//! Parsing implementation for networkstatus documents.

//!

//! In Tor, a networkstatus documents describes a complete view of the

//! relays in the network: how many there are, how to contact them,

//! and so forth.

//!

//! A networkstatus document can either be a "votes" -- an authority's

//! view of the network, used as input to the voting process -- or a

//! "consensus" -- a combined view of the network based on multiple

//! authorities' votes, and signed by multiple authorities.

//!

//! A consensus document can itself come in two different flavors: a

//! plain (unflavoured) consensus has references to router descriptors, and

//! a "microdesc"-flavored consensus ("md") has references to

//! microdescriptors.

//!

//! To keep an up-to-date view of the network, clients download

//! microdescriptor-flavored consensuses periodically, and then

//! download whatever microdescriptors the consensus lists that the

//! client doesn't already have.

//!

//! For full information about the network status format, see

//! [dir-spec.txt](https://spec.torproject.org/dir-spec).

//!

//! # Limitations

//!

//! NOTE: The consensus format has changes time, using a

//! "consensus-method" mechanism.  This module is does not yet handle all

//! all historical consensus-methods.

//!

//! NOTE: This module _does_ parse some fields that are not in current

//! use, like relay nicknames, and the "published" times on

//! microdescriptors. We should probably decide whether we actually

//! want to do this.

//!

//! TODO: This module doesn't implement vote parsing at all yet.

//!

//! TODO: This module doesn't implement plain consensuses.

//!

//! TODO: We need an object safe trait that combines the common operations found

//! on netstatus documents, so we can store one in a `Box<dyn CommonNs>` or

//! something similar; otherwise interfacing applications have a hard time to

//! process netstatus documents in a flavor agnostic fashion.

//!

//! TODO: More testing is needed!

//!

//! TODO: There should be accessor functions for most of the fields here.

//! As with the other tor-netdoc types, I'm deferring those till I know what

//! they should be.

mod dir_source;

mod rs;

pub mod md;

pub mod plain;

#[cfg(feature = "incomplete")]

pub mod vote;

#[cfg(feature = "build_docs")]

mod build;

pub use proto_statuses_parse2_encode::ProtoStatusesNetdocParseAccumulator;

#[cfg(feature = "incomplete")]

use crate::doc::authcert::EncodedAuthCert;

use crate::doc::authcert::{self, AuthCert, AuthCertKeyIds};

use crate::encode::{

    ItemArgument, ItemEncoder, ItemValueEncodable, NetdocEncodable, NetdocEncoder,

};

use crate::parse::keyword::Keyword;

use crate::parse::parser::{Section, SectionRules, SectionRulesBuilder};

use crate::parse::tokenize::{Item, ItemResult, NetDocReader};

use crate::parse2::{

    self, ArgumentError, ArgumentStream, ErrorProblem, IsStructural, ItemArgumentParseable,

    ItemStream, ItemValueParseable, KeywordRef, NetdocParseable, SignatureHashInputs,

    SignatureItemParseable, StopAt, UnparsedItem,

};

use crate::types::relay_flags::{self, DocRelayFlags};

use crate::types::{self, *};

use crate::util::PeekableIterator;

use crate::{Error, KeywordEncodable, NetdocErrorKind as EK, NormalItemArgument, Pos, Result};

use std::collections::{BTreeSet, HashMap, HashSet};

use std::fmt::{self, Display};

use std::result::Result as StdResult;

use std::str::FromStr;

use std::sync::Arc;

use std::{net, result, time};

use tor_error::{Bug, HasKind, bad_api_usage, internal};

use tor_protover::Protocols;

use void::ResultVoidExt as _;

use derive_deftly::{Deftly, define_derive_deftly};

use digest::Digest;

use std::sync::LazyLock;

use tor_checkable::{ExternallySigned, timed::TimerangeBound};

use tor_llcrypto as ll;

use tor_llcrypto::pk::rsa::RsaIdentity;

use serde::{Deserialize, Deserializer};

#[cfg(feature = "build_docs")]

pub use build::MdConsensusBuilder;

#[cfg(feature = "build_docs")]

pub use build::PlainConsensusBuilder;

#[cfg(feature = "build_docs")]

ns_export_each_flavor! {

    ty: RouterStatusBuilder;

}

ns_export_each_variety! {

    ty: RouterStatus, Preamble;

}

#[deprecated]

pub use PlainConsensus as NsConsensus;

#[deprecated]

pub use PlainRouterStatus as NsRouterStatus;

#[deprecated]

pub use UncheckedPlainConsensus as UncheckedNsConsensus;

#[deprecated]

pub use UnvalidatedPlainConsensus as UnvalidatedNsConsensus;

pub use rs::{RouterStatusMdDigestsVote, SoftwareVersion};

pub use dir_source::{ConsensusAuthoritySection, DirSource, SupersededAuthorityKey};

/// `publiscation` field in routerstatus entry intro item other than in votes

///

/// Two arguments which are both ignored.

