/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef DOM_QUOTA_CIPHERKEYMANAGER_H_
#define DOM_QUOTA_CIPHERKEYMANAGER_H_

#include "mozilla/DataMutex.h"
#include "mozilla/dom/FlippedOnce.h"
#include "mozilla/dom/quota/QuotaCommon.h"
#include "nsTHashMap.h"

namespace mozilla::dom::quota {

using mozilla::FlippedOnce;

template <typename CipherStrategy>
class CipherKeyManager {
  // This helper class is used by quota clients to store/retrieve cipher
  // keys in private browsing mode. All data in private mode must be encrypted
  // using a cipher key and unique IV (Initialization Vector).

  // This class uses hashmap (represented by mCipherKeys) to store cipher keys
  // and is currently used by IndexedDB and Cache quota clients. At any given
  // time, IndexedDB may contain multiple instances of this class where each is
  // used to cipherkeys relevant to a particular database. Unlike IndexedDB,
  // CacheAPI only  has one physical sqlite db  per origin, so all cipher keys
  // corresponding to an origin in cacheAPI gets stored together in this
  // hashmap.

  // Bug1859558: It could be better if QuotaManager owns cipherKeys for
  // all the quota clients and exposes, methods like
  // GetOrCreateCipherManager(aOrigin, aDatabaseName, aClientType) for
  // clients to access their respective cipherKeys scoped.
  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(CipherKeyManager)

  using CipherKey = typename CipherStrategy::KeyType;

 public:
  explicit CipherKeyManager(const char* aName) : mCipherKeys(aName){};

  Maybe<CipherKey> Get(const nsACString& aKeyId = "default"_ns) {
    auto lockedCipherKeys = mCipherKeys.Lock();

    MOZ_ASSERT(!mInvalidated);

    return lockedCipherKeys->MaybeGet(aKeyId);
  }

  CipherKey Ensure(const nsACString& aKeyId = "default"_ns) {
    auto lockedCipherKeys = mCipherKeys.Lock();

    MOZ_ASSERT(!mInvalidated);

    return lockedCipherKeys->LookupOrInsertWith(aKeyId, [] {
      // Generate a new key if one corresponding to keyStoreId does not exist
      // already.

      QM_TRY_RETURN(CipherStrategy::GenerateKey(), [](const auto&) {
        // Bug1800110 Propagate the error to the caller rather than asserting.
        MOZ_RELEASE_ASSERT(false);

        return CipherKey{};
      });
    });
  }

  bool Invalidated() {
    auto lockedCipherKeys = mCipherKeys.Lock();

    return mInvalidated;
  }

  // After calling this method, callers should not call any more methods on this
  // class.
  void Invalidate() {
    auto lockedCipherKeys = mCipherKeys.Lock();

    mInvalidated.Flip();

    lockedCipherKeys->Clear();
  }

 private:
  ~CipherKeyManager() = default;
  // XXX Maybe we can avoid a mutex here by moving all accesses to the
  // background thread.
  DataMutex<nsTHashMap<nsCStringHashKey, CipherKey>> mCipherKeys;

  FlippedOnce<false> mInvalidated;
};

}  // namespace mozilla::dom::quota

#endif  // DOM_QUOTA_CIPHERKEYMANAGER_H_