package etw

import (
	"bytes"
	"encoding/binary"
)

// inType indicates the type of data contained in the ETW event.
type inType byte

// Various inType definitions for TraceLogging. These must match the definitions
// found in TraceLoggingProvider.h in the Windows SDK.
const (
	inTypeNull inType = iota
	inTypeUnicodeString
	inTypeANSIString
	inTypeInt8
	inTypeUint8
	inTypeInt16
	inTypeUint16
	inTypeInt32
	inTypeUint32
	inTypeInt64
	inTypeUint64
	inTypeFloat
	inTypeDouble
	inTypeBool32
	inTypeBinary
	inTypeGUID
	inTypePointerUnsupported
	inTypeFileTime
	inTypeSystemTime
	inTypeSID
	inTypeHexInt32
	inTypeHexInt64
	inTypeCountedString
	inTypeCountedANSIString
	inTypeStruct
	inTypeCountedBinary
	inTypeCountedArray inType = 32
	inTypeArray        inType = 64
)

// outType specifies a hint to the event decoder for how the value should be
// formatted.
type outType byte

// Various outType definitions for TraceLogging. These must match the
// definitions found in TraceLoggingProvider.h in the Windows SDK.
const (
	// outTypeDefault indicates that the default formatting for the inType will
	// be used by the event decoder.
	outTypeDefault outType = iota
	outTypeNoPrint
	outTypeString
	outTypeBoolean
	outTypeHex
	outTypePID
	outTypeTID
	outTypePort
	outTypeIPv4
	outTypeIPv6
	outTypeSocketAddress
	outTypeXML
	outTypeJSON
	outTypeWin32Error
	outTypeNTStatus
	outTypeHResult
	outTypeFileTime
	outTypeSigned
	outTypeUnsigned
	outTypeUTF8              outType = 35
	outTypePKCS7WithTypeInfo outType = 36
	outTypeCodePointer       outType = 37
	outTypeDateTimeUTC       outType = 38
)

// eventMetadata maintains a buffer which builds up the metadata for an ETW
// event. It needs to be paired with EventData which describes the event.
type eventMetadata struct {
	buffer bytes.Buffer
}

// bytes returns the raw binary data containing the event metadata. Before being
// returned, the current size of the buffer is written to the start of the
// buffer. The returned value is not copied from the internal buffer, so it can
// be mutated by the eventMetadata object after it is returned.
func (em *eventMetadata) bytes() []byte {
	// Finalize the event metadata buffer by filling in the buffer length at the
	// beginning.
	binary.LittleEndian.PutUint16(em.buffer.Bytes(), uint16(em.buffer.Len()))
	return em.buffer.Bytes()
}

// writeEventHeader writes the metadata for the start of an event to the buffer.
// This specifies the event name and tags.
func (em *eventMetadata) writeEventHeader(name string, tags uint32) {
	binary.Write(&em.buffer, binary.LittleEndian, uint16(0)) // Length placeholder
	em.writeTags(tags)
	em.buffer.WriteString(name)
	em.buffer.WriteByte(0) // Null terminator for name
}

func (em *eventMetadata) writeFieldInner(name string, inType inType, outType outType, tags uint32, arrSize uint16) {
	em.buffer.WriteString(name)
	em.buffer.WriteByte(0) // Null terminator for name

	if outType == outTypeDefault && tags == 0 {
		em.buffer.WriteByte(byte(inType))
	} else {
		em.buffer.WriteByte(byte(inType | 128))
		if tags == 0 {
			em.buffer.WriteByte(byte(outType))
		} else {
			em.buffer.WriteByte(byte(outType | 128))
			em.writeTags(tags)
		}
	}

	if arrSize != 0 {
		binary.Write(&em.buffer, binary.LittleEndian, arrSize)
	}
}

// writeTags writes out the tags value to the event metadata. Tags is a 28-bit
// value, interpreted as bit flags, which are only relevant to the event
// consumer. The event consumer may choose to attribute special meaning to tags
// (e.g. 0x4 could mean the field contains PII). Tags are written as a series of
// bytes, each containing 7 bits of tag value, with the high bit set if there is
// more tag data in the following byte. This allows for a more compact
// representation when not all of the tag bits are needed.
func (em *eventMetadata) writeTags(tags uint32) {
	// Only use the top 28 bits of the tags value.
	tags &= 0xfffffff

	for {
		// Tags are written with the most significant bits (e.g. 21-27) first.
		val := tags >> 21

		if tags&0x1fffff == 0 {
			// If there is no more data to write after this, write this value
			// without the high bit set, and return.
			em.buffer.WriteByte(byte(val & 0x7f))
			return
		}

		em.buffer.WriteByte(byte(val | 0x80))

		tags <<= 7
	}
}

// writeField writes the metadata for a simple field to the buffer.
func (em *eventMetadata) writeField(name string, inType inType, outType outType, tags uint32) {
	em.writeFieldInner(name, inType, outType, tags, 0)
}

// writeArray writes the metadata for an array field to the buffer. The number
// of elements in the array must be written as a uint16 in the event data,
// immediately preceeding the event data.
func (em *eventMetadata) writeArray(name string, inType inType, outType outType, tags uint32) {
	em.writeFieldInner(name, inType|inTypeArray, outType, tags, 0)
}

// writeCountedArray writes the metadata for an array field to the buffer. The
// size of a counted array is fixed, and the size is written into the metadata
// directly.
func (em *eventMetadata) writeCountedArray(name string, count uint16, inType inType, outType outType, tags uint32) {
	em.writeFieldInner(name, inType|inTypeCountedArray, outType, tags, count)
}

// writeStruct writes the metadata for a nested struct to the buffer. The struct
// contains the next N fields in the metadata, where N is specified by the
// fieldCount argument.
func (em *eventMetadata) writeStruct(name string, fieldCount uint8, tags uint32) {
	em.writeFieldInner(name, inTypeStruct, outType(fieldCount), tags, 0)
}