// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_SOCKET_SSL_HOST_INFO_H_
#define NET_SOCKET_SSL_HOST_INFO_H_

#include <string>
#include <vector>

#include "base/memory/ref_counted.h"
#include "base/memory/scoped_ptr.h"
#include "base/time.h"
#include "net/base/cert_verifier.h"
#include "net/base/cert_verify_result.h"
#include "net/base/completion_callback.h"
#include "net/base/dnsrr_resolver.h"
#include "net/socket/ssl_client_socket.h"

namespace net {

class X509Certificate;
struct SSLConfig;

// SSLHostInfo is an interface for fetching information about an SSL server.
// This information may be stored on disk so does not include keys or session
// information etc. Primarily it's intended for caching the server's
// certificates.
class SSLHostInfo {
 public:
  SSLHostInfo(const std::string& hostname,
              const SSLConfig& ssl_config,
              CertVerifier *certVerifier);
  virtual ~SSLHostInfo();

  // Start will commence the lookup. This must be called before any other
  // methods. By opportunistically calling this early, it may be possible to
  // overlap this object's lookup and reduce latency.
  virtual void Start() = 0;

  // WaitForDataReady returns OK if the fetch of the requested data has
  // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on
  // the current thread when ready.
  //
  // Only a single callback can be outstanding at a given time and, in the
  // event that WaitForDataReady returns OK, it's the caller's responsibility
  // to delete |callback|.
  //
  // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned
  // but, obviously, a callback will never be made.
  virtual int WaitForDataReady(CompletionCallback* callback) = 0;

  // Persist allows for the host information to be updated for future users.
  // This is a fire and forget operation: the caller may drop its reference
  // from this object and the store operation will still complete. This can
  // only be called once WaitForDataReady has returned OK or called its
  // callback.
  virtual void Persist() = 0;

  // StartDnsLookup triggers a DNS lookup for the host.
  void StartDnsLookup(DnsRRResolver* dnsrr_resolver);

  struct State {
    State();
    ~State();

    void Clear();

    // certs is a vector of DER encoded X.509 certificates, as the server
    // returned them and in the same order.
    std::vector<std::string> certs;

   private:
    DISALLOW_COPY_AND_ASSIGN(State);
  };

  // Once the data is ready, it can be read using the following members. These
  // members can then be updated before calling |Persist|.
  const State& state() const;
  State* mutable_state();

  // If |cert_valid()| returns true, then this contains the result of verifying
  // the certificate.
  const CertVerifyResult& cert_verify_result() const;

  // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in
  // |state().certs| is still being validated and arranges for the given
  // callback to be called when the verification completes. If the verification
  // has already finished then WaitForCertVerification returns the result of
  // that verification.
  int WaitForCertVerification(CompletionCallback* callback);

  base::TimeTicks verification_start_time() const {
    return verification_start_time_;
  }

  base::TimeTicks verification_end_time() const {
    return verification_end_time_;
  }

 protected:
  // Parse parses an opaque blob of data and fills out the public member fields
  // of this object. It returns true iff the parse was successful. The public
  // member fields will be set to something sane in any case.
  bool Parse(const std::string& data);
  std::string Serialize() const;
  State state_;
  bool cert_verification_complete_;
  int cert_verification_error_;

 private:
  // This is the callback function which the CertVerifier calls via |callback_|.
  void VerifyCallback(int rv);

  // ParseInner is a helper function for Parse.
  bool ParseInner(const std::string& data);

  // This is the hostname that we'll validate the certificates against.
  const std::string hostname_;
  bool cert_parsing_failed_;
  CompletionCallback* cert_verification_callback_;
  // These two members are taken from the SSLConfig.
  bool rev_checking_enabled_;
  bool verify_ev_cert_;
  base::TimeTicks verification_start_time_;
  base::TimeTicks verification_end_time_;
  CertVerifyResult cert_verify_result_;
  SingleRequestCertVerifier verifier_;
  scoped_refptr<X509Certificate> cert_;
  scoped_refptr<CancelableCompletionCallback<SSLHostInfo> > callback_;

  DnsRRResolver* dnsrr_resolver_;
  CompletionCallback* dns_callback_;
  DnsRRResolver::Handle dns_handle_;
  RRResponse dns_response_;
  base::TimeTicks dns_lookup_start_time_;
  base::TimeTicks cert_verification_finished_time_;
};

class SSLHostInfoFactory {
 public:
  virtual ~SSLHostInfoFactory();

  // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname
  // or NULL on failure.
  virtual SSLHostInfo* GetForHost(const std::string& hostname,
                                  const SSLConfig& ssl_config) = 0;
};

}  // namespace net

#endif  // NET_SOCKET_SSL_HOST_INFO_H_