#!/usr/bin/env python

# Contributors Listed Below - COPYRIGHT 2016
# [+] International Business Machines Corp.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing
# permissions and limitations under the License.


import sys
import os
import gevent
from gevent.pywsgi import WSGIServer
have_wsock = True
try:
    from geventwebsocket.handler import WebSocketHandler
except ImportError:
    have_wsock = False

# Parameters
# <wsgi application>  REQUIRED  Application to import and run (e.g. rest_dbus)
# <--no-ssl>          OPTIONAL  Don't use SSL
#
# NOTE: If not activated via a systemd socket then this server will bind
#       by default to all address's at port 443 or 80(--no-ssl)
if __name__ == '__main__':

    if len(sys.argv) < 2:
        sys.stderr.write('WSGI application required!')
        sys.exit(1)

    if (len(sys.argv) > 2) and (sys.argv[2] == "--no-ssl"):
        use_ssl = False
    else:
        use_ssl = True

    exec('from obmc.wsgi.apps.%s import App' % sys.argv[1])

    default_cert = os.path.join(
        sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')

    kw = {}
    if have_wsock:
        kw['have_wsock'] = True
    app = App(**kw)

    # repurpose for WSGIServer usage below
    kw = {}

    if use_ssl:
        # ECDH - Allow Elliptic Curve Diffie Hellman
        # kDH - Allow Key Exchange algorithm as Diffie Hellman
        # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
        # kRSA - Allow Key Exchange algorithm as RSA
        # !SSLv3 - Disallows any ciphers specific to SSLv3
        # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
        # !aNULL - Disallows anonymous authentication or no authentication
        # !eNULL - Disallows connection with NULL encryption
        # !LOW -   Disallows any low strength ciphers
        # !MEDIUM- Disallows medium strength ciphers

        kw['ciphers'] = (
        'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
        )

        kw['keyfile'] = default_cert
        kw['certfile'] = default_cert

    if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
        FIRST_SYSTEMD_SOCKET_FD = 3
        bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
                                    gevent.socket.AF_INET,
                                    gevent.socket.SOCK_STREAM)
    else:
        if use_ssl:
            bind = ('', 443)
        else:
            bind = ('', 80)

    if have_wsock:
        kw['handler_class'] = WebSocketHandler

    server = WSGIServer( bind, app, **kw )

    server.serve_forever()