher)

    def setup_encrypted_datum_repository_mock(
            self, mock_encrypted_datum_repo=mock.MagicMock()):
        """Mocks the encrypted datum repository factory function

        :param mock_encrypted_datum_repo: The pre-configured mock
                                          encrypted datum repo to be returned.
        """
        self.mock_encrypted_datum_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_encrypted_datum_repository',
            mock_repo_obj=mock_encrypted_datum_repo,
            patcher_obj=self.mock_encrypted_datum_repo_patcher)

    def setup_kek_datum_repository_mock(self,
                                        mock_kek_datum_repo=mock.MagicMock()):
        """Mocks the kek datum repository factory function

        :param mock_kek_datum_repo: The pre-configured mock kek-datum repo to
                                    be returned.
        """
        self.mock_kek_datum_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_kek_datum_repository',
            mock_repo_obj=mock_kek_datum_repo,
            patcher_obj=self.mock_kek_datum_repo_patcher)

    def setup_order_barbican_meta_repository_mock(
            self, mock_order_barbican_meta_repo=mock.MagicMock()):
        """Mocks the order-barbican-meta repository factory function

        :param mock_order_barbican_meta_repo: The pre-configured mock order
                                              barbican-meta repo to be
                                              returned.
        """
        self.mock_order_barbican_meta_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_order_barbican_meta_repository',
            mock_repo_obj=mock_order_barbican_meta_repo,
            patcher_obj=self.mock_order_barbican_meta_repo_patcher)

    def setup_order_plugin_meta_repository_mock(
            self, mock_order_plugin_meta_repo=mock.MagicMock()):
        """Mocks the order-plugin-meta repository factory function

        :param mock_order_plugin_meta_repo: The pre-configured mock order
                                            plugin-meta repo to be returned.
        """
        self.mock_order_plugin_meta_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_order_plugin_meta_repository',
            mock_repo_obj=mock_order_plugin_meta_repo,
            patcher_obj=self.mock_order_plugin_meta_repo_patcher)

    def setup_order_repository_mock(self, mock_order_repo=mock.MagicMock()):
        """Mocks the order repository factory function

        :param mock_order_repo: The pre-configured mock order repo to be
                                returned.
        """
        self.mock_order_repo_patcher = None
        self._setup_repository_mock(repo_factory='get_order_repository',
                                    mock_repo_obj=mock_order_repo,
                                    patcher_obj=self.mock_order_repo_patcher)

    def setup_project_repository_mock(self,
                                      mock_project_repo=mock.MagicMock()):
        """Mocks the project repository factory function

        :param mock_project_repo: The pre-configured mock project repo to be
                                  returned.
        """
        self.mock_project_repo_patcher = None
        self._setup_repository_mock(repo_factory='get_project_repository',
                                    mock_repo_obj=mock_project_repo,
                                    patcher_obj=self.mock_project_repo_patcher)

    def setup_secret_meta_repository_mock(
            self, mock_secret_meta_repo=mock.MagicMock()):
        """Mocks the secret-meta repository factory function

        :param mock_secret_meta_repo: The pre-configured mock secret-meta repo
                                      to be returned.
        """
        self.mock_secret_meta_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_secret_meta_repository',
            mock_repo_obj=mock_secret_meta_repo,
            patcher_obj=self.mock_secret_meta_repo_patcher)

    def setup_secret_repository_mock(self, mock_secret_repo=mock.MagicMock()):
        """Mocks the secret repository factory function

        :param mock_secret_repo: The pre-configured mock secret repo to be
                                 returned.
        """
        self.mock_secret_repo_patcher = None
        self._setup_repository_mock(repo_factory='get_secret_repository',
                                    mock_repo_obj=mock_secret_repo,
                                    patcher_obj=self.mock_secret_repo_patcher)

    def setup_transport_key_repository_mock(
            self, mock_transport_key_repo=mock.MagicMock()):
        """Mocks the transport-key repository factory function

        :param mock_transport_key_repo: The pre-configured mock transport_key
                                        repo to be returned.
        """
        self.mock_transport_key_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_transport_key_repository',
            mock_repo_obj=mock_transport_key_repo,
            patcher_obj=self.mock_transport_key_repo_patcher)

    def setup_ca_repository_mock(self, mock_ca_repo=mock.MagicMock()):
        """Mocks the project repository factory function

        :param mock_ca_repo: The pre-configured mock ca repo to be returned.
        """
        self.mock_ca_repo_patcher = None
        self._setup_repository_mock(repo_factory='get_ca_repository',
                                    mock_repo_obj=mock_ca_repo,
                                    patcher_obj=self.mock_ca_repo_patcher)

    def setup_preferred_ca_repository_mock(
            self, mock_preferred_ca_repo=mock.MagicMock()):
        """Mocks the project repository factory function

        :param mock_preferred_ca_repo: The pre-configured mock project ca repo
                                     to be returned.
        """
        self.mock_preferred_ca_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_preferred_ca_repository',
            mock_repo_obj=mock_preferred_ca_repo,
            patcher_obj=self.mock_preferred_ca_repo_patcher)

    def setup_secret_stores_repository_mock(
            self, mock_secret_stores_repo=mock.MagicMock()):
        """Mocks the project repository factory function

        :param mock_secret_stores_repo: The pre-configured mock secret stores
                                     repo to be returned.
        """
        self.mock_secret_stores_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_secret_stores_repository',
            mock_repo_obj=mock_secret_stores_repo,
            patcher_obj=self.mock_secret_stores_repo_patcher)

    def setup_project_secret_store_repository_mock(
            self, mock_project_secret_store_repo=mock.MagicMock()):
        """Mocks the project repository factory function

        :param mock_project_secret_store_repo: The pre-configured mock project
                                     secret store repo to be returned.
        """
        self.mock_proj_secret_store_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_project_secret_store_repository',
            mock_repo_obj=mock_project_secret_store_repo,
            patcher_obj=self.mock_proj_secret_store_repo_patcher)

    def setup_project_ca_repository_mock(
            self, mock_project_ca_repo=mock.MagicMock()):
        """Mocks the project repository factory function

        :param mock_project_ca_repo: The pre-configured mock project ca repo
                                     to be returned.
        """
        self.mock_project_ca_repo_patcher = None
        self._setup_repository_mock(
            repo_factory='get_project_ca_repository',
            mock_repo_obj=mock_project_ca_repo,
            patcher_obj=self.mock_project_ca_repo_patcher)

    def _setup_repository_mock(self, repo_factory, mock_repo_obj, patcher_obj):
        patcher_obj = mock.patch(
            'barbican.model.repositories.' + repo_factory,
            return_value=mock_repo_obj
        )
        patcher_obj.start()
        self.addCleanup(patcher_obj.stop)


def construct_new_test_function(original_func, name, build_params):
    """Builds a new test function based on parameterized data.

    :param original_func: The original test function that is used as a template
    :param name: The fullname of the new test function
    :param build_params: A dictionary or list containing args or kwargs
        for the new test
    :return: A new function object
    """
    new_func = types.FunctionType(
        six.get_function_code(original_func),
        six.get_function_globals(original_func),
        name=name,
        argdefs=six.get_function_defaults(original_func),
        closure=six.get_function_closure(original_func)
    )

    for key, val in original_func.__dict__.items():
        if key != 'build_data':
            new_func.__dict__[key] = val

    # Support either an arg list or kwarg dict for our data
    build_args = build_params if isinstance(build_params, list) else []
    build_kwargs = build_params if isinstance(build_params, dict) else {}

    # Build a test wrapper to execute with our kwargs
    def test_wrapper(func, test_args, test_kwargs):
        @functools.wraps(func)
        def wrapper(self):
            return func(self, *test_args, **test_kwargs)
        return wrapper

    return test_wrapper(new_func, build_args, build_kwargs)


def process_parameterized_function(name, func_obj, build_data):
    """Build lists of functions to add and remove to a test case."""
    to_remove = []
    to_add = []

    for subtest_name, params in build_data.items():
        # Build new test function
        func_name = '{0}_{1}'.format(name, subtest_name)
        new_func = construct_new_test_function(func_obj, func_name, params)

        # Mark the new function as needed to be added to the class
        to_add.append((func_name, new_func))

        # Mark key for removal
        to_remove.append(name)

    return to_remove, to_add


def parameterized_test_case(cls):
    """Class decorator to process parameterized tests

    This allows for parameterization to be used for potentially any
    unittest compatible runner; including testr and py.test.
    """
    tests_to_remove = []
    tests_to_add = []
    for key, val in vars(cls).items():
        # Only process tests with build data on them
        if key.startswith('test_') and val.__dict__.get('build_data'):
            to_remove, to_add = process_parameterized_function(
                name=key,
                func_obj=val,
                build_data=val.__dict__.get('build_data')
            )
            tests_to_remove.extend(to_remove)
            tests_to_add.extend(to_add)

    # Add all new test functions
    [setattr(cls, name, func) for name, func in tests_to_add]

    # Remove all old test function templates (if they still exist)
    [delattr(cls, key) for key in tests_to_remove if hasattr(cls, key)]
    return cls


def parameterized_dataset(build_data):
    """Simple decorator to mark a test method for processing."""
    def decorator(func):
        func.__dict__['build_data'] = build_data
        return func
    return decorator


def setup_oslo_config_conf(testcase, content, conf_instance=None):

    conf_file_fixture = testcase.useFixture(
        createfile.CreateFileWithContent('barbican', content))
    if conf_instance is None:
        conf_instance = cfg.CONF
    conf_instance([], project="barbican",
                  default_config_files=[conf_file_fixture.path])

    testcase.addCleanup(conf_instance.reset)


def setup_multiple_secret_store_plugins_conf(testcase, store_plugin_names,
                                             crypto_plugin_names,
                                             global_default_index,
                                             conf_instance=None,
                                             multiple_support_enabled=None):
    """Sets multiple secret store support conf as oslo conf file.

    Generating file based conf based on input store and crypto plugin names
    provided as list. Index specified in argument is used to mark that specific
    secret store as global_default = True.

    Input lists are
    'store_plugins': ['store_crypto', 'kmip_plugin', 'store_crypto'],
    'crypto_plugins': ['simple_crypto', '', 'p11_crypto'],

    Sample output conf file generated is

    [secretstore]
    enable_multiple_secret_stores = True
    stores_lookup_suffix = plugin_0, plugin_1, plugin_2

    [secretstore:plugin_0]
    secret_store_plugin = store_crypto
    crypto_plugin = simple_crypto
    global_default = True

    [secretstore:plugin_1]
    secret_store_plugin = kmip_plugin

    [secretstore:plugin_2]
    secret_store_plugin = store_crypto
    crypto_plugin = p11_crypto

    """

    def _get_conf_line(name, value, section=None):
        out_line = "\n[{0}]\n".format(section) if section else ""
        out_line += "{0} = {1}\n".format(name, value) if name else ""
        return out_line

    if multiple_support_enabled is None:
        multiple_support_enabled = True

    conf_content = ""

    if store_plugin_names is not None:

        if len(store_plugin_names) < len(crypto_plugin_names):
            max_count = len(crypto_plugin_names)
        else:
            max_count = len(store_plugin_names)

        lookup_names = ['plugin_{0}'.format(indx) for indx in range(max_count)]
        section_names = ['secretstore:{0}'.format(lname) for lname in
                         lookup_names]
        lookup_str = ", ".join(lookup_names)

        conf_content = _get_conf_line('enable_multiple_secret_stores',
                                      multiple_support_enabled,
                                      section='secretstore')
        conf_content += _get_conf_line('stores_lookup_suffix',
                                       lookup_str, section=None)

        for indx, section_name in enumerate(section_names):
            if indx < len(store_plugin_names):
                store_plugin = store_plugin_names[indx]
                conf_content += _get_conf_line('secret_store_plugin',
                                               store_plugin,
                                               section=section_name)
            else:
                conf_content += _get_conf_line(None, None,
                                               section=section_name)
            if indx < len(crypto_plugin_names):
                crypto_plugin = crypto_plugin_names[indx]
                conf_content += _get_conf_line('crypto_plugin', crypto_plugin,
                                               section=None)
            if indx == global_default_index:
                conf_content += _get_conf_line('global_default', 'True',
                                               section=None)

    setup_oslo_config_conf(testcase, conf_content, conf_instance)


class MultipleBackendsTestCase(database_utils.RepositoryTestCase):

    def _mock_plugin_settings(self):

        kmip_conf = kss.CONF
        kmip_conf.kmip_plugin.username = "sample_username"
        kmip_conf.kmip_plugin.password = "sample_password"
        kmip_conf.kmip_plugin.keyfile = None
        kmip_conf.kmip_plugin.pkcs1_only = False

        pkcs11_conf = p11_crypto.CONF
        pkcs11_conf.p11_crypto_plugin.library_path = "/tmp"  # any dummy path

    def init_via_conf_file(self, store_plugin_names, crypto_plugin_names,
                           enabled=True, global_default_index=0):
        secretstore_conf = config.get_module_config('secretstore')

        setup_multiple_secret_store_plugins_conf(
            self, store_plugin_names=store_plugin_names,
            crypto_plugin_names=crypto_plugin_names,
            global_default_index=global_default_index,
            conf_instance=secretstore_conf,
            multiple_support_enabled=enabled)

        # clear globals if already set in previous tests
        secret_store._SECRET_STORE = None  # clear secret store manager
        cm._PLUGIN_MANAGER = None  # clear crypto manager
        self._mock_plugin_settings()

    def _get_secret_store_entry(self, store_plugin, crypto_plugin):
        all_ss = repositories.get_secret_stores_repository().get_all()
        for ss in all_ss:
            if (ss.store_plugin == store_plugin and
                    ss.crypto_plugin == crypto_plugin):
                return ss
        return None


def create_timestamp_w_tz_and_offset(timezone=None, days=0, hours=0, minutes=0,
                                     seconds=0):
    """Creates a timestamp with a timezone and offset in days

    :param timezone: Timezone used in creation of timestamp
    :param days: The offset in days
    :param hours: The offset in hours
    :param minutes: The offset in minutes

    :return: a timestamp
    """
    if timezone is None:
        timezone = time.strftime("%z")

    timestamp = '{time}{timezone}'.format(
        time=(datetime.datetime.today() + datetime.timedelta(days=days,
                                                             hours=hours,
                                                             minutes=minutes,
                                                             seconds=seconds)),
        timezone=timezone)

    return timestamp


def get_limit_and_offset_from_ref(ref):
    matches = dict(parse.parse_qsl(parse.urlparse(ref).query))
    ref_limit = matches['limit']
    ref_offset = matches['offset']

    return ref_limit, ref_offset


def get_tomorrow_timestamp():
    tomorrow = (datetime.today() + datetime.timedelta(days=1))
    return tomorrow.isoformat()


def get_id_from_ref(ref):
    """Returns id from reference."""
    ref_id = None
    if ref is not None and len(ref) > 0:
        ref_id = path.split(ref)[1]
    return ref_id


def generate_test_uuid(tail_value=0):
    """Returns a blank uuid with the given value added to the end segment."""
    return '00000000-0000-0000-0000-{value:0>{pad}}'.format(value=tail_value,
                                                            pad=12)


def generate_test_valid_uuid():
    """Returns a valid uuid value, similar to uuid generated in barbican"""
    return uuidutils.generate_uuid()


def get_symmetric_key():
    s = b"MIICdgIBADANBgkqhkiG9w=="
    return s


def get_triple_des_key():
    s = b"AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcI"
    return s


def is_cert_valid(expected, observed):
    c1 = crypto.load_certificate(crypto.FILETYPE_PEM, expected)
    c2 = crypto.load_certificate(crypto.FILETYPE_PEM, observed)
    return (crypto.dump_certificate(crypto.FILETYPE_PEM, c1) ==
            crypto.dump_certificate(crypto.FILETYPE_PEM, c2))


def is_private_key_valid(expected, observed):
    k1 = crypto.load_privatekey(crypto.FILETYPE_PEM, expected)
    k2 = crypto.load_privatekey(crypto.FILETYPE_PEM, observed)
    return (crypto.dump_privatekey(crypto.FILETYPE_PEM, k1) ==
            crypto.dump_privatekey(crypto.FILETYPE_PEM, k2))


def is_public_key_valid(expected, observed):
    # TODO(alee) fill in the relevant test here
    return True


def is_kmip_enabled():
    return os.environ.get('KMIP_PLUGIN_ENABLED') is not None


def is_vault_enabled():
    return os.environ.get('VAULT_PLUGIN_ENABLED') is not None


def is_pkcs11_enabled():
    return os.environ.get('PKCS11_PLUGIN_ENABLED') is not None


class DummyClassForTesting(object):
    pass