/* This file is part of the KDE project
 *
 * Copyright (C) 2000-2003 George Staikos <staikos@kde.org>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public License
 * along with this library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 * Boston, MA 02110-1301, USA.
 */

#ifndef _KSSL_H
#define _KSSL_H

#include <ksslsettings.h>
#include <ksslpeerinfo.h>
#include <ksslconnectioninfo.h>

class KSSLPrivate;
class KSSLCertificate;
class KSSLPKCS12;
class KSSLSession;

/**
 * KDE SSL Wrapper Class
 *
 * This class implements KDE's SSL support by wrapping OpenSSL.
 *
 * @author George Staikos <staikos@kde.org>
 * @see KExtendedSocket, TCPSlaveBase
 * @short KDE SSL Class
 */
class TDEIO_EXPORT KSSL {
public:
	/**
	 *  Construct a KSSL object
	 *
	 *  @param init Set this to false if you do not want this class to
	 *         immediately initialize OpenSSL.
	 */
	KSSL(bool init = true);

	/**
	 *  Destroy this KSSL object
	 *
	 *  Does not close any socket.
	 */
	~KSSL();

	/**
	 *  Determine if SSL is available and works.
	 *
	 *  @return true is SSL is available and usable
	 */
	static bool doesSSLWork();

	/**
	 *  Initialize OpenSSL.
	 *
	 *  @return true on success
	 *
	 *  This will do nothing if it is already initialized.
	 *  @see reInitialize
	 */
	bool initialize();

	/**
	 *  This is used for applicationss which do STARTTLS or something
	 *  similar. It creates a TLS method regardless of the user's settings.
	 *
	 *  @return true if TLS is successfully initialized
	 */
	bool TLSInit();

	/**
	 *  Set an SSL session to use.  This takes the session from the original
	 *  KSSL object, so it is in fact a session move operation.
	 *
	 *  @param session A valid session to reuse.  If 0L, it will clear the
	 *                 session ID in memory.
	 *
	 *  @return true on success
	 */
	bool takeSession(KSSLSession *session);

	/**
	 *  Close the SSL session.
	 */
	void close();

	/**
	 *  Reinitialize OpenSSL.
	 *
	 *  @return true on success
	 *
	 *  This is not generally needed unless you are reusing the KSSL object
	 *  for a new session.
	 *  @see initialize
	 */
	bool reInitialize();

	/**
	 *  Trigger a reread of KSSL configuration and reInitialize() KSSL.
	 *
	 *  @return true on successful reinitalizations
	 *
	 *  If you setAutoReconfig() to false, then this will simply
	 * reInitialize() and not read in the new configuration.
	 *  @see setAutoReconfig
	 */
	bool reconfig();

	/**
	 *  Enable or disable automatic reconfiguration on initialize().
	 *
	 *  @param ar Set to false in order to disable auto-reloading of the
	 *         KSSL configuration during initialize().
	 *
	 *  By default, KSSL will read its configuration on initialize().  You
	 *  might want to disable this for performance reasons.
	 */
	void setAutoReconfig(bool ar);

	/**
	 *  This will reseed the pseudo-random number generator with the EGD
	 *  (entropy gathering daemon) if the EGD is configured and enabled.
	 *  You don't need to call this yourself normally.
	 *
	 *  @return 0 on success
	 */
	int seedWithEGD();

	/**
	 *  Set a new KSSLSettings instance as the settings. This deletes the
	 *  current instance of KSSLSettings.
	 *
	 *  @param settings A new, valid settings object.
	 *
	 *  @return true on success
	 */
	bool setSettings(KSSLSettings *settings);

	/**
	 *  One is built by the constructor, so this will only return a NULL
	 *  pointer if you set one with setSettings().
	 *
	 *  @return the current settings instance
	 */
	KSSLSettings * settings() { return m_cfg; }

