#!/usr/bin/env python
# Copyright 2016 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

"""
Given a path to a XXX.pem file, re-generates a CERTIFICATE.

The .pem file is expected to contain comments that resemble:

#-----BEGIN XXX-----
<ascii-der values in here>
#-----END XXX-----

These are interpreted as substitutions to make inside of the Certificate
template (v3_certificate_template.txt)
"""

import sys
import os
import re
import base64
import subprocess


def read_file_to_string(path):
  """Reads a file entirely to a string"""
  with open(path, 'r') as f:
    return f.read()


def write_string_to_file(data, path):
  """Writes a string to a file"""
  print "Writing file %s ..." % (path)
  with open(path, "w") as f:
    f.write(data)


def replace_string(original, start, end, replacement):
  """Replaces the specified range of |original| with |replacement|"""
  return original[0:start] + replacement + original[end:]


def apply_substitution(template, name, value):
  """Finds a section named |name| in |template| and replaces it with |value|."""
  # Find the section |name| in |template|.
  regex = re.compile(r'#-----BEGIN %s-----(.*?)#-----END %s-----' %
                    (re.escape(name), re.escape(name)), re.DOTALL)
  m = regex.search(template)
  if not m:
    print "Couldn't find a section named %s in the template" % (name)
    sys.exit(1)

  return replace_string(template, m.start(1), m.end(1), value)


def main():
  if len(sys.argv) != 2:
    print 'Usage: %s <PATH_TO_PEM>' % (sys.argv[0])
    sys.exit(1)

  pem_path = sys.argv[1]
  orig = read_file_to_string(pem_path)

  cert_ascii = read_file_to_string("v3_certificate_template.txt")

  # Apply all substitutions described by comments in |orig|
  regex = re.compile(r'#-----BEGIN ([\w ]+)-----(.*?)#-----END \1-----',
                     re.DOTALL)
  num_matches = 0
  for m in regex.finditer(orig):
    num_matches += 1
    cert_ascii = apply_substitution(cert_ascii, m.group(1), m.group(2))

  if num_matches == 0:
    print "Input did not contain any substitutions"
    sys.exit(1)

  # Convert the ascii-der to actual DER binary.
  cert_der = None
  try:
    p = subprocess.Popen(['ascii2der'], stdout=subprocess.PIPE,
                         stdin=subprocess.PIPE, stderr=subprocess.STDOUT)
    cert_der = p.communicate(input=cert_ascii)[0]
  except OSError as e:
    print ('ERROR: Failed executing ascii2der.\n'
           'Make sure this is in your path\n'
           'Obtain it from https://github.com/google/der-ascii')
    sys.exit(1)

  # Replace the CERTIFICATE block with the newly generated one.
  regex = re.compile(r'-----BEGIN CERTIFICATE-----\n(.*?)\n'
                     '-----END CERTIFICATE-----', re.DOTALL)
  m = regex.search(orig)
  if not m:
    print "ERROR: Cannot find CERTIFICATE block in input"
    sys.exit(1)
  modified = replace_string(orig, m.start(1), m.end(1),
                            base64.b64encode(cert_der))

  # Write back the .pem file.
  write_string_to_file(modified, pem_path)

main()