/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.net;

import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;
import static android.annotation.SystemApi.Client.PRIVILEGED_APPS;
import static android.net.NetworkCapabilities.REDACT_FOR_NETWORK_SETTINGS;

import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.SystemApi;
import android.net.NetworkCapabilities.RedactionType;
import android.os.Parcel;
import android.os.Parcelable;
import android.text.TextUtils;

import androidx.annotation.RequiresApi;

import com.android.modules.utils.build.SdkLevel;

import java.util.Objects;

/**
 * Container for VPN-specific transport information.
 *
 * @see android.net.TransportInfo
 * @see NetworkCapabilities#getTransportInfo()
 *
 * @hide
 */
@SystemApi(client = PRIVILEGED_APPS)
public final class VpnTransportInfo implements TransportInfo, Parcelable {
    /** Type of this VPN. */
    private final int mType;

    @Nullable
    private final String mSessionId;

    private final boolean mBypassable;

    private final boolean mLongLivedTcpConnectionsExpensive;

    // TODO: Refer to Build.VERSION_CODES when it's available in every branch.
    private static final int UPSIDE_DOWN_CAKE = 34;

    /** @hide */
    @SystemApi(client = MODULE_LIBRARIES)
    @Override
    public @RedactionType long getApplicableRedactions() {
        return REDACT_FOR_NETWORK_SETTINGS;
    }

    /**
     * Create a copy of a {@link VpnTransportInfo} with the sessionId redacted if necessary.
     * @hide
     */
    @NonNull
    @SystemApi(client = MODULE_LIBRARIES)
    public VpnTransportInfo makeCopy(@RedactionType long redactions) {
        return new VpnTransportInfo(mType,
            ((redactions & REDACT_FOR_NETWORK_SETTINGS) != 0) ? null : mSessionId,
            mBypassable, mLongLivedTcpConnectionsExpensive);
    }

    /**
     * @deprecated please use {@link VpnTransportInfo(int,String,boolean,boolean)}.
     * @hide
     */
    @Deprecated
    @SystemApi(client = MODULE_LIBRARIES)
    public VpnTransportInfo(int type, @Nullable String sessionId) {
        // When the module runs on older SDKs, |bypassable| will always be false since the old Vpn
        // code will call this constructor. For Settings VPNs, this is always correct as they are
        // never bypassable. For VpnManager and VpnService types, this may be wrong since both of
        // them have a choice. However, on these SDKs VpnTransportInfo#isBypassable is not
        // available anyway, so this should be harmless. False is a better choice than true here
        // regardless because it is the default value for both VpnManager and VpnService if the app
        // does not do anything about it.
        this(type, sessionId, false /* bypassable */, false /* longLivedTcpConnectionsExpensive */);
    }

    /**
     * Construct a new VpnTransportInfo object.
     */
    public VpnTransportInfo(int type, @Nullable String sessionId, boolean bypassable,
            boolean longLivedTcpConnectionsExpensive) {
        this.mType = type;
        this.mSessionId = sessionId;
        this.mBypassable = bypassable;
        this.mLongLivedTcpConnectionsExpensive = longLivedTcpConnectionsExpensive;
    }

    /**
     * Returns whether the VPN is allowing bypass.
     *
     * This method is not supported in SDK below U, and will throw
     * {@code UnsupportedOperationException} if called.
     */
    @RequiresApi(UPSIDE_DOWN_CAKE)
    public boolean isBypassable() {
        if (!SdkLevel.isAtLeastU()) {
            throw new UnsupportedOperationException("Not supported before U");
        }

        return mBypassable;
    }

    /**
     * Returns whether long-lived TCP connections are expensive on the VPN network.
     *
     * If there are long-lived TCP connections over the VPN, over some networks the
     * VPN needs to regularly send packets to keep the network alive to keep these
     * connections working, which wakes up the device radio. On some networks, this
     * can become extremely expensive in terms of battery. The system knows to send
     * these keepalive packets only when necessary, i.e. when there are long-lived
     * TCP connections opened over the VPN, meaning on these networks establishing
     * a long-lived TCP connection will have a very noticeable impact on battery
     * life.
     *
     * VPNs can be bypassable or not. When the VPN is not bypassable, the user has
     * expressed explicit intent to have no connection outside of the VPN, so even
     * privileged apps with permission to bypass non-bypassable VPNs should not do
     * so. See {@link #isBypassable()}.
     * For bypassable VPNs however, the user expects apps choose reasonable tradeoffs
     * about whether they use the VPN.
     *
     * Components that establish long-lived, encrypted TCP connections are encouraged
     * to look up this value to decide whether to open their connection over a VPN
     * or to bypass it. While VPNs do not typically provide privacy or security
     * benefits to encrypted connections, the user generally still expects the
     * connections to choose to use the VPN by default, but also do not expect this
     * comes at the price of drastically reduced battery life. This method provides
     * a hint about whether the battery cost of opening such a connection is high.
     */
    public boolean areLongLivedTcpConnectionsExpensive() {
        return mLongLivedTcpConnectionsExpensive;
    }

    /**
     * Returns the session Id of this VpnTransportInfo.
     * @hide
     */
    @SystemApi(client = MODULE_LIBRARIES)
    @Nullable
    public String getSessionId() {
        return mSessionId;
    }

    /**
     * Returns the type of this VPN.
     */
    public int getType() {
        return mType;
    }

    @Override
    public boolean equals(Object o) {
        if (!(o instanceof VpnTransportInfo)) return false;

        VpnTransportInfo that = (VpnTransportInfo) o;
        return (this.mType == that.mType) && TextUtils.equals(this.mSessionId, that.mSessionId)
                && (this.mBypassable == that.mBypassable)
                && (this.mLongLivedTcpConnectionsExpensive
                == that.mLongLivedTcpConnectionsExpensive);
    }

    @Override
    public int hashCode() {
        return Objects.hash(mType, mSessionId, mBypassable, mLongLivedTcpConnectionsExpensive);
    }

    @Override
    public String toString() {
        return String.format("VpnTransportInfo{type=%d, sessionId=%s, bypassable=%b "
                        + "longLivedTcpConnectionsExpensive=%b}",
                mType, mSessionId, mBypassable, mLongLivedTcpConnectionsExpensive);
    }

    @Override
    public int describeContents() {
        return 0;
    }

    @Override
    public void writeToParcel(@NonNull Parcel dest, int flags) {
        dest.writeInt(mType);
        dest.writeString(mSessionId);
        dest.writeBoolean(mBypassable);
        dest.writeBoolean(mLongLivedTcpConnectionsExpensive);
    }

    public static final @NonNull Creator<VpnTransportInfo> CREATOR =
            new Creator<VpnTransportInfo>() {
        public VpnTransportInfo createFromParcel(Parcel in) {
            return new VpnTransportInfo(
                    in.readInt(), in.readString(), in.readBoolean(), in.readBoolean());
        }
        public VpnTransportInfo[] newArray(int size) {
            return new VpnTransportInfo[size];
        }
    };
}