// Copyright (c) 2016, the Dart project authors.  Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.

#ifndef BIN_SECURE_SOCKET_MACOS_H_
#define BIN_SECURE_SOCKET_MACOS_H_

#if !defined(BIN_SECURE_SOCKET_H_)
#error Do not include secure_socket_macos.h directly. Use secure_socket.h.
#endif

#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <sys/types.h>

#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecureTransport.h>
#include <Security/Security.h>

#include "bin/builtin.h"
#include "bin/dartutils.h"
#include "bin/lockers.h"
#include "bin/reference_counting.h"
#include "bin/socket.h"
#include "bin/thread.h"
#include "bin/utils.h"

namespace dart {
namespace bin {

// SSLCertContext wraps the certificates needed for a SecureTransport
// connection. Fields are protected by the mutex_ field, and may only be set
// once. This is to allow access by both the Dart thread and the IOService
// thread. Setters return false if the field was already set.
class SSLCertContext : public ReferenceCounted<SSLCertContext> {
 public:
  SSLCertContext() :
      ReferenceCounted(),
      mutex_(new Mutex()),
      private_key_(NULL),
      keychain_(NULL),
      cert_chain_(NULL),
      trusted_certs_(NULL),
      cert_authorities_(NULL),
      trust_builtin_(false) {
  }

  ~SSLCertContext() {
    {
      MutexLocker m(mutex_);
      if (private_key_ != NULL) {
        CFRelease(private_key_);
      }
      if (keychain_ != NULL) {
        SecKeychainDelete(keychain_);
        CFRelease(keychain_);
      }
      if (cert_chain_ != NULL) {
        CFRelease(cert_chain_);
      }
      if (trusted_certs_ != NULL) {
        CFRelease(trusted_certs_);
      }
      if (cert_authorities_ != NULL) {
        CFRelease(cert_authorities_);
      }
    }
    delete mutex_;
  }

  SecKeyRef private_key() {
    MutexLocker m(mutex_);
    return private_key_;
  }
  bool set_private_key(SecKeyRef private_key) {
    MutexLocker m(mutex_);
    if (private_key_ != NULL) {
      return false;
    }
    private_key_ = private_key;
    return true;
  }

  SecKeychainRef keychain() {
    MutexLocker m(mutex_);
    return keychain_;
  }
  bool set_keychain(SecKeychainRef keychain) {
    MutexLocker m(mutex_);
    if (keychain_ != NULL) {
      return false;
    }
    keychain_ = keychain;
    return true;
  }

  CFArrayRef cert_chain() {
    MutexLocker m(mutex_);
    return cert_chain_;
  }
  bool set_cert_chain(CFArrayRef cert_chain) {
    MutexLocker m(mutex_);
    if (cert_chain_ != NULL) {
      return false;
    }
    cert_chain_ = cert_chain;
    return true;
  }

  CFArrayRef trusted_certs() {
    MutexLocker m(mutex_);
    return trusted_certs_;
  }
  bool set_trusted_certs(CFArrayRef trusted_certs) {
    MutexLocker m(mutex_);
    if (trusted_certs_ != NULL) {
      return false;
    }
    trusted_certs_ = trusted_certs;
    return true;
  }

  CFArrayRef cert_authorities() {
    MutexLocker m(mutex_);
    return cert_authorities_;
  }
  bool set_cert_authorities(CFArrayRef cert_authorities) {
    MutexLocker m(mutex_);
    if (cert_authorities_ != NULL) {
      return false;
    }
    cert_authorities_ = cert_authorities;
    return true;
  }

  bool trust_builtin() {
    MutexLocker m(mutex_);
    return trust_builtin_;
  }
  void set_trust_builtin(bool trust_builtin) {
    MutexLocker m(mutex_);
    trust_builtin_ = trust_builtin;
  }

 private:
  // The context is accessed both by Dart code and the IOService. This mutex
  // protects all fields.
  Mutex* mutex_;

  SecKeyRef private_key_;
  SecKeychainRef keychain_;

  // CFArrays of SecCertificateRef.
  CFArrayRef cert_chain_;
  CFArrayRef trusted_certs_;
  CFArrayRef cert_authorities_;

  bool trust_builtin_;

  DISALLOW_COPY_AND_ASSIGN(SSLCertContext);
};

