#!/usr/bin/env python
""" Password generator module """

import os
import sys
import string
from base64 import encodestring
from random import SystemRandom

from Crypto.PublicKey import RSA
from passlib.hash import sha512_crypt


OUTDIR = "/srv/ansible-private/keystore"
PUBKEY = "/srv/ansible-private/ssh/id_rsa.pub"


class Passwd(object):
    """ Generate, hash and encrypt passwords """

    characters = string.ascii_letters + string.digits

    def __init__(self, length=20):
        self.plain = "".join([SystemRandom().choice(self.characters)\
                              for _ in range(length)])

    def hash(self):
        """ Return sha512 hash of password """
        return sha512_crypt.hash(self.plain, rounds=5000)

    def encrypt(self, pem):
        """ Return password encrypted with given public key """
        key = RSA.importKey(open(pem, "r").read())
        # docs say encrypt second argument will be ignored
        return encodestring(key.encrypt(self.plain, "x")[0])


def main():
    """ Generate and store password for given host """
    if len(sys.argv) != 2:
        print >>sys.stderr, "Usage: %s <hostname>" % \
            os.path.basename(sys.argv[0])
        sys.exit(1)

    os.umask(077)
    mypass = Passwd()

    dest = open(os.path.join(OUTDIR, sys.argv[1] + ".asc"), "w")
    dest.write(mypass.encrypt(PUBKEY))
    dest.close()

    print mypass.hash()

if __name__ == "__main__":
    main()