/// This used to be an ISO8601 timestamp in anomalous two-argument format.

///

/// Nowadays, according to the spec, it can be a dummy value.

/// So it can be a unit type.

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:r>,

/// except in votes which use [`Iso8601TimeSp`] instead.

///

/// **Not the same as** the `published` item:

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:published>

#[derive(Debug, Copy, Clone, Eq, PartialEq, Hash, Ord, PartialOrd, Default)]

#[allow(clippy::exhaustive_structs)]

pub struct IgnoredPublicationTimeSp;

/// The lifetime of a networkstatus document.

///

/// In a consensus, this type describes when the consensus may safely

/// be used.  In a vote, this type describes the proposed lifetime for a

/// consensus.

///

/// Aggregate of three netdoc preamble fields.

#[derive(Clone, Debug, Deftly)]

#[derive_deftly(Constructor, NetdocEncodableFields, NetdocParseableFields)]

#[derive_deftly(Lifetime)]

#[allow(clippy::exhaustive_structs)]

pub struct Lifetime {

    /// `valid-after` --- Time at which the document becomes valid

    ///

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:published>

    ///

    /// (You might see a consensus a little while before this time,

    /// since voting tries to finish up before the.)

    #[deftly(constructor)]

    #[deftly(netdoc(single_arg))]

    pub valid_after: Iso8601TimeSp,

    /// `fresh-until` --- Time after which there is expected to be a better version

    /// of this consensus

    ///

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:published>

    ///

    /// You can use the consensus after this time, but there is (or is

    /// supposed to be) a better one by this point.

    #[deftly(constructor)]

    #[deftly(netdoc(single_arg))]

    pub fresh_until: Iso8601TimeSp,

    /// `valid-until` --- Time after which this consensus is expired.

    ///

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:published>

    ///

    /// You should try to get a better consensus after this time,

    /// though it's okay to keep using this one if no more recent one

    /// can be found.

    #[deftly(constructor)]

    #[deftly(netdoc(single_arg))]

    pub valid_until: Iso8601TimeSp,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

define_derive_deftly! {

    /// Bespoke derive for `Lifetime`, for `new` and accessors

    Lifetime:

    ${defcond FIELD not(approx_equal($fname, __non_exhaustive))}

    impl Lifetime {

        /// Construct a new Lifetime.

            // Make this now because otherwise literal `valid_after` here in the body

            // has the wrong span - the compiler refuses to look at the argument.

            // But we can refer to the field names.

            let self_ = Lifetime {

                $( ${when FIELD} $fname: $fname.into(), )

                __non_exhaustive: (),

            };

            if self_.valid_after < self_.fresh_until && self_.fresh_until < self_.valid_until {

                Ok(self_)

            } else {

                Err(EK::InvalidLifetime.err())

            }

        }

      $(

        ${when FIELD}

        ${fattrs doc}

            *self.$fname

        }

      )

        /// Return true if this consensus is officially valid at the provided time.

            *self.valid_after <= when && when <= *self.valid_until

        }

        /// Return the voting period implied by this lifetime.

        ///

        /// (The "voting period" is the amount of time in between when a consensus first

        /// becomes valid, and when the next consensus is expected to become valid)

            let valid_after = self.valid_after();

            let fresh_until = self.fresh_until();

            fresh_until

                .duration_since(valid_after)

                .expect("Mis-formed lifetime")

        }

    }

}

use derive_deftly_template_Lifetime;

/// A single consensus method

///

/// These are integers, but we don't do arithmetic on them.

///

/// As defined here:

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:consensus-methods>

/// <https://spec.torproject.org/dir-spec/computing-consensus.html#flavor:microdesc>

///

/// As used in a `consensus-method` item:

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:consensus-method>

#[derive(Debug, Clone, Default, Eq, PartialEq, Ord, PartialOrd, Hash, Copy)] //

#[derive(derive_more::From, derive_more::Into, derive_more::Display, derive_more::FromStr)]

pub struct ConsensusMethod(u32);

impl NormalItemArgument for ConsensusMethod {}

/// A set of consensus methods

///

/// Implements `ItemValueParseable` as required for `consensus-methods`,

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:consensus-methods>

///

/// There is also [`consensus_methods_comma_separated`] for `m` lines in votes.

#[derive(Debug, Clone, Default, Eq, PartialEq, Deftly)]

#[derive_deftly(ItemValueEncodable, ItemValueParseable)]

#[non_exhaustive]

pub struct ConsensusMethods {

    /// Consensus methods.

    pub methods: BTreeSet<ConsensusMethod>,

}

/// Module for use with parse2's `with`, to parse one argument of comma-separated consensus methods

///

/// As found in an `m` item in a vote:

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:m>

pub mod consensus_methods_comma_separated {

    use super::*;

    use parse2::ArgumentError as AE;

    use std::result::Result;

    /// Parse

        }

}

/// A set of named network parameters.

///

/// These are used to describe current settings for the Tor network,

/// current weighting parameters for path selection, and so on.  They're

/// encoded with a space-separated K=V format.

///

/// A `NetParams<i32>` is part of the validated directory manager configuration,

/// where it is built (in the builder-pattern sense) from a transparent HashMap.

///

/// As found in `params` in a network status:

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:params>

///

/// The same syntax is also used, and this type used for parsing, in various other places,

/// for example routerstatus entry `w` items (bandwidth weights):

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:w>

//

// TODO DIRAUTH torspec#401 Replace `String` with a suitable newtype

// Currently:

//  - Our parser allows any keyword that makes it into a netdoc argument,

//    but it splits on the *first* `=` so a `NetParams<i32>` cannot parse a keyword with a `=`.

//  - We provide constructors that allow any `String`, even ones containing space, `=`,

//    newline, etc.

//  - Encoding throws `Bug` if the resulting document will be clearly garbage,

//    forbidding `=`, whitespace, and controls.  If the supplied keywords are bizarre,

//    it may generate surprising documents (eg, containing exciting Unicode).

#[derive(Debug, Clone, Default, Eq, PartialEq)]

pub struct NetParams<T> {

    /// Map from keys to values.

    params: HashMap<String, T>,

}

impl<T> NetParams<T> {

    /// Create a new empty list of NetParams.

    #[allow(unused)]

    /// Retrieve a given network parameter, if it is present.

    /// Return an iterator over all key value pairs in an arbitrary order.

    /// Set or replace the value of a network parameter.

}

impl<K: Into<String>, T> FromIterator<(K, T)> for NetParams<T> {

        NetParams {

        }

}

impl<T> std::iter::Extend<(String, T)> for NetParams<T> {

}

impl<'de, T> Deserialize<'de> for NetParams<T>

where

    T: Deserialize<'de>,

{

    {

}

/// A list of subprotocol versions that implementors should/must provide.

///

/// This struct represents a pair of (optional) items:

/// `recommended-FOO-protocols` and `required-FOO-protocols`.

///

/// Each consensus has two of these: one for relays, and one for clients.

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:required-relay-protocols>

#[derive(Debug, Clone, Default, PartialEq, serde::Serialize, serde::Deserialize)]

pub struct ProtoStatus {

    /// Set of protocols that are recommended; if we're missing a protocol

    /// in this list we should warn the user.

    ///

    /// `recommended-client-protocols` or `recommended-relay-protocols`

    recommended: Protocols,

    /// Set of protocols that are required; if we're missing a protocol

    /// in this list we should refuse to start.

    ///

    /// `required-client-protocols` or `required-relay-protocols`

    required: Protocols,

}

impl ProtoStatus {

    /// Check whether the list of supported protocols

    /// is sufficient to satisfy this list of recommendations and requirements.

    ///

    /// If any required protocol is missing, returns [`ProtocolSupportError::MissingRequired`].

    ///

    /// Otherwise, if no required protocol is missing, but some recommended protocol is missing,

    /// returns [`ProtocolSupportError::MissingRecommended`].

    ///

    /// Otherwise, if no recommended or required protocol is missing, returns `Ok(())`.

        // Required protocols take precedence, so we check them first.

}

/// A subprotocol that is recommended or required in the consensus was not present.

#[derive(Clone, Debug, thiserror::Error)]

#[cfg_attr(test, derive(PartialEq))]

#[non_exhaustive]

pub enum ProtocolSupportError {

    /// At least one required protocol was not in our list of supported protocols.

    #[error("Required protocols are not implemented: {0}")]

    MissingRequired(Protocols),

    /// At least one recommended protocol was not in our list of supported protocols.

    ///

    /// Also implies that no _required_ protocols were missing.

    #[error("Recommended protocols are not implemented: {0}")]

    MissingRecommended(Protocols),

}

impl ProtocolSupportError {

    /// Return true if the suggested behavior for this error is a shutdown.

}

impl HasKind for ProtocolSupportError {

}

/// A set of recommended and required protocols when running

/// in various scenarios.

///

/// Represents the collection of four items: `{recommended,required}-{client,relay}-protocols`.

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:required-relay-protocols>

#[derive(Clone, Debug, Default, PartialEq, serde::Serialize, serde::Deserialize)]

pub struct ProtoStatuses {

    /// Lists of recommended and required subprotocol versions for clients

    client: ProtoStatus,

    /// Lists of recommended and required subprotocol versions for relays

    relay: ProtoStatus,

}

impl ProtoStatuses {

    /// Return the list of recommended and required protocols for running as a client.

    /// Return the list of recommended and required protocols for running as a relay.

}

/// A recognized 'flavor' of consensus document.

///

/// The enum is exhaustive because the addition/removal of a consensus flavor

/// should indeed be a breaking change, as it would inevitable require

/// interfacing code to think about the handling of it.

///

/// <https://spec.torproject.org/dir-spec/computing-consensus.html#flavors>

#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash, Ord, PartialOrd)]

#[allow(clippy::exhaustive_enums)]

pub enum ConsensusFlavor {

    /// A "microdesc"-flavored consensus.  This is the one that

    /// clients and relays use today.

    Microdesc,

    /// A "networkstatus"-flavored consensus.  It's used for

    /// historical and network-health purposes.  Instead of listing

    /// microdescriptor digests, it lists digests of full relay

    /// descriptors.

    Plain,

}

impl ConsensusFlavor {

    /// Return the name of this consensus flavor.

        }

    /// Try to find the flavor whose name is `name`.

    ///

    /// For historical reasons, an unnamed flavor indicates an "Plain"

    /// document.

            }

        }

}

define_derive_deftly! {

    /// Bespoke derives applied to [`DirectorySignatureHashAlgo`]

    ///

    /// Generates:

    ///

    ///  * [`DirectorySignaturesHashesAccu`]

    ///  * [`DirectorySignaturesHashesAccu::update_from`]

    ///  * [`DirectorySignaturesHashesAccu::hash_slice_for_verification`]

    DirectorySignaturesHashesAccu:

    ${define FNAME ${paste ${snake_case $vname}} }

    /// `directory-signature`a hash algorithm argument

    #[derive(Clone, Copy, Default, Debug, Eq, PartialEq, Deftly)]

    #[derive_deftly(AsMutSelf)]

    #[non_exhaustive]

    pub struct DirectorySignaturesHashesAccu {

      $(

        ${vattrs doc}

        $FNAME: Option<[u8; ${vmeta(hash_len) as expr}]>,

      )

      /// `sha1` but without the algorithm name

      ///

      /// This is needed because the hash includes the whole signature item keyword line,

      /// and therefore a signature with the `sha1` explicitly stated,

      /// and one without, have different hashes!

      ///

      /// So we mustn't use the `sha1` field for both implicit and explicit use of SHA-1,

      /// or multiple signatures with different syntax would overwrite each others'

      /// different hashes.

      sha1_unnamed: Option<[u8; 20]>,

    }

    impl DirectorySignaturesHashesAccu {

        /// Calculate the hash for a signature item and update this accumulator

            &mut self,

            algo: &DigestAlgoInSignature,

            body: &SignatureHashInputs,

        ) {

            // Update the hash in self.$UPDATE according to algorithm $AGLO

            // (uses dynamic bindings of those parameters)

            ${define HASH {

                // Avoid recalculating if we don't need to

                    let mut h = tor_llcrypto::d::$ALGO::new();

                    h.update(body.body().body());

                    h.update(body.signature_item_kw_spc);

                    h.finalize().into()

                });

            }}

            match &**algo {

              $(

                Some(KeywordOrString::Known($vtype)) => {

                    ${define UPDATE $FNAME}

                    ${define ALGO $vname}

                    $HASH

                }

              )

                None => {

                    ${define UPDATE sha1_unnamed}

                    ${define ALGO Sha1}

                    $HASH

                }

                Some(KeywordOrString::Unknown(..)) => {}

            }

        }

        /// Return the hash value for a specific algorithm, as a slice

        ///

        /// `None` if the value wasn't computed.

        /// That shouldn't happen.

        // TODO DIRAUTH make private when poc's verification is abolished

            match &**algo {

              $(

                Some(KeywordOrString::Known($vtype)) => Some(self.$FNAME.as_ref()?),

              )

                None => Some(self.sha1_unnamed.as_ref()?),

                Some(KeywordOrString::Unknown(..)) => None,

            }

        }

    }

}

/// `directory-signature` hash algorithm argument

#[derive(Clone, Copy, Debug, Eq, PartialEq, strum::Display, strum::EnumString, Deftly)]

#[derive_deftly(DirectorySignaturesHashesAccu)]

#[non_exhaustive]

#[strum(serialize_all = "snake_case")]

pub enum DirectorySignatureHashAlgo {

    /// SHA-1

    #[deftly(hash_len = "20")]

    Sha1,

    /// SHA-256

    #[deftly(hash_len = "32")]

    Sha256,

}

/// `algorithm` field in a `directory-signature` item

///

/// This is extremely bizarre: it's an *optional item at the start of the arguments*!

// TODO SPEC #350

///

/// So we parse it with some kind of nightmarish lookahead.

///

/// Additionally, to be able to convey the signatures accurately, without breaking them,

/// we must remember whether the argument was present.

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:directory-signature>

#[derive(Debug, Clone, derive_more::Deref, derive_more::DerefMut)]

#[allow(clippy::exhaustive_structs)]

pub struct DigestAlgoInSignature(pub Option<KeywordOrString<DirectorySignatureHashAlgo>>);

impl ItemArgumentParseable for DigestAlgoInSignature {

            // Treat it as a fingerprint if it doesn't have any non-hex characters

            // (including lowercase ones).  If we reuse this item for new algorithms

            // they should have at least one letter g-z in their name.

