/*
 * Copyright (c) 2015-2016 Isode Limited.
 * All rights reserved.
 * See the COPYING file for more information.
 */

#pragma once

#include <Security/SecureTransport.h>

#include <Swiften/TLS/TLSContext.h>

namespace Swift {

class SecureTransportContext : public TLSContext {
    public:
        SecureTransportContext(bool checkCertificateRevocation);
        virtual ~SecureTransportContext();

        virtual void connect();

        virtual bool setClientCertificate(CertificateWithKey::ref cert);

        virtual void handleDataFromNetwork(const SafeByteArray&);
        virtual void handleDataFromApplication(const SafeByteArray&);

        virtual std::vector<Certificate::ref> getPeerCertificateChain() const;
        virtual CertificateVerificationError::ref getPeerCertificateVerificationError() const;

        virtual ByteArray getFinishMessage() const;

    private:
        static OSStatus SSLSocketReadCallback(SSLConnectionRef connection, void *data, size_t *dataLength);
        static OSStatus SSLSocketWriteCallback(SSLConnectionRef connection, const void *data, size_t *dataLength);

    private:
        enum State { None, Handshake, HandshakeDone, Error};
        static std::string stateToString(State state);
        void setState(State newState);

        static std::shared_ptr<TLSError> nativeToTLSError(OSStatus error);
        std::shared_ptr<CertificateVerificationError> CSSMErrorToVerificationError(OSStatus resultCode);

        void processHandshake();
        void verifyServerCertificate();

        void fatalError(std::shared_ptr<TLSError> error, std::shared_ptr<CertificateVerificationError> certificateError);

    private:
        std::shared_ptr<SSLContext> sslContext_;
        SafeByteArray readingBuffer_;
        State state_;
        CertificateVerificationError::ref verificationError_;
        CertificateWithKey::ref clientCertificate_;
        bool checkCertificateRevocation_;
};

}