#!/usr/bin/python

#
# Copyright (C) 2022 Nethesis S.r.l.
# http://www.nethesis.it - nethserver@nethesis.it
#
# This script is part of NethServer.
#
# NethServer is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License,
# or any later version.
#
# NethServer is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with NethServer.  If not, see COPYING.
#

import sys
import simplejson
import re


def invalid_attribute(parameter, error):
    return {"parameter": parameter, "error": error, "value": ""}

def is_valid_fqdn(domain):
    # Regex breakdown:
    # - ^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+  # Domain labels
    # - [a-zA-Z0-9]{2,63}$  # TLD with 2-63 characters
    fqdn_pattern = r'^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,63}$'

    # Check overall domain length
    if not domain or len(domain) > 255:
        return False

    # Validate using regex
    return re.match(fqdn_pattern, domain) is not None


input_json = simplejson.load(sys.stdin)
invalid_attributes = []

action_p = 'action'
host_p = 'Host'
user_p = 'User'
password_p = 'Password'
tls_verify_p = 'TLSVerify'
ldap_user_domain_p = 'LdapUserDomain'

host = ''
user = ''
password = ''
tls_verify = ''
ldap_user_domain = ''

# action

if (action_p not in input_json) or (not input_json[action_p]):
    invalid_attributes.append(invalid_attribute(action_p, "empty"))

# host

if (host_p not in input_json) or (not input_json[host_p]):
    invalid_attributes.append(invalid_attribute(host_p, "empty"))

# user

if (user_p not in input_json) or (not input_json[user_p]):
    invalid_attributes.append(invalid_attribute(user_p, "empty"))

# password

if (password_p not in input_json) or (not input_json[password_p]):
    invalid_attributes.append(invalid_attribute(password_p, "empty"))
else:
    password_verify = input_json[password_p]
    if '|' in password_verify:
        invalid_attributes.append(invalid_attribute(password_p, "not_allowed"))

# tls verify

if (tls_verify_p not in input_json) or (not input_json[tls_verify_p]):
    invalid_attributes.append(invalid_attribute(tls_verify_p, "empty"))
else:
    tls_verify = input_json[tls_verify_p]

    if tls_verify not in ['enabled', 'disabled']:
        invalid_attributes.append(invalid_attribute(tls_verify_p, "invalid"))

# ldap user domain
if (ldap_user_domain_p not in input_json) or (not input_json[ldap_user_domain_p]):
    invalid_attributes.append(invalid_attribute(ldap_user_domain_p, "empty"))
else:
    ldap_user_domain = input_json[ldap_user_domain_p]

    # check if the domain is a valid domain
    if not is_valid_fqdn(ldap_user_domain):
        invalid_attributes.append(invalid_attribute(ldap_user_domain_p, "invalid"))

# output
success = len(invalid_attributes) == 0

if success:
    output = {"state": "success"}
else:
    output = {"type": "NotValid", "message": "validation_failed",
              "attributes": invalid_attributes}

output_json = simplejson.dumps(output)
print(output_json)

if not success:
    sys.exit(1)