        {

            // next argument looks enough like a fingerprint that we don't treat as an algo name

        } else {

        };

}

impl ItemArgument for DigestAlgoInSignature {

}

impl DigestAlgoInSignature {

    /// Return the actual algorithm

    ///

    /// This handles the defaulting, where an absent argument means `sha1`.

}

impl NormalItemArgument for DirectorySignatureHashAlgo {}

/// The signature of a single directory authority on a networkstatus document.

///

/// Implements `ItemValueParseable` which parses without hashing anything;

/// this is mostly useful for use by the `SignatureItemParseable` implementation.

#[derive(Debug, Clone, Deftly)]

#[derive_deftly(ItemValueEncodable, ItemValueParseable)]

#[non_exhaustive]

pub struct Signature {

    /// The name of the digest algorithm used to make the signature.

    ///

    /// Currently sha1 and sh256 are recognized.  Here we only support

    /// sha256.

    pub digest_algo: DigestAlgoInSignature,

    /// Fingerprints of the keys for the authority that made

    /// this signature.

    #[deftly(netdoc(with = authcert::keyids_directory_signature_args))]

    pub key_ids: AuthCertKeyIds,

    /// The signature itself.

    #[deftly(netdoc(object(label = "SIGNATURE"), with = types::raw_data_object))]

    pub signature: Vec<u8>,

}

impl SignatureItemParseable for Signature {

    type HashAccu = DirectorySignaturesHashesAccu;

}

/// A collection of signatures that can be checked on a networkstatus document

#[derive(Debug, Clone)]

#[non_exhaustive]

pub struct SignatureGroup {

    /// The sha256 of the document itself

    pub sha256: Option<[u8; 32]>,

    /// The sha1 of the document itself

    pub sha1: Option<[u8; 20]>,

    /// The signatures listed on the document.

    pub signatures: Vec<Signature>,

}

/// A shared random value produced by the directory authorities.

#[derive(

    Debug, Clone, Copy, Eq, PartialEq, derive_more::From, derive_more::Into, derive_more::AsRef,

)]

// (This doesn't need to use CtByteArray; we don't really need to compare these.)

pub struct SharedRandVal([u8; 32]);

/// A shared-random value produced by the directory authorities,

/// along with meta-information about that value.

#[derive(Debug, Clone, Deftly)]

#[non_exhaustive]

#[derive_deftly(ItemValueEncodable, ItemValueParseable)]

pub struct SharedRandStatus {

    /// How many authorities revealed shares that contributed to this value.

    pub n_reveals: u8,

    /// The current random value.

    ///

    /// The properties of the secure shared-random system guarantee

    /// that this value isn't predictable before it first becomes

    /// live, and that a hostile party could not have forced it to

    /// have any more than a small number of possible random values.

    pub value: SharedRandVal,

    /// The time when this SharedRandVal becomes (or became) the latest.

    ///

    /// (This is added per proposal 342, assuming that gets accepted.)

    pub timestamp: Option<Iso8601TimeNoSp>,

}

/// The two shared random values, `shared-rand-*-value`

///

/// As found in the consensus preamble

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:shared-rand-current-value>

/// and a vote's authority section

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#authority-item-shared-rand-value>

#[derive(Debug, Clone, Default, Deftly)]

#[derive_deftly(Constructor, NetdocEncodableFields, NetdocParseableFields)]

#[allow(clippy::exhaustive_structs)]

pub struct SharedRandStatuses {

    /// Global shared-random value for the previous shared-random period.

    pub shared_rand_previous_value: Option<SharedRandStatus>,

    /// Global shared-random value for the current shared-random period.

    pub shared_rand_current_value: Option<SharedRandStatus>,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

/// Recognized weight fields on a single relay in a consensus

#[non_exhaustive]

#[derive(Debug, Clone, Copy)]

pub enum RelayWeight {

    /// An unmeasured weight for a relay.

    Unmeasured(u32),

    /// An measured weight for a relay.

    Measured(u32),

}

impl RelayWeight {

    /// Return true if this weight is the result of a successful measurement

    /// Return true if this weight is nonzero

}

/// Authority entry in a consensus - deprecated compatibility type alias

#[deprecated = "renamed to ConsensusAuthorityEntry"]

pub type ConsensusVoterInfo = ConsensusAuthorityEntry;

/// Authority entry in a plain consensus - type alias provided for consistency

pub type PlainAuthorityEntry = ConsensusAuthorityEntry;

/// Authority entry in an md consensus - type alias provided for consistency

pub type MdAuthorityEntry = ConsensusAuthorityEntry;

/// An authority entry as found in a consensus

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#section:authority-entry>

///

/// See also [`VoteAuthorityEntry`]

//

// We don't use the `each_variety` system for this because:

//  1. That avoids separating the two consensus authority entry types, which are identical

//  2. The only common fields are `dir-source` and `contact`, so there is little duplication

#[derive(Debug, Clone, Deftly)]

#[derive_deftly(Constructor, NetdocEncodable, NetdocParseable)]

#[allow(clippy::exhaustive_structs)]

pub struct ConsensusAuthorityEntry {

    /// Contents of the `dir-source` line about an authority

    #[deftly(constructor)]

    pub dir_source: DirSource,

    /// Human-readable contact information about the authority

    //

    // If more non-intro fields get added that are the same in votes and cosensuses,

    // consider using each_variety.rs or breaking those fields out into

    // `AuthorityEntryCommon` implementing `NetdocParseableFields`, or something.

