// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SERVICES_NETWORK_NETWORK_SERVICE_H_
#define SERVICES_NETWORK_NETWORK_SERVICE_H_

#include <map>
#include <memory>
#include <set>
#include <string>
#include <utility>
#include <vector>

#include "base/component_export.h"
#include "base/containers/flat_map.h"
#include "base/containers/flat_set.h"
#include "base/containers/unique_ptr_adapters.h"
#include "base/feature_list.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/scoped_refptr.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "mojo/public/cpp/bindings/receiver.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "net/base/address_list.h"
#include "net/base/schemeful_site.h"
#include "net/dns/host_resolver.h"
#include "net/dns/host_resolver_manager.h"
#include "net/dns/public/dns_over_https_config.h"
#include "net/dns/public/secure_dns_mode.h"
#include "net/first_party_sets/global_first_party_sets.h"
#include "net/http/transport_security_state.h"
#include "net/log/net_log.h"
#include "net/log/trace_net_log_observer.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "services/network/first_party_sets/first_party_sets_manager.h"
#include "services/network/keepalive_statistics_recorder.h"
#include "services/network/network_change_manager.h"
#include "services/network/network_quality_estimator_manager.h"
#include "services/network/public/cpp/network_service_buildflags.h"
#include "services/network/public/mojom/host_resolver.mojom.h"
#include "services/network/public/mojom/key_pinning.mojom.h"
#include "services/network/public/mojom/net_log.mojom.h"
#include "services/network/public/mojom/network_change_manager.mojom.h"
#include "services/network/public/mojom/network_quality_estimator_manager.mojom.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/network/public/mojom/system_dns_resolution.mojom.h"
#include "services/network/public/mojom/trust_tokens.mojom.h"
#include "services/network/public/mojom/url_loader_network_service_observer.mojom.h"
#include "services/network/restricted_cookie_manager.h"
#include "services/network/trust_tokens/trust_token_key_commitments.h"
#include "services/service_manager/public/cpp/binder_registry.h"
#include "third_party/abseil-cpp/absl/types/optional.h"

#if BUILDFLAG(IS_CT_SUPPORTED)
#include "services/network/public/mojom/ct_log_info.mojom.h"
#endif

#ifdef OHOS_EX_HTTP_DNS_FALLBACK
#include "services/network/public/mojom/network_config_ohos.mojom.h"
#endif

namespace net {
class FileNetLogObserver;
class HostResolverManager;
class HttpAuthHandlerFactory;
class LoggingNetworkChangeObserver;
class NetworkChangeNotifier;
class NetworkQualityEstimator;
class URLRequestContext;
}  // namespace net

namespace network {

class CtLogListDistributor;
class DnsConfigChangeManager;
class HttpAuthCacheCopier;
class NetLogProxySink;
class NetworkContext;
class NetworkService;
class SCTAuditingCache;

class COMPONENT_EXPORT(NETWORK_SERVICE) NetworkService
    : public mojom::NetworkService {
 public:
  static const base::TimeDelta kInitialDohProbeTimeout;

  explicit NetworkService(
      std::unique_ptr<service_manager::BinderRegistry> registry,
      mojo::PendingReceiver<mojom::NetworkService> receiver =
          mojo::NullReceiver(),
      bool delay_initialization_until_set_client = false);

  NetworkService(const NetworkService&) = delete;
  NetworkService& operator=(const NetworkService&) = delete;

  ~NetworkService() override;

  // Allows late binding if the mojo receiver wasn't specified in the
  // constructor.
  void Bind(mojo::PendingReceiver<mojom::NetworkService> receiver);

  // Allows the browser process to synchronously initialize the NetworkService.
  // TODO(jam): remove this once the old path is gone.
  void Initialize(mojom::NetworkServiceParamsPtr params,
                  bool mock_network_change_notifier = false);

  // Pretends that the system DNS configuration just changed to a basic,
  // single-server, localhost-only configuration. This method also effectively
  // unsubscribes the singleton `net::SystemDnsConfigChangeNotifier` owned by
  // `net::NetworkChangeNotifier` from future changes to the real configuration,
  // ensuring that our fake configuration will not be clobbered by network
  // changes that occur while tests run.
  // Once this is finished, `replace_cb` will run.
  void ReplaceSystemDnsConfigForTesting(base::OnceClosure replace_cb);

  void SetTestDohConfigForTesting(net::SecureDnsMode secure_dns_mode,
                                  const net::DnsOverHttpsConfig& doh_config);

  // Creates a NetworkService instance on the current thread.
  static std::unique_ptr<NetworkService> Create(
      mojo::PendingReceiver<mojom::NetworkService> receiver);

