module Network.TLS.PostHandshake (
    requestCertificate,
    requestCertificateServer,
    postHandshakeAuthWith,
    postHandshakeAuthClientWith,
    postHandshakeAuthServerWith,
) where

import Network.TLS.Context.Internal
import Network.TLS.IO
import Network.TLS.Struct13

import Network.TLS.Handshake.Client
import Network.TLS.Handshake.Common
import Network.TLS.Handshake.Server

-- | Post-handshake certificate request with TLS 1.3.  Returns 'True' if the
-- request was possible, i.e. if TLS 1.3 is used and the remote client supports
-- post-handshake authentication.
requestCertificate :: Context -> IO Bool
requestCertificate :: Context -> IO Bool
requestCertificate Context
ctx =
    Context -> IO Bool -> IO Bool
forall a. Context -> IO a -> IO a
withWriteLock Context
ctx (IO Bool -> IO Bool) -> IO Bool -> IO Bool
forall a b. (a -> b) -> a -> b
$
        Context -> IO ()
checkValid Context
ctx IO () -> IO Bool -> IO Bool
forall a b. IO a -> IO b -> IO b
forall (m :: * -> *) a b. Monad m => m a -> m b -> m b
>> RoleParams -> Context -> IO Bool
doRequestCertificate_ (Context -> RoleParams
ctxRoleParams Context
ctx) Context
ctx

-- Handle a post-handshake authentication flight with TLS 1.3.  This is called
-- automatically by 'recvData', in a context where the read lock is already
-- taken.
postHandshakeAuthWith :: Context -> Handshake13 -> IO ()
postHandshakeAuthWith :: Context -> Handshake13 -> IO ()
postHandshakeAuthWith Context
ctx Handshake13
hs =
    Context -> IO () -> IO ()
forall a. Context -> IO a -> IO a
withWriteLock Context
ctx (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$
        Context -> IO () -> IO ()
handleException Context
ctx (IO () -> IO ()) -> IO () -> IO ()
forall a b. (a -> b) -> a -> b
$
            RoleParams -> Context -> Handshake13 -> IO ()
doPostHandshakeAuthWith_ (Context -> RoleParams
ctxRoleParams Context
ctx) Context
ctx Handshake13
hs