/*
 *
 *    Copyright (c) 2022 Project CHIP Authors
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */

/**
 *    @file
 *          A 'Fail Safe Context' SHALL be created on the receiver, to track fail-safe
 *          state information while the fail-safe is armed.
 */

#pragma once

#include <lib/core/CHIPError.h>
#include <lib/core/DataModelTypes.h>
#include <platform/internal/CHIPDeviceLayerInternal.h>
#include <system/SystemClock.h>

namespace chip {
namespace app {

class FailSafeContext
{
public:
    // ===== Members for internal use by other Device Layer components.

    /**
     * @brief
     *  Only a single fail-safe timer is started on the device, if this function is called again
     *  when the fail-safe timer is currently armed, the currently-running fail-safe timer will
     *  first be cancelled, then the fail-safe timer will be re-armed.
     */
    CHIP_ERROR ArmFailSafe(FabricIndex accessingFabricIndex, System::Clock::Seconds16 expiryLengthSeconds);

    /**
     * @brief Cleanly disarm failsafe timer, such as on CommissioningComplete
     */
    void DisarmFailSafe();
    void SetAddNocCommandInvoked(FabricIndex nocFabricIndex)
    {
        mAddNocCommandHasBeenInvoked = true;
        mFabricIndex                 = nocFabricIndex;
    }
    void SetUpdateNocCommandInvoked() { mUpdateNocCommandHasBeenInvoked = true; }
    void SetAddTrustedRootCertInvoked() { mAddTrustedRootCertHasBeenInvoked = true; }
    void SetCsrRequestForUpdateNoc(bool isForUpdateNoc) { mIsCsrRequestForUpdateNoc = isForUpdateNoc; }

    /**
     * @brief
     *   Schedules a work to cleanup the FailSafe Context asynchronously after various cleanup work
     *   has completed.
     */
    void ScheduleFailSafeCleanup(FabricIndex fabricIndex, bool addNocCommandInvoked, bool updateNocCommandInvoked);

    bool IsFailSafeArmed(FabricIndex accessingFabricIndex) const
    {
        return IsFailSafeArmed() && MatchesFabricIndex(accessingFabricIndex);
    }

    // Returns true if the fail-safe is in a state where commands that require an armed
    // fail-safe can no longer execute, but a new fail-safe can't be armed yet.
    bool IsFailSafeBusy() const { return mFailSafeBusy; }

    bool IsFailSafeArmed() const { return mFailSafeArmed; }

    // True if it is possible to do an initial arming of the failsafe if needed.
    // To be used in places where some action should take place only if the
    // fail-safe could be armed after that action.
    bool IsFailSafeFullyDisarmed() const { return !IsFailSafeArmed() && !IsFailSafeBusy(); }

    bool MatchesFabricIndex(FabricIndex accessingFabricIndex) const
    {
        VerifyOrDie(IsFailSafeArmed());
        return (accessingFabricIndex == mFabricIndex);
    }

    bool NocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked || mUpdateNocCommandHasBeenInvoked; }
    bool AddNocCommandHasBeenInvoked() const { return mAddNocCommandHasBeenInvoked; }
    bool UpdateNocCommandHasBeenInvoked() const { return mUpdateNocCommandHasBeenInvoked; }
    bool AddTrustedRootCertHasBeenInvoked() const { return mAddTrustedRootCertHasBeenInvoked; }
    bool IsCsrRequestForUpdateNoc() const { return mIsCsrRequestForUpdateNoc; }

    FabricIndex GetFabricIndex() const
    {
        VerifyOrDie(IsFailSafeArmed());
        return mFabricIndex;
    }

    // Immediately disarms the timer and schedules a failsafe timer expiry.
    // If the failsafe is not armed, this is a no-op.
    void ForceFailSafeTimerExpiry();

private:
    bool mFailSafeArmed                    = false;
    bool mFailSafeBusy                     = false;
    bool mAddNocCommandHasBeenInvoked      = false;
    bool mUpdateNocCommandHasBeenInvoked   = false;
    bool mAddTrustedRootCertHasBeenInvoked = false;
    // The fact of whether a CSR occurred at all is stored elsewhere.
    bool mIsCsrRequestForUpdateNoc = false;
    FabricIndex mFabricIndex       = kUndefinedFabricIndex;

    /**
     * @brief
     *  The callback function to be called when "fail-safe timer" expires.
     */
    static void HandleArmFailSafeTimer(System::Layer * layer, void * aAppState);

    /**
     * @brief
     *  The callback function to be called when max cumulative time expires.
     */
    static void HandleMaxCumulativeFailSafeTimer(System::Layer * layer, void * aAppState);

    /**
     * @brief
     *  The callback function to be called asynchronously after various cleanup work has completed
     *  to actually disarm the fail-safe.
     */
    static void HandleDisarmFailSafe(intptr_t arg);

    void SetFailSafeArmed(bool armed);

    /**
     * @brief Reset to unarmed basic state
     */
    void ResetState()
    {
        SetFailSafeArmed(false);

        mAddNocCommandHasBeenInvoked      = false;
        mUpdateNocCommandHasBeenInvoked   = false;
        mAddTrustedRootCertHasBeenInvoked = false;
        mFailSafeBusy                     = false;
        mIsCsrRequestForUpdateNoc         = false;
    }

    void FailSafeTimerExpired();
    CHIP_ERROR CommitToStorage();
};

} // namespace app
} // namespace chip