  // Creates a testing instance of NetworkService not bound to an actual
  // Service pipe. This instance must be driven by direct calls onto the
  // NetworkService object.
  static std::unique_ptr<NetworkService> CreateForTesting();

  // These are called by NetworkContexts as they are being created and
  // destroyed.
  // TODO(mmenke):  Remove once all NetworkContexts are owned by the
  // NetworkService.
  void RegisterNetworkContext(NetworkContext* network_context);
  void DeregisterNetworkContext(NetworkContext* network_context);

  // Invokes net::CreateNetLogEntriesForActiveObjects(observer) on all
  // URLRequestContext's known to |this|.
  void CreateNetLogEntriesForActiveObjects(
      net::NetLog::ThreadSafeObserver* observer);

  // mojom::NetworkService implementation:
  void SetParams(mojom::NetworkServiceParamsPtr params) override;
  void StartNetLog(base::File file,
                   net::NetLogCaptureMode capture_mode,
                   base::Value::Dict constants) override;
  void AttachNetLogProxy(
      mojo::PendingRemote<mojom::NetLogProxySource> proxy_source,
      mojo::PendingReceiver<mojom::NetLogProxySink>) override;
  void SetSSLKeyLogFile(base::File file) override;
  void CreateNetworkContext(
      mojo::PendingReceiver<mojom::NetworkContext> receiver,
      mojom::NetworkContextParamsPtr params) override;
  void ConfigureStubHostResolver(
      bool insecure_dns_client_enabled,
      net::SecureDnsMode secure_dns_mode,
      const net::DnsOverHttpsConfig& dns_over_https_config,
      bool additional_dns_types_enabled) override;
  void DisableQuic() override;
  void SetUpHttpAuth(
      mojom::HttpAuthStaticParamsPtr http_auth_static_params) override;
  void ConfigureHttpAuthPrefs(
      mojom::HttpAuthDynamicParamsPtr http_auth_dynamic_params) override;
  void SetRawHeadersAccess(int32_t process_id,
                           const std::vector<url::Origin>& origins) override;
  void SetMaxConnectionsPerProxy(int32_t max_connections) override;
  void GetNetworkChangeManager(
      mojo::PendingReceiver<mojom::NetworkChangeManager> receiver) override;
  void GetNetworkQualityEstimatorManager(
      mojo::PendingReceiver<mojom::NetworkQualityEstimatorManager> receiver)
      override;
  void GetDnsConfigChangeManager(
      mojo::PendingReceiver<mojom::DnsConfigChangeManager> receiver) override;
  void GetNetworkList(
      uint32_t policy,
      mojom::NetworkService::GetNetworkListCallback callback) override;
  void OnCertDBChanged() override;
  void SetEncryptionKey(const std::string& encryption_key) override;
  void OnMemoryPressure(base::MemoryPressureListener::MemoryPressureLevel
                            memory_pressure_level) override;
  void OnPeerToPeerConnectionsCountChange(uint32_t count) override;
#if BUILDFLAG(IS_ANDROID)
  void OnApplicationStateChange(base::android::ApplicationState state) override;
#endif
  void SetEnvironment(
      std::vector<mojom::EnvironmentVariablePtr> environment) override;
  void SetTrustTokenKeyCommitments(const std::string& raw_commitments,
                                   base::OnceClosure done) override;
  void ParseHeaders(const GURL& url,
                    const scoped_refptr<net::HttpResponseHeaders>& headers,
                    ParseHeadersCallback callback) override;
  void EnableDataUseUpdates(bool enable) override;
#if BUILDFLAG(IS_CT_SUPPORTED)
  void ClearSCTAuditingCache() override;
  void ConfigureSCTAuditing(
      mojom::SCTAuditingConfigurationPtr configuration) override;
  void UpdateCtLogList(std::vector<mojom::CTLogInfoPtr> log_list,
                       base::Time update_time,
                       UpdateCtLogListCallback callback) override;
  void UpdateCtKnownPopularSCTs(
      const std::vector<std::vector<uint8_t>>& sct_hashes,
      UpdateCtKnownPopularSCTsCallback callback) override;
  void SetCtEnforcementEnabled(
      bool enabled,
      SetCtEnforcementEnabledCallback callback) override;
#endif

  void UpdateKeyPinsList(mojom::PinListPtr pin_list,
                         base::Time update_time) override;

#if BUILDFLAG(IS_ANDROID)
  void DumpWithoutCrashing(base::Time dump_request_time) override;
#endif
  void BindTestInterfaceForTesting(
      mojo::PendingReceiver<mojom::NetworkServiceTest> receiver) override;
  void SetFirstPartySets(net::GlobalFirstPartySets sets) override;
  void SetExplicitlyAllowedPorts(const std::vector<uint16_t>& ports) override;

