// Copyright (C) Parity Technologies (UK) Ltd.

// This file is part of Polkadot.

// Polkadot is free software: you can redistribute it and/or modify

// it under the terms of the GNU General Public License as published by

// the Free Software Foundation, either version 3 of the License, or

// (at your option) any later version.

// Polkadot is distributed in the hope that it will be useful,

// but WITHOUT ANY WARRANTY; without even the implied warranty of

// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

// GNU General Public License for more details.

// You should have received a copy of the GNU General Public License

// along with Polkadot.  If not, see <http://www.gnu.org/licenses/>.

use crate::{

	configuration::{self, HostConfiguration},

	dmp, ensure_parachain, initializer, paras,

};

use alloc::{

	collections::{btree_map::BTreeMap, btree_set::BTreeSet},

	vec,

	vec::Vec,

};

use codec::{Decode, Encode};

use core::{fmt, mem};

use frame_support::{pallet_prelude::*, traits::ReservableCurrency, DefaultNoBound};

use frame_system::pallet_prelude::*;

use polkadot_parachain_primitives::primitives::{HorizontalMessages, IsSystem};

use polkadot_primitives::{

	Balance, Hash, HrmpChannelId, Id as ParaId, InboundHrmpMessage, OutboundHrmpMessage,

	SessionIndex,

};

use scale_info::TypeInfo;

use sp_runtime::{

	traits::{AccountIdConversion, BlakeTwo256, Hash as HashT, UniqueSaturatedInto, Zero},

	ArithmeticError,

};

pub use pallet::*;

/// Maximum bound that can be set for inbound channels.

///

/// If inaccurate, the weighing of this pallet might become inaccurate. It is expected form the

/// `configurations` pallet to check these values before setting

pub const HRMP_MAX_INBOUND_CHANNELS_BOUND: u32 = 128;

/// Same as [`HRMP_MAX_INBOUND_CHANNELS_BOUND`], but for outbound channels.

pub const HRMP_MAX_OUTBOUND_CHANNELS_BOUND: u32 = 128;

#[cfg(test)]

pub(crate) mod tests;

#[cfg(feature = "runtime-benchmarks")]

mod benchmarking;

pub trait WeightInfo {

	fn hrmp_init_open_channel() -> Weight;

	fn hrmp_accept_open_channel() -> Weight;

	fn hrmp_close_channel() -> Weight;

	fn force_clean_hrmp(i: u32, e: u32) -> Weight;

	fn force_process_hrmp_open(c: u32) -> Weight;

	fn force_process_hrmp_close(c: u32) -> Weight;

	fn hrmp_cancel_open_request(c: u32) -> Weight;

	fn clean_open_channel_requests(c: u32) -> Weight;

	fn force_open_hrmp_channel(c: u32) -> Weight;

	fn establish_system_channel() -> Weight;

	fn poke_channel_deposits() -> Weight;

	fn establish_channel_with_system() -> Weight;

}

/// A weight info that is only suitable for testing.

pub struct TestWeightInfo;

impl WeightInfo for TestWeightInfo {

}

/// A description of a request to open an HRMP channel.

pub struct HrmpOpenChannelRequest {

	/// Indicates if this request was confirmed by the recipient.

	pub confirmed: bool,

	/// NOTE: this field is deprecated. Channel open requests became non-expiring and this value

	/// became unused.

	pub _age: SessionIndex,

	/// The amount that the sender supplied at the time of creation of this request.

	pub sender_deposit: Balance,

	/// The maximum message size that could be put into the channel.

	pub max_message_size: u32,

	/// The maximum number of messages that can be pending in the channel at once.

	pub max_capacity: u32,

	/// The maximum total size of the messages that can be pending in the channel at once.

	pub max_total_size: u32,

}

/// A metadata of an HRMP channel.

#[cfg_attr(test, derive(Debug))]

pub struct HrmpChannel {

	// NOTE: This structure is used by parachains via merkle proofs. Therefore, this struct

	// requires special treatment.

	//

	// A parachain requested this struct can only depend on the subset of this struct.

	// Specifically, only a first few fields can be depended upon (See `AbridgedHrmpChannel`).

	// These fields cannot be changed without corresponding migration of parachains.

	/// The maximum number of messages that can be pending in the channel at once.

	pub max_capacity: u32,

	/// The maximum total size of the messages that can be pending in the channel at once.

	pub max_total_size: u32,

	/// The maximum message size that could be put into the channel.

	pub max_message_size: u32,

	/// The current number of messages pending in the channel.

	/// Invariant: should be less or equal to `max_capacity`.s`.

	pub msg_count: u32,

	/// The total size in bytes of all message payloads in the channel.

	/// Invariant: should be less or equal to `max_total_size`.

	pub total_size: u32,

	/// A head of the Message Queue Chain for this channel. Each link in this chain has a form:

	/// `(prev_head, B, H(M))`, where

	/// - `prev_head`: is the previous value of `mqc_head` or zero if none.

	/// - `B`: is the [relay-chain] block number in which a message was appended

	/// - `H(M)`: is the hash of the message being appended.

	/// This value is initialized to a special value that consists of all zeroes which indicates

	/// that no messages were previously added.

	pub mqc_head: Option<Hash>,

	/// The amount that the sender supplied as a deposit when opening this channel.

	pub sender_deposit: Balance,

	/// The amount that the recipient supplied as a deposit when accepting opening this channel.

	pub recipient_deposit: Balance,

}

/// An error returned by [`Pallet::check_hrmp_watermark`] that indicates an acceptance criteria

/// check didn't pass.

pub(crate) enum HrmpWatermarkAcceptanceErr<BlockNumber> {

	AdvancementRule { new_watermark: BlockNumber, last_watermark: BlockNumber },

	AheadRelayParent { new_watermark: BlockNumber, relay_chain_parent_number: BlockNumber },

	LandsOnBlockWithNoMessages { new_watermark: BlockNumber },

}

/// An error returned by [`Pallet::check_outbound_hrmp`] that indicates an acceptance criteria check

/// didn't pass.

pub(crate) enum OutboundHrmpAcceptanceErr {

	MoreMessagesThanPermitted { sent: u32, permitted: u32 },

	NotSorted { idx: u32 },

	NoSuchChannel { idx: u32, channel_id: HrmpChannelId },

	MaxMessageSizeExceeded { idx: u32, msg_size: u32, max_size: u32 },

	TotalSizeExceeded { idx: u32, total_size: u32, limit: u32 },

	CapacityExceeded { idx: u32, count: u32, limit: u32 },

}

impl<BlockNumber> fmt::Debug for HrmpWatermarkAcceptanceErr<BlockNumber>

where

	BlockNumber: fmt::Debug,

{

		use HrmpWatermarkAcceptanceErr::*;

		}

}

impl fmt::Debug for OutboundHrmpAcceptanceErr {

		use OutboundHrmpAcceptanceErr::*;

			},

		}

}

pub mod pallet {

	use super::*;

	pub struct Pallet<T>(_);

	#[pallet::config]

	pub trait Config:

		frame_system::Config + configuration::Config + paras::Config + dmp::Config

	{

		/// The outer event type.

		type RuntimeEvent: From<Event<Self>> + IsType<<Self as frame_system::Config>::RuntimeEvent>;

		type RuntimeOrigin: From<crate::Origin>

			+ From<<Self as frame_system::Config>::RuntimeOrigin>

			+ Into<Result<crate::Origin, <Self as Config>::RuntimeOrigin>>;

		/// The origin that can perform "force" actions on channels.

		type ChannelManager: EnsureOrigin<<Self as frame_system::Config>::RuntimