# vi: ts=4 ai noet
#
# Copyright (C) 2006-2007 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

import dbus
import dbus.service
import time
import os
import binascii
import ConfigParser
import logging

import nmclient
import keydialog
import gtk
from sugar import env

IW_AUTH_KEY_MGMT_802_1X	= 0x1
IW_AUTH_KEY_MGMT_PSK	= 0x2

IW_AUTH_WPA_VERSION_DISABLED = 0x00000001
IW_AUTH_WPA_VERSION_WPA      = 0x00000002
IW_AUTH_WPA_VERSION_WPA2     = 0x00000004

NM_AUTH_TYPE_WPA_PSK_AUTO = 0x00000000
IW_AUTH_CIPHER_NONE   = 0x00000001
IW_AUTH_CIPHER_WEP40  = 0x00000002
IW_AUTH_CIPHER_TKIP   = 0x00000004
IW_AUTH_CIPHER_CCMP   = 0x00000008
IW_AUTH_CIPHER_WEP104 = 0x00000010

IW_AUTH_ALG_OPEN_SYSTEM = 0x00000001
IW_AUTH_ALG_SHARED_KEY  = 0x00000002

NM_INFO_IFACE='org.freedesktop.NetworkManagerInfo'
NM_INFO_PATH='/org/freedesktop/NetworkManagerInfo'


class NoNetworks(dbus.DBusException):
    def __init__(self):
        dbus.DBusException.__init__(self)
        self._dbus_error_name = NM_INFO_IFACE + '.NoNetworks'

class CanceledKeyRequestError(dbus.DBusException):
    def __init__(self):
        dbus.DBusException.__init__(self)
        self._dbus_error_name = NM_INFO_IFACE + '.CanceledError'


class NetworkInvalidError(Exception):
    pass


class NMConfig(ConfigParser.ConfigParser):
    def get_bool(self, section, name):
        opt = self.get(section, name)
        if type(opt) == type(""):
            if opt.lower() == 'yes' or opt.lower() == 'true':
                return True
            elif opt.lower() == 'no' or opt.lower() == 'false':
                return False
        raise ValueError("Invalid format for %s/%s.  Should be one of [yes, no, true, false]." % (section, name))

    def get_list(self, section, name):
        opt = self.get(section, name)
        if type(opt) == type(""):
            if not len(opt):
                return []
            try:
                return opt.split()
            except Exception:
                pass
        raise ValueError("Invalid format for %s/%s.  Should be a space-separate list." % (section, name))

    def get_int(self, section, name):
        opt = self.get(section, name)
        try:
            return int(opt)
        except Exception:
            pass
        raise ValueError("Invalid format for %s/%s.  Should be a valid integer." % (section, name))

    def get_float(self, section, name):
        opt = self.get(section, name)
        try:
            return float(opt)
        except Exception:
            pass
        raise ValueError("Invalid format for %s/%s.  Should be a valid float." % (section, name))


NETWORK_TYPE_UNKNOWN = 0
NETWORK_TYPE_ALLOWED = 1
NETWORK_TYPE_INVALID = 2


class Security(object):
    def __init__(self, we_cipher):
        self._we_cipher = we_cipher

    def read_from_config(self, cfg, name):
        pass

    def read_from_args(self, args):
        pass

    def new_from_config(cfg, name):
        security = None
        we_cipher = cfg.get_int(name, "we_cipher")
        if we_cipher == IW_AUTH_CIPHER_NONE:
            security = Security(we_cipher)
        elif we_cipher == IW_AUTH_CIPHER_WEP40 or we_cipher == IW_AUTH_CIPHER_WEP104:
            security = WEPSecurity(we_cipher)
        elif we_cipher == NM_AUTH_TYPE_WPA_PSK_AUTO or we_cipher == IW_AUTH_CIPHER_CCMP or we_cipher == IW_AUTH_CIPHER_TKIP:
            security = WPASecurity(we_cipher)
        else:
            raise ValueError("Unsupported security combo")
        security.read_from_config(cfg, name)
        return security
    new_from_config = staticmethod(new_from_config)

    def new_from_args(we_cipher, args):
        security = None
        try:
            if we_cipher == IW_AUTH_CIPHER_NONE:
                security = Security(we_cipher)
            elif we_cipher == IW_AUTH_CIPHER_WEP40 or we_cipher == IW_AUTH_CIPHER_WEP104:
                security = WEPSecurity(we_cipher)
            elif we_cipher == NM_AUTH_TYPE_WPA_PSK_AUTO or we_cipher == IW_AUTH_CIPHER_CCMP or we_cipher == IW_AUTH_CIPHER_TKIP:
                security = WPASecurity(we_cipher)
            else:
                raise ValueError("Unsupported security combo")
            security.read_from_args(args)
        except ValueError, e:
            logging.debug("Error reading security information: %s" % e)
            del security
            return None
        return security
    new_from_args = staticmethod(new_from_args)

    def get_properties(self):
        return [dbus.Int32(self._we_cipher)]

    def write_to_config(self, section, config):
        config.set(section, "we_cipher", self._we_cipher)


class WEPSecurity(Security):
    def read_from_args(self, args):
        if len(args) != 2:
            raise ValueError("not enough arguments")
        key = args[0]
        auth_alg = args[1]
        if isinstance(key, unicode):
            key = key.encode()
        if not isinstance(key, str):
            raise ValueError("wrong argument type for key")
        if not isinstance(auth_alg, int):
            raise ValueError("wrong argument type for auth_alg")
        self._key = key
        self._auth_alg = auth_alg

    def read_from_config(self, cfg, name):
        # Key should be a hex encoded string
        self._key = cfg.get(name, "key")
        if self._we_cipher == IW_AUTH_CIPHER_WEP40 and len(self._key) != 10:
            raise ValueError("Key length not right for 40-bit WEP")
        if self._we_cipher == IW_AUTH_CIPHER_WEP104 and len(self._key) != 26:
            raise ValueError("Key length not right for 104-bit WEP")

        try:
            a = binascii.a2b_hex(self._key)
        except TypeError:
            raise ValueError("Key was not a hexadecimal string.")
            
        self._auth_alg = cfg.get_int(name, "auth_alg")
        if self._auth_alg != IW_AUTH_ALG_OPEN_SYSTEM and self._auth_alg != IW_AUTH_ALG_SHARED_KEY:
            raise ValueError("Invalid authentication algorithm %d" % self._auth_alg)

    def get_properties(self):
        args = Security.get_properties(self)
        args.append(dbus.String(self._key))
        args.append(dbus.Int32(self._auth_alg))
        return args

    def write_to_config(self, section, config):
        Security.write_to_config(self, section, config)
        config.set(section, "key", self._key)
        config.set(section, "auth_alg", self._auth_alg)

class WPASecurity(Security):
    def read_from_args(self, args):
        if len(args) != 3:
            raise ValueError("not enough arguments")
        key = args[0]
        if isinstance(key, unicode):
            key = key.encode()
        if not isinstance(key, str):
            raise ValueError("wrong argument type for key")

        wpa_ver = args[1]
        if not isinstance(wpa_ver, int):
            raise ValueError("wrong argument type for WPA version")

        key_mgmt = args[2]
        if not isinstance(key_mgmt, int):
            raise ValueError("wrong argument type for WPA key management")
        if not key_mgmt & IW_AUTH_KEY_MGMT_PSK:
            raise ValueError("Key management types other than PSK are not supported")

        self._key = key
        self._wpa_ver = wpa_ver
        self._key_mgmt = key_mgmt

    def read_from_config(self, cfg, name):
        # Key should be a hex encoded string
        self._key = cfg.get(name, "key")
        if len(self._key) != 64:
            raise ValueError("Key length not right for WPA-PSK")

        try:
            a = binascii.a2b_hex(self._key)
        except TypeError:
            raise ValueError("Key was not a hexadecimal string.")
            
        self._wpa_ver = cfg.get_int(name, "wpa_ver")
        if self._wpa_ver != IW_AUTH_WPA_VERSION_WPA and self._wpa_ver != IW_AUTH_WPA_VERSION_WPA2:
            raise ValueError("Invalid WPA version %d" % self._wpa_ver)

        self._key_mgmt = cfg.get_int(name, "key_mgmt")
        if not self._key_mgmt & IW_AUTH_KEY_MGMT_PSK:
            raise ValueError("Invalid WPA key management option %d" % self._key_mgmt)

    def get_properties(self):
        args = Security.get_properties(self)
        args.append(dbus.String(self._key))
        args.append(dbus.Int32(self._wpa_ver))
        args.append(dbus.Int32(self._key_mgmt))
        return args

    def write_to_config(self, section, config):
        Security.write_to_config(self, section, config)
        config.set(section, "key", self._key)
        config.set(section, "wpa_ver", self._wpa_ver)
        config.set(section, "key_mgmt", self._key_mgmt)


class Network:
    def __init__(self, ssid):
        self.ssid = ssid
        self.timestamp = int(time.time())
        self.bssids = []
        self.we_cipher = 0
        self._security = None

    def get_properties(self):
        bssid_list = dbus.Array([], signature="s")
        for item in self.bssids:
            bssid_list.append(dbus.String(item))
        args = [dbus.String(self.ssid), dbus.Int32(self.timestamp), dbus.Boolean(True), bssid_list]
        args += self._security.get_properties()
        return tuple(args)

    def get_security(self):
        return self._security.get_properties()

    def set_security(self, security):
        self._security = security

    def read_from_args(self, auto, bssid, we_cipher, args):
        if auto == False:
            self.timestamp = int(time.time())
        if not bssid in self.bssids:
            self.bssids.append(bssid)

        self._security = Security.new_from_args(we_cipher, args)
        if not self._security:
            raise NetworkInvalidError("Invalid security information")

    def read_from_config(self, config):
        try:
            self.timestamp = config.get_int(self.ssid, "timestamp")
        except (ConfigParser.NoOptionError, ValueError), e:
            raise NetworkInvalidError(e)

        try:
            self._security = Security.new_from_config(config, self.ssid)
        except Exception, e:
            raise NetworkInvalidError(e)

        # The following don't need to be present
        try:
            self.bssids = config.get_list(self.ssid, "bssids")
        except (ConfigParser.NoOptionError, ValueError), e:
            pass

    def write_to_config(self, config):
        try:
            config.add_section(self.ssid)
            config.set(self.ssid, "timestamp", self.timestamp)
            if len(self.bssids) > 0:
                opt = " "
                opt.join(self.bssids)
                config.set(self.ssid, "bssids", opt)
            self._security.write_to_config(self.ssid, config)
        except Exception, e:
            logging.debug("Error writing '%s': %s" % (self.ssid, e))


class NotFoundError(dbus.DBusException):
    pass
class UnsupportedError(dbus.DBusException):
    pass

class NMInfoDBusServiceHelper(dbus.service.Object):
    def __init__(self, parent):
        self._parent = parent
        bus = dbus.SystemBus()

        # If NMI is already around, don't grab the NMI service
        bus_object = bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus')
        name = None
        try:
            name = bus_object.GetNameOwner("org.freedesktop.NetworkManagerInfo", \
                    dbus_interface='org.freedesktop.DBus')
        except dbus.DBusException:
            pass
        if name:
            logging.debug("NMI service already owned by %s, won't claim it." % name)
            raise RuntimeError

        bus_name = dbus.service.BusName(NM_INFO_IFACE, bus=bus)
        dbus.service.Object.__init__(self, bus_name, NM_INFO_PATH)

    @dbus.service.method(NM_INFO_IFACE, in_signature='i', out_signature='as')
    def getNetworks(self, net_type):
        ssids = self._parent.get_networks(net_type)
        if len(ssids) > 0:
            return dbus.Array(ssids)

        raise NoNetworks()

    @dbus.service.method(NM_INFO_IFACE, in_signature='si', async_callbacks=('async_cb', 'async_err_cb'))
    def getNetworkProperties(self, ssid, net_type, async_cb, async_err_cb):
        self._parent.get_network_properties(ssid, net_type, async_cb, async_err_cb)

    @dbus.service.method(NM_INFO_IFACE)
    def updateNetworkInfo(self, ssid, bauto, bssid, cipher, *args):
        self._parent.update_network_info(ssid, bauto, bssid, cipher, args)

    @dbus.service.method(NM_INFO_IFACE, async_callbacks=('async_cb', 'async_err_cb'))
    def getKeyForNetwork(self, dev_path, net_path, ssid, attempt, new_key, async_cb, async_err_cb):
        self._parent.get_key_for_network(dev_path, net_path, ssid,
                attempt, new_key, async_cb, async_err_cb)

    @dbus.service.method(NM_INFO_IFACE)
    def cancelGetKeyForNetwork(self):
        self._parent.cancel_get_key_for_network()

class NMInfo(object):
    def __init__(self, client):
        profile_path = env.get_profile_path()
        self._cfg_file = os.path.join(profile_path, "nm", "networks.cfg")
        self._nmclient = client
        self._allowed_networks = self._read_config()
        self._dbus_helper = NMInfoDBusServiceHelper(self)
        self._key_dialog = None

    def save_config(self):
        self._write_config(self._allowed_networks)

    def _read_config(self):
        if not os.path.exists(os.path.dirname(self._cfg_file)):
            os.makedirs(os.path.dirname(self._cfg_file), 0755)
        if not os.path.exists(self._cfg_file):
            self._write_config({})
            return {}

        config = NMConfig()
        config.read(self._cfg_file)
        networks = {}
        for name in config.sections():
            try:
                net = Network(name)
                net.read_from_config(config)
                networks[name] = net
            except Exception, e:
                logging.error("Error when processing config for the network %s: %r" % (name, e))

        del config
        return networks

    def _write_config(self, networks):
        fp = open(self._cfg_file, 'w')
        config = NMConfig()
        for net in networks.values():
            net.write_to_config(config)
        config.write(fp)
        fp.close()
        del config

    def get_networks(self, net_type):
        if net_type != NETWORK_TYPE_ALLOWED:
            raise ValueError("Bad network type")
        nets = []
        for net in self._allowed_networks.values():
            nets.append(net.ssid)
        logging.debug("Returning networks: %s" % nets)
        return nets

    def get_network_properties(self, ssid, net_type, async_cb, async_err_cb):
        if not isinstance(ssid, unicode):
            async_err_cb(ValueError("Invalid arguments; ssid must be unicode."))
        if net_type != NETWORK_TYPE_ALLOWED:
            async_err_cb(ValueError("Bad network type"))
        if not self._allowed_networks.has_key(ssid):
            async_err_cb(NotFoundError("Network '%s' not found." % ssid))
        network = self._allowed_networks[ssid]
        props = network.get_properties()

        # DBus workaround: the normal method return handler wraps
        # the returned arguments in a tuple and then converts that to a
        # struct, but NetworkManager expects a plain list of arguments.
        # It turns out that the async callback method return code _doesn't_
        # wrap the returned arguments in a tuple, so as a workaround use
        # the async callback stuff here even though we're not doing it
        # asynchronously.
        async_cb(*props)

    def update_network_info(self, ssid, auto, bssid, we_cipher, args):
        if not isinstance(ssid, unicode):
            raise ValueError("Invalid arguments; ssid must be unicode.")
        if self._allowed_networks.has_key(ssid):
            del self._allowed_networks[ssid]
        net = Network(ssid)
        try:
            net.read_from_args(auto, bssid, we_cipher, args)
            logging.debug("Updated network information for '%s'." % ssid)
            self._allowed_networks[ssid] = net
            self.save_config()
        except NetworkInvalidError, e:
            logging.debug("Error updating network information: %s" % e)
            del net

    def get_key_for_network(self, dev_op, net_op, ssid, attempt, new_key, async_cb, async_err_cb):
        if not isinstance(ssid, unicode):
            raise ValueError("Invalid arguments; ssid must be unicode.")
        if self._allowed_networks.has_key(ssid) and not new_key:
            # We've got the info already
            net = self._allowed_networks[ssid]
            async_cb(tuple(net.get_security()))
            return

        # Otherwise, ask the user for it
        net = None
        dev = self._nmclient.get_device(dev_op)
        if not dev:
            async_err_cb(NotFoundError("Device was unknown."))
            return

        if dev.get_type() == nmclient.DEVICE_TYPE_802_3_ETHERNET:
            # We don't support wired 802.1x yet...
            async_err_cb(UnsupportedError("Device type is unsupported by NMI."))
            return

        net = dev.get_network(net_op)
        if not net:
            async_err_cb(NotFoundError("Network was unknown."))
            return

        self._key_dialog = keydialog.new_key_dialog(net, async_cb, async_err_cb)
        self._key_dialog.connect("response", self._key_dialog_response_cb)
        self._key_dialog.connect("destroy", self._key_dialog_destroy_cb)
        self._key_dialog.show_all()

    def _key_dialog_destroy_cb(self, widget, foo=None):
        if widget != self._key_dialog:
            return
        self._key_dialog_response_cb(widget, gtk.RESPONSE_CANCEL)

    def _key_dialog_response_cb(self, widget, response_id):
        if widget != self._key_dialog:
            return

        (async_cb, async_err_cb) = self._key_dialog.get_callbacks()
        net = self._key_dialog.get_network()
        security = None
        if response_id == gtk.RESPONSE_OK:
            security = self._key_dialog.create_security()
        self._key_dialog = None
        widget.destroy()

        if response_id in [gtk.RESPONSE_CANCEL, gtk.RESPONSE_NONE]:
            # key dialog dialog was canceled; send the error back to NM
            async_err_cb(CanceledKeyRequestError())
        elif response_id == gtk.RESPONSE_OK:
            if not security:
                raise RuntimeError("Invalid security arguments.")
            props = security.get_properties()
            a = tuple(props)
            async_cb(*a)
        else:
            raise RuntimeError("Unhandled key dialog response %d" % response_id)

    def cancel_get_key_for_network(self):
        # Close the wireless key dialog and just have it return
        # with the 'canceled' argument set to true
        if not self._key_dialog:
            return
        self._key_dialog_destroy_cb(self._key_dialog)