  // Returns an HttpAuthHandlerFactory for the given NetworkContext.
  std::unique_ptr<net::HttpAuthHandlerFactory> CreateHttpAuthHandlerFactory(
      NetworkContext* network_context);

  bool quic_disabled() const { return quic_disabled_; }
  bool HasRawHeadersAccess(int32_t process_id, const GURL& resource_url) const;

  net::NetworkQualityEstimator* network_quality_estimator() {
    return network_quality_estimator_manager_->GetNetworkQualityEstimator();
  }
  net::NetLog* net_log() const;
  KeepaliveStatisticsRecorder* keepalive_statistics_recorder() {
    return &keepalive_statistics_recorder_;
  }
  net::HostResolverManager* host_resolver_manager() {
    return host_resolver_manager_.get();
  }
  net::HostResolver::Factory* host_resolver_factory() {
    return host_resolver_factory_.get();
  }
  HttpAuthCacheCopier* http_auth_cache_copier() {
    return http_auth_cache_copier_.get();
  }

#if BUILDFLAG(IS_CT_SUPPORTED)
  CtLogListDistributor* ct_log_list_distributor() {
    return ct_log_list_distributor_.get();
  }
#endif

  FirstPartySetsManager* first_party_sets_manager() const {
    return first_party_sets_manager_.get();
  }

  void set_host_resolver_factory_for_testing(
      std::unique_ptr<net::HostResolver::Factory> host_resolver_factory) {
    host_resolver_factory_ = std::move(host_resolver_factory);
  }

  bool split_auth_cache_by_network_isolation_key() const {
    return split_auth_cache_by_network_isolation_key_;
  }

  // From initialization on, this will be non-null and will always point to the
  // same object (although the object's state can change on updates to the
  // commitments). As a consequence, it's safe to store long-lived copies of the
  // pointer.
  const TrustTokenKeyCommitments* trust_token_key_commitments() const {
    return trust_token_key_commitments_.get();
  }

#if BUILDFLAG(IS_CT_SUPPORTED)
  SCTAuditingCache* sct_auditing_cache() { return sct_auditing_cache_.get(); }

  const std::vector<mojom::CTLogInfoPtr>& log_list() const { return log_list_; }

  base::Time ct_log_list_update_time() const {
    return ct_log_list_update_time_;
  }

  bool is_ct_enforcement_enabled_for_testing() const {
    return ct_enforcement_enabled_;
  }
#endif

  bool pins_list_updated() const { return pins_list_updated_; }

  const std::vector<net::TransportSecurityState::PinSet>& pinsets() const {
    return pinsets_;
  }

  const std::vector<net::TransportSecurityState::PinSetInfo>& host_pins()
      const {
    return host_pins_;
  }

  base::Time pins_list_update_time() const { return pins_list_update_time_; }

  bool data_use_updates_enabled() const { return data_use_updates_enabled_; }

  mojom::URLLoaderNetworkServiceObserver*
  GetDefaultURLLoaderNetworkServiceObserver();

  RestrictedCookieManager::UmaMetricsUpdater* metrics_updater() const {
    return metrics_updater_.get();
  }

  static NetworkService* GetNetworkServiceForTesting();

#ifdef OHOS_EX_NETWORK_CONNECTION
  void SetConnectTimeout(int seconds) override;
#endif

#ifdef OHOS_EX_HTTP_DNS_FALLBACK
  void SetHttpsDnsFallbackData(
      mojom::HttpsDnsFallbackConfigPtr config) override;
#endif

 private:
  class DelayedDohProbeActivator;

  void InitMockNetworkChangeNotifierForTesting();

  void DestroyNetworkContexts();

  // Called by a NetworkContext when its mojo pipe is closed. Deletes the
  // context.
  void OnNetworkContextConnectionClosed(NetworkContext* network_context);

  // Sets First-Party Set data after having read it from a file.
  void OnReadFirstPartySetsFile(const std::string& raw_sets);

  void SetSystemDnsResolver(
      mojo::PendingRemote<mojom::SystemDnsResolver> override_remote);

#ifdef OHOS_EX_HTTP_DNS_FALLBACK
  void SetHttpsDnsHostResolver(bool enabled,
                               const std::string& server_template);
#endif

  bool initialized_ = false;

  enum class FunctionTag : uint8_t {
    None,
    ConfigureStubHostResolver,
    SetTestDohConfigForTesting,
  };

  std::unique_ptr<RestrictedCookieManager::UmaMetricsUpdater> metrics_updater_;

  FunctionTag dns_config_overrides_set_by_ = FunctionTag::None;

  raw_ptr<net::NetLog> net_log_;

  std::unique_ptr<NetLogProxySink> net_log_proxy_sink_;

  std::unique_ptr<net::FileNetLogObserver> file_net_log_observer_;
  net::TraceNetLogObserver trace_net_log_observer_;

