// SPDX-License-Identifier: BSD-2-Clause

/*

 * Copyright © The libcoap-rs Contributors, all rights reserved.

 * This file is part of the libcoap-rs project, see the README file for

 * general information on this project and the NOTICE.md and LICENSE files

 * for information regarding copyright ownership and terms of use.

 *

 * context.rs - CoAP context related code.

 */

//! Module containing context-internal types and traits.

use core::ffi::c_uint;

#[cfg(feature = "dtls-pki")]

use libcoap_sys::coap_context_set_pki_root_cas;

use libcoap_sys::{

    coap_add_resource, coap_can_exit, coap_context_get_csm_max_message_size, coap_context_get_csm_timeout,

    coap_context_get_max_handshake_sessions, coap_context_get_max_idle_sessions, coap_context_get_session_timeout,

    coap_context_set_block_mode, coap_context_set_csm_max_message_size, coap_context_set_csm_timeout,

    coap_context_set_keepalive, coap_context_set_max_handshake_sessions, coap_context_set_max_idle_sessions,

    coap_context_set_session_timeout, coap_context_t, coap_event_t, coap_event_t_COAP_EVENT_BAD_PACKET,

    coap_event_t_COAP_EVENT_DTLS_CLOSED, coap_event_t_COAP_EVENT_DTLS_CONNECTED, coap_event_t_COAP_EVENT_DTLS_ERROR,

    coap_event_t_COAP_EVENT_DTLS_RENEGOTIATE, coap_event_t_COAP_EVENT_KEEPALIVE_FAILURE,

    coap_event_t_COAP_EVENT_MSG_RETRANSMITTED, coap_event_t_COAP_EVENT_OSCORE_DECODE_ERROR,

    coap_event_t_COAP_EVENT_OSCORE_DECRYPTION_FAILURE, coap_event_t_COAP_EVENT_OSCORE_INTERNAL_ERROR,

    coap_event_t_COAP_EVENT_OSCORE_NOT_ENABLED, coap_event_t_COAP_EVENT_OSCORE_NO_PROTECTED_PAYLOAD,

    coap_event_t_COAP_EVENT_OSCORE_NO_SECURITY, coap_event_t_COAP_EVENT_PARTIAL_BLOCK,

    coap_event_t_COAP_EVENT_SERVER_SESSION_DEL, coap_event_t_COAP_EVENT_SERVER_SESSION_NEW,

    coap_event_t_COAP_EVENT_SESSION_CLOSED, coap_event_t_COAP_EVENT_SESSION_CONNECTED,

    coap_event_t_COAP_EVENT_SESSION_FAILED, coap_event_t_COAP_EVENT_TCP_CLOSED, coap_event_t_COAP_EVENT_TCP_CONNECTED,

    coap_event_t_COAP_EVENT_TCP_FAILED, coap_event_t_COAP_EVENT_WS_CLOSED, coap_event_t_COAP_EVENT_WS_CONNECTED,

    coap_event_t_COAP_EVENT_WS_PACKET_SIZE, coap_event_t_COAP_EVENT_XMIT_BLOCK_FAIL, coap_free_context,

    coap_get_app_data, coap_io_process, coap_new_context, coap_proto_t, coap_proto_t_COAP_PROTO_DTLS,

    coap_proto_t_COAP_PROTO_TCP, coap_proto_t_COAP_PROTO_UDP, coap_register_event_handler,

    coap_register_response_handler, coap_set_app_data, coap_startup_with_feature_checks, COAP_BLOCK_SINGLE_BODY,

    COAP_BLOCK_USE_LIBCOAP, COAP_IO_WAIT,

};

use std::ffi::CStr;

#[cfg(feature = "dtls-pki")]

use std::ffi::CString;

#[cfg(feature = "dtls")]

use std::ptr::NonNull;

use std::{any::Any, ffi::c_void, fmt::Debug, net::SocketAddr, ops::Sub, sync::Once, time::Duration};

#[cfg(all(feature = "dtls-pki", unix))]

use std::{os::unix::ffi::OsStrExt, path::Path};

#[cfg(any(feature = "dtls-rpk", feature = "dtls-pki"))]

use crate::crypto::pki_rpk::ServerPkiRpkCryptoContext;

#[cfg(feature = "dtls-psk")]

use crate::crypto::psk::ServerPskContext;

use crate::{

    error::{ContextConfigurationError, EndpointCreationError, IoProcessError, MulticastGroupJoinError},

    event::{event_handler_callback, CoapEventHandler},

    mem::{CoapLendableFfiRcCell, CoapLendableFfiWeakCell, DropInnerExclusively},

    resource::{CoapResource, UntypedCoapResource},

    session::{session_response_handler, CoapServerSession, CoapSession},

    transport::CoapEndpoint,

};

