"""Signing code goes here."""
from logging import getLogger

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from defusedxml import ElementTree
from signxml import XMLSigner
from signxml.util import strip_pem_header

from passbook.lib.config import CONFIG
from passbook.lib.utils.template import render_to_string

LOGGER = getLogger(__name__)


def load_certificate(strip=False):
    """Get Public key from config"""
    cert = CONFIG.y('saml_idp.certificate', '')
    if strip:
        return strip_pem_header(cert.replace('\r', '')).replace('\n', '')
    return cert


def load_private_key():
    """Get Private Key from config"""
    return CONFIG.y('saml_idp.key', '')


def sign_with_signxml(private_key, data, cert, reference_uri=None):
    """Sign Data with signxml"""
    key = serialization.load_pem_private_key(
        str.encode('\n'.join([x.strip() for x in private_key.split('\n')])),
        password=None, backend=default_backend())
    root = ElementTree.fromstring(data)
    signer = XMLSigner(c14n_algorithm='http://www.w3.org/2001/10/xml-exc-c14n#')
    return ElementTree.tostring(signer.sign(root, key=key, cert=cert, reference_uri=reference_uri))


def get_signature_xml():
    """Returns XML Signature for subject."""
    return render_to_string('saml/xml/signature.xml', {})