use crate::client::ServerName;
use crate::key;
use crate::msgs::base::{PayloadU16, PayloadU8};
use crate::msgs::codec::{Codec, Reader};
use crate::msgs::enums::{CipherSuite, ProtocolVersion};
use crate::msgs::handshake::CertificatePayload;
use crate::msgs::handshake::SessionID;
use crate::suites::SupportedCipherSuite;
use crate::ticketer::TimeBase;
#[cfg(feature = "tls12")]
use crate::tls12::Tls12CipherSuite;
use crate::tls13::Tls13CipherSuite;

use std::cmp;
#[cfg(feature = "tls12")]
use std::mem;

// These are the keys and values we store in session storage.

// --- Client types ---
/// Keys for session resumption and tickets.
/// Matching value is a `ClientSessionValue`.
#[derive(Debug)]
pub struct ClientSessionKey {
    kind: &'static [u8],
    name: Vec<u8>,
}

impl Codec for ClientSessionKey {
    fn encode(&self, bytes: &mut Vec<u8>) {
        bytes.extend_from_slice(self.kind);
        bytes.extend_from_slice(&self.name);
    }

    // Don't need to read these.
    fn read(_r: &mut Reader) -> Option<Self> {
        None
    }
}

impl ClientSessionKey {
    pub fn session_for_server_name(server_name: &ServerName) -> Self {
        Self {
            kind: b"session",
            name: server_name.encode(),
        }
    }

    pub fn hint_for_server_name(server_name: &ServerName) -> Self {
        Self {
            kind: b"kx-hint",
            name: server_name.encode(),
        }
    }
}

#[derive(Debug)]
pub enum ClientSessionValue {
    Tls13(Tls13ClientSessionValue),
    #[cfg(feature = "tls12")]
    Tls12(Tls12ClientSessionValue),
}

impl ClientSessionValue {
    pub fn read(
        reader: &mut Reader<'_>,
        suite: CipherSuite,
        supported: &[SupportedCipherSuite],
    ) -> Option<Self> {
        match supported
            .iter()
            .find(|s| s.suite() == suite)?
        {
            SupportedCipherSuite::Tls13(inner) => {
                Tls13ClientSessionValue::read(inner, reader).map(ClientSessionValue::Tls13)
            }
            #[cfg(feature = "tls12")]
            SupportedCipherSuite::Tls12(inner) => {
                Tls12ClientSessionValue::read(inner, reader).map(ClientSessionValue::Tls12)
            }
        }
    }

    fn common(&self) -> &ClientSessionCommon {
        match self {
            ClientSessionValue::Tls13(inner) => &inner.common,
            #[cfg(feature = "tls12")]
            ClientSessionValue::Tls12(inner) => &inner.common,
        }
    }
}

impl From<Tls13ClientSessionValue> for ClientSessionValue {
    fn from(v: Tls13ClientSessionValue) -> Self {
        Self::Tls13(v)
    }
}

#[cfg(feature = "tls12")]
impl From<Tls12ClientSessionValue> for ClientSessionValue {
    fn from(v: Tls12ClientSessionValue) -> Self {
        Self::Tls12(v)
    }
}

pub struct Retrieved<T> {
    pub value: T,
    retrieved_at: TimeBase,
}

impl<T> Retrieved<T> {
    pub fn new(value: T, retrieved_at: TimeBase) -> Self {
        Self {
            value,
            retrieved_at,
        }
    }
}

impl Retrieved<&Tls13ClientSessionValue> {
    pub fn obfuscated_ticket_age(&self) -> u32 {
        let age_secs = self
            .retrieved_at
            .as_secs()
            .saturating_sub(self.value.common.epoch);
        let age_millis = age_secs as u32 * 1000;
        age_millis.wrapping_add(self.value.age_add)
    }
}

impl Retrieved<ClientSessionValue> {
    pub fn tls13(&self) -> Option<Retrieved<&Tls13ClientSessionValue>> {
        match &self.value {
            ClientSessionValue::Tls13(value) => Some(Retrieved::new(value, self.retrieved_at)),
            #[cfg(feature = "tls12")]
            ClientSessionValue::Tls12(_) => None,
        }
    }

