# -*- coding: utf-8 -*-
from setuphelpers import *
import requests,json
from jinja2 import Environment, FileSystemLoader

uninstallkey = []
variables = {
    'ssh_password_auth': False,
    'ssh_append_ciphers': True,
    'ssh_ciphers': [ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc' ]
}

# Read local variables file if available
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
    print('Reading local encrypted variables file')
    from cryptography.fernet import Fernet
    import yaml
    f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
    variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))

def install():
    print('Installing OpenSSH')
    mkdirs(makepath(programfiles,'OpenSSH'))

    print('    Stoping the service')
    for service in ['sshd','ssh-agent']:
        if service_installed(service) and service_is_running(service):
            service_stop(service)
        killalltasks('%s.exe' % service)

    print('    Extract OpenSSH archive')
    run('"%s" e -y -o"%s" OpenSSH-Win%s.zip' % (makepath(programfiles,'7-Zip','7z.exe'),makepath(programfiles,'OpenSSH'),'64' if iswin64() else '32'))

    print('    Installing the services')
    run(r'sc.exe create sshd binPath= "%s" DisplayName= "OpenSSH Server" start= auto' % makepath(programfiles,'OpenSSH','sshd.exe'), accept_returncodes=[0,1073])
    run(r'sc.exe privs sshd SeAssignPrimaryTokenPrivilege/SeTcbPrivilege/SeBackupPrivilege/SeRestorePrivilege/SeImpersonatePrivilege')
    run(r'sc.exe create ssh-agent binPath= "%s" DisplayName= "OpenSSH Authentication Agent" start= auto' % makepath(programfiles,'OpenSSH','ssh-agent.exe'), accept_returncodes=[0,1073])
    run(r'sc.exe sdset ssh-agent "D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;RP;;;AU)"')
    run(r'sc.exe privs ssh-agent SeImpersonatePrivilege')
    run(r'wevtutil.exe um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))
    filecopyto('openssh-events.man',makepath(programfiles,'OpenSSH'))
    run(r'wevtutil.exe im "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))

    print('    Opening port 22 in the firewall')
    run_notfatal(r'netsh advfirewall firewall del rule name="OpenSSH Server"')
    run(r'netsh advfirewall firewall add rule name="OpenSSH Server" dir=in action=allow protocol=TCP localport=22 enable=yes')

    print('    Deploy sshd_config')
    conf_dir = makepath(os.getenv('ProgramData',r'C:\ProgramData'),'ssh')
    mkdirs(conf_dir)
    jinja2 = Environment(
        loader=FileSystemLoader('.'),
        trim_blocks=True
    )
    open(makepath(conf_dir,'sshd_config'),'w').write(
        jinja2.get_template('sshd_config.j2').render(
            ssh_ciphers = ('+' if variables['ssh_append_ciphers'] == True else '') + ','.join(variables['ssh_ciphers']),
            ssh_password_auth = variables['ssh_password_auth']
        )
    )

    print('    (Re)starting the service')
    if service_is_running('sshd'):
        service_restart('sshd')
    else:
        service_start('sshd')

    print(r'    Enabling sshd service on boot')
    run('sc config sshd start= auto')

def uninstall():
    print('Removing OpenSSH')

    for service in ['sshd','ssh-agent']:
        print('    Stoping the services %s' % service)
        if service_is_running(service):
            service_stop(service)
        killalltasks('%s.exe' % service)

        print('    Uninstalling service %s' % service)
        run(r'sc.exe delete %s' % service)

    print('    Unregister events handler')
    run(r'wevtutil um "%s"' % makepath(programfiles,'OpenSSH','openssh-events.man'))

    print('    Removing files')
    remove_tree(makepath(programfiles,'OpenSSH'))

def update_package():
    print('Updating OpenSSH Package')
    latest = json.loads(requests.get('https://api.github.com/repos/PowerShell/Win32-OpenSSH/releases/latest').text.encode('utf-8'))
    version = latest['tag_name'].split('-',1)[0].lstrip('v').rstrip('p1')
    pe = PackageEntry();
    control = pe.load_control_from_wapt('.')
    if Version(version) > Version(control['version'].split('-',1)[0]):
        for arch in ['32','64']:
            remove_file('OpenSSH-Win%s.zip' % arch)
            for asset in latest['assets']:
                if asset['name'] == 'OpenSSH-Win%s.zip' % arch and not isfile('OpenSSH-Win%s.zip' % arch):
                    url = asset['browser_download_url']
                    print('Downloading OpenSSH %s for win%s from %s' % (version,arch,url))
                    wget(url,'OpenSSH-Win%s.zip' % arch)
        print('Updating control file with new version %s' % version)
        pe.version = version + '-0'
        pre.maturity = 'PREPROD'
        pe.save_control_to_wapt('.')

def audit():
    version = control['version'].split('-',1)[0]
    installed_version = get_file_properties(makepath(programfiles,'OpenSSH','sshd.exe'))['FileVersion']
    if Version(version) != Version(installed_version):
        print('Installed version %s does not match version %s' % (version, installed_version))
        return "ERROR"
    return "OK"

if __name__ == '__main__':
    update_package()