// SPDX-License-Identifier: BSD-2-Clause

/*

 * Copyright © The libcoap-rs Contributors, all rights reserved.

 * This file is part of the libcoap-rs project, see the README file for

 * general information on this project and the NOTICE.md and LICENSE files

 * for information regarding copyright ownership and terms of use.

 *

 * session/client.rs - Types relating to client-side CoAP sessions.

 */

use std::{

    cell::{Ref, RefMut},

    net::SocketAddr,

};

#[cfg(feature = "oscore")]

use libcoap_sys::coap_new_client_session_oscore;

use libcoap_sys::{

    coap_new_client_session, coap_proto_t_COAP_PROTO_DTLS, coap_proto_t_COAP_PROTO_TCP, coap_proto_t_COAP_PROTO_UDP,

    coap_register_event_handler, coap_session_get_app_data, coap_session_get_context, coap_session_get_type,

    coap_session_init_token, coap_session_release, coap_session_set_app_data, coap_session_t,

    coap_session_type_t_COAP_SESSION_TYPE_CLIENT, coap_session_type_t_COAP_SESSION_TYPE_HELLO,

    coap_session_type_t_COAP_SESSION_TYPE_NONE, coap_session_type_t_COAP_SESSION_TYPE_SERVER, COAP_TOKEN_DEFAULT_MAX,

};

use super::{CoapSessionCommon, CoapSessionInner, CoapSessionInnerProvider};

#[cfg(feature = "dtls")]

use crate::crypto::ClientCryptoContext;

#[cfg(feature = "oscore")]

use crate::oscore::OscoreConf;

use crate::{

    context::CoapContext,

    error::SessionCreationError,

    event::event_handler_callback,

    mem::{CoapFfiRcCell, DropInnerExclusively},

    prng::coap_prng_try_fill,

    types::CoapAddress,

};

#[derive(Debug)]

struct CoapClientSessionInner<'a> {

    inner: CoapSessionInner<'a>,

    #[cfg(feature = "dtls")]

    // This field is actually referred to be libcoap, so it isn't actually unused.

    #[allow(unused)]

    crypto_ctx: Option<ClientCryptoContext<'a>>,

}

impl<'a> CoapClientSessionInner<'a> {

    /// Initializes a new [`CoapClientSessionInner`] for an unencrypted session from its raw counterpart

    /// with the provided initial information.

    ///

    /// Also initializes the message token to a random value to prevent off-path response spoofing

    /// (see [RFC 7252, section 5.3.1](https://datatracker.ietf.org/doc/html/rfc7252#section-5.3.1)).

    ///

    /// # Safety

    /// The provided pointer for `raw_session` must be valid and point to the newly constructed raw

    /// session.

        // For insecure protocols, generate a random initial token to prevent off-path response

        // spoofing, see https://datatracker.ietf.org/doc/html/rfc7252#section-5.3.1

        // SAFETY: raw session is valid, inner session pointer must be valid as it was just created

        // from one of Rust's smart pointers.

    /// Initializes a new [`CoapClientSessionInner`] for an encrypted session from its raw counterpart

    /// with the provided initial information.

    ///

    /// # Safety

    /// The provided pointer for `raw_session` must be valid and point to the newly constructed raw

    /// session.

    #[cfg(feature = "dtls")]

        // SAFETY: raw session is valid, inner session pointer must be valid as it was just created

        // from one of Rust's smart pointers.

}

/// Representation of a client-side CoAP session.

#[derive(Debug, Clone)]

pub struct CoapClientSession<'a> {

    inner: CoapFfiRcCell<CoapClientSessionInner<'a>>,

}

impl CoapClientSession<'_> {

    /// Create a new DTLS encrypted session with the given peer `addr` using the given `crypto_ctx`.

    ///

    /// # Errors

    /// Will return a [SessionCreationError] if libcoap was unable to create a session (most likely

    /// because it was not possible to bind to a port).

    #[cfg(feature = "dtls")]

        // SAFETY: The returned raw session lives for as long as the constructed

        // CoapClientSessionInner does, which is limited to the lifetime of crypto_ctx.

        // When the CoapClientSessionInner instance is dropped, the session is dropped before the

        // crypto context is.

                #[cfg(feature = "dtls-psk")]

                },

                #[cfg(feature = "dtls-pki")]

                },

                #[cfg(feature = "dtls-rpk")]

                },

            }

        };

        // SAFETY: raw_session was just checked to be valid pointer.

    /// Create a new unencrypted session with the given peer over UDP.

    ///

    /// # Errors

    /// Will return a [SessionCreationError] if libcoap was unable to create a session (most likely

    /// because it was not possible to bind to a port).