    pub fn has_expired(&self) -> bool {
        let common = self.value.common();
        common.lifetime_secs != 0
            && common.epoch + u64::from(common.lifetime_secs) < self.retrieved_at.as_secs()
    }
}

impl<T> std::ops::Deref for Retrieved<T> {
    type Target = T;

    fn deref(&self) -> &Self::Target {
        &self.value
    }
}

#[derive(Debug)]
pub struct Tls13ClientSessionValue {
    suite: &'static Tls13CipherSuite,
    age_add: u32,
    max_early_data_size: u32,
    pub common: ClientSessionCommon,
}

impl Tls13ClientSessionValue {
    pub fn new(
        suite: &'static Tls13CipherSuite,
        ticket: Vec<u8>,
        secret: Vec<u8>,
        server_cert_chain: Vec<key::Certificate>,
        time_now: TimeBase,
        lifetime_secs: u32,
        age_add: u32,
        max_early_data_size: u32,
    ) -> Self {
        Self {
            suite,
            age_add,
            max_early_data_size,
            common: ClientSessionCommon::new(
                ticket,
                secret,
                time_now,
                lifetime_secs,
                server_cert_chain,
            ),
        }
    }

    /// [`Codec::read()`] with an extra `suite` argument.
    ///
    /// We decode the `suite` argument separately because it allows us to
    /// decide whether we're decoding an 1.2 or 1.3 session value.
    pub fn read(suite: &'static Tls13CipherSuite, r: &mut Reader) -> Option<Self> {
        Some(Self {
            suite,
            age_add: u32::read(r)?,
            max_early_data_size: u32::read(r)?,
            common: ClientSessionCommon::read(r)?,
        })
    }

    /// Inherent implementation of the [`Codec::get_encoding()`] method.
    ///
    /// (See `read()` for why this is inherent here.)
    pub fn get_encoding(&self) -> Vec<u8> {
        let mut bytes = Vec::with_capacity(16);
        self.suite
            .common
            .suite
            .encode(&mut bytes);
        self.age_add.encode(&mut bytes);
        self.max_early_data_size
            .encode(&mut bytes);
        self.common.encode(&mut bytes);
        bytes
    }

    pub fn max_early_data_size(&self) -> u32 {
        self.max_early_data_size
    }

    pub fn suite(&self) -> &'static Tls13CipherSuite {
        self.suite
    }
}

impl std::ops::Deref for Tls13ClientSessionValue {
    type Target = ClientSessionCommon;

    fn deref(&self) -> &Self::Target {
        &self.common
    }
}

#[cfg(feature = "tls12")]
#[derive(Debug)]
pub struct Tls12ClientSessionValue {
    suite: &'static Tls12CipherSuite,
    pub session_id: SessionID,
    extended_ms: bool,
    pub common: ClientSessionCommon,
}

#[cfg(feature = "tls12")]
impl Tls12ClientSessionValue {
    pub fn new(
        suite: &'static Tls12CipherSuite,
        session_id: SessionID,
        ticket: Vec<u8>,
        master_secret: Vec<u8>,
        server_cert_chain: Vec<key::Certificate>,
        time_now: TimeBase,
        lifetime_secs: u32,
        extended_ms: bool,
    ) -> Self {
        Self {
            suite,
            session_id,
            extended_ms,
            common: ClientSessionCommon::new(
                ticket,
                master_secret,
                time_now,
                lifetime_secs,
                server_cert_chain,
            ),
        }
    }

    /// [`Codec::read()`] with an extra `suite` argument.
    ///
    /// We decode the `suite` argument separately because it allows us to
    /// decide whether we're decoding an 1.2 or 1.3 session value.
    fn read(suite: &'static Tls12CipherSuite, r: &mut Reader) -> Option<Self> {
        Some(Self {
            suite,
            session_id: SessionID::read(r)?,
            extended_ms: u8::read(r)? == 1,
            common: ClientSessionCommon::read(r)?,
        })
    }

