#ifndef SOCK_GNUTLS_H
#define SOCK_GNUTLS_H

/**
 * @file
 *
 * A sock_stream implementation using GnuTLS for SSL
 */

#include "sock_internal.h"
#include "sock_tcp.h"

#include <gnutls/gnutls.h>

/**
 * GnuTLS library error codes
 */
enum sock_gnutls_error_code {
    _ERR_GNUTLS_BEGIN = _ERR_GNUTLS,
    
    ERR_GNUTLS_CERT_ALLOC_CRED,
    ERR_GNUTLS_GLOBAL_INIT,
    ERR_GNUTLS_INIT,
    ERR_GNUTLS_SET_DEFAULT_PRIORITY,
    ERR_GNUTLS_CRED_SET,
    ERR_GNUTLS_HANDSHAKE,
    ERR_GNUTLS_RECORD_SEND,
    ERR_GNUTLS_RECORD_RECV,
    ERR_GNUTLS_RECORD_GET_DIRECTION,   
};

/**
 * Additional gnutls configuration for client sockets.
 *
 * XXX: currently, we just have one global instance, set up by sock_gnutls_init, used for all sockets
 */
struct sock_gnutls_client_ctx {
    /** Our client certificate */
    gnutls_certificate_credentials_t xcred;
};

/**
 * An SSL-encrypted TCP connection, using libgnutls
 */
struct sock_gnutls {
    /** The underlying TCP connection */
    struct sock_tcp base_tcp;
    
    /** Additional SSL info XXX: do we need to keep a ref to this? */
    struct sock_gnutls_ctx *ctx;

    /** The GnuTLS session for this connection */
    gnutls_session_t session;

    /** The current event_enable mask */
    int ev_mask;
};

/**
 * Cast a sock_gnutls to a sock_stream.
 */
#define SOCK_GNUTLS_BASE(sock_ptr) (&(sock_ptr)->base_tcp.base)

/**
 * Cast a sock_gnutls to a sock_tcp.
 */
#define SOCK_GNUTLS_TCP(sock_ptr) (&(sock_ptr)->base_tcp)

/**
 * Get a pointer to the sock_gnutls's error_info.
 */
#define SOCK_GNUTLS_ERR(sock_ptr) SOCK_ERR(SOCK_GNUTLS_BASE(sock_ptr))

/**
 * Initialize the global gnutls state
 */
err_t sock_gnutls_global_init (struct error_info *err);

/**
 * Release the connection destructively, i.e. do not close it cleanly, just abort.
 */
void sock_gnutls_destroy (struct sock_gnutls *sock);

#endif /* SOCK_GNUTLS_H */