/*
 * Copyright (c) 2016-2020 Belledonne Communications SARL.
 *
 * This file is part of bctoolbox.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

#ifndef BCTBX_VFS_ENCRYPTED_HH
#define BCTBX_VFS_ENCRYPTED_HH

#include "bctoolbox/vfs.h"
#include "bctoolbox/exception.hh"
#include <functional>
#include <vector>
#include <memory>
#include "bctoolbox/port.h"

namespace bctoolbox {

/**
 * @brief This dedicated exception inherits \ref BctoolboxException.
 *
 */
class EvfsException : public BctbxException {
public:
	EvfsException() = default;
	EvfsException(const std::string &message): BctbxException(message) {}
	EvfsException(const char *message): BctbxException(message) {}
	virtual ~EvfsException() throw() {}
	EvfsException(const EvfsException &other): BctbxException(other) {}

	template <typename T> EvfsException &operator<<(const T &val) {
		BctbxException::operator<<(val);
		return *this;
	}
};

#define EVFS_EXCEPTION EvfsException() << " " << __FILE__ << ":" << __LINE__ << " "


/**
 * Virtual File sytem provided
 */
extern BCTBX_PUBLIC bctbx_vfs_t bcEncryptedVfs;


/**
 * Provided encryption suites
 */
enum class EncryptionSuite : uint16_t {
	unset = 0,/**< no encryption suite selected */
	dummy = 1, /**< a test suite, do not use other than for test */
	aes256gcm128_sha256 = 2, /**< This module encrypts blocks with AES256GCM and authenticate header using HMAC-sha256 */
	plain = 0xFFFF /**< no encryption activated, direct use of standard file system API */
};

/**
 * Helper function returning a string holding the suite name
 * @param[in]	suite	the encryption suite as a c++ enum
 * @return the suite name in a readable string
 */
const std::string encryptionSuiteString(const EncryptionSuite suite) noexcept;

/* complete declaration follows, we need this one to define the callback type */
class VfsEncryption;

/**
 * Define a function prototype to be called at each file opening.
 * This function is a static class property, used to retrieve secretMaterial to encrypt/decrypt the file
 */
using EncryptedVfsOpenCb = std::function<void(VfsEncryption &settings)>;

// forward declare this type, store all the encryption data and functions
class VfsEncryptionModule;

/** Store in the bctbx_vfs_file_t userData field an object specific to encryption */
class VfsEncryption {
	/* Class properties and method */
	private:
		static EncryptedVfsOpenCb s_openCallback; /**< a class callback to get secret material at file opening. Implemented as static as it is called by constructor */
	public:
		/**
		 * at file opening a callback ask for crypto material, it is class property, set it using this class method
		 */
		static void openCallbackSet(EncryptedVfsOpenCb cb) noexcept;
		static EncryptedVfsOpenCb openCallbackGet() noexcept;

	/* Object properties and methods */
	private:
		uint16_t mVersionNumber; /**< version number of the encryption vfs */
		size_t mChunkSize; /**< size of the file chunks payload in bytes : default is 4kB */
		size_t rawChunkSizeGet() const noexcept; /** return the size of a chunk including its encryption header, as stored in the raw file */
		std::shared_ptr<VfsEncryptionModule> m_module; /**< one of the available encryption module : if nullptr, assume we deal with regular plain file */
		size_t mHeaderExtensionSize; /**< header extension size */
		const std::string mFilename; /**< the filename as given to the open function */
		uint64_t mFileSize; /**< size of the plaintext file */

		uint64_t rawFileSizeGet() const noexcept; /**< return the size of the raw file */
		uint32_t getChunkIndex(uint64_t offset) const noexcept; /**< return the chunk index where to find the given offset */
		size_t getChunkOffset(uint32_t index) const noexcept; /**< return the offset in the actual file of the begining of the chunk */
		std::vector<uint8_t> r_header; /**< a cache of the header - without the encryption module data */
		/** flags use to communicate during differents functions involved at file opening **/
		bool mEncryptExistingPlainFile; /**< when opening a plain file, if the callback set an encryption suite and key material : migrate the file */
		bool mIntegrityFullCheck; /**< if the file size given in the header metadata is incorrect, full check the file integrity and revrite header */
		int mAccessMode; /**< the flags used to open the file, filtered on the access mode */

		/**
		 * Parse the header of an encrypted file, check everything seems correct
		 * may perform integrity checking if the encryption module provides it
		 *
		 * @throw a EvfsException if something goes wrong
		 */
		void parseHeader();
		/**
		 * Write the encrypted file header to the actual file
		 * Create the needed structures if the file is actually empty
		 * @param[in] fp	if a file pointer is given write to this one, otherwise use the pFileStp property
		 *
		 * @throw a EvfsException if something goes wrong
		 **/
		void writeHeader(bctbx_vfs_file_t *fp=nullptr);

	public:
		bctbx_vfs_file_t *pFileStd; /**< The encrypted vfs encapsulate a standard one */

		VfsEncryption(bctbx_vfs_file_t *stdFp, const std::string &filename, int openFlags, int accessMode);
		~VfsEncryption();


		/***
		 * Plain version of the file related accessors
		 ***/
		/**
		 * @return the size of the plain text file
		 */
		int64_t fileSizeGet() const noexcept;

		/* Read from file at given offset the requested size */
		std::vector<uint8_t> read(size_t offset, size_t count) const;

		/* write to file at given offset the requested size */
		size_t write(const std::vector<uint8_t> &plainData, size_t offset);

		/* Truncate the file to the given size, if given size is greater than current, pad with 0 */
		void truncate(const uint64_t size);

		/**
		 *  Get the filename
		 *  @return a string with the filename as given to the open function
		 */
		std::string filenameGet() const noexcept;



		/***
		 * Encryption related API
		 ***/
		/**
		 * Set an encryption suite.
		 * When called at file creation, select the module to use for this file
		 * When called at the opening of an existing file, check it is the suite used at file creation, throw an exception if they differs
		 */
		void encryptionSuiteSet(const EncryptionSuite);

		/**
		 * Set the secret Material in the encryption module
		 * This function cannot be called if a encryption suite was not set.
		 */
		void secretMaterialSet(const std::vector<uint8_t> &secretMaterial);

		/**
		 * Returns the encryption suite used for this file
		 * Can be return unset if the file is being created
		 */
		EncryptionSuite encryptionSuiteGet() const noexcept;

		/**
		 * Returns the size of chunks in which the file is divided for encryption
		 */
		size_t chunkSizeGet() const noexcept;
		/**
		 * Set the size, in bytes, of chunks in which the file is divided for encryption
		 * This size must be a multiple of 16, accepted values in range [16, (2^16-1)*16].
		 * If the size is set on an existing file and differs from previous setting, an exception is generated
		 * Default chunk size at file creation is 4kB.
		 * A file holds a maximum of 2^32-1 chunks. 16 bytes chunks - not recommended smallest admissible value - limit the file size to 64GB
		 */
		void chunkSizeSet(const size_t size);

		/**
		 * Get raw header: encryption module might check integrity on header
		 * This function returns the raw header, without the encryption module part
		 */
		const std::vector<uint8_t>& rawHeaderGet() const noexcept;


};


} // namespace bctoolbox
#endif /* BCTBX_VFS_STANDARD_HH */