    #[deftly(constructor)]

    pub contact: ContactInfo,

    /// Digest of the vote that the authority cast to contribute to

    /// this consensus.

    ///

    /// This is not a fixed-length, fixed-algorithm field.

    /// Bizarrely, the algorithm is supposed to be inferred from the length!

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:vote-digest>

    #[deftly(netdoc(single_arg))]

    #[deftly(constructor)]

    pub vote_digest: B16U,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

/// An authority entry as found in a vote

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#section:authority-entry>

///

/// See also [`ConsensusAuthorityEntry`]

#[derive(Debug, Clone, Deftly)]

#[derive_deftly(Constructor, NetdocEncodable, NetdocParseable)]

#[allow(clippy::exhaustive_structs)]

pub struct VoteAuthorityEntry {

    /// Contents of the `dir-source` line about an authority

    #[deftly(constructor)]

    pub dir_source: DirSource,

    /// Human-readable contact information about the authority

    #[deftly(constructor)]

    pub contact: ContactInfo,

    /// `legacy-dir-key` - superseded authority identity key

    ///

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:legacy-dir-key>

    #[deftly(netdoc(single_arg))]

    pub legacy_dir_key: Option<Fingerprint>,

    /// `shared-rand-participate` - Indicate shared random participation

    ///

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:shared-rand-participate>

    pub shared_rand_participate: Option<SharedRandParticipate>,

    /// `shared-rand-commit` - Shared random commitment

    ///

    /// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:shared-rand-commit>

    pub shared_rand_commit: Vec<SharedRandCommit>,

    /// Global shared-random values

    #[deftly(netdoc(flatten))]

    pub shared_rand: SharedRandStatuses,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

/// `shared-rand-participate` in a vote authority entry

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:shared-rand-participate>

//

// We could have done `shared_rand_participate: Option<()>` in VoteAuthorityEntry,

// but then we might end up with variables of type `&Option<()>` etc.

// whose meaning has been detached from its type.

//

// TODO DIRAUTH rework this according to the API design conclusion from !3977 when there is one

#[derive(Debug, Clone, Deftly)]

#[derive_deftly(Constructor, ItemValueEncodable, ItemValueParseable)]

#[allow(clippy::exhaustive_structs)]

pub struct SharedRandParticipate {

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

/// `shared-rand-commit` in a vote authority entry

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:shared-rand-commit>

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Deftly)]

// If new protocols use this item with a different version, we'll call it an API break.

#[allow(clippy::exhaustive_enums)]

pub enum SharedRandCommit {

    /// Version 1, the only one supported

    V1(SharedRandCommitV1),

    /// Other versions.  Cannot be encoded.

    // It's not clear that future versions will use this version mechanism.  torspec#408.

    Unknown {},

}

/// `shared-rand-commit` in a vote authority entry

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#item:shared-rand-commit>

///

/// Version and hash are not explicitly represented.  See torspec#407.

///

/// `ItemValueEncodable` and `ItemValueParseable` impls do not include the fixed arguments;

/// in a netdoc, this type should be used within `SharedRandCommit::V1`.

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Deftly)]

#[derive_deftly(Constructor, ItemValueEncodable, ItemValueParseable)]

#[allow(clippy::exhaustive_structs)]

pub struct SharedRandCommitV1 {

    /// Authority id key, recapitulated.

    // TODO this field shouldn't here at all torspec#407

    #[deftly(constructor)]

    h_kp_auth_id_rsa: Fingerprint,

    /// Commitment

    ///

    /// `TIMESTAMP || SHA3_256(REVEAL)`, as per

    /// <https://spec.torproject.org/srv-spec/specification.html#COMMITREVEAL>

    //

    // TOOD we would like to replace this with a type that separates out the pieces!

    // But that would need a FixedB64 generic over some tor-bytes trait, or something.

    #[deftly(constructor)]

    commit: FixedB64<40>,

    /// Reveal

    ///

    /// `TIMESTAMP || random number`, as per

    /// <https://spec.torproject.org/srv-spec/specification.html#COMMITREVEAL>

    reveal: Option<FixedB64<40>>,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

impl SharedRandCommitV1 {

    /// The fixed arguments that precede the actual value in `shared-rand-commit 1 ...`

    const FIXED_ARGUMENTS: &[&str] = &["1", "sha3-256"];

}

impl ItemValueEncodable for SharedRandCommit {

            }

        }

}

impl ItemValueParseable for SharedRandCommit {

        }

}

// For `ConsensusAuthoritySection`, see `dir_source.rs`.

define_derive_deftly! {

    /// Ad-hoc derive, `impl NetdocParseable for VoteAuthoritySection`

    ///

    /// We can't derive from `VoteAuthoritySection` with the normal macros, because

    /// it's not a document, with its own intro item.  It's just a collection of sub-documents.

