/*
**
** Copyright 2018, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
**     http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/

#ifndef KEYSTORE_CONFIRMATIONUI_RATE_LIMITING_H_
#define KEYSTORE_CONFIRMATIONUI_RATE_LIMITING_H_

#include <android/hardware/confirmationui/1.0/types.h>
#include <chrono>
#include <stdint.h>
#include <sys/types.h>
#include <tuple>
#include <unordered_map>

namespace keystore {

using ConfirmationResponseCode = android::hardware::confirmationui::V1_0::ResponseCode;

using std::chrono::duration;
using std::chrono::time_point;

template <typename Clock = std::chrono::steady_clock> class RateLimiting {
  private:
    struct Slot {
        Slot() : previous_start{}, prompt_start{}, counter(0) {}
        typename Clock::time_point previous_start;
        typename Clock::time_point prompt_start;
        uint32_t counter;
    };

    std::unordered_map<uid_t, Slot> slots_;

    uint_t latest_requester_;

    static std::chrono::seconds getBackoff(uint32_t counter) {
        using namespace std::chrono_literals;
        switch (counter) {
        case 0:
        case 1:
        case 2:
            return 0s;
        case 3:
        case 4:
        case 5:
            return 30s;
        default:
            return 60s * (1ULL << (counter - 6));
        }
    }

  public:
    // Exposes the number of used slots. This is only used by the test to verify the assumption
    // about used counter slots.
    size_t usedSlots() const { return slots_.size(); }
    void doGC() {
        using namespace std::chrono_literals;
        using std::chrono::system_clock;
        using std::chrono::time_point_cast;
        auto then = Clock::now() - 24h;
        auto iter = slots_.begin();
        while (iter != slots_.end()) {
            if (iter->second.prompt_start <= then) {
                iter = slots_.erase(iter);
            } else {
                ++iter;
            }
        }
    }

    bool tryPrompt(uid_t id) {
        using namespace std::chrono_literals;
        // remove slots that have not been touched in 24 hours
        doGC();
        auto& slot = slots_[id];
        auto now = Clock::now();
        if (!slot.counter || slot.prompt_start <= now - getBackoff(slot.counter)) {
            latest_requester_ = id;
            slot.counter += 1;
            slot.previous_start = slot.prompt_start;
            slot.prompt_start = now;
            return true;
        }
        return false;
    }

    // The app is penalized for cancelling a request. Request are rolled back only if
    // the prompt was cancelled by the system: e.g. a system error or asynchronous event.
    // When the user cancels the prompt, it is subject to rate limiting.
    static constexpr const uint_t kInvalidRequester = -1;

    void cancelPrompt() { latest_requester_ = kInvalidRequester; }

    void processResult(ConfirmationResponseCode rc) {
        if (latest_requester_ == kInvalidRequester) {
            return;
        }
        switch (rc) {
        case ConfirmationResponseCode::OK:
            // reset the counter slot
            slots_.erase(latest_requester_);
            return;
        case ConfirmationResponseCode::Canceled:
            // nothing to do here
            return;
        default:;
        }

        // roll back latest request
        auto& slot = slots_[latest_requester_];
        if (slot.counter <= 1) {
            slots_.erase(latest_requester_);
            return;
        }
        slot.counter -= 1;
        slot.prompt_start = slot.previous_start;
    }
};

}  // namespace keystore

#endif  // KEYSTORE_CONFIRMATIONUI_RATE_LIMITING_H_