/*-
 * SSLsplit - transparent SSL/TLS interception
 * https://www.roe.ch/SSLsplit
 *
 * Copyright (c) 2009-2018, Daniel Roethlisberger <daniel@roe.ch>.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS ``AS IS''
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef PXYCONN_H
#define PXYCONN_H

#include "compat.h"
#include "opts.h"
#include "attrib.h"
#include "pxythrmgr.h"

#include <sys/types.h>
#include <sys/socket.h>

#include <event2/event.h>
#include <event2/util.h>

#include <iterator>
#include <sstream>

/*
 * Proxy connection context state, describes a proxy connection
 * with source and destination socket bufferevents, SSL context and
 * other session state.  One of these exists per handled proxy
 * connection.
 */

/* single dst or src socket bufferevent descriptor */
typedef struct pxy_conn_desc
{
    /* Normal */
    struct bufferevent *bev;
    SSL *ssl;
    unsigned int closed : 1;

    /* For Debug */
    size_t read_bytes;
    size_t write_bytes;

} pxy_conn_desc_t;

/* actual proxy connection state consisting of two connection descriptors,
 * connection-wide state and the specs and options */

struct pxy_conn_ctx_extend
{
public:
    void WriteDebugInfo(const std::string & str)
    {
        vec_debug_info.push_back(str);
    }

    std::string DumpToString()
    {
        std::ostringstream str_dump_stream;
        std::copy(vec_debug_info.begin(), vec_debug_info.end(),std::ostream_iterator<std::string>(str_dump_stream, " "));
        return str_dump_stream.str();
    }

private:
    std::vector<std::string> vec_debug_info;
};

typedef struct pxy_conn_ctx
{
    /* per-connection state */
    struct pxy_conn_desc src;
    struct pxy_conn_desc dst;

    /* status flags */
    unsigned int connected : 1;       /* 0 until both ends are connected */
    unsigned int enomem : 1;                       /* 1 if out of memory */
    /* ssl */
    unsigned int sni_peek_retries : 6;       /* max 64 SNI parse retries */
    unsigned int immutable_cert : 1;  /* 1 if the cert cannot be changed */
    unsigned int generated_cert : 1;     /* 1 if we generated a new cert */
    unsigned int passthrough : 1;      /* 1 if SSL passthrough is active */
    /* http */
    unsigned int seen_req_header : 1; /* 0 until request header complete */
    unsigned int seen_resp_header : 1;  /* 0 until response hdr complete */
    unsigned int sent_http_conn_close : 1;   /* 0 until Conn: close sent */
    unsigned int ocsp_denied : 1;                /* 1 if OCSP was denied */
    /* autossl */
    unsigned int clienthello_search : 1;       /* 1 if waiting for hello */
    unsigned int clienthello_found : 1;      /* 1 if conn upgrade to SSL */

    /* server name indicated by client in SNI TLS extension */
    char *sni;

    /* log strings from socket */
    char *srchost_str;
    char *srcport_str;
    char *dsthost_str;
    char *dstport_str;

    /* log strings from HTTP request */
    char *http_method;
    char *http_uri;
    char *http_host;
    char *http_content_type;

    /* log strings from HTTP response */
    char *http_status_code;
    char *http_status_text;
    char *http_content_length;

    /* log strings related to SSL */
    char *ssl_names;
    char *origcrtfpr;
    char *usedcrtfpr;

    /* store fd and fd event while connected is 0 */
    evutil_socket_t fd;
    struct event *ev;

    /* peer fd, used by forge socket */
    evutil_socket_t peer_fd;

    /* original destination address, family and certificate */
    struct sockaddr_storage addr;
    socklen_t addrlen;
    int af;
    X509 *origcrt;

    /* references to event base and configuration */
    struct event_base *evbase;
    struct evdns_base *dnsbase;
    int thridx;
    tfe_thread_manager_ctx *thrmgr;
    proxyspec *spec;

    tfe_config *opts;
    tfe_instance *instance;

    /* Protocol Ctxs*/
    void * protocol_conn_ctx;
    struct pxy_conn_ctx_extend * extend;

    /* SSL CA */
    X509 * cacrt;
    EVP_PKEY * cakey;
    STACK_OF(X509) * chain;

} pxy_conn_ctx_t;

void pxy_conn_setup(evutil_socket_t fd_downstream, evutil_socket_t fd_upstream, struct sockaddr *peeraddr,
    int peeraddrlen, tfe_thread_manager_ctx *thrmgr, proxyspec *spec, tfe_config *opts);

#endif /* !PXYCONN_H */

/* vim: set noet ft=c: */