//TODO: New feature?

use libcoap_sys::coap_join_mcast_group_intf;

static COAP_STARTUP_ONCE: Once = Once::new();

#[inline(always)]

pub(crate) fn ensure_coap_started() {

    COAP_STARTUP_ONCE.call_once(coap_startup_with_feature_checks);

}

#[derive(Debug)]

struct CoapContextInner<'a> {

    /// Reference to the raw context this context wraps around.

    raw_context: *mut coap_context_t,

    /// A list of endpoints that this context is currently associated with.

    endpoints: Vec<CoapEndpoint>,

    /// A list of resources associated with this context.

    resources: Vec<Box<dyn UntypedCoapResource>>,

    /// A list of server-side sessions that are currently active.

    server_sessions: Vec<CoapServerSession<'a>>,

    #[cfg(feature = "dtls-psk")]

    psk_context: Option<ServerPskContext<'a>>,

    /// PKI context for encrypted server-side sessions.

    #[cfg(any(feature = "dtls-pki", feature = "dtls-rpk"))]

    pki_rpk_context: Option<ServerPkiRpkCryptoContext<'a>>,

}

/// A CoAP Context — container for general state and configuration information relating to CoAP

///

/// The equivalent to the [coap_context_t] type in libcoap.

#[derive(Debug)]

pub struct CoapContext<'a> {

    inner: CoapLendableFfiRcCell<CoapContextInner<'a>>,

}

impl<'a> CoapContext<'a> {

    /// Creates a new context.

    ///

    /// # Errors

    /// Returns an error if the underlying libcoap library was unable to create a new context

    /// (probably an allocation error?).

    pub fn new() -> Result<CoapContext<'a>, ContextConfigurationError> {

        ensure_coap_started();

        // SAFETY: Providing null here is fine, the context will just not be bound to an endpoint

        // yet.

        let raw_context = unsafe { coap_new_context(std::ptr::null()) };

        if raw_context.is_null() {

            return Err(ContextConfigurationError::Unknown);

        }

        // SAFETY: We checked that raw_context is not null.

        unsafe {

            coap_context_set_block_mode(

                raw_context,

                // In some versions of libcoap, bindgen infers COAP_BLOCK_USE_LIBCOAP and

                // COAP_BLOCK_SINGLE_BODY to be u32, while the function parameter is u8.

                // Therefore, we use `try_into()` to convert to the right type, and panic if this is

                // not possible (should never happen)

                (COAP_BLOCK_USE_LIBCOAP | COAP_BLOCK_SINGLE_BODY)

                    .try_into()

                    .expect("coap_context_set_block_mode() flags have invalid type for function"),

            );

            coap_register_response_handler(raw_context, Some(session_response_handler));

            raw_context,

            endpoints: Vec::new(),

            psk_context: None,

    /// Handle an incoming event provided by libcoap.

    pub(crate) fn handle_event(&self, mut session: CoapSession<'a>, event: coap_event_t) {

        let inner_ref = &mut *self.inner.borrow_mut();

            #[allow(non_upper_case_globals)]

                coap_event_t_COAP_EVENT_DTLS_CONNECTED => handler.handle_dtls_connected(&mut session),

                coap_event_t_COAP_EVENT_DTLS_RENEGOTIATE => handler.handle_dtls_renegotiate(&mut session),

                coap_event_t_COAP_EVENT_DTLS_ERROR => handler.handle_dtls_error(&mut session),

                coap_event_t_COAP_EVENT_TCP_CONNECTED => handler.handle_tcp_connected(&mut session),

                coap_event_t_COAP_EVENT_TCP_CLOSED => handler.handle_tcp_closed(&mut session),

                coap_event_t_COAP_EVENT_TCP_FAILED => handler.handle_tcp_failed(&mut session),

                coap_event_t_COAP_EVENT_SERVER_SESSION_NEW => {

                    if let CoapSession::Server(server_session) = &mut session {

                        panic!("server-side session event fired for non-server-side session");

                    }

                    if let CoapSession::Server(server_session) = &mut session {

                    } else {

                        panic!("server-side session event fired for non-server-side session");

                    }

                coap_event_t_COAP_EVENT_OSCORE_INTERNAL_ERROR => handler.handle_oscore_internal_error(&mut session),

                coap_event_t_COAP_EVENT_WS_CONNECTED => handler.handle_ws_connected(&mut session),

                coap_event_t_COAP_EVENT_KEEPALIVE_FAILURE => handler.handle_keepalive_failure(&mut session),

                _ => {

                    // TODO probably a log message is justified here.

