#!/usr/bin/env python
import argparse
import re
import sys
import subprocess

LIBSSL_NAME = 'libssl1.0.0'
LIBSSL_MODULE = 'libssl.so.1.0.0'
OPENSSL_NAME = 'openssl'
VERSION_WHITELIST = ['1.0.1-4ubuntu5.12']
PROCESS_WHITELIST = ['tornado', 'api']
PATTERN = re.compile(r'\s+')


def _get_orphaned_files(file_name, whitelist, report=False):
    processes = {}
    output = subprocess.check_output("lsof|grep -i {}|grep -i del".format(file_name), shell=True).split("\n")
    for l in output:
        stripped = re.sub(PATTERN, ' ', l).split(' ')
        proc_name = stripped[0]
        # if empty line, continue
        if not proc_name:
            continue
        # if report is false, then filter processes in the whitelist
        if not report:
            if not proc_name in whitelist:
                continue
        if not proc_name in processes:
            processes[proc_name] = 1
        else:
            processes[proc_name] += 1
    return processes


def _get_version(package):
    version = None
    output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n")
    for l in output:
        if 'version' in l.lower():
            version = l.split(':')[1].strip()
    return version


def _is_patched(version):
    if version in VERSION_WHITELIST:
        return True
    return False


def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-p', '--process', action='append', default=PROCESS_WHITELIST,
                        help='Process name look for restart required. Defaults to (tornado|api)')
    parser.add_argument('-r', '--report', action='store_true',
                        help='Instead of looking for individual processes, give a report of all daemons needing a restart')
    args = parser.parse_args()

    version_libssl = _get_version(LIBSSL_NAME)
    version_openssl = _get_version(OPENSSL_NAME)
    if not _is_patched(version_libssl) and _is_patched(version_openssl):
        print 'please patch this system first. it is not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME))
        sys.exit(1)

    to_restart = _get_orphaned_files(LIBSSL_MODULE, args.process, args.report)
    if to_restart:
        for proc, num in to_restart.iteritems():
            print '{} {} processes need to be restarted'.format(num, proc)
        sys.exit(1)
    print 'patched'


if __name__ == '__main__':
    main()