    /// Inherent implementation of the [`Codec::get_encoding()`] method.
    ///
    /// (See `read()` for why this is inherent here.)
    pub fn get_encoding(&self) -> Vec<u8> {
        let mut bytes = Vec::with_capacity(16);
        self.suite
            .common
            .suite
            .encode(&mut bytes);
        self.session_id.encode(&mut bytes);
        (if self.extended_ms { 1u8 } else { 0u8 }).encode(&mut bytes);
        self.common.encode(&mut bytes);
        bytes
    }

    pub fn take_ticket(&mut self) -> Vec<u8> {
        mem::take(&mut self.common.ticket.0)
    }

    pub fn extended_ms(&self) -> bool {
        self.extended_ms
    }

    pub fn suite(&self) -> &'static Tls12CipherSuite {
        self.suite
    }
}

#[cfg(feature = "tls12")]
impl std::ops::Deref for Tls12ClientSessionValue {
    type Target = ClientSessionCommon;

    fn deref(&self) -> &Self::Target {
        &self.common
    }
}

#[derive(Debug)]
pub struct ClientSessionCommon {
    ticket: PayloadU16,
    secret: PayloadU8,
    epoch: u64,
    lifetime_secs: u32,
    server_cert_chain: CertificatePayload,
}

impl ClientSessionCommon {
    fn new(
        ticket: Vec<u8>,
        secret: Vec<u8>,
        time_now: TimeBase,
        lifetime_secs: u32,
        server_cert_chain: Vec<key::Certificate>,
    ) -> Self {
        Self {
            ticket: PayloadU16(ticket),
            secret: PayloadU8(secret),
            epoch: time_now.as_secs(),
            lifetime_secs: cmp::min(lifetime_secs, MAX_TICKET_LIFETIME),
            server_cert_chain,
        }
    }

    /// [`Codec::read()`] is inherent here to avoid leaking the [`Codec`]
    /// implementation through [`Deref`] implementations on
    /// [`Tls12ClientSessionValue`] and [`Tls13ClientSessionValue`].
    fn read(r: &mut Reader) -> Option<Self> {
        Some(Self {
            ticket: PayloadU16::read(r)?,
            secret: PayloadU8::read(r)?,
            epoch: u64::read(r)?,
            lifetime_secs: u32::read(r)?,
            server_cert_chain: CertificatePayload::read(r)?,
        })
    }

    /// [`Codec::encode()`] is inherent here to avoid leaking the [`Codec`]
    /// implementation through [`Deref`] implementations on
    /// [`Tls12ClientSessionValue`] and [`Tls13ClientSessionValue`].
    fn encode(&self, bytes: &mut Vec<u8>) {
        self.ticket.encode(bytes);
        self.secret.encode(bytes);
        self.epoch.encode(bytes);
        self.lifetime_secs.encode(bytes);
        self.server_cert_chain.encode(bytes);
    }

    pub fn server_cert_chain(&self) -> &[key::Certificate] {
        self.server_cert_chain.as_ref()
    }

    pub fn secret(&self) -> &[u8] {
        self.secret.0.as_ref()
    }

    pub fn ticket(&self) -> &[u8] {
        self.ticket.0.as_ref()
    }

    /// Test only: wind back epoch by delta seconds.
    pub fn rewind_epoch(&mut self, delta: u32) {
        self.epoch -= delta as u64;
    }
}

static MAX_TICKET_LIFETIME: u32 = 7 * 24 * 60 * 60;

/// This is the maximum allowed skew between server and client clocks, over
/// the maximum ticket lifetime period.  This encompasses TCP retransmission
/// times in case packet loss occurs when the client sends the ClientHello
/// or receives the NewSessionTicket, _and_ actual clock skew over this period.
static MAX_FRESHNESS_SKEW_MS: u32 = 60 * 1000;

// --- Server types ---
pub type ServerSessionKey = SessionID;

#[derive(Debug)]
pub struct ServerSessionValue {
    pub sni: Option<webpki::DnsName>,
    pub version: ProtocolVersion,
    pub cipher_suite: CipherSuite,
    pub master_secret: PayloadU8,
    pub extended_ms: bool,
    pub client_cert_chain: Option<CertificatePayload>,
    pub alpn: Option<PayloadU8>,
    pub application_data: PayloadU16,
    pub creation_time_sec: u64,
    pub age_obfuscation_offset: u32,
    freshness: Option<bool>,
}

impl Codec for ServerSessionValue {
    fn encode(&self, bytes: &mut Vec<u8>) {
        if let Some(ref sni) = self.sni {
            1u8.encode(bytes);
            let sni_bytes: &str = sni.as_ref().into();
            PayloadU8::new(Vec::from(sni_bytes)).encode(bytes);
        } else {
            0u8.encode(bytes);
        }
        self.version.encode(bytes);
        self.cipher_suite.encode(bytes);
        self.master_secret.encode(bytes);
        (if self.extended_ms { 1u8 } else { 0u8 }).encode(bytes);
        if let Some(ref chain) = self.client_cert_chain {
            1u8.encode(bytes);
            chain.encode(bytes);
        } else {
            0u8.encode(bytes);
        }
        if let Some(ref alpn) = self.alpn {
            1u8.encode(bytes);
            alpn.encode(bytes);
        } else {
            0u8.encode(bytes);
        }
        self.application_data.encode(bytes);
        self.creation_time_sec.encode(bytes);
        self.age_obfuscation_offset
            .encode(bytes);
    }

    fn read(r: &mut Reader) -> Option<Self> {
        let has_sni = u8::read(r)?;
        let sni = if has_sni == 1 {
            let dns_name = PayloadU8::read(r)?;
            let dns_name = webpki::DnsNameRef::try_from_ascii(&dns_name.0).ok()?;
            Some(dns_name.into())
        } else {
            None
        };
        let v = ProtocolVersion::read(r)?;
        let cs = CipherSuite::read(r)?;
        let ms = PayloadU8::read(r)?;
        let ems = u8::read(r)?;
        let has_ccert = u8::read(r)? == 1;
        let ccert = if has_ccert {
            Some(CertificatePayload::read(r)?)
        } else {
            None
        };
        let has_alpn = u8::read(r)? == 1;
        let alpn = if has_alpn {
            Some(PayloadU8::read(r)?)
        } else {
            None
        };
        let application_data = PayloadU16::read(r)?;
        let creation_time_sec = u64::read(r)?;
        let age_obfuscation_offset = u32::read(r)?;

        Some(Self {
            sni,
            version: v,
            cipher_suite: cs,
            master_secret: ms,
            extended_ms: ems == 1u8,
            client_cert_chain: ccert,
            alpn,
            application_data,
            creation_time_sec,
            age_obfuscation_offset,
            freshness: None,
        })
    }
}

impl ServerSessionValue {
    pub fn new(
        sni: Option<&webpki::DnsName>,
        v: ProtocolVersion,
        cs: CipherSuite,
        ms: Vec<u8>,
        client_cert_chain: Option<CertificatePayload>,
        alpn: Option<Vec<u8>>,
        application_data: Vec<u8>,
        creation_time: TimeBase,
        age_obfuscation_offset: u32,
    ) -> Self {
        Self {
            sni: sni.cloned(),
            version: v,
            cipher_suite: cs,
            master_secret: PayloadU8::new(ms),
            extended_ms: false,
            client_cert_chain,
            alpn: alpn.map(PayloadU8::new),
            application_data: PayloadU16::new(application_data),
            creation_time_sec: creation_time.as_secs(),
            age_obfuscation_offset,
            freshness: None,
        }
    }

    pub fn set_extended_ms_used(&mut self) {
        self.extended_ms = true;
    }

    pub fn set_freshness(mut self, obfuscated_client_age_ms: u32, time_now: TimeBase) -> Self {
        let client_age_ms = obfuscated_client_age_ms.wrapping_sub(self.age_obfuscation_offset);
        let server_age_ms = (time_now
            .as_secs()
            .saturating_sub(self.creation_time_sec) as u32)
            .saturating_mul(1000);

        let age_difference = if client_age_ms < server_age_ms {
            server_age_ms - client_age_ms
        } else {
            client_age_ms - server_age_ms
        };

        self.freshness = Some(age_difference <= MAX_FRESHNESS_SKEW_MS);
        self
    }

    pub fn is_fresh(&self) -> bool {
        self.freshness.unwrap_or_default()
    }
}