        }

        if let CoapSession::Server(serv_sess) = session {

            // Variant names are named by bindgen, we have no influence on this.

                coap_event_t_COAP_EVENT_SERVER_SESSION_NEW => inner_ref.server_sessions.push(serv_sess),

                    std::mem::drop(inner_ref.server_sessions.remove(

                            "attempted to remove session wrapper from context that was never associated with it",

                    ));

    ///

    /// function fails and [`ContextConfigurationError::CryptoContextAlreadySet`] if the PSK context

    #[cfg(feature = "dtls-psk")]

    pub fn set_psk_context(&mut self, psk_context: ServerPskContext<'a>) -> Result<(), ContextConfigurationError> {

        let mut inner = self.inner.borrow_mut();

        }

        // dropped (ensuring the encryption context outlives the CoAP context).

        unsafe {

                .psk_context

                .unwrap()

    }

    /// Sets the server-side cryptography information provider.

    ///

    /// # Errors

    ///

    /// Returns [`ContextConfigurationError::Unknown`] if the call to the underlying libcoap library

    /// function fails and [`ContextConfigurationError::CryptoContextAlreadySet`] if the PSK context

    /// has already been set previously.

        if inner.pki_rpk_context.is_some() {

            return Err(ContextConfigurationError::CryptoContextAlreadySet);

        }

        inner.pki_rpk_context = Some(pki_context.into());

                .pki_rpk_context

                .unwrap()

                .apply_to_context(NonNull::new(inner.raw_context).unwrap())

        }

    }

    /// Convenience wrapper around [`set_pki_root_cas`](CoapContext::set_pki_root_cas) that can be

    /// provided with any type that implements `AsRef<Path>`.

    ///

    /// `ca_file` should be the full path of a PEM-encoded file containing all root CAs to be used

    /// and the [`OsString` type](https://doc.rust-lang.org/std/ffi/struct.OsString.html) for more

    /// information.

    ///

    /// # Errors

        ca_file: Option<impl AsRef<Path>>,

    ) -> Result<(), ContextConfigurationError> {

        let ca_file = ca_file.as_ref().map(|v| {

            let v = v.as_ref();

            assert!(v.is_file(), "attempted to set non-file as CA file for libcoap");

            // Unix paths never contain null bytes, so we can unwrap here.

            CString::new(v.as_os_str().as_bytes()).unwrap()

        });

        let ca_dir = ca_dir.as_ref().map(|v| {

            let v = v.as_ref();

            assert!(v.is_dir(), "attempted to set non-directory as CA directory for libcoap");

            // Unix paths never contain null bytes, so we can unwrap here.

            CString::new(v.as_os_str().as_bytes()).unwrap()

        });

        self.set_pki_root_cas(ca_file, ca_dir)

    }

    /// Sets the path to a CA certificate file and/or a directory of CA certificate files that

    /// should be used as this context's default root CA information.

    ///

    /// `ca_file` should be the full path of a PEM-encoded file containing all root CAs to be used

        &mut self,

        let result = unsafe {

                ca_file.as_ref().map(|v| v.as_ptr()).unwrap_or(std::ptr::null()),

        };

        if result == 1 {

            Ok(())

        } else {

            Err(ContextConfigurationError::Unknown)

        }

    }

}

impl CoapContext<'_> {

    /// Performs a controlled shutdown of the CoAP context.

    ///

        while unsafe { coap_can_exit(self.inner.borrow_mut().raw_context) } == 0 {

    /// Store reference to the endpoint

        inner_ref.endpoints.push(endpoint);

    }

    /// Creates a new UDP endpoint that is bound to the given address.

    pub fn add_endpoint_udp(&mut self, addr: SocketAddr) -> Result<(), EndpointCreationError> {

        self.add_endpoint(addr, coap_proto_t_COAP_PROTO_UDP)

    }

    pub fn add_endpoint_tcp(&mut self, addr: SocketAddr) -> Result<(), EndpointCreationError> {

        self.add_endpoint(addr, coap_proto_t_COAP_PROTO_TCP)

    ///

    #[cfg(feature = "dtls")]

    pub fn add_endpoint_dtls(&mut self, addr: SocketAddr) -> Result<(), EndpointCreationError> {

    pub fn join_mcast_group_intf(

        &mut self,

        let inner_ref = self.inner.borrow();

        let mcast_groupname = groupname.as_ref().as_ptr();

        let mcast_ifname = ifname.map(|v| v.as_ptr()).unwrap_or(std::ptr::null());

            if ret != 0 {

                return Err(MulticastGroupJoinError::Unknown);

