ziti

type Config struct {
	//ZtAPI should be in the form of https://<domain>[:<port>]/edge/client/v1. For backwards compatability with single controller identities
	ZtAPI string `json:"ztAPI"`

	//ZtAPIs is an array of ZtAPI values, supersedes `ZtAPI`. ZtAPIs is used to make an initial connection to a controller.
	ZtAPIs []string `json:"ztAPIs"`

	//ConfigTypes is an array of string configuration types that will be requested from the controller
	//for services.
	ConfigTypes []string `json:"configTypes"`

	//The ID field allows configurations is maintained for backwards compatability with previous SDK versions.
	//If set, it will be used to set the Credentials field.
	ID identity.Config `json:"id"`

	//The Credentials field is used to authenticate with the Edge Client API. If the ID field is set, it will be used
	//to populate this field with credentials.
	Credentials apis.Credentials `json:"-"`

	//EnableHa will signal to the SDK to query and use OIDC authentication which is required for HA controller setups.
	//This is a temporary feature flag that will be removed and "default to true" at a later date.
	EnableHa bool `json:"enableHa"`
}

type Context interface {
	// Authenticate attempts to use credentials configured on the Context to perform authentication. The authentication
	// implementation used is configured via the Credentials field on an Option struct provided during Context
	// creation.
	Authenticate() error

	// SetCredentials sets the credentials used to authenticate against the Edge Client API.
	SetCredentials(authenticator apis.Credentials)

	// GetCredentials returns the currently set credentials used to authenticate against the Edge Client API.
	GetCredentials() apis.Credentials

	// GetCurrentIdentity returns the Edge API details of the currently authenticated identity.
	GetCurrentIdentity() (*rest_model.IdentityDetail, error)

	// GetCurrentIdentityWithBackoff returns the Edge API details of the currently authenticated identity. with retry if necessary
	GetCurrentIdentityWithBackoff() (*rest_model.IdentityDetail, error)

	// Dial attempts to connect to a service using a given service name; authenticating as necessary in order to obtain
	// a service session, attach to Edge Routers, and connect to a service.
	Dial(serviceName string) (edge.Conn, error)

	// DialWithOptions performs the same logic as Dial but allows specification of DialOptions.
	DialWithOptions(serviceName string, options *DialOptions) (edge.Conn, error)

	// DialAddr finds the service for given address and performs a Dial for it.
	DialAddr(network string, addr string) (edge.Conn, error)

	// Listen attempts to host a service by the given service name;  authenticating as necessary in order to obtain
	// a service session, attach to Edge Routers, and bind (host) the service.
	Listen(serviceName string) (edge.Listener, error)

	// ListenWithOptions performs the same logic as Listen, but allows the specification of ListenOptions.
	ListenWithOptions(serviceName string, options *ListenOptions) (edge.Listener, error)

	// GetServiceId will return the id of a specific service by service name. If not found, false, will be returned
	// with an empty string.
	GetServiceId(serviceName string) (string, bool, error)

	// GetServices will return a slice of service details that the current authenticating identity can access for
	// dial (connect) or bind (host/listen).
	GetServices() ([]rest_model.ServiceDetail, error)

	// GetService will return the service details of a specific service by service name.
	GetService(serviceName string) (*rest_model.ServiceDetail, bool)

	// GetServiceForAddr finds the service with intercept that matches best to given address
	GetServiceForAddr(network, hostname string, port uint16) (*rest_model.ServiceDetail, int, error)

	// RefreshServices forces the context to refresh the list of services the current authenticating identity has access
	// to.
	RefreshServices() error

	// RefreshService forces the context to refresh just the service with the given name. If the given service isn't
	// found, a nil will be returned
	RefreshService(serviceName string) (*rest_model.ServiceDetail, error)

	// GetServiceTerminators will return a slice of rest_model.TerminatorClientDetail for a specific service name.
	// The offset and limit options can be used to page through excessive lists of items. A max of 500 is imposed on
	// limit.
	GetServiceTerminators(serviceName string, offset, limit int) ([]*rest_model.TerminatorClientDetail, int, error)

	// GetSession will return the session detail associated with a specific session id.
	GetSession(id string) (*rest_model.SessionDetail, error)

	// Metrics will return the current context's metrics Registry.
	Metrics() metrics.Registry

	// Close closes any connections open to edge routers
	Close()

	// Deprecated: AddZitiMfaHandler adds a Ziti MFA handler, invoked during authentication.
	// Replaced with event functionality. Use `zitiContext.AddListener(MfaTotpCode, handler)` instead.
	AddZitiMfaHandler(handler func(query *rest_model.AuthQueryDetail, resp MfaCodeResponse) error)

	// EnrollZitiMfa will attempt to enable TOTP 2FA on the currently authenticating identity if not already enrolled.
	EnrollZitiMfa() (*rest_model.DetailMfa, error)

	// VerifyZitiMfa will attempt to complete enrollment of TOTP 2FA with the given code.
	VerifyZitiMfa(code string) error