// SSLFilter encapsulates the SecureTransport code in a filter that communicates
// with the containing _SecureFilterImpl Dart object through four shared
// ExternalByteArray buffers, for reading and writing plaintext, and
// reading and writing encrypted text.  The filter handles handshaking
// and certificate verification.
class SSLFilter : public ReferenceCounted<SSLFilter> {
 public:
  // These enums must agree with those in sdk/lib/io/secure_socket.dart.
  enum BufferIndex {
    kReadPlaintext,
    kWritePlaintext,
    kReadEncrypted,
    kWriteEncrypted,
    kNumBuffers,
    kFirstEncrypted = kReadEncrypted
  };

  SSLFilter()
      : ReferenceCounted(),
        cert_context_(NULL),
        ssl_context_(NULL),
        peer_certs_(NULL),
        string_start_(NULL),
        string_length_(NULL),
        handshake_complete_(NULL),
        bad_certificate_callback_(NULL),
        in_handshake_(false),
        connected_(false),
        bad_cert_(false),
        is_server_(false),
        hostname_(NULL) {
  }

  ~SSLFilter();

  // Callback called by the IOService.
  static CObject* ProcessFilterRequest(const CObjectArray& request);

  Dart_Handle Init(Dart_Handle dart_this);
  void Connect(Dart_Handle dart_this,
               const char* hostname,
               SSLCertContext* context,
               bool is_server,
               bool request_client_certificate,
               bool require_client_certificate);
  void Destroy();
  OSStatus CheckHandshake();
  void Renegotiate(bool use_session_cache,
                   bool request_client_certificate,
                   bool require_client_certificate);
  void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete);
  void RegisterBadCertificateCallback(Dart_Handle callback);
  Dart_Handle PeerCertificate();

 private:
  static OSStatus SSLReadCallback(SSLConnectionRef connection,
                                  void* data,
                                  size_t* data_length);
  static OSStatus SSLWriteCallback(SSLConnectionRef connection,
                                   const void* data,
                                   size_t* data_length);

  static bool isBufferEncrypted(intptr_t i) {
    return static_cast<BufferIndex>(i) >= kFirstEncrypted;
  }
  Dart_Handle InitializeBuffers(Dart_Handle dart_this);

  intptr_t GetBufferStart(intptr_t idx) const;
  intptr_t GetBufferEnd(intptr_t idx) const;
  void SetBufferStart(intptr_t idx, intptr_t value);
  void SetBufferEnd(intptr_t idx, intptr_t value);

  OSStatus ProcessAllBuffers(intptr_t starts[kNumBuffers],
                             intptr_t ends[kNumBuffers],
                             bool in_handshake);
  OSStatus ProcessReadPlaintextBuffer(intptr_t start,
                                      intptr_t end,
                                      intptr_t* bytes_processed);
  OSStatus ProcessWritePlaintextBuffer(intptr_t start,
                                       intptr_t end,
                                       intptr_t* bytes_processed);

  // These calls can block on IO, and should only be invoked from
  // from ProcessAllBuffers from ProcessFilterRequest.
  OSStatus EvaluatePeerTrust();
  OSStatus Handshake();
  Dart_Handle InvokeBadCertCallback(SecCertificateRef peer_cert);

  RetainedPointer<SSLCertContext> cert_context_;
  SSLContextRef ssl_context_;
  CFArrayRef peer_certs_;

  // starts and ends filled in at the start of ProcessAllBuffers.
  // If these are NULL, then try to get the pointers out of
  // dart_buffer_objects_.
  uint8_t* buffers_[kNumBuffers];
  intptr_t* buffer_starts_[kNumBuffers];
  intptr_t* buffer_ends_[kNumBuffers];
  intptr_t buffer_size_;
  intptr_t encrypted_buffer_size_;
  Dart_PersistentHandle string_start_;
  Dart_PersistentHandle string_length_;
  Dart_PersistentHandle dart_buffer_objects_[kNumBuffers];
  Dart_PersistentHandle handshake_complete_;
  Dart_PersistentHandle bad_certificate_callback_;
  bool in_handshake_;
  bool connected_;
  bool bad_cert_;
  bool is_server_;
  char* hostname_;

  DISALLOW_COPY_AND_ASSIGN(SSLFilter);
};

}  // namespace bin
}  // namespace dart

#endif  // BIN_SECURE_SOCKET_MACOS_H_