	/**
	 *  Use this to set the certificate to send to the server.
	 *  Do NOT delete the KSSLPKCS12 object until you are done with the
	 *  session. It is not defined when KSSL will be done with this.
	 *
	 *  @param pkcs the valid PKCS#12 object to send.
	 *
	 *  @return true if the certificate was properly set to the session.
	 */
	bool setClientCertificate(KSSLPKCS12 *pkcs);

	/**
	 *  Set the status of the connection with respect to proxies.
	 *
	 *  @param active is not used
	 *  @param realIP is the IP address of the host you're connecting to
	 *  @param realPort is the port of the host you're connecting to
	 *  @param proxy is the IP or hostname of the proxy server
	 *  @deprecated
	 */
	void setProxyUse(bool active, TQString realIP = TQString::null, int realPort = 0, TQString proxy = TQString::null) KDE_DEPRECATED;

	/**
	 *  Set the peer hostname to be used for certificate verification.
	 *
	 *  @param realHost the remote hostname as the user believes to be
	 *         connecting to
	 */
	void setPeerHost(TQString realHost = TQString::null);

	/**
	 *  Connect the SSL session to the remote host using the provided
	 *  socket descriptor.
	 *
	 *  @param sock the socket descriptor to connect with.  This must be
	 *         an already connected socket.
	 *  @return 1 on success, 0 on error setting the file descriptor,
	 *          -1 on other error.
	 */
	int connect(int sock);

	/**
	 *  Connect the SSL session to the remote host using the provided
	 *  socket descriptor.  This is for use with an SSL server application.
	 *
	 *  @param sock the socket descriptor to connect with.  This must be
	 *         an already connected socket.
	 *  @return 1 on success, 0 on error setting the file descriptor,
	 *          -1 on other error.
	 */
	int accept(int sock);

	/**
	 *  Read data from the remote host via SSL.
	 *
	 *  @param buf the buffer to read the data into.
	 *  @param len the maximum length of data to read.
	 *  @return the number of bytes read, 0 on an exception, or -1 on error.
	 */
	int read(void *buf, int len);

	/**
	 *  Peek at available data from the remote host via SSL.
	 *
	 *  @param buf the buffer to read the data into.
	 *  @param len the maximum length of data to read.
	 *  @return the number of bytes read, 0 on an exception, or -1 on error.
	 */
	int peek(void *buf, int len);

	/**
	 *  Write data to the remote host via SSL.
	 *
	 *  @param buf the buffer to read the data from.
	 *  @param len the length of data to send from the buffer.
	 *  @return the number of bytes written, 0 on an exception,
	 *          or -1 on error.
	 */
	int write(const void *buf, int len);

	/**
	 *  Determine if data is waiting to be read.
	 *
	 *  @return -1 on error, 0 if no data is waiting, > 0 if data is waiting.
	 */
	int pending();

	/**
	 *  Obtain a reference to the connection information.
	 *
	 *  @return a reference to the connection information,
	 *          valid after connected
	 *  @see KSSLConnectionInfo
	 */
	KSSLConnectionInfo& connectionInfo();

	/**
	 *  Obtain a reference to the information about the peer.
	 *
	 *  @return a reference to the peer information,
	 *          valid after connected
	 *  @see KSSLPeerInfo
	 */
	KSSLPeerInfo& peerInfo();

	/**
	 *  Obtain a pointer to the session information.
	 *
	 *  @return a pointer to the session information.
	 *          This is valid after connected, while connected.
	 *          It is deleted by the KSSL object which returns it.
	 *          May return 0L if no valid session exists.
	 *  @see KSSLSession
	 */
	const KSSLSession* session() const;

	/**
	 *  Determine if we are currently reusing an SSL session ID.
	 *
	 *  @return true if we are reusing a session ID.
	 */
	bool reusingSession() const;

private:
	static bool m_bSSLWorks;
	bool m_bInit;
	bool m_bAutoReconfig;
	KSSLSettings *m_cfg;
	KSSLConnectionInfo m_ci;
	KSSLPeerInfo m_pi;

	KSSLPrivate *d;

	void setConnectionInfo();
	void setPeerInfo();
	bool setVerificationLogic();
};


#endif