	// RemoveZitiMfa will attempt to remove TOTP 2FA for the current identity
	RemoveZitiMfa(code string) error

	// GetId returns a unique context id
	GetId() string

	// SetId allows the setting of a context's id
	SetId(id string)

	Events() Eventer
}

type ContextDialer interface {
	DialContext(ctx context.Context, network, address string) (net.Conn, error)
}

type ContextImpl struct {
	Id string

	CtrlClt *CtrlClient

	events.EventEmmiter
	// contains filtered or unexported fields
}

type CtrlClient struct {
	*apis.ClientApiClient
	Credentials apis.Credentials

	ApiSessionCertificateDetail rest_model.CurrentAPISessionCertificateDetail
	ApiSessionCsr               x509.CertificateRequest
	ApiSessionCertificate       *x509.Certificate
	ApiSessionPrivateKey        *ecdsa.PrivateKey
	ApiSessionCertInstance      string

	PostureCache *posture.Cache
	ConfigTypes  []string
	// contains filtered or unexported fields
}

type CtxCollection struct {
	ConfigTypes []string
	// contains filtered or unexported fields
}

type DialOptions struct {
	ConnectTimeout time.Duration
	Identity       string
	AppData        []byte
}

type Dialer interface {
	Dial(network, address string) (net.Conn, error)
}

type EnrollmentClaims struct {
	jwt.RegisteredClaims
	EnrollmentMethod string            `json:"em"`
	Controllers      []string          `json:"ctrls"`
	SignatureCert    *x509.Certificate `json:"-"`
}

type Eventer interface {
	// AddServiceAddedListener adds an event listener for the EventServiceAdded event and returns a function to remove
	// the listener. It is emitted any time a new service definition is received. The service detail provided is the
	// service that was added.
	AddServiceAddedListener(func(Context, *rest_model.ServiceDetail)) func()

	// AddServiceChangedListener adds an event listener for the EventServiceChanged event and returns a function to remove
	// the listener. It is emitted any time a known service definition is updated with new values. The service detail
	// provided is the service that was changed.
	AddServiceChangedListener(func(Context, *rest_model.ServiceDetail)) func()

	// AddServiceRemovedListener adds an event listener for the EventServiceRemoved event and returns a function to remove
	// the listener. It is emitted any time known service definition is no longer accessible. The service detail
	// provided is the service that was removed.
	AddServiceRemovedListener(func(Context, *rest_model.ServiceDetail)) func()

	// AddRouterConnectedListener adds an event listener for the EventRouterConnected event and returns a function to remove
	// the listener. It is emitted any time a router connection is established. The strings provided are router name and connection address.
	AddRouterConnectedListener(func(ztx Context, name string, addr string)) func()

	// AddRouterDisconnectedListener adds an event listener for the EventRouterDisconnected event and returns a function to remove
	// the listener. It is emitted any time a router connection is closed. The strings provided are router name and connection address.
	AddRouterDisconnectedListener(func(ztx Context, name string, addr string)) func()

	// AddMfaTotpCodeListener adds an event listener for the EventMfaTotpCode event and returns a function to remove
	// the listener. It is emitted any time the currently authenticated API Session requires an MFA TOTP Code for
	// authentication. The authentication query detail and an MfaCodeResponse function are provided. The MfaCodeResponse
	// should be invoked to answer the MFA TOTP challenge.
	//
	// Authentication challenges for MFA are modeled as authentication queries, and is provided to listeners for
	// informational purposes. This event handler is a specific authentication query that responds to the internal Ziti
	// MFA TOTP challenge only. All authentication queries, including MFA TOTP ones, are also available through
	// AddAuthQueryListener, but does not provide typed response callbacks.
	AddMfaTotpCodeListener(func(Context, *rest_model.AuthQueryDetail, MfaCodeResponse)) func()

	// AddAuthQueryListener adds an event listener for the EventAuthQuery event and returns a function to remove
	// the listener. The event is emitted any time the current API Session is required to pass additional authentication
	// challenges - which enabled MFA functionality.
	AddAuthQueryListener(func(Context, *rest_model.AuthQueryDetail)) func()

	// AddAuthenticationStatePartialListener adds an event listener for the EventAuthenticationStatePartial event and
	// returns a function to remove the listener. Partial authentication occurs when there are unmet authentication
	// queries - which are defined by the authentication policy associated with the identity. The
	// EventAuthQuery or EventMfaTotpCode events will also coincide with this event. Additionally, the authentication
	// queries that triggered this event are available on the API Session detail in the `AuthQueries` field.
	//
	// In the partially authenticated state, a context will have reduced capabilities. It will not be able to
	// update/list services, create service sessions, etc. It will be able to enroll in TOTP MFA and answer
	// authentication queries.
	//
	// One all authentication queries are answered, the EventAuthenticationStateFull event will be emitted. For
	// identities that do not have secondary authentication challenges associated with them, this even will never
	// be emitted.
	AddAuthenticationStatePartialListener(func(Context, edge_apis.ApiSession)) func()