    /// The netdoc derive macros don't have support for that - and it would be a fairly

    /// confusing thing to support because you'd end up with nested multiplicities and a whole

    /// variety of "intro item keywords" that were keywords for arbitrary sub-documents.

    ///

    /// Instead, we do that ad-hoc here.  It's less confusing because we don't need to

    /// worry about multiplicity, and because we know what only the outer document is

    /// that will contain this.

    VoteAuthoritySection:

    ${defcond F_NORMAL not(fmeta(netdoc(skip)))}

    #[cfg(feature = "incomplete")] // needs EncodedAuthCert, otherwise complete

    impl NetdocParseable for VoteAuthoritySection {

            "vote.authority.section"

        }

            VoteAuthorityEntry::is_intro_item_keyword(kw)

        }

          $(

            ${when F_NORMAL}

            if let y @ Some(_) = $ftype::is_structural_keyword(kw) {

                return y;

            }

          )

            None

        }

            let stop_inner = stop_outer

              $(

                ${when F_NORMAL}

                | StopAt($ftype::is_intro_item_keyword)

              )

            ;

            Ok(VoteAuthoritySection { $(

                ${when F_NORMAL}

                $fname: NetdocParseable::from_items(input, stop_inner)?,

            )

                __non_exhaustive: (),

            })

        }

    }

    #[cfg(feature = "incomplete")]

    impl NetdocEncodable for VoteAuthoritySection {

          $(

            ${when F_NORMAL}

            self.$fname.encode_unsigned(out)?;

          )

          Ok(())

        }

    }

}

/// An authority section in a vote

///

/// <https://spec.torproject.org/dir-spec/consensus-formats.html#section:authority>

//

// We have split this out to help encapsulate vote/consensus-specific

// information in a forthcoming overall network status document type.

#[derive(Deftly, Clone, Debug)]

#[derive_deftly(VoteAuthoritySection, Constructor)]

#[allow(clippy::exhaustive_structs)]

#[cfg(feature = "incomplete")] // needs EncodedAuthCert, otherwise complete

pub struct VoteAuthoritySection {

    /// Authority entry

    #[deftly(constructor)]

    pub authority: VoteAuthorityEntry,

    /// Authority key certificate

    #[deftly(constructor)]

    pub cert: EncodedAuthCert,

    #[doc(hidden)]

    #[deftly(netdoc(skip))]

    pub __non_exhaustive: (),

}

/// The signed footer of a consensus netstatus.

#[derive(Debug, Clone)]

#[non_exhaustive]

pub struct Footer {

    /// Weights to be applied to certain classes of relays when choosing

    /// for different roles.

    ///

    /// For example, we want to avoid choosing exits for non-exit

    /// roles when overall the proportion of exits is small.

    pub weights: NetParams<i32>,

}

/// A consensus document that lists relays along with their

/// microdescriptor documents.

pub type MdConsensus = md::Consensus;

/// An MdConsensus that has been parsed and checked for timeliness,

/// but not for signatures.

pub type UnvalidatedMdConsensus = md::UnvalidatedConsensus;

/// An MdConsensus that has been parsed but not checked for signatures

/// and timeliness.

pub type UncheckedMdConsensus = md::UncheckedConsensus;

/// A consensus document that lists relays along with their

/// router descriptor documents.

pub type PlainConsensus = plain::Consensus;

/// An PlainConsensus that has been parsed and checked for timeliness,

/// but not for signatures.

pub type UnvalidatedPlainConsensus = plain::UnvalidatedConsensus;

/// An PlainConsensus that has been parsed but not checked for signatures

/// and timeliness.

pub type UncheckedPlainConsensus = plain::UncheckedConsensus;

decl_keyword! {

    /// Keywords that can be used in votes and consensuses.

    // TODO: This is public because otherwise we can't use it in the

    // ParseRouterStatus crate.  But I'd rather find a way to make it

    // private.

    #[non_exhaustive]

    #[allow(missing_docs)]

    pub NetstatusKwd {

        // Header

        "network-status-version" => NETWORK_STATUS_VERSION,

        "vote-status" => VOTE_STATUS,

        "consensus-methods" => CONSENSUS_METHODS,

        "consensus-method" => CONSENSUS_METHOD,

        "published" => PUBLISHED,

        "valid-after" => VALID_AFTER,

        "fresh-until" => FRESH_UNTIL,

        "valid-until" => VALID_UNTIL,

        "voting-delay" => VOTING_DELAY,

        "client-versions" => CLIENT_VERSIONS,

        "server-versions" => SERVER_VERSIONS,

        "known-flags" => KNOWN_FLAGS,

        "flag-thresholds" => FLAG_THRESHOLDS,

        "recommended-client-protocols" => RECOMMENDED_CLIENT_PROTOCOLS,

        "required-client-protocols" => REQUIRED_CLIENT_PROTOCOLS,

        "recommended-relay-protocols" => RECOMMENDED_RELAY_PROTOCOLS,

        "required-relay-protocols" => REQUIRED_RELAY_PROTOCOLS,

        "params" => PARAMS,

        "bandwidth-file-headers" => BANDWIDTH_FILE_HEADERS,

        "bandwidth-file-digest" => BANDWIDTH_FILE_DIGEST,

        // "package" is now ignored.

