//
//  NWParameters+Gemini.swift
//  Gemini
//
//  Created by Shadowfacts on 7/12/20.
//

import Network

extension NWParameters {
    static var gemini: NWParameters {
        let tlsOptions = geminiTLSOptions
        let tcpOptions = NWProtocolTCP.Options()
        let parameters = NWParameters(tls: tlsOptions, tcp: tcpOptions)
        
        let geminiOptions = NWProtocolFramer.Options(definition: GeminiProtocol.definition)
        parameters.defaultProtocolStack.applicationProtocols.insert(geminiOptions, at: 0)
        
        return parameters
    }
    
    private static var geminiTLSOptions: NWProtocolTLS.Options {
        let options = NWProtocolTLS.Options()
        
        sec_protocol_options_set_min_tls_protocol_version(options.securityProtocolOptions, .TLSv12)
        // based on https://developer.apple.com/forums/thread/104018
        sec_protocol_options_set_verify_block(options.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in
            
            let trust = sec_trust_copy_ref(sec_trust).takeRetainedValue()
            
            var error: CFError?
            if SecTrustEvaluateWithError(trust, &error) {
                sec_protocol_verify_complete(true)
            } else {
                // todo: prompt user to trust cert on first use
                sec_protocol_verify_complete(true)
            }
        }, .main)
        
        return options
    }
}