#!/usr/bin/env python3
"""
Démonstration de la validation de sécurité

Montre comment le système refuse de démarrer avec une configuration insécurisée en production.
"""

import os
import sys
from pathlib import Path

# Add current directory to path for imports
sys.path.insert(0, str(Path(__file__).parent))

from core.security import (
    validate_production_security,
    get_security_config,
    generate_secure_key,
    check_security_requirements,
    ProductionSecurityError
)

def demo_insecure_production():
    """Démontre le refus de configuration insécurisée en production."""
    print("🚨 Demo: Insecure Production Configuration")
    print("=" * 50)
    
    # Simuler l'environnement de production
    os.environ["ENVIRONMENT"] = "production"
    os.environ["ENCRYPTION_PASSWORD"] = "rpa_vision_v3_default_key"  # Clé par défaut
    os.environ["SECRET_KEY"] = "dev-key-change-in-production"  # Clé par défaut
    
    print("Environment: PRODUCTION")
    print("Encryption Password: rpa_vision_v3_default_key (DEFAULT)")
    print("Secret Key: dev-key-change-in-production (DEFAULT)")
    print()
    
    try:
        config = get_security_config()
        validate_production_security(config)
        print("❌ This should not happen - insecure config was accepted!")
    except ProductionSecurityError as e:
        print("✅ Security validation correctly REJECTED the insecure configuration:")
        print(f"   {e}")
    
    print()

def demo_secure_production():
    """Démontre l'acceptation de configuration sécurisée en production."""
    print("✅ Demo: Secure Production Configuration")
    print("=" * 50)
    
    # Générer des clés sécurisées
    secure_encryption_key = generate_secure_key(32)
    secure_secret_key = generate_secure_key(32)
    
    os.environ["ENVIRONMENT"] = "production"
    os.environ["ENCRYPTION_PASSWORD"] = secure_encryption_key
    os.environ["SECRET_KEY"] = secure_secret_key
    os.environ["LOG_SENSITIVE_DATA"] = "false"
    os.environ["STRICT_INPUT_VALIDATION"] = "true"
    
    print("Environment: PRODUCTION")
    print(f"Encryption Password: {secure_encryption_key[:8]}... (SECURE)")
    print(f"Secret Key: {secure_secret_key[:8]}... (SECURE)")
    print("Log Sensitive Data: false")
    print("Strict Input Validation: true")
    print()
    
    try:
        config = get_security_config()
        validate_production_security(config)
        print("✅ Security validation ACCEPTED the secure configuration")
    except ProductionSecurityError as e:
        print(f"❌ Secure configuration was rejected: {e}")
    
    print()

def demo_development_flexibility():
    """Démontre la flexibilité en environnement de développement."""
    print("🔧 Demo: Development Environment Flexibility")
    print("=" * 50)
    
    # Environnement de développement avec clés par défaut
    os.environ["ENVIRONMENT"] = "development"
    os.environ["ENCRYPTION_PASSWORD"] = "rpa_vision_v3_default_key"
    os.environ["SECRET_KEY"] = "dev-key-change-in-production"
    
    print("Environment: DEVELOPMENT")
    print("Encryption Password: rpa_vision_v3_default_key (DEFAULT)")
    print("Secret Key: dev-key-change-in-production (DEFAULT)")
    print()
    
    try:
        config = get_security_config()
        validate_production_security(config)
        print("✅ Development environment allows default keys for convenience")
    except ProductionSecurityError as e:
        print(f"❌ Development should be flexible: {e}")
    
    print()

def demo_security_requirements():
    """Démontre la vérification des exigences de sécurité."""
    print("📋 Demo: Security Requirements Check")
    print("=" * 50)
    
    # Vérifier les exigences en production
    os.environ["ENVIRONMENT"] = "production"
    secure_key = generate_secure_key(32)
    os.environ["ENCRYPTION_PASSWORD"] = secure_key
    os.environ["SECRET_KEY"] = secure_key
    
    requirements = check_security_requirements()
    
    print("Security Requirements Status:")
    for requirement, status in requirements.items():
        status_icon = "✅" if status else "❌"
        print(f"  {status_icon} {requirement}: {status}")
    
    print()

def cleanup_environment():
    """Nettoie les variables d'environnement."""
    test_vars = [
        "ENVIRONMENT",
        "ENCRYPTION_PASSWORD", 
        "SECRET_KEY",
        "LOG_SENSITIVE_DATA",
        "STRICT_INPUT_VALIDATION"
    ]
    
    for var in test_vars:
        os.environ.pop(var, None)

def main():
    """Fonction principale de démonstration."""
    print("🎯 RPA Vision V3 - Security Validation Demo")
    print("=" * 60)
    print()
    
    try:
        # Demo 1: Configuration insécurisée en production
        demo_insecure_production()
        
        # Demo 2: Configuration sécurisée en production
        demo_secure_production()
        
        # Demo 3: Flexibilité en développement
        demo_development_flexibility()
        
        # Demo 4: Vérification des exigences
        demo_security_requirements()
        
        print("🎉 Security validation demo completed!")
        print()
        print("Key takeaways:")
        print("  • Production environments require secure configuration")
        print("  • Default keys are rejected in production")
        print("  • Development environments are more flexible")
        print("  • Security requirements can be checked programmatically")
        
    finally:
        cleanup_environment()

if __name__ == "__main__":
    main()