#!/usr/bin/env python3
#
# Copyright (C) 2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


# - migrate from "service sstp-server" to "vpn sstp"
# - remove primary/secondary identifier from nameserver
# - migrate RADIUS configuration to a more uniform syntax accross the system
#   - authentication radius-server x.x.x.x to authentication radius server x.x.x.x
#   - authentication radius-settings to authentication radius
#   - do not migrate radius server req-limit, use default of unlimited
# - migrate SSL certificate path

import os
import sys

from vyos.configtree import ConfigTree

if len(sys.argv) < 2:
    print("Must specify file name!")
    sys.exit(1)

file_name = sys.argv[1]

with open(file_name, 'r') as f:
    config_file = f.read()

config = ConfigTree(config_file)
old_base = ['service', 'sstp-server']
if not config.exists(old_base):
    # Nothing to do
    sys.exit(0)
else:
    # ensure new base path exists
    if not config.exists(['vpn']):
        config.set(['vpn'])

    new_base = ['vpn', 'sstp']
    # copy entire tree
    config.copy(old_base, new_base)
    config.delete(old_base)

    # migrate DNS servers
    dns_base = new_base + ['network-settings', 'dns-server']
    if config.exists(dns_base):
        if config.exists(dns_base + ['primary-dns']):
            dns = config.return_value(dns_base + ['primary-dns'])
            config.set(new_base + ['network-settings', 'name-server'], value=dns, replace=False)

        if config.exists(dns_base + ['secondary-dns']):
            dns = config.return_value(dns_base + ['secondary-dns'])
            config.set(new_base + ['network-settings', 'name-server'], value=dns, replace=False)

        config.delete(dns_base)


    # migrate radius options - copy subtree
    # thus must happen before migration of the individual RADIUS servers
    old_options = new_base + ['authentication', 'radius-settings']
    if config.exists(old_options):
        new_options = new_base + ['authentication', 'radius']
        config.copy(old_options, new_options)
        config.delete(old_options)

    # migrate radius dynamic author / change of authorisation server
    dae_old = new_base + ['authentication', 'radius', 'dae-server']
    if config.exists(dae_old):
        config.rename(dae_old, 'dynamic-author')
        dae_new = new_base + ['authentication', 'radius', 'dynamic-author']

        if config.exists(dae_new + ['ip-address']):
            config.rename(dae_new + ['ip-address'], 'server')

        if config.exists(dae_new + ['secret']):
            config.rename(dae_new + ['secret'], 'key')


    # migrate radius server
    radius_server = new_base + ['authentication', 'radius-server']
    if config.exists(radius_server):
        for server in config.list_nodes(radius_server):
            base = radius_server + [server]
            new = new_base + ['authentication', 'radius', 'server', server]

            # convert secret to key
            if config.exists(base + ['secret']):
                tmp = config.return_value(base + ['secret'])
                config.set(new + ['key'], value=tmp)

            if config.exists(base + ['fail-time']):
                tmp = config.return_value(base + ['fail-time'])
                config.set(new + ['fail-time'], value=tmp)

        config.set_tag(new_base + ['authentication', 'radius', 'server'])
        config.delete(radius_server)

    # migrate SSL certificates
    old_ssl = new_base + ['sstp-settings']
    new_ssl = new_base + ['ssl']
    config.copy(old_ssl + ['ssl-certs'], new_ssl)
    config.delete(old_ssl)

    if config.exists(new_ssl + ['ca']):
        config.rename(new_ssl + ['ca'], 'ca-cert-file')

    if config.exists(new_ssl + ['server-cert']):
        config.rename(new_ssl + ['server-cert'], 'cert-file')

    if config.exists(new_ssl + ['server-key']):
        config.rename(new_ssl + ['server-key'], 'key-file')

    try:
        with open(file_name, 'w') as f:
            f.write(config.to_string())
    except OSError as e:
        print("Failed to save the modified config: {}".format(e))
        sys.exit(1)