        // header in consensus, voter section in vote?

        "shared-rand-previous-value" => SHARED_RAND_PREVIOUS_VALUE,

        "shared-rand-current-value" => SHARED_RAND_CURRENT_VALUE,

        // Voter section (both)

        "dir-source" => DIR_SOURCE,

        "contact" => CONTACT,

        // voter section (vote, but not consensus)

        "legacy-dir-key" => LEGACY_DIR_KEY,

        "shared-rand-participate" => SHARED_RAND_PARTICIPATE,

        "shared-rand-commit" => SHARED_RAND_COMMIT,

        // voter section (consensus, but not vote)

        "vote-digest" => VOTE_DIGEST,

        // voter cert beginning (but only the beginning)

        "dir-key-certificate-version" => DIR_KEY_CERTIFICATE_VERSION,

        // routerstatus

        "r" => RS_R,

        "a" => RS_A,

        "s" => RS_S,

        "v" => RS_V,

        "pr" => RS_PR,

        "w" => RS_W,

        "p" => RS_P,

        "m" => RS_M,

        "id" => RS_ID,

        // footer

        "directory-footer" => DIRECTORY_FOOTER,

        "bandwidth-weights" => BANDWIDTH_WEIGHTS,

        "directory-signature" => DIRECTORY_SIGNATURE,

    }

}

/// Shared parts of rules for all kinds of netstatus headers

    use NetstatusKwd::*;

/// Rules for parsing the header of a consensus.

    use NetstatusKwd::*;

/*

/// Rules for parsing the header of a vote.

static NS_HEADER_RULES_VOTE: SectionRules<NetstatusKwd> = {

    use NetstatusKwd::*;

    let mut rules = NS_HEADER_RULES_COMMON_.clone();

    rules.add(CONSENSUS_METHODS.rule().args(1..));

    rules.add(FLAG_THRESHOLDS.rule());

    rules.add(BANDWIDTH_FILE_HEADERS.rule());

    rules.add(BANDWIDTH_FILE_DIGEST.rule().args(1..));

    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());

    rules

};

/// Rules for parsing a single voter's information in a vote.

static NS_VOTERINFO_RULES_VOTE: SectionRules<NetstatusKwd> = {

    use NetstatusKwd::*;

    let mut rules = SectionRules::new();

    rules.add(DIR_SOURCE.rule().required().args(6..));

    rules.add(CONTACT.rule().required());

    rules.add(LEGACY_DIR_KEY.rule().args(1..));

    rules.add(SHARED_RAND_PARTICIPATE.rule().no_args());

    rules.add(SHARED_RAND_COMMIT.rule().may_repeat().args(4..));

    rules.add(SHARED_RAND_PREVIOUS_VALUE.rule().args(2..));

    rules.add(SHARED_RAND_CURRENT_VALUE.rule().args(2..));

    // then comes an entire cert: When we implement vote parsing,

    // we should use the authcert code for handling that.

    rules.add(UNRECOGNIZED.rule().may_repeat().obj_optional());

    rules

};

 */

/// Rules for parsing a single voter's information in a consensus

    use NetstatusKwd::*;

/// Shared rules for parsing a single routerstatus

static NS_ROUTERSTATUS_RULES_COMMON_: LazyLock<SectionRulesBuilder<NetstatusKwd>> =

        use NetstatusKwd::*;

/// Rules for parsing a single routerstatus in an NS consensus

    use NetstatusKwd::*;

/*

/// Rules for parsing a single routerstatus in a vote

static NS_ROUTERSTATUS_RULES_VOTE: SectionRules<NetstatusKwd> = {

    use NetstatusKwd::*;

        let mut rules = NS_ROUTERSTATUS_RULES_COMMON_.clone();

        rules.add(RS_R.rule().required().args(8..));

        rules.add(RS_M.rule().may_repeat().args(2..));

        rules.add(RS_ID.rule().may_repeat().args(2..)); // may-repeat?

        rules

    };

*/

/// Rules for parsing a single routerstatus in a microdesc consensus

    use NetstatusKwd::*;

/// Rules for parsing consensus fields from a footer.

    use NetstatusKwd::*;

    // consensus only

impl ProtoStatus {

    /// Construct a ProtoStatus from two chosen keywords in a section.

        /// Helper: extract a Protocols entry from an item's arguments.