package starnet

import (
	"crypto/tls"
	"net"
	"time"
)

// GetConfigForClientFunc selects TLS config by hostname/SNI.
type GetConfigForClientFunc func(hostname string) (*tls.Config, error)

// ListenerConfig controls listener behavior.
type ListenerConfig struct {
	// BaseTLSConfig is used for TLS when dynamic selection returns nil.
	BaseTLSConfig *tls.Config

	// GetConfigForClient selects TLS config for a hostname.
	GetConfigForClient GetConfigForClientFunc

	// AllowNonTLS allows plain TCP fallback.
	AllowNonTLS bool

	// SniffTimeout bounds protocol sniffing time. 0 means no timeout.
	SniffTimeout time.Duration

	// MaxClientHelloBytes limits buffered sniff data.
	// If <= 0, default 64KiB.
	MaxClientHelloBytes int

	// Logger is optional.
	Logger Logger
}

// DefaultListenerConfig returns a conservative default config.
func DefaultListenerConfig() ListenerConfig {
	return ListenerConfig{
		AllowNonTLS:         false,
		SniffTimeout:        5 * time.Second,
		MaxClientHelloBytes: 64 * 1024,
	}
}

// TLSDefaults returns a TLS config baseline.
// Caller should set Certificates / GetCertificate as needed.
func TLSDefaults() *tls.Config {
	return &tls.Config{
		MinVersion: tls.VersionTLS12,
	}
}

// DialConfig controls dialing behavior.
type DialConfig struct {
	Timeout   time.Duration
	LocalAddr net.Addr
}