import os
import subprocess

from zope import component
from zope.interface import implementer

from ceo_common.interfaces import IKerberosService
from ceo_common.interfaces import IConfig


@implementer(IKerberosService)
class KerberosService:
    def __init__(self):
        cfg = component.getUtility(IConfig)
        self.admin_principal = cfg.get('ldap_admin_principal')

        cache_file = '/run/ceod/krb5_cache'
        os.makedirs('/run/ceod', exist_ok=True)
        os.putenv('KRB5CCNAME', 'FILE:' + cache_file)
        self.kinit()

    def kinit(self):
        subprocess.run(['kinit', '-k', 'ceod/admin'], check=True)

    def addprinc(self, principal: str, password: str):
        subprocess.run([
            'kadmin', '-k', '-p', self.admin_principal, 'addprinc',
            '-pw', password,
            '-policy', 'default',
            '+needchange',
            principal
        ], check=True)

    def change_password(self, principal: str, password: str):
        subprocess.run([
            'kadmin', '-k', '-p', self.admin_principal, 'cpw',
            '-pw', password,
            principal
        ], check=True)
        subprocess.run([
            'kadmin', '-k', '-p', self.admin_principal, 'modprinc',
            '+needchange',
            principal
        ], check=True)