#!/usr/bin/env python
# $Id$
#
# Copyright (C) 2015-2016  Parsons Government Services ("PARSONS")
# Portions copyright (C) 2014  Dragon Research Labs ("DRL")
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notices and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND PARSONS AND DRL DISCLAIM ALL
# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL
# PARSONS OR DRL BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
# OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

"""
Scan rcynic validated output looking for router certificates, print
out stuff that the rpki-rtr code cares about.
"""

import os
import sys
import base64
import argparse
import rpki.POW
import rpki.oids
import rpki.config

from rpki.rcynicdb.iterator import authenticated_objects

def check_dir(s):
    if not os.path.isdir(s):
        raise argparse.ArgumentTypeError("{!r} is not a directory".format(s))
    return s

cfg = rpki.config.argparser(doc = __doc__)
cfg.argparser.add_argument("rcynic_dir", nargs = "?", type = check_dir,
                           help = "rcynic authenticated output directory")
args = cfg.argparser.parse_args()

for uri, cer in authenticated_objects(args.rcynic_dir, uri_suffix = ".cer"):

    if rpki.oids.id_kp_bgpsec_router not in (cer.getEKU() or ()):
        continue

    sys.stdout.write(base64.urlsafe_b64encode(cer.getSKI()).rstrip("="))

    for min_asn, max_asn in cer.getRFC3779()[0]:
        for asn in xrange(min_asn, max_asn + 1):
            sys.stdout.write(" {}".format(asn))

    sys.stdout.write(" {}\n".format(base64.b64encode(cer.getPublicKey().derWritePublic())))