module Network.TLS.Session (
    SessionManager (..),
    noSessionManager,
) where

import Network.TLS.Types

-- | A session manager.
-- In the server side, all fields are used.
-- In the client side, only 'sessionEstablish' is used.
data SessionManager = SessionManager
    { SessionManager -> SessionIDorTicket -> IO (Maybe SessionData)
sessionResume :: SessionIDorTicket -> IO (Maybe SessionData)
    -- ^ Used on TLS 1.2\/1.3 servers to lookup 'SessionData' with 'SessionID' or to decrypt 'Ticket' to get 'SessionData'.
    , SessionManager -> SessionIDorTicket -> IO (Maybe SessionData)
sessionResumeOnlyOnce :: SessionIDorTicket -> IO (Maybe SessionData)
    -- ^ Used for 0RTT on TLS 1.3 servers to lookup 'SessionData' with 'SessionID' or to decrypt 'Ticket' to get 'SessionData'.
    , SessionManager
-> SessionIDorTicket -> SessionData -> IO (Maybe SessionIDorTicket)
sessionEstablish :: SessionIDorTicket -> SessionData -> IO (Maybe Ticket)
    -- ^ Used on TLS 1.2\/1.3 servers to store 'SessionData' with 'SessionID' or to encrypt 'SessionData' to get 'Ticket' ignoring 'SessionID'. Used on TLS 1.2\/1.3 clients to store 'SessionData' with 'SessionIDorTicket' and then return 'Nothing'. For clients, only this field should be set with 'noSessionManager'.
    , SessionManager -> SessionIDorTicket -> IO ()
sessionInvalidate :: SessionIDorTicket -> IO ()
    -- ^ Used TLS 1.2 servers to delete 'SessionData' with 'SessionID' on errors.
    , SessionManager -> Bool
sessionUseTicket :: Bool
    -- ^ Used on TLS 1.2 servers to decide to use 'SessionID' or 'Ticket'. Note that 'SessionID' and 'Ticket' are integrated as identity in TLS 1.3.
    }

-- | The session manager to do nothing.
noSessionManager :: SessionManager
noSessionManager :: SessionManager
noSessionManager =
    SessionManager
        { sessionResume :: SessionIDorTicket -> IO (Maybe SessionData)
sessionResume = \SessionIDorTicket
_ -> Maybe SessionData -> IO (Maybe SessionData)
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe SessionData
forall a. Maybe a
Nothing
        , sessionResumeOnlyOnce :: SessionIDorTicket -> IO (Maybe SessionData)
sessionResumeOnlyOnce = \SessionIDorTicket
_ -> Maybe SessionData -> IO (Maybe SessionData)
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe SessionData
forall a. Maybe a
Nothing
        , sessionEstablish :: SessionIDorTicket -> SessionData -> IO (Maybe SessionIDorTicket)
sessionEstablish = \SessionIDorTicket
_ SessionData
_ -> Maybe SessionIDorTicket -> IO (Maybe SessionIDorTicket)
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe SessionIDorTicket
forall a. Maybe a
Nothing
        , sessionInvalidate :: SessionIDorTicket -> IO ()
sessionInvalidate = \SessionIDorTicket
_ -> () -> IO ()
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return ()
        , -- Don't send NewSessionTicket in TLS 1.2 by default.
          -- Send NewSessionTicket with SessionID in TLS 1.3 by default.
          sessionUseTicket :: Bool
sessionUseTicket = Bool
False
        }