/* Web Polygraph       http://www.web-polygraph.org/
 * (C) 2003-2006 The Measurement Factory
 * Licensed under the Apache License, Version 2.0 */

#ifndef POLYGRAPH__RUNTIME_SSLWRAP_H
#define POLYGRAPH__RUNTIME_SSLWRAP_H

#include "xstd/Size.h"
#include "xstd/String.h"
#include "xstd/Array.h"

class NetAddr;
class RndDistr;
class SslCtx;
class SslWrapSym;

// configuration and high-level logic for producing agent's SslCtx
// may be shared among many agents (see SslWraps)
class SslWrap {
	public:
		static void ReportErrors();

	public:
		SslWrap();

		void configure(const SslWrapSym &cfg);
		SslCtx *makeClientCtx(const NetAddr &addr) const;
		SslCtx *makeServerCtx(const NetAddr &addr) const;

		int sessionCacheSize() const;
		double resumpProb() const;

	protected:
		void configureProtocols(const SslWrapSym &cfg);
		void configureRsaKeySizes(const SslWrapSym &cfg);
		void configureCiphers(const SslWrapSym &cfg);

		SslCtx *makeCtx(const NetAddr &addr) const;
		bool configureSrvCert(SslCtx *ctx) const;
		bool configureSrvPrivateKey(SslCtx *ctx) const;
		Size selectRsaKeySize() const;
		String selectCipher() const;
		String needParam(const SslWrapSym &sym, String value, const char *pname) const;

	private:
		String theRootCertificate;
		RndDistr *theProtocolSel;
		RndDistr *theRsaKeySizeSel;
		Array<Size> theRsaKeySizes;
		RndDistr *theCipherSel;
		Array<String*> theCiphers;
		double theResumpProb;
		int theSessionCacheSize;
};

#endif