/*
 *
 * Copyright 2018 gRPC authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#include <grpc/support/port_platform.h>

#include "src/core/tsi/ssl/session_cache/ssl_session.h"

#ifdef OPENSSL_IS_BORINGSSL

// BoringSSL allows SSL_SESSION to outlive SSL and SSL_CTX objects which are
// re-created by gRPC on every certificate rotation or subchannel creation.
// BoringSSL guarantees that SSL_SESSION is immutable so it's safe to share
// the same original session object between different threads and connections.

namespace tsi {
namespace {

class BoringSslCachedSession : public SslCachedSession {
 public:
  BoringSslCachedSession(SslSessionPtr session)
      : session_(std::move(session)) {}

  SslSessionPtr CopySession() const override {
    // SslSessionPtr will dereference on destruction.
    SSL_SESSION_up_ref(session_.get());
    return SslSessionPtr(session_.get());
  }

 private:
  SslSessionPtr session_;
};

}  // namespace

grpc_core::UniquePtr<SslCachedSession> SslCachedSession::Create(
    SslSessionPtr session) {
  return grpc_core::UniquePtr<SslCachedSession>(
      grpc_core::New<BoringSslCachedSession>(std::move(session)));
}

}  // namespace tsi

#endif /* OPENSSL_IS_BORINGSSL */