package tls

import (
	"crypto/tls"
	"github.com/net-byte/vtun/common/config"
	"github.com/net-byte/vtun/tcp"
	"github.com/net-byte/water"
	"log"
)

// StartServer starts the tls server
func StartServer(iFace *water.Interface, config config.Config) {
	log.Printf("vtun tls server started on %v", config.LocalAddr)
	cert, err := tls.LoadX509KeyPair(config.TLSCertificateFilePath, config.TLSCertificateKeyFilePath)
	if err != nil {
		log.Panic(err)
	}
	tlsConfig := &tls.Config{
		Certificates:     []tls.Certificate{cert},
		MinVersion:       tls.VersionTLS13,
		CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
		CipherSuites: []uint16{
			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
		},
	}
	ln, err := tls.Listen("tcp", config.LocalAddr, tlsConfig)
	if err != nil {
		log.Panic(err)
	}
	// server -> client
	go tcp.ToClient(config, iFace)
	// client -> server
	for {
		conn, err := ln.Accept()
		if err != nil {
			continue
		}
		sniffConn := NewPeekPreDataConn(conn)
		switch sniffConn.Type {
		case TypeHttp:
			if sniffConn.Handle() {
				continue
			}
		case TypeHttp2:
			if sniffConn.Handle() {
				continue
			}
		}
		go tcp.ToServer(config, sniffConn, iFace)
	}
}