#!/usr/bin/env python3

import dbm
import sys
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
import hashlib
import os

if len(sys.argv) < 2:
    print(f'{sys.argv[0]}: missing key hash')
    sys.exit(1)

with dbm.open('server/data/conf/client_fingerprints', 'c') as db:
    if bytes.fromhex(sys.argv[1]) not in db.keys():
        print(f'{sys.argv[0]}: hash not registered')
        sys.exit(1) 
    db[bytes.fromhex(sys.argv[1])] = input(f'New common name [{db[bytes.fromhex(sys.argv[1])].decode()}]: ') or db[bytes.fromhex(sys.argv[1])]
    db.close()

if os.path.exists('server/data/conf/locks/client_admin_rights.lock'):
    with open('server/data/conf/locks/client_admin_rights.lock', 'r') as lockf:
        print(f'{sys.argv[0]}: admin rights file is locked by process {lockf.read()}')
        lockf.close()
        sys.exit(1)

try:
    with open('server/data/conf/locks/client_admin_rights.lock', 'w') as lockf:
        lockf.write(str(os.getpid()))
        lockf.close()

    with open('server/data/conf/client_admin_rights', 'r') as carf:
        admins = {kh for kh in carf.read().split('\n') if kh}
        carf.close()

    admin = input(f'Is admin (y/n) [{'y' if sys.argv[1] in admins else 'n'}]: ') or ('y' if sys.argv[1] in admins else 'n')
    if admin == 'y':
        admin = True
    else:
        admin = False
    if admin:
        if sys.argv[1] not in admins:
            print(f'Added {sys.argv[1]} to the admins')
        admins.add(sys.argv[1])
    else:
        try:
            admins.remove(sys.argv[1])
        except KeyError:
            pass
    with open('server/data/conf/client_admin_rights', 'w') as carf:
        carf.write('\n'.join(admins))
        carf.close()

finally:
    os.remove('server/data/conf/locks/client_admin_rights.lock')