#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Copyright (c) 2015, NORDUnet A/S.
# See LICENSE for licensing information.

import sys
import argparse
import json
from datetime import datetime, timedelta
from certtools import get_sth

NAGIOS_OK = 0
NAGIOS_WARN = 1
NAGIOS_CRIT = 2
NAGIOS_UNKNOWN = 3

parser = argparse.ArgumentParser(description="")
parser.add_argument('--sth-file', help="File with previous STH to verify against")
parser.add_argument('baseurl', help="Base URL for CT server")
args = parser.parse_args()

def print_sth(sth):
    print sth['timestamp']
    print sth['sha256_root_hash']
    print sth['tree_size']
    print sth['tree_head_signature']

def get_cur_sth(baseurl):
    try:
        sth = get_sth(args.baseurl)
    except Exception, e:
        print e
        sys.exit(NAGIOS_UNKNOWN)
    return sth
        
def read_prev_sth(filename):
    if args.sth_file is not None:
        prev_sth = json.loads(open(args.sth_file).read())
        return prev_sth
    return None

def check_age(sth):
    now = datetime.now()
    sth_time = datetime.fromtimestamp(sth['timestamp'] / 1000)
    if now > sth_time + timedelta(0, 6 * 3600):
        print "CRITICAL: STH older than 6h: ", sth_time
        sys.exit(NAGIOS_CRIT)
    if now > sth_time + timedelta(0, 2 * 3600):
        print "WARNING: STH older than 2h: ", sth_time
        sys.exit(NAGIOS_WARN)

def check_treesize(cur, prev):
    if prev is not None:
        if cur['tree_size'] < prev['tree_size']:
            print "CRITICAL: new tree smaller than previous tree (%d < %d)" % \
              (cur['tree_size'], prev['tree_size'])
            sys.exit(NAGIOS_CRIT)

cur_sth = get_cur_sth(args.baseurl)
prev_sth = read_prev_sth(args.sth_file)
check_age(cur_sth)
check_treesize(cur_sth, prev_sth)
# TODO: verify signature
# TODO: get and verify consistency proof

sys.exit(NAGIOS_OK)