// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/ssl/ssl_config_service.h"

#include <tuple>

#include "base/lazy_instance.h"
#include "base/synchronization/lock.h"
#include "net/ssl/ssl_config_service_defaults.h"

namespace net {

SSLConfigService::SSLConfigService()
    : observer_list_(base::ObserverListPolicy::EXISTING_ONLY) {}

// GlobalSSLObject holds a reference to a global SSL object, such as the
// CRLSet. It simply wraps a lock  around a scoped_refptr so that getting a
// reference doesn't race with updating the global object.
template <class T>
class GlobalSSLObject {
 public:
  scoped_refptr<T> Get() const {
    base::AutoLock locked(lock_);
    return ssl_object_;
  }

  bool CompareAndSet(const scoped_refptr<T>& new_ssl_object,
                     const scoped_refptr<T>& old_ssl_object) {
    base::AutoLock locked(lock_);
    if (ssl_object_ != old_ssl_object)
      return false;
    ssl_object_ = new_ssl_object;
    return true;
  }

 private:
  scoped_refptr<T> ssl_object_;
  mutable base::Lock lock_;
};

typedef GlobalSSLObject<CRLSet> GlobalCRLSet;

base::LazyInstance<GlobalCRLSet>::Leaky g_crl_set = LAZY_INSTANCE_INITIALIZER;

// static
void SSLConfigService::SetCRLSetIfNewer(scoped_refptr<CRLSet> crl_set) {
  SetCRLSet(std::move(crl_set), /*if_newer=*/true);
}

// static
void SSLConfigService::SetCRLSetForTesting(scoped_refptr<CRLSet> crl_set) {
  SetCRLSet(std::move(crl_set), /*if_newer=*/false);
}

// static
scoped_refptr<CRLSet> SSLConfigService::GetCRLSet() {
  return g_crl_set.Get().Get();
}

void SSLConfigService::AddObserver(Observer* observer) {
  observer_list_.AddObserver(observer);
}

void SSLConfigService::RemoveObserver(Observer* observer) {
  observer_list_.RemoveObserver(observer);
}

void SSLConfigService::NotifySSLConfigChange() {
  for (auto& observer : observer_list_)
    observer.OnSSLConfigChanged();
}

SSLConfigService::~SSLConfigService() = default;

void SSLConfigService::ProcessConfigUpdate(const SSLConfig& old_config,
                                           const SSLConfig& new_config) {
  bool config_changed =
      std::tie(old_config.rev_checking_enabled,
               old_config.rev_checking_required_local_anchors,
               old_config.sha1_local_anchors_enabled,
               old_config.common_name_fallback_local_anchors_enabled,
               old_config.version_min, old_config.version_max,
               old_config.tls13_variant, old_config.disabled_cipher_suites,
               old_config.channel_id_enabled, old_config.false_start_enabled,
               old_config.require_ecdhe) !=
      std::tie(new_config.rev_checking_enabled,
               new_config.rev_checking_required_local_anchors,
               new_config.sha1_local_anchors_enabled,
               new_config.common_name_fallback_local_anchors_enabled,
               new_config.version_min, new_config.version_max,
               new_config.tls13_variant, new_config.disabled_cipher_suites,
               new_config.channel_id_enabled, new_config.false_start_enabled,
               new_config.require_ecdhe);

  if (config_changed)
    NotifySSLConfigChange();
}

// static
void SSLConfigService::SetCRLSet(scoped_refptr<CRLSet> crl_set, bool if_newer) {
  // Note: this can be called concurently with GetCRLSet().
  while (true) {
    scoped_refptr<CRLSet> old_crl_set(GetCRLSet());
    if (if_newer && old_crl_set && crl_set &&
        old_crl_set->sequence() >= crl_set->sequence()) {
      LOG(WARNING) << "Refusing to downgrade CRL set from #"
                   << old_crl_set->sequence() << " to #" << crl_set->sequence();
      break;
    }
    if (g_crl_set.Get().CompareAndSet(crl_set, old_crl_set))
      break;
  }
}

}  // namespace net