            }

        };

        Ok(())

    }

    // /// TODO

    // #[cfg(all(feature = "tcp", dtls))]

    // pub fn add_endpoint_tls(&mut self, _addr: SocketAddr) -> Result<(), EndpointCreationError> {

    //     todo!()

    //     // TODO: self.add_endpoint(addr, coap_proto_t_COAP_PROTO_TLS)

    // }

    /// Adds the given resource to the resource pool of this context.

    pub fn add_resource<D: Any + ?Sized + Debug>(&mut self, res: CoapResource<D>) {

        let mut inner_ref = self.inner.borrow_mut();

        inner_ref.resources.push(Box::new(res));

        // SAFETY: raw context is valid, raw resource is also guaranteed to be valid as long as

        // contract of CoapResource is upheld.

        unsafe {

            coap_add_resource(

                inner_ref.raw_context,

                inner_ref.resources.last_mut().unwrap().raw_resource(),

            );

        };

    }

    /// Performs currently outstanding IO operations, waiting for a maximum duration of `timeout`.

    ///

    /// This is the function where most of the IO operations made using this library are actually

    /// executed. It is recommended to call this function in a loop for as long as the CoAP context

    /// is used.

    pub fn do_io(&mut self, timeout: Option<Duration>) -> Result<Duration, IoProcessError> {

        let mut inner_ref = self.inner.borrow_mut();

        // Round up the duration if it is not a clean number of seconds.

        let timeout = if let Some(timeout) = timeout {

            let mut temp_timeout = u32::try_from(timeout.as_millis()).unwrap_or(u32::MAX);

            if timeout.subsec_micros() > 0 || timeout.subsec_nanos() > 0 {

                temp_timeout = temp_timeout.saturating_add(1);

            }

            temp_timeout

        } else {

            // If no timeout is set, wait indefinitely.

            COAP_IO_WAIT

        };

        let raw_ctx_ptr = inner_ref.raw_context;

        // Lend the current mutable reference to potential callers of CoapContext functions on the

        // other side of the FFI barrier.

        let lend_handle = self.inner.lend_ref_mut(&mut inner_ref);

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        // Other raw structs used by libcoap are encapsulated in a way that they cannot be in use

        // while in this function (considering that they are all !Send).

        let spent_time = unsafe { coap_io_process(raw_ctx_ptr, timeout) };

        // Demand the return of the lent handle, ensuring that the mutable reference is no longer

        // used anywhere.

        lend_handle.unlend();

        // Check for errors.

        if spent_time < 0 {

            return Err(IoProcessError::Unknown);

        }

        // Return with duration of call.

        Ok(Duration::from_millis(spent_time.unsigned_abs() as u64))

    }

    /// Return the duration that idle server-side sessions are kept alive if they are not referenced

    /// or used anywhere else.

    pub fn session_timeout(&self) -> Duration {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        let timeout = unsafe { coap_context_get_session_timeout(self.inner.borrow().raw_context) };

        Duration::from_secs(timeout as u64)

    }

    /// Set the duration that idle server-side sessions are kept alive if they are not referenced or

    /// used anywhere else.

    ///

    /// # Panics

    /// Panics if the provided duration is too large to be provided to libcoap (larger than a

    /// [libc::c_uint]).

    pub fn set_session_timeout(&self, timeout: Duration) {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe {

            coap_context_set_session_timeout(

                self.inner.borrow_mut().raw_context,

                timeout

                    .as_secs()

                    .try_into()

                    .expect("provided session timeout is too large for libcoap (> u32::MAX)"),

            )

        }

    }

    /// Returns the maximum number of server-side sessions that can concurrently be in a handshake

    /// state.

    ///

    /// If this number is exceeded, no new handshakes will be accepted.

    pub fn max_handshake_sessions(&self) -> c_uint {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe { coap_context_get_max_handshake_sessions(self.inner.borrow().raw_context) }

    }

    /// Sets the maximum number of server-side sessions that can concurrently be in a handshake

    /// state.

    ///

    /// If this number is exceeded, no new handshakes will be accepted.

    pub fn set_max_handshake_sessions(&self, max_handshake_sessions: c_uint) {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe { coap_context_set_max_handshake_sessions(self.inner.borrow().raw_context, max_handshake_sessions) };

    }

    /// Returns the maximum number of idle server-side sessions for this context.

    ///

    /// If this number is exceeded, the oldest unreferenced session will be freed.

    pub fn max_idle_sessions(&self) -> c_uint {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe { coap_context_get_max_idle_sessions(self.inner.borrow().raw_context) }

    }

    /// Sets the maximum number of idle server-side sessions for this context.

