// SPDX-License-Identifier: BSD-2-Clause

/*

 * Copyright © The libcoap-rs Contributors, all rights reserved.

 * This file is part of the libcoap-rs project, see the README file for

 * general information on this project and the NOTICE.md and LICENSE files

 * for information regarding copyright ownership and terms of use.

 *

 * crypto/psk/server.rs - Interfaces and types for server-side PSK support in libcoap-rs.

 */

use std::{

    borrow::Borrow,

    cell::RefCell,

    collections::{BTreeMap, HashMap},

    ffi::{c_void, CStr},

    fmt::Debug,

    hash::Hash,

    os::raw::c_char,

    ptr::NonNull,

    rc::{Rc, Weak},

};

use libcoap_sys::{

    coap_bin_const_t, coap_context_set_psk2, coap_context_t, coap_dtls_spsk_info_t, coap_dtls_spsk_t, coap_session_t,

    COAP_DTLS_SPSK_SETUP_VERSION,

};

use crate::{crypto::psk::key::PskKey, error::ContextConfigurationError, session::CoapServerSession};

/// Builder for a server-side DTLS encryption context for use with pre-shared keys (PSK).

#[derive(Debug)]

pub struct ServerPskContextBuilder<'a> {

    ctx: ServerPskContextInner<'a>,

}

impl<'a> ServerPskContextBuilder<'a> {

    /// Creates a new context builder with the given `key` as the default key to use.

    ///

    /// # Implementation details (informative, not covered by semver guarantees)

    ///

    /// Providing a raw public key will set `psk_info` to the provided key in the underlying

    /// [`coap_dtls_spsk_t`] structure.

    /// Sets the key provider that provides a PSK for a given identity.

    ///

    /// # Implementation details (informative, not covered by semver guarantees)

    ///

    /// Setting a `id_key_provider` will set the `validate_id_call_back` of the underlying

    /// [`coap_dtls_spsk_t`] to a wrapper function, which will then call the key provider.

    /// Sets the key provider that provides keys for a SNI provided by a client.

    ///

    /// # Implementation details (informative, not covered by semver guarantees)

    ///

    /// Setting a `sni_key_provider` will set the `validate_sni_call_back` of the underlying

    /// [`coap_dtls_spsk_t`] to a wrapper function, which will then call the key provider.

    ///

    /// Keys returned by the key provider will be stored in the context for at least as long as they

    /// are used by the respective session.

    /// Consumes this builder to construct the resulting PSK context.

        }

}

impl ServerPskContextBuilder<'_> {

    /// Enables or disables support for EC JPAKE ([RFC 8236](https://datatracker.ietf.org/doc/html/rfc8236))

    /// key exchanges in (D)TLS.

    ///

    /// Note: At the time of writing (based on libcoap 4.3.5), this is only supported on MbedTLS,

    /// enabling EC JPAKE on other DTLS backends has no effect.

    ///

    /// # Implementation details (informative, not covered by semver guarantees)

    ///

    /// Equivalent to setting `ec_jpake` in the underlying [`coap_dtls_spsk_t`] structure.

}

#[derive(Debug)]

struct ServerPskContextInner<'a> {

    /// Raw configuration object.

    raw_cfg: Box<coap_dtls_spsk_t>,

    /// Store for `coap_dtls_spsk_info_t` instances that we provided in previous SNI or ID

    /// callback invocations.

    ///

    /// The stored pointers *must* all be created from Box::into_raw().

    ///

    /// Using `Vec<coap_dtls_spsk_info_t>` instead is not an option, as a Vec resize may cause the

    /// instances to be moved to a different place in memory, invalidating pointers provided to

    /// libcoap.

    provided_keys: Vec<*mut coap_dtls_spsk_info_t>,

    /// User-supplied SNI key provider.

    sni_key_provider: Option<Box<dyn ServerPskSniKeyProvider<'a> + 'a>>,

    /// User-supplied identity key provider.

    id_key_provider: Option<Box<dyn ServerPskIdentityKeyProvider<'a> + 'a>>,

}

impl Drop for ServerPskContextInner<'_> {

            // SAFETY: Vector has only ever been filled by instances created from to_raw_spsk_info.

        }

            // SAFETY: If we set this, it must have been a call to Weak::into_raw with the correct

            //         type.

            // SAFETY: If we set this, it must have been a call to Weak::into_raw with the correct

            //         type.

}

/// Server-side encryption context for PSK-based (D)TLS sessions.

#[derive(Clone, Debug)]

pub struct ServerPskContext<'a> {

    /// Inner structure of this context.

    inner: Rc<RefCell<ServerPskContextInner<'a>>>,

}

impl ServerPskContext<'_> {

    /// Returns a pointer to the PSK key data to use for a given `identity` and `session`, or

    /// [`std::ptr::null()`] if the provided identity hint and/or session are unacceptable.

