#pragma once

#include "envoy/common/platform.h"

#include "envoy/config/listener/v3/quic_config.pb.h"

#include "envoy/http/codec.h"

#include "source/common/common/assert.h"

#include "source/common/http/header_map_impl.h"

#include "source/common/http/header_utility.h"

#include "source/common/network/address_impl.h"

#include "source/common/network/connection_socket_impl.h"

#include "source/common/quic/quic_io_handle_wrapper.h"

#include "openssl/ssl.h"

#include "quiche/common/http/http_header_block.h"

#include "quiche/quic/core/http/quic_connection_migration_manager.h"

#include "quiche/quic/core/http/quic_header_list.h"

#include "quiche/quic/core/quic_config.h"

#include "quiche/quic/core/quic_error_codes.h"

#include "quiche/quic/core/quic_types.h"

#include "quiche/quic/platform/api/quic_ip_address.h"

#include "quiche/quic/platform/api/quic_socket_address.h"

namespace Envoy {

namespace Quic {

// Changes or additions to details should be reflected in

// docs/root/configuration/http/http_conn_man/response_code_details.rst

class Http3ResponseCodeDetailValues {

public:

  // Invalid HTTP header field was received and stream is going to be

  // closed.

  static constexpr absl::string_view invalid_http_header = "http3.invalid_header_field";

  // The size of headers (or trailers) exceeded the configured limits.

  static constexpr absl::string_view headers_too_large = "http3.headers_too_large";

  // Envoy was configured to drop requests with header keys beginning with underscores.

  static constexpr absl::string_view invalid_underscore = "http3.unexpected_underscore";

  // The peer refused the stream.

  static constexpr absl::string_view remote_refused = "http3.remote_refuse";

  // The peer reset the stream.

  static constexpr absl::string_view remote_reset = "http3.remote_reset";

  // Too many trailers were sent.

  static constexpr absl::string_view too_many_trailers = "http3.too_many_trailers";

  // Too many headers were sent.

  static constexpr absl::string_view too_many_headers = "http3.too_many_headers";

  // The payload size is different from what the content-length header indicated.

  static constexpr absl::string_view inconsistent_content_length =

      "http3.inconsistent_content_length";

};

// TODO(danzh): this is called on each write. Consider to return an address instance on the stack if

// the heap allocation is too expensive.

Network::Address::InstanceConstSharedPtr

quicAddressToEnvoyAddressInstance(const quic::QuicSocketAddress& quic_address);

quic::QuicSocketAddress envoyIpAddressToQuicSocketAddress(const Network::Address::Ip* envoy_ip);

class HeaderValidator {

public:

  virtual void startHeaderBlock() = 0;

  virtual Http::HeaderUtility::HeaderValidationResult

  validateHeader(absl::string_view name, absl::string_view header_value) = 0;

  // Returns true if all required pseudo-headers and no extra pseudo-headers are

  // present for the given header type.

  virtual bool finishHeaderBlock(bool is_trailing_headers) = 0;

};

// The returned header map has all keys in lower case.

template <class T>

std::unique_ptr<T>

quicHeadersToEnvoyHeaders(const quic::QuicHeaderList& header_list, HeaderValidator& validator,

                          uint32_t max_headers_kb, uint32_t max_headers_allowed,

      // The validator sets the details to Http3ResponseCodeDetailValues::invalid_underscore

        // TODO(danzh): Avoid copy by referencing entry as header_list is already validated by QUIC.

        // QUICHE breaks "cookie" header into crumbs. Coalesce them by appending current one to

        // existing one if there is any.

template <class T>

std::unique_ptr<T>

http2HeaderBlockToEnvoyTrailers(const quiche::HttpHeaderBlock& header_block,

                                uint32_t max_headers_kb, uint32_t max_headers_allowed,

                                HeaderValidator& validator, absl::string_view& details,

    // TODO(danzh): Avoid temporary strings and addCopy() with string_view.

    // QUICHE coalesces multiple trailer values with the same key with '\0'.

quiche::HttpHeaderBlock envoyHeadersToHttp2HeaderBlock(const Http::HeaderMap& headers);

// Called when Envoy wants to reset the underlying QUIC stream.

quic::QuicRstStreamErrorCode envoyResetReasonToQuicRstError(Http::StreamResetReason reason);

// Called when a RST_STREAM frame is received.

Http::StreamResetReason quicRstErrorToEnvoyLocalResetReason(quic::QuicRstStreamErrorCode rst_err);

// Called when a QUIC stack reset the stream.

Http::StreamResetReason quicRstErrorToEnvoyRemoteResetReason(quic::QuicRstStreamErrorCode rst_err);

// Called when underlying QUIC connection is closed locally.

Http::StreamResetReason quicErrorCodeToEnvoyLocalResetReason(quic::QuicErrorCode error,

                                                             bool connected);

// Called when underlying QUIC connection is closed by peer.

Http::StreamResetReason quicErrorCodeToEnvoyRemoteResetReason(quic::QuicErrorCode error);

// Create a connection socket instance on the given network and apply given socket options to the

// socket. IP_PKTINFO and SO_RXQ_OVFL is always set if supported.

// If the local_addr is not null, bind the socket to it.

// Otherwise if the given network is valid, bind to it using the given

// custom_bind_func. This is used on Android platforms which have a unique id

// for each network and has API to bind a socket to a specific handle.

// Otherwise the platform will automatically pick a network interface.

Network::ConnectionSocketPtr createConnectionSocket(

    const Network::Address::InstanceConstSharedPtr& peer_addr,

    Network::Address::InstanceConstSharedPtr& local_addr,

    const Network::ConnectionSocket::OptionsSharedPtr& options,

    quic::QuicNetworkHandle network = quic::kInvalidNetworkHandle,

    std::function<void(Network::ConnectionSocket&, quic::QuicNetworkHandle)> custom_bind_func =

        nullptr);

// Convert a cert in string form to X509 object.

// Return nullptr if the bytes passed cannot be passed.

bssl::UniquePtr<X509> parseDERCertificate(const std::string& der_bytes, std::string* error_details);

// Deduce the suitable signature algorithm according to the public key.

// Return the sign algorithm id works with the public key; If the public key is

// not supported, return 0 with error_details populated correspondingly.

int deduceSignatureAlgorithmFromPublicKey(const EVP_PKEY* public_key, std::string* error_details);

// Return a connection socket which read and write via io_handle, but doesn't close it when the

// socket gets closed nor set options on the socket.

Network::ConnectionSocketPtr

createServerConnectionSocket(Network::IoHandle& io_handle,

                             const quic::QuicSocketAddress& self_address,

                             const quic::QuicSocketAddress& peer_address,

                             const std::string& hostname, absl::string_view alpn);

// Alter QuicConfig based on all the options in the supplied config.

void convertQuicConfig(const envoy::config::core::v3::QuicProtocolOptions& config,

                       quic::QuicConfig& quic_config);

// Set initial flow control windows in quic_config according to the given Envoy config.

void configQuicInitialFlowControlWindow(const envoy::config::core::v3::QuicProtocolOptions& config,

                                        quic::QuicConfig& quic_config);

// Extract the two ECN bits from the TOS byte in the IP header.

quic::QuicEcnCodepoint getQuicEcnCodepointFromTosByte(uint8_t tos_byte);

// Register TLS certificate compression algorithms (RFC 8879) for QUIC.

void registerCertCompression(SSL_CTX* ssl_ctx);

} // namespace Quic

} // namespace Envoy