    ///

    /// If this number is exceeded, the oldest unreferenced session will be freed.

    pub fn set_max_idle_sessions(&self, max_idle_sessions: c_uint) {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe { coap_context_set_max_idle_sessions(self.inner.borrow().raw_context, max_idle_sessions) };

    }

    /// Returns the maximum size for Capabilities and Settings Messages

    ///

    /// CSMs are used in CoAP over TCP as specified in

    /// [RFC 8323, Section 5.3](https://datatracker.ietf.org/doc/html/rfc8323#section-5.3).

    pub fn csm_max_message_size(&self) -> u32 {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe { coap_context_get_csm_max_message_size(self.inner.borrow().raw_context) }

    }

    /// Sets the maximum size for Capabilities and Settings Messages

    ///

    /// CSMs are used in CoAP over TCP as specified in

    /// [RFC 8323, Section 5.3](https://datatracker.ietf.org/doc/html/rfc8323#section-5.3).

    pub fn set_csm_max_message_size(&self, csm_max_message_size: u32) {

        // SAFETY: Properly initialized CoapContext always has a valid raw_context that is not

        // deleted until the CoapContextInner is dropped.

        unsafe { coap_context_set_csm_max_message_size(self.inner.borrow().raw_context, csm_max_message_size) };

    }

    /// Returns the timeout for Capabilities and Settings Messages

    ///

    /// CSMs are used in CoAP over TCP as specified in

    /// [RFC 8323, Section 5.3](https://datatracker.ietf.org/doc/html/rfc8323#section-5.3).

    pub fn csm_timeout(&self) -> Duration {

        Duration::from_secs(timeout as u64)

    }

    /// Sets the timeout for Capabilities and Settings Messages

    ///

        unsafe {

            coap_context_set_csm_timeout(

                    .expect("provided session timeout is too large for libcoap (> u32::MAX)"),

    }

    /// Sets the number of seconds to wait before sending a CoAP keepalive message for idle

    /// sessions.

    ///

    /// If the provided value is None, CoAP-level keepalive messages will be disabled.

    ///

    /// # Panics

    /// Panics if the provided duration is too large to be provided to libcoap (larger than a

        // deleted until the CoapContextInner is dropped.

        unsafe {

            )

        };

    }

    /// Returns a reference to the raw context contained in this struct.

    ///

    /// struct.

    ///   cause a segfault if you don't immediately [std::mem::forget()] the CoapContext and never

    ///   use anything related to the context again, but why would you do that?)

    #[allow(unused)]

        // SAFETY: raw_context is checked to be a valid pointer on struct instantiation, cannot be

        // freed by anything outside of here (assuming the contract of this function is kept), and

        // is).

        &*self.inner.borrow().raw_context

    }

    ///

    /// # Safety

    /// struct.

    /// - Associating raw sessions that have a reference count != 0 when the CoapContext is dropped

    ///   cause a segfault if you don't immediately [std::mem::forget()] the CoapContext and never

    ///   use anything related to the context again, but why would you do that?)

    pub(crate) unsafe fn as_mut_raw_context(&mut self) -> &mut coap_context_t {

        // freed by anything outside of here (assuming the contract of this function is kept), and

        // the default (elided) lifetimes are correct (the pointer is valid as long as the endpoint

    // TODO coap_session_get_by_peer

}

impl Drop for CoapContextInner<'_> {

    fn drop(&mut self) {

        // Disable event handler before dropping, as we would otherwise need to lend our reference

        // the context.

        // SAFETY: Validity of our raw context is always given for the lifetime of CoapContextInner

        // unless coap_free_context() is called during a violation of the [as_mut_raw_context()] and

        for session in std::mem::take(&mut self.server_sessions).into_iter() {

            session.drop_exclusively();

        // Clear endpoints because coap_free_context() would free their underlying raw structs.

        self.endpoints.clear();

        // Extract reference to CoapContextInner from raw context and drop it.

        // SAFETY: Value is set upon construction of the inner context and never deleted.

        unsafe {

                coap_get_app_data(self.raw_context) as *mut CoapLendableFfiWeakCell<CoapContextInner>,

            ))

        // As long as [CoapResource::into_inner] isn't used and we haven't given out owned

        // CoapResource instances whose raw resource is attached to the raw context, this should

        // never fail.

        std::mem::take(&mut self.resources)

            .into_iter()

            .for_each(UntypedCoapResource::drop_inner_exclusive);

        // the actual context, and our raw context reference is valid (as long as the contracts of

        // [as_mut_raw_context()] and [as_mut_context()] are fulfilled).

        }

    }

}