#!/usr/bin/python3

#
# Copyright (C) 2022 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-2.0-only
#

import nsmigration
from nethsec import firewall, utils, ipsec
import os
import sys

(u, data, nmap) = nsmigration.init("ipsec.json")

if not data:
    sys.exit(0)

def find_first_wan():
    for section in u.get("firewall"):
        s_type = u.get("firewall", section)
        if s_type == "zone":
            if u.get("firewall", section, "name") == "wan":
                networks = u.get_all("firewall", section, "network")
                return networks[0]
    return None

# Create config files if not exists
ipsec.init_ipsec(u)
ipsec.open_firewall_ports(u)

for p in data['proposals']:
    name = p.pop('name')
    pname = utils.get_id(name)
    nsmigration.vprint(f'Creating crypto proposal {pname}')
    u.set("ipsec", pname, "crypto_proposal")
    for option in p:
        if option == 'ns_link':
            p[option] = f'ipsec/{utils.get_id(p[option])}'
        u.set("ipsec", pname, option, p[option])

for t in data['tunnels']:
    name = t.pop('name')
    tname = utils.get_id(name)
    nsmigration.vprint(f'Creating tunnel {tname}')
    u.set("ipsec", tname, "tunnel")
    for option in t:
        if option == 'crypto_proposal':
            t[option] = [utils.get_id(t[option])]
        elif option == 'ns_link':
            t[option] = f'ipsec/{utils.get_id(t[option])}'
        u.set("ipsec", tname, option, t[option])
 
for r in data['remotes']:
    name = r.pop('name')
    rname = utils.get_id(name)
    nsmigration.vprint(f'Creating remote {rname}')
    u.set("ipsec", rname, "remote")
    for option in r:
        if option == 'crypto_proposal':
            r[option] = [utils.get_id(r[option])]
        elif option == 'ns_link':
            r[option] = f'ipsec/{utils.get_id(r[option])}'
        elif option == 'tunnel':
            r[option] = list(map(lambda x: utils.get_id(x), r[option]))
        u.set("ipsec", rname, option, r[option])
 
rid = 1
for r in data['routes']:
    rname = utils.get_id(f"route_{r['interface']}_{rid}")
    nsmigration.vprint(f'Creating route {rname}')
    u.set("network", rname, "route")
    for option in r:
        if option == 'ns_link':
            r[option] = f'ipsec/{utils.get_id(r[option])}'
        u.set("network", rname, option, r[option])
    rid = rid + 1

for i in data['interfaces']:
    iname = i.pop('name')
    nsmigration.vprint(f'Creating interface {iname}')
    hwaddr = i.pop('hwaddr', None)
    u.set("network", iname, "interface")
    for option in i:
        if option == 'ns_link':
            i[option] = f'ipsec/{utils.get_id(i[option])}'
        u.set("network", iname, option, i[option])

    # Attach the interface to the physical wan, if present
    if hwaddr:
        u.set("network", iname, "tunlink",  utils.get_interface_from_mac(u, nsmigration.remap(hwaddr, nmap)))
    else:
        u.set("network", iname, "tunlink",  find_first_wan())

    ipsec.add_trusted_interface(u, iname)

# Save configuration
u.commit("ipsec")
u.commit("network")
firewall.apply(u)
