#! /usr/bin/env python2

import os, sys
from BaseHTTPServer import BaseHTTPRequestHandler
from ZSI import *
from M2Crypto import Rand, SSL
from M2Crypto.SSL.SSLServer import SSLServer

class XKMSRequestHandler(BaseHTTPRequestHandler):
    server_version = 'ZSI/1.4-CVS XKMS/1.0 ' \
                   + BaseHTTPRequestHandler.server_version

    def send_xml(self, text, code=200):
        self.send_response(code)
        self.send_header('Content-type', 'text/xml; charset="utf-8"')
        self.send_header('Content-Length', str(len(text)))
        self.end_headers()
        self.wfile.write(text)
        self.trace(text, 'SENT')
        self.wfile.flush()

    def send_fault(self, f):
        self.send_xml(f.AsSOAP(), 500)

    def trace(self, text, what):
        F = self.server.tracefile
        if not F: return
        tstr = time.ctime(time.time())
        print >>F, '=' * 60, '\n', \
            '%s %s %s %s:' % (what, self.client_address, self.path, tstr)
        print >>F, text
        print >>F, '=' * 60, '\n'
        F.flush()

    def do_GET(self):
        self.send_response(301)
        self.send_header('Content-type', 'text/html');
        self.send_header('Location', 'http://webservices.xml.com');
        self.end_headers()
        self.trace('', 'GET')

    def do_POST(self):
        try:
            cl = int(self.headers['content-length'])
            IN = self.rfile.read(cl)
            self.trace(IN, 'RECEIVED')
            ps = ParsedSoap(IN)
        except ParseException, e:
            self.send_fault(FaultFromZSIException(e))
            return
        except Exception, e:
            self.send_fault(FaultFromException(e, 0, sys.exc_info()[2]))
            return
        if not check_xkms_method(ps): return
        if not check_xkms_headers(ps): return
        process_xkms(ps)

    def check_xkms_method(self, ps):
        root = ps.body_root
        if root.namespaceURI != 'http://www.w3.org/2002/03/xkms#':
            self.send_fault(
                Fault(Fault.Client,
                    'Unknown namespace "%s"' % root.namespaceURI))
            return None
        if root.localName not in ['Register','Revoke']:
            self.send_fault(
                Fault(Fault.Client, 'Unknown operation "%s"' % root.localName))
            return None
        return 1

    def check_xkms_headers(self, ps):
        for (uri, localname) in ps.WhatMustIUnderstand():
            self.send_fault(FaultFromNotUnderstood(uri, lname, 'XKMS'))
            return None
        return 1;

class HTTPS_Server(SSLServer):
    '''Subclass SSLServer; we add an optional "tracefile" parameter.'''
    def __init__(self, ME, handler, ssl_ctx, tracefile=None):
        SSLServer.__init__(self, ME, handler, ssl_ctx)
        self.tracefile = tracefile

def init_ssl_context(home, debug=None):
    ctx = SSL.Context('sslv3')
    ctx.load_cert(certfile=home + '/openssl/ssl/cert.pem',
                  keyfile=home + '/openssl/ssl/plainkey.pem')
    ctx.set_verify(SSL.verify_none, 1)
    ctx.set_allow_unknown_ca(1)
    ctx.set_session_id_ctx('xkms_srv')
    if debug: ctx.set_info_callback()
    return ctx

sslctx = init_ssl_context(os.environ.get('XKMSHOME', '/opt/xkms'))
s = HTTPS_Server(('', 8888), XKMSRequestHandler, sslctx)
s.serve_forever()