#! /usr/bin/env python

# This file is part of IVRE.
# Copyright 2011 - 2014 Pierre LALET <pierre.lalet@cea.fr>
#
# IVRE is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# IVRE is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
# License for more details.
#
# You should have received a copy of the GNU General Public License
# along with IVRE. If not, see <http://www.gnu.org/licenses/>.

import ivre.utils
from ivre.db import db
import re
import time

ipaddr = re.compile('^\d+\.\d+\.\d+\.\d+$')


def disp_rec(r):
    if 'addr' in r:
        if r['source'].startswith('PTR-'):
            print '%s PTR %s (%s, %s time%s, %s - %s)' % (
                ivre.utils.int2ip(r['addr']),
                r['value'], r['source'][4:], r['count'],
                r['count'] > 1 and 's' or '',
                datetime.datetime.fromtimestamp(int(r['firstseen'])),
                datetime.datetime.fromtimestamp(int(r['lastseen'])))
        elif r['source'].startswith('A-'):
            print '%s A %s (%s, %s time%s, %s - %s)' % (
                r['value'],
                ivre.utils.int2ip(r['addr']),
                r['source'][2:], r['count'],
                r['count'] > 1 and 's' or '',
                datetime.datetime.fromtimestamp(int(r['firstseen'])),
                datetime.datetime.fromtimestamp(int(r['lastseen'])))
        else:
            print 'WARNING', r
    else:
        if r['source'].split('-')[0] in ['CNAME', 'NS', 'MX']:
            print '%s %s %s (%s, %s time%s, %s - %s)' % (
                r['value'],
                r['source'].split('-')[0],
                r['targetval'],
                ':'.join(r['source'].split('-')[1:]),
                r['count'],
                r['count'] > 1 and 's' or '',
                datetime.datetime.fromtimestamp(int(r['firstseen'])),
                datetime.datetime.fromtimestamp(int(r['lastseen'])))
        else:
            print 'WARNING', r

if __name__ == '__main__':
    import sys
    import datetime
    baseflt = {'recontype': 'DNS_ANSWER'}
    import getopt
    subdomains = False
    try:
        opts, args = getopt.getopt(sys.argv[1:],
                                   "s:",
                                   [
                                       # filters
                                       "sensor=",
                                       # subdomains
                                       "sub"
                                   ])
    except getopt.GetoptError, err:
        sys.stderr.write(str(err) + '\n')
        sys.exit(-1)
    for o, a in opts:
        if o in ['-s', '--sensor']:
            baseflt = db.passive.flt_and(baseflt, db.passive.searchsensor(a))
        elif o == '--sub':
            subdomains = True
        else:
            sys.stderr.write(
                '%r %r not undestood (this is probably a bug).\n' % (o, a))
            sys.exit(-1)
    first = True
    flts = []
    for a in args:
        if first:
            first = False
        else:
            print
        if ipaddr.match(a) or a.isdigit():
            flts.append(db.passive.flt_and(baseflt, db.passive.searchhost(a)))
        else:
            flts += [
                db.passive.flt_and(
                    baseflt,
                    db.passive.searchdns(
                        ivre.utils.str2regexp(a), subdomains=subdomains)),
                db.passive.flt_and(
                    baseflt,
                    db.passive.searchdns(
                        ivre.utils.str2regexp(a),
                        reverse=True, subdomains=subdomains))
            ]
    for flt in flts:
        for r in db.passive.get(flt, sort=[('source', 1)]):
            disp_rec(r)