  KeepaliveStatisticsRecorder keepalive_statistics_recorder_;

  std::unique_ptr<NetworkChangeManager> network_change_manager_;

  // Observer that logs network changes to the NetLog. Must be below the NetLog
  // and the NetworkChangeNotifier (Once this class creates it), so it's
  // destroyed before them. Must be below the |network_change_manager_|, which
  // it references.
  std::unique_ptr<net::LoggingNetworkChangeObserver> network_change_observer_;

  std::unique_ptr<service_manager::BinderRegistry> registry_;

  // Globally-scoped state for First-Party Sets.
  std::unique_ptr<FirstPartySetsManager> first_party_sets_manager_;

  mojo::Receiver<mojom::NetworkService> receiver_{this};

  mojo::Remote<mojom::URLLoaderNetworkServiceObserver>
      default_url_loader_network_service_observer_;

  std::unique_ptr<NetworkQualityEstimatorManager>
      network_quality_estimator_manager_;

  std::unique_ptr<DnsConfigChangeManager> dns_config_change_manager_;

  std::unique_ptr<net::HostResolverManager> host_resolver_manager_;
  std::unique_ptr<net::HostResolver::Factory> host_resolver_factory_;
  std::unique_ptr<HttpAuthCacheCopier> http_auth_cache_copier_;

  // Members that would store the http auth network_service related params.
  // These Params are later used by NetworkContext to create
  // HttpAuthPreferences.
  mojom::HttpAuthDynamicParamsPtr http_auth_dynamic_network_service_params_;
  mojom::HttpAuthStaticParamsPtr http_auth_static_network_service_params_;

  // NetworkContexts created by CreateNetworkContext(). They call into the
  // NetworkService when their connection is closed so that it can delete
  // them.  It will also delete them when the NetworkService itself is torn
  // down, as NetworkContexts share global state owned by the NetworkService, so
  // must be destroyed first.
  //
  // NetworkContexts created by CreateNetworkContextWithBuilder() are not owned
  // by the NetworkService, and must be destroyed by their owners before the
  // NetworkService itself is.
  std::set<std::unique_ptr<NetworkContext>, base::UniquePtrComparator>
      owned_network_contexts_;

  // List of all NetworkContexts that are associated with the NetworkService,
  // including ones it does not own.
  // TODO(mmenke): Once the NetworkService always owns NetworkContexts, merge
  // this with |owned_network_contexts_|.
  std::set<NetworkContext*> network_contexts_;

  // A per-process_id map of origins that are white-listed to allow
  // them to request raw headers for resources they request.
  std::map<int32_t, base::flat_set<url::Origin>>
      raw_headers_access_origins_by_pid_;

  bool quic_disabled_ = false;

  // Whether new NetworkContexts will be configured to partition their
  // HttpAuthCaches by NetworkIsolationKey.
  bool split_auth_cache_by_network_isolation_key_ = false;

  // Globally-scoped cryptographic state for the Trust Tokens protocol
  // (https://github.com/wicg/trust-token-api), updated via a Mojo IPC and
  // provided to NetworkContexts via the getter.
  std::unique_ptr<TrustTokenKeyCommitments> trust_token_key_commitments_;

  std::unique_ptr<DelayedDohProbeActivator> doh_probe_activator_;

#if BUILDFLAG(IS_CT_SUPPORTED)
  std::unique_ptr<SCTAuditingCache> sct_auditing_cache_;

  std::vector<mojom::CTLogInfoPtr> log_list_;

  std::unique_ptr<CtLogListDistributor> ct_log_list_distributor_;

  base::Time ct_log_list_update_time_;

  bool ct_enforcement_enabled_ = true;
#endif

  bool pins_list_updated_ = false;

  std::vector<net::TransportSecurityState::PinSet> pinsets_;

  std::vector<net::TransportSecurityState::PinSetInfo> host_pins_;

  base::Time pins_list_update_time_;

  bool data_use_updates_enabled_ = false;

  // This is used only in tests. It avoids leaky SystemDnsConfigChangeNotifiers
  // leaking stale listeners between tests.
  std::unique_ptr<net::NetworkChangeNotifier> mock_network_change_notifier_;

#if defined(OHOS_EX_NETWORK_CONNECTION)
  int timeout_override_ = 0;
#endif
#ifdef OHOS_EX_HTTP_DNS_FALLBACK
  int connect_job_with_secure_dns_only_timeout_{15};
#endif
};

}  // namespace network

#endif  // SERVICES_NETWORK_NETWORK_SERVICE_H_