	// AddAuthenticationStateFullListener adds an event listener for the EventAuthenticationStateFull event and
	// returns a function to remove the listener. Full authentication occurs when there are no unmet authentication
	// queries - which are defined by the authentication policy associated with the identity. In a fully authenticated
	// state, the context will be able to perform all client actions.
	AddAuthenticationStateFullListener(func(Context, edge_apis.ApiSession)) func()

	// AddAuthenticationStateUnauthenticatedListener adds an event listener for the EventAuthenticationStateUnauthenticated
	// event and returns a function to remove the listener. The unauthenticated state occurs when the API session
	// currently being used is no longer valid. API Sessions may become invalid due to prolonged inactivity due to
	// network disconnection, the host machine entering a power saving/sleep mode, etc. It may also occur due to
	// administrative action such as removing specific API Sessions or removing entire identities.
	//
	// The API Session detail provided to the listener may be nil. If it is not nil, the API Session detail is the
	// now expired API Session.
	AddAuthenticationStateUnauthenticatedListener(func(Context, edge_apis.ApiSession)) func()

	// AddListener is an alias for .On(eventName, listener).
	AddListener(events.EventName, ...events.Listener)

	// EventNames returns an array listing the events for which the emitter has registered listeners.
	// The values in the array will be strings.
	EventNames() []events.EventName

	// GetMaxListeners returns the max listeners for this emmiter
	// see SetMaxListeners
	GetMaxListeners() int

	// ListenerCount returns the length of all registered listeners to a particular event
	ListenerCount(events.EventName) int

	// Listeners returns a copy of the array of listeners for the event named eventName.
	Listeners(events.EventName) []events.Listener

	// On registers a particular listener for an event, func receiver parameter(s) is/are optional
	On(events.EventName, ...events.Listener)

	// Once adds a one-time listener function for the event named eventName.
	// The next time eventName is triggered, this listener is removed and then invoked.
	Once(events.EventName, ...events.Listener)

	// RemoveAllListeners removes all listeners, or those of the specified eventName.
	// Note that it will remove the event itself.
	// Returns an indicator if event and listeners were found before the remove.
	RemoveAllListeners(events.EventName) bool

	// RemoveListener removes given listener from the event named eventName.
	// Returns an indicator whether listener was removed
	RemoveListener(events.EventName, events.Listener) bool
}

type KeyAlgVar string

type ListenEventObserver interface {
	Notify(eventType ListenEventType)
}

type ListenEventType int

type ListenOptions struct {
	// Initial static cost assigned to terminators for this service
	Cost uint16

	// Initial precedence assigned to terminators for this service
	Precedence Precedence

	// When using WaitForNEstablishedListeners, how long to wait before giving
	// if N listeners can't be established
	ConnectTimeout time.Duration

	// Maximum number of terminators to establish. If a value less than 1 is provided,
	// will default to 1. At most one terminator will be established per available
	// edge router. If both MaxConnections and MaxTerminators have non-zer values,
	// the value from MaxTerminators will be used
	//
	// Deprecated: used MaxTerminators instead.
	MaxConnections int

	// Maximum number of terminators to establish. If a value less than 1 is provided,
	// will default to 1. At most one terminator will be established per available
	// edge router. If both MaxConnections and MaxTerminators have non-zer values,
	// the value from MaxTerminators will be used
	MaxTerminators int

	// Instance name to assign to terminators for this service
	Identity string

	// Assign the name of the edge identity hosting the service to the terminator's instance name
	// Overrides any name specified using the Identity field in ListenOptions
	BindUsingEdgeIdentity bool

	// If set to true, requires that AcceptEdge is called on the edge.Listener
	ManualStart bool

	// Wait for N listeners before returning from the Listen call. By default it will return
	// before any listeners have been established.
	WaitForNEstablishedListeners uint
}

type MfaCodeResponse func(code string) error

type Options struct {
	// Service refresh interval. May not be less than 1 second
	RefreshInterval time.Duration

	// Edge session refresh interval. Edge session only need to be refreshed if the list of available
	// edge routers has changed. This should be a relatively rare occurrence. If a dial fails, the
	// edge session will be refreshed regardless.
	// May not be less than 1 second
	SessionRefreshInterval time.Duration

	// Deprecated: OnContextReady is a callback that is invoked after the first successful authentication request. It
	// does not delineate between fully and partially authenticated API Sessions. Use context.AddListener() with the events
	// EventAuthenticationStateFull, EventAuthenticationStatePartial, EventAuthenticationStateUnAuthenticated instead.
	OnContextReady func(ctx Context)

	// Deprecated: OnServiceUpdate is a callback that is invoked when a service changes its definition.
	// Use `zitiContext.AddListener(<eventName>, handler)` where `eventName` may be EventServiceAdded, EventServiceChanged, EventServiceRemoved.
	OnServiceUpdate     serviceCB
	EdgeRouterUrlFilter func(string) bool
}

type Precedence byte

type ServiceEventType string

type SessionType rest_model.DialBind

type Versions struct {
	Api           string `json:"api"`
	EnrollmentApi string `json:"enrollmentApi"`
}