    ///

    /// The returned pointer is guaranteed to remain valid as long as the underlying

    /// [`ServerPskContextInner`] is not dropped.

    /// As the [`ServerPskContext`] is also stored in the [`CoapServerSession`] instance, this

    /// implies that the pointer is valid for at least as long as the session is.

    ///

    /// **Important:** After the underlying [`ServerPskContextInner`] is dropped, the returned

    /// pointer will no longer be valid and should no longer be dereferenced.

        } else {

        }

    /// Returns a pointer to the PSK (potentially with identity hint) to use for a given `sni` (and

    /// `session`), or [`std::ptr::null()`] if the provided identity hint and/or session are

    /// unacceptable.

    ///

    /// The returned pointer is guaranteed to remain valid as long as the underlying

    /// [`ServerPskContextInner`] is not dropped.

    /// As the [`ServerPskContext`] is also stored in the [`CoapServerSession`] instance, this

    /// implies that the pointer is valid for at least as long as the session is.

    ///

    /// **Important:** After the underlying [`ServerPskContextInner`] is dropped, the returned

    /// pointer will no longer be valid and should no longer be dereferenced.

        } else {

        }

    /// Applies this encryption configuration to the given raw `coap_context_t`.

    ///

    /// # Errors

    ///

    /// Will return [`ContextConfigurationError::Unknown`] if the call to the underlying libcoap

    /// function fails.

    ///

    /// # Safety

    /// This [ServerPskContext] must outlive the provided CoAP context, the provided pointer must be

    /// valid.

        }

}

impl<'a> ServerPskContext<'a> {

    /// Restores a [`ServerPskContext`] from a pointer to its inner structure (i.e. from the

    /// user-provided pointer given to DTLS callbacks).

    ///

    /// # Panics

    ///

    /// Panics if the given pointer is a null pointer or the inner structure was already dropped.

    ///

    /// # Safety

    /// The provided pointer must be a valid reference to a [`RefCell<ServerPskContextInner>`]

    /// instance created from a call to [`Weak::into_raw()`].

}

/// Trait for types that can provide pre-shared keys for a key identity given by a client to a

/// server.

pub trait ServerPskIdentityKeyProvider<'a>: Debug {

    /// Provides the key for the key `identity` given by the client that is connected through

    /// `session`, or `None` if the identity unacceptable or no key is available.

    fn key_for_identity(&self, identity: &[u8], session: &CoapServerSession<'_>) -> Option<PskKey<'a>>;

}

impl<'a, T: Debug> ServerPskIdentityKeyProvider<'a> for T

where

    T: AsRef<[PskKey<'a>]>,

{

    /// Returns the first key whose identity is equal to the one requested.

    /// If not found, returns the first key that has no key ID set.

}

/// Trait for things that can provide PSK DTLS keys for a given Server Name Indication.

pub trait ServerPskSniKeyProvider<'a>: Debug {

    /// Provide a key for the server name indication given as `sni`, or `None` if the SNI is not

    /// valid and no key is available.

    ///

    /// Note that libcoap will remember the returned key and re-use it for future handshakes with

    /// the same SNI (even if the peer is not the same), the return value should therefore not

    /// depend on the provided `session`.

    fn key_for_sni(&self, sni: &CStr, session: &CoapServerSession<'_>) -> Option<PskKey<'a>>;

}

impl<'a, T: AsRef<[u8]> + Debug, U: AsRef<PskKey<'a>> + Debug> ServerPskSniKeyProvider<'a> for Vec<(T, U)> {

    /// Return the second tuple object if the first one matches the given SNI.

}

impl<'a, T: AsRef<[u8]> + Debug, U: AsRef<PskKey<'a>> + Debug> ServerPskSniKeyProvider<'a> for [(T, U)] {

    /// Return the second tuple object if the first one matches the given SNI.

}

impl<'a, T: Borrow<[u8]> + Debug + Eq + Hash, U: AsRef<PskKey<'a>> + Debug> ServerPskSniKeyProvider<'a>

    for HashMap<T, U>

{

    /// Return the map value if the key matches the given SNI.

}

impl<'a, T: Borrow<[u8]> + Debug + Ord, U: AsRef<PskKey<'a>> + Debug> ServerPskSniKeyProvider<'a> for BTreeMap<T, U> {

    /// Return the map value if the key matches the given SNI.

}

/// Raw PSK identity callback that can be provided to libcoap.

///

/// # Safety

///

/// This function expects the arguments to be provided in a way that libcoap would when invoking

/// this function as an identity callback.

///

/// Additionally, `arg` must be a valid argument to [`ServerPskContext::from_raw`].

/// Raw PSK SNI callback that can be provided to libcoap.

///

/// # Safety

///

/// This function expects the arguments to be provided in a way that libcoap would when invoking

/// this function as an PSK SNI callback.

///

/// Additionally, `arg` must be a valid argument to [`ServerPskContext::from_raw`].