#pragma once
#include <event2/event.h>
#include <tfe_future.h>
#include <tfe_types.h>



struct ssl_stream;

struct ssl_mgr;

enum ssl_stream_action
{
	SSL_ACTION_PASSTHROUGH,
	SSL_ACTION_INTERCEPT,
	SSL_ACTION_SHUTDOWN
};

typedef enum ssl_stream_action ssl_stream_new_hook(struct ssl_stream *upstream, void* u_para);

struct ssl_mgr * ssl_manager_init(const char * ini_profile, const char * section, struct event_base * ev_base_gc,
	void * logger, ssl_stream_new_hook* hook_func, void* u_para);
void ssl_manager_destroy(struct ssl_mgr * mgr);
unsigned long ssl_stream_log_error(struct bufferevent * bev, enum tfe_conn_dir dir, struct ssl_mgr* mgr);


enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result);
evutil_socket_t ssl_upstream_create_result_release_fd(future_result_t * result);

struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result);
struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * result);
void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, evutil_socket_t fd_upstream,
	evutil_socket_t fd_downstream, unsigned int thread_id);

struct ssl_stream * ssl_downstream_create_result_release_stream(future_result_t * result);
struct bufferevent * ssl_downstream_create_result_release_bev(future_result_t * result);
void ssl_async_downstream_create(struct future * f, struct ssl_mgr * mgr, struct ssl_stream * upstream, 
	evutil_socket_t fd_downstream, int keyring_id, unsigned int thread_id);
void ssl_stream_free_and_close_fd(struct ssl_stream * stream, struct event_base * evbase, evutil_socket_t fd);
const char* ssl_stream_dump_info(struct ssl_stream *stream, char* buffer, size_t sz);
//Follow functions are allowed to call during runtime.
int ssl_manager_add_trust_ca(struct ssl_mgr* mgr, const char* pem_file);
int ssl_manager_del_trust_ca(struct ssl_mgr* mgr, const char* pem_file);
int ssl_manager_add_crl(struct ssl_mgr* mgr, const char* pem_file);
int ssl_manager_del_crl(struct ssl_mgr* mgr, const char* pem_file);
void ssl_manager_reset_trust_ca(struct ssl_mgr* mgr);

enum SSL_STREAM_OPT
{
	SSL_STREAM_OPT_IS_EV_CERT,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_IS_CT_CERT,				//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_IS_MUTUAL_AUTH,			//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_PINNING_STATUS,			//0:FALSE, 1:TRUE.
	SSL_STREAM_OPT_NO_VERIFY_SELF_SIGNED,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_NO_VERIFY_COMMON_NAME,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:1.
	SSL_STREAM_OPT_NO_VERIFY_ISSUER,		//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SSL_STREAM_OPT_NO_VERIFY_EXPIRY_DATE,	//VALUE is an interger, SIZE=sizeof(int). 1:ON, 0:OFF. DEFAULT:0.
	SST_STREAM_OPT_VERIFY_FAIL_ACTION,		//VALUE is an interger, SIZE=sizeof(int). 1:PASSTHROUGH, 0:BLOCK. DEFAULT:1.
	SSL_STREAM_OPT_PROTOCOL_MIN_VERSION,
	SSL_STREAM_OPT_PROTOCOL_MAX_VERSION	
};

//s_stream must be upstream.
int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT  opt_type, int opt_val);
int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT  opt_type, int *opt_val);