/*
 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/macros.h>
#include <openssl/objects.h>
#include "quic_local.h"

SSL *ossl_quic_new(SSL_CTX *ctx)
{
    QUIC_CONNECTION *qc;
    SSL *ssl = NULL;
    SSL_CONNECTION *sc;

    qc = OPENSSL_zalloc(sizeof(*qc));
    if (qc == NULL)
        goto err;

    ssl = &qc->ssl;
    if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) {
        OPENSSL_free(qc);
        ssl = NULL;
        goto err;
    }
    qc->tls = ossl_ssl_connection_new(ctx);
    if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
        goto err;
    /* override the user_ssl of the inner connection */
    sc->user_ssl = ssl;

    /* We'll need to set proper TLS method on qc->tls here */
    return ssl;
err:
    ossl_quic_free(ssl);
    return NULL;
}

int ossl_quic_init(SSL *s)
{
    return s->method->ssl_clear(s);
}

void ossl_quic_deinit(SSL *s)
{
    return;
}

void ossl_quic_free(SSL *s)
{
    QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);

    if (qc == NULL) {
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);

        if (sc != NULL)
            ossl_ssl_connection_free(s);
        return;
    }

    SSL_free(qc->tls);
    return;
}

int ossl_quic_reset(SSL *s)
{
    QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);

    if (qc == NULL) {
        SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);

        return sc != NULL ? ossl_ssl_connection_reset(s) : 0;
    }

    return ossl_ssl_connection_reset(qc->tls);
}

int ossl_quic_clear(SSL *s)
{
    return 1;
}

int ossl_quic_accept(SSL *s)
{
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL)
        return 0;

    ossl_statem_set_in_init(sc, 0);
    return 1;
}

int ossl_quic_connect(SSL *s)
{
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL)
        return 0;

    ossl_statem_set_in_init(sc, 0);
    return 1;
}

int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
{
    int ret;
    BIO *rbio = SSL_get_rbio(s);
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL || rbio == NULL)
        return 0;

    sc->rwstate = SSL_READING;
    ret = BIO_read_ex(rbio, buf, len, readbytes);
    if (ret > 0 || !BIO_should_retry(rbio))
        sc->rwstate = SSL_NOTHING;
    return ret <= 0 ? -1 : ret;
}

int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
{
    return -1;
}

int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
{
    BIO *wbio = SSL_get_wbio(s);
    int ret;
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL || wbio == NULL)
        return 0;

    sc->rwstate = SSL_WRITING;
    ret = BIO_write_ex(wbio, buf, len, written);
    if (ret > 0 || !BIO_should_retry(wbio))
        sc->rwstate = SSL_NOTHING;
    return ret;
}

int ossl_quic_shutdown(SSL *s)
{
    return 1;
}

long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
{
    SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);

    if (sc == NULL)
        return 0;

    switch(cmd) {
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
    }
    return 0;
}

long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
    switch(cmd) {
    case SSL_CTRL_CHAIN:
        if (larg)
            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
        else
            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);

    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
        /* TODO(QUIC): these will have to be implemented properly */
        return 1;
    }
    return 0;
}

long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
{
    return 0;
}

long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
    return 0;
}

size_t ossl_quic_pending(const SSL *s)
{
    return 0;
}

long ossl_quic_default_timeout(void)
{
    return 0;
}

int ossl_quic_num_ciphers(void)
{
    return 1;
}

const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
{
    /*
     * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
     * produces at least one valid TLS-1.2 cipher.
     * Later we should allow that there are none with QUIC protocol as
     * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
     */
    static const SSL_CIPHER ciph = {
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        SSL_kECDHE,
        SSL_aRSA,
        SSL_AES256GCM,
        SSL_AEAD,
        TLS1_2_VERSION, TLS1_2_VERSION,
        DTLS1_2_VERSION, DTLS1_2_VERSION,
        SSL_HIGH | SSL_FIPS,
        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
        256,
        256
    };

    return &ciph;
}

int ossl_quic_renegotiate_check(SSL *ssl, int initok)
{
    return 1;
}