# Copyright (C) 2005-2024 Splunk Inc. All Rights Reserved.

import json
from requests.status_codes import codes
from httplib2 import Response
import time
import splunk
import splunk.rest as rest
from .constants import SPLUNKD_SCS_TOKEN_ENDPOINT


class SCSToken:
    """Get SCS token to nake REST API calls to SCS services.
    """
    def __init__(self, logger, session_key, splunkd_scs_token_endpoint=SPLUNKD_SCS_TOKEN_ENDPOINT):
        self.logger = logger
        self.session_key = session_key
        self.scs_token = None
        self.splunkd_scs_token_endpoint = splunkd_scs_token_endpoint

    def get_token(self, principal_id, scope):
        """Get SCS token

        Args:
            logger: Logger
            session_key: Valid Splunkd session key.
            principal_id: The principal ID to get the scs token for. Defaults to "sc4mc".
            scope: Defaults to "system". Use "tenant" to get tenant scoped token.
            splunkd_scs_token_endpoint: The endpoint to make the call. Defaults to SPLUNKD_SCS_TOKEN_ENDPOINT.
        """

        try:
            self.logger.info("Getting scs token..")
            response, content = self._get_token( principal_id, scope)
            if response.status == codes.ok:
                self.scs_token = json.loads(content)["entry"][0]["content"]["scs_token"]
                self.logger.info("Successfully retrieved scs token. status=%s, principal_id=%s, scope=%s", response.status, principal_id, scope)
                return self.scs_token
            else:
                self.logger.error("Error getting scs token. principal_id=%s, scope=%s, status=%s, error=%s", principal_id, scope, response.status, content)
        except Exception as e:
            self.logger.exception("Exception getting scs token. principal_id=%s, scope=%s, error=%s", principal_id, scope, e)
        return None

    def _get_token(self, principal_id, scope):
        """ Get SCS tokens via REST: /services/authorization/scs_token
        Cronjob runs /usr/local/bin/get_scs_tokens.sh every 30m to fetch SCS tokens and write them to disk (encrypted)
        Tokens are stored in $SPLUNK_HOME/etc/auth/scs/{principal_name}-token.json
        When splunkd receives a GET request for /services/authorization/scs_token,
        it will read/decrypt and then return the SCS token that matches the principalId and scope GET params

        Args:
            logger: Logger
            session_key: Valid Splunkd session key.
            principal_id (str, optional): The principal ID to get the scs token for.
            scope (str, optional): Use "system" for system scope token and "tenant" for tenant scope token.
            splunkd_scs_token_endpoint: The endpoint to make the call.
        """
        self.logger.info("Getting scs token with scope=%s, principal_id=%s", scope, principal_id)
        self.logger.info("Getting scs token from splunkd_scs_token_endpoint=%s", self.splunkd_scs_token_endpoint)
        try:
            response, content = rest.simpleRequest(
                self.splunkd_scs_token_endpoint,
                getargs={"output_mode": "json", "principalId": principal_id, "scope": scope},
                sessionKey=self.session_key)
            if response.status != 503 and response.status != 404:
                self.logger.info('SCS Token service is unavailable.')

        except splunk.ResourceNotFound:
            self.logger.error("scs_tokens endpoint not found on the stack")
            return Response({"status": codes.not_found}), None
        return response, content