#!/usr/bin/python3
# Copyright (C) 2023 Sofus Albert Høgsbro Rose
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
"""This script templates and signs a `security.txt` file.

Note that:
	- This script presumes that `gpg` is installed.
	- This script presumes that the private key of the configued fingerprint is available to use with `gpg --clearsign`.
	- The keyserver is hardcoded to `keys.openpgp.org`.

To use, first adjust the following configuration block:
```python
MAILTO = 
EXPIRY = 
MAILTO_PGP_FINGERPRINT = 
DEPLOY_DOMAIN = 
```

Then, just run `./gen.py`.

**REMEMBER TO REVIEW THE GENERATED FILE BEFORE DEPLOYMENT**.
"""

import os
import sys
if not all([
	sys.version_info.major == 3,
	sys.version_info.minor in [9, 10, 11, 12, 13],
]):
	sys.exit(1)

from pathlib import Path
import platform
import shutil
import subprocess
import contextlib
from datetime import datetime
from string import Template

####################
# - Configuration
####################
MAILTO = "s174509@dtu.dk"
EXPIRY = datetime(year = 2024, month = 8, day = 1).isoformat()
MAILTO_PGP_FINGERPRINT = "E3B345EFFF5B3994BC1D12603D01BE95F3EFFEB9"
DEPLOY_DOMAIN = "https://timesigned.com"

####################
# - Constants
####################
SCRIPT_PATH = Path(__file__).resolve().parent
PATH_SECURITY_TXT = (
	SCRIPT_PATH.parent / "configs" / "site-support__security.txt"
)

####################
# - Utilities
####################
@contextlib.contextmanager
def cd_script_dir() -> None:
	cwd_orig = Path.cwd()
	
	os.chdir(SCRIPT_PATH)
	try:
		yield
	finally:
		os.chdir(cwd_orig)

####################
# - Actions
####################
def sign_security_txt() -> None:
	if PATH_SECURITY_TXT.is_file():
		PATH_SECURITY_TXT.unlink()
		## Avoid platform-defined (os.rename()) shutil.move() to existing file.
	
	with cd_script_dir():
		# Template
		with open("security.txt.unsigned.tmpl", "r") as f0:
			with open("security.txt.unsigned", "w") as f1:
				f1.write(
					Template(
						f0.read()
					).substitute(
						MAILTO = MAILTO,
						EXPIRY = EXPIRY,
						MAILTO_PGP_FINGERPRINT = MAILTO_PGP_FINGERPRINT,
						DEPLOY_DOMAIN = DEPLOY_DOMAIN,
					)
				)
		
		# Sign + Delete Templated
		subprocess.run([
			"gpg",
			"--local-user", "E3B345EFFF5B3994BC1D12603D01BE95F3EFFEB9",
			"--clearsign", "security.txt.unsigned",
		])
		Path("security.txt.unsigned").unlink()
		
		# Move
		shutil.move(
			"security.txt.unsigned.asc",
			PATH_SECURITY_TXT,
		)

####################
# - Main
####################
if __name__ == "__main__":
	sign_security_txt()
	
	# `cat` the Installed File
	with open(PATH_SECURITY_TXT, "r") as f:
		print(f.read(), end = "")