        // SAFETY: self.raw_context is guaranteed to be valid, local_if can be null.

                coap_proto_t_COAP_PROTO_UDP,

            )

        };

        // SAFETY: Session was just checked for validity.

    /// Create a new unencrypted session with the given peer over TCP.

    ///

    /// # Errors

    /// Will return a [SessionCreationError] if libcoap was unable to create a session (most likely

    /// because it was not possible to bind to a port).

        // SAFETY: self.raw_context is guaranteed to be valid, local_if can be null.

                coap_proto_t_COAP_PROTO_TCP,

            )

        };

        // SAFETY: Session was just checked for validity.

    /// Create an encrypted session with the given peer over UDP using OSCORE.

    ///

    /// # Errors

    /// Will return a [SessionCreationError] if libcoap was unable to create a session

    /// (most likely because it was not possible to bind to a port).

    #[cfg(feature = "oscore")]

    pub fn connect_oscore<'a>(

        ctx: &mut CoapContext<'a>,

        addr: SocketAddr,

        oscore_conf: OscoreConf,

    ) -> Result<CoapClientSession<'a>, SessionCreationError> {

        // SAFETY: self.raw_context is guaranteed to be valid, local_if can be null.

        // OscoreConf raw_conf should be valid, else we return an error.

        //

        // coap_new_client_session_oscore should free the raw_conf:

        // [libcoap docs](https://libcoap.net/doc/reference/4.3.5/group__oscore.html#ga65ac1a57ebc037b4d14538c8e21c28a7)

        let session = unsafe {

            coap_new_client_session_oscore(

                ctx.as_mut_raw_context(),

                std::ptr::null(),

                CoapAddress::from(addr).as_raw_address(),

                coap_proto_t_COAP_PROTO_UDP,

                oscore_conf.into_raw_conf().0,

            )

        };

        if session.is_null() {

            return Err(SessionCreationError::Unknown);

        }

        // SAFETY: Session was just checked for validity.

        Ok(CoapClientSession {

            inner: unsafe { CoapClientSessionInner::new(session) },

        })

    }

    /// Restores a [CoapClientSession] from its raw counterpart.

    ///

    /// Note that it is not possible to statically infer the lifetime of the created session from

    /// the raw pointer, i.e., the session will be created with an arbitrary lifetime.

    /// Therefore, callers of this function should ensure that the created session instance does not

    /// outlive the context it is bound to.

    /// Failing to do so will result in a panic/abort in the context destructor as it is unable to

    /// claim exclusive ownership of the client session.

    ///

    /// # Panics

    ///

    /// Panics if the given pointer is a null pointer or the raw session is not a client-side

    /// session with app data.

    ///

    /// # Safety

    /// The provided pointer must be valid, the provided session's app data must be a valid argument

    /// to [`CoapFfiRawCell<CoapClientSessionInner>::clone_raw_rc`].

        // Variant names are named by bindgen, we have no influence on this.

        // Ref: https://github.com/rust-lang/rust/issues/39371

        #[allow(non_upper_case_globals)]

            coap_session_type_t_COAP_SESSION_TYPE_CLIENT => {

            },

            coap_session_type_t_COAP_SESSION_TYPE_SERVER | coap_session_type_t_COAP_SESSION_TYPE_HELLO => {

            },

        }

}

impl DropInnerExclusively for CoapClientSession<'_> {

}

impl Drop for CoapClientSessionInner<'_> {

        // SAFETY:

        // - raw_session is always valid as long as we are not dropped yet (as this is the only

        //   function that calls coap_session_release on client-side sessions).

        // - Application data validity is asserted.

        // - For event handling access, see later comment.

        unsafe {

            // Recreate weak pointer instance so that it can be dropped (which in turn reduces the

            // weak reference count, avoiding memory leaks).

            // We need to temporarily disable event handling so that our own event handler does not

            // access this already partially invalid session (and recursively also calls this Drop

            // implementation), causing a SIGABRT.

            // This is fine, because:

            // - While this destructor is called, nothing is concurrently accessing the raw context

            //   (as libcoap is single-threaded and all types are !Send)

            // - The only way this could be problematic would be if libcoap assumed sessions to be

            //   unchanging during a call to coap_io_process. However, this would be considered a

            //   bug in libcoap (as the documentation does not explicitly forbid this AFAIK).

            // Let libcoap do its cleanup of the raw session and free the associated memory.

            // Restore event handler.

        }

}

impl<'a> CoapSessionInnerProvider<'a> for CoapClientSession<'a> {

}

impl<'a, T: CoapSessionCommon<'a>> PartialEq<T> for CoapClientSession<'_> {

        // SAFETY: Pointers are only compared, never accessed.

}

impl Eq for CoapClientSession<'_> {}