/*
 *
 * Copyright 2018 gRPC authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#ifndef GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H
#define GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H

#include <grpc/support/port_platform.h>

#include "src/core/tsi/grpc_shadow_boringssl.h"

#include <grpc/slice.h>

extern "C" {
#include <openssl/ssl.h>
}

#include "src/core/lib/gprpp/ref_counted.h"

// The main purpose of code here is to provide means to cache SSL sessions
// in a way that they can be shared between connections.
//
// SSL_SESSION stands for single instance of session and is not generally safe
// to share between SSL contexts with different lifetimes. It happens because
// not all SSL implementations guarantee immutability of SSL_SESSION object.
// See SSL_SESSION documentation in BoringSSL and OpenSSL for more details.

namespace tsi {

struct SslSessionDeleter {
  void operator()(SSL_SESSION* session) { SSL_SESSION_free(session); }
};

typedef std::unique_ptr<SSL_SESSION, SslSessionDeleter> SslSessionPtr;

/// SslCachedSession is an immutable thread-safe storage for single session
/// representation. It provides means to share SSL session data (e.g. TLS
/// ticket) between encrypted connections regardless of SSL context lifetime.
class SslCachedSession {
 public:
  // Not copyable nor movable.
  SslCachedSession(const SslCachedSession&) = delete;
  SslCachedSession& operator=(const SslCachedSession&) = delete;

  /// Create single cached instance of \a session.
  static grpc_core::UniquePtr<SslCachedSession> Create(SslSessionPtr session);

  virtual ~SslCachedSession() = default;

  /// Returns a copy of previously cached session.
  virtual SslSessionPtr CopySession() const GRPC_ABSTRACT;

  GRPC_ABSTRACT_BASE_CLASS

 protected:
  SslCachedSession() = default;
};

}  // namespace tsi

#endif /* GRPC_CORE_TSI_SSL_SESSION_CACHE_SSL_SESSION_H */