import os

from datetime import datetime
from time import mktime
from twisted.logger import Logger

from leap.bitmask.system import IS_LINUX
from leap.bitmask.vpn.privilege import is_pkexec_in_system, NoPkexecAvailable
from leap.common.certs import get_cert_time_boundaries
from leap.common.config import get_path_prefix

log = Logger()


class ImproperlyConfigured(Exception):
    pass


def get_failure_for(provider):
    if IS_LINUX and not is_pkexec_in_system():
        raise NoPkexecAvailable()
    if not _has_valid_cert(provider):
        raise ImproperlyConfigured('Missing VPN certificate')


def is_service_ready(provider):
    if not _has_valid_cert(provider):
        return False
    if os.getuid() == 0:
        # it's your problem if you run as root, not mine.
        return True
    if IS_LINUX and not is_pkexec_in_system():
        log.warn('System has no pkexec')
        return False
    return True


def cert_expires(provider):
    path = get_vpn_cert_path(provider)
    try:
        with open(path, 'r') as f:
            cert = f.read()
    except IOError:
        return None
    _, to = get_cert_time_boundaries(cert)
    expiry_date = datetime.fromtimestamp(mktime(to))
    return expiry_date


def get_vpn_cert_path(provider):
    return os.path.join(get_path_prefix(),
                        'leap', 'providers', provider,
                        'keys', 'client', 'openvpn.pem')


def _has_valid_cert(provider):
    cert_path = get_vpn_cert_path(provider)
    has_file = os.path.isfile(cert_path)
    if not has_file:
        log.warn("VPN cert not present for %s" % (provider,))
        return False

    expiry = cert_expires(provider)
    if datetime.now() > expiry:
        log.warn("VPN cert expired for %s" % (provider,))
        return False
    return True