#!/usr/bin/python3
#
# Copyright (C) 2018 Paul Wouters <pwouters@redhat.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <https://www.gnu.org/licenses/gpl2.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.

import sys
import subprocess

# Get my %defaultroute IP address
myip = subprocess.check_output("ip -o route get 8.8.8.8", shell=True)
myip = myip.split("src")[1].strip().split()[0]

argv = sys.argv
ourself = argv.pop(0)

try:
    qname = argv.pop(0)
    ttl = argv.pop(0)
    ip = argv.pop(0)
except:
    sys.exit("Bad arguments to ipsec _unbound")

# unbound now quotes the entire RRDATAs, so it counts as 1 argument in the list
data = argv.pop(0).split(" ")

while (data != []):
    try:
        gwprec = data.pop(0)
        gwtype = data.pop(0)
        gwalg = data.pop(0)
        gwid = data.pop(0)
        pubkey = data.pop(0)
        addkeyip = "ipsec whack --keyid %s --addkey --pubkeyrsa 0s%s"%(ip, pubkey)
        addkeyhostname = "ipsec whack --keyid @%s --addkey --pubkeyrsa 0s%s"%(qname, pubkey)
        print("processing an IPSECKEY record for Opportunistic IPsec to %s(%s)"%(qname,ip))
        print(subprocess.call(addkeyip, shell=True))
        print(subprocess.call(addkeyhostname, shell=True))
    except:
        sys.exit("failed to process an IPSECKEY record for Opportunistic IPsec to %s(%s)"%(qname,ip))

# done injecting all IPSECKEY records into pluto - try actual OE now
cmdoeip = "ipsec whack --oppohere %s --oppothere %s"%(myip, ip)
print(subprocess.check_output(cmdoeip, shell=True))
#cmdoeqname = "ipsec whack --oppohere %s --oppothere %s"%(myip, qname)
#ret, output = commands.getstatusoutput(cmdoeqname)
print(subprocess.check_output("ipsec whack --trafficstatus", shell=True))
