#!/usr/bin/env python

# Contributors Listed Below - COPYRIGHT 2016
# [+] International Business Machines Corp.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing
# permissions and limitations under the License.


import sys
import os
import gevent
from gevent.pywsgi import WSGIServer
have_wsock = True
try:
    from geventwebsocket.handler import WebSocketHandler
except ImportError:
    have_wsock = False

if __name__ == '__main__':
    if len(sys.argv) < 2:
        sys.stderr.write('WSGI application required!')
        sys.exit(1)

    exec('from obmc.wsgi.apps.%s import App' % sys.argv[1])

    default_cert = os.path.join(
        sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')

    kw = {}
    if have_wsock:
        kw['have_wsock'] = True
    app = App(**kw)

    # ECDH - Allow Elliptic Curve Diffie Hellman
    # kDH - Allow Key Exchange algorithm as Diffie Hellman
    # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
    # kRSA - Allow Key Exchange algorithm as RSA
    # !SSLv3 - Disallows any ciphers specific to SSLv3
    # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
    # !aNULL - Disallows anonymous authentication or no authentication
    # !eNULL - Disallows connection with NULL encryption
    # !LOW -   Disallows any low strength ciphers
    # !MEDIUM- Disallows medium strength ciphers

    ssl_ciphers = (
    'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
    )

    if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
        FIRST_SYSTEMD_SOCKET_FD = 3
        bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
                                    gevent.socket.AF_INET,
                                    gevent.socket.SOCK_STREAM)
    else:
        bind = ('', 443)

    kw = {}
    if have_wsock:
        kw['handler_class'] = WebSocketHandler
    server = WSGIServer(
        bind, app, keyfile=default_cert, certfile=default_cert,
        ciphers=ssl_ciphers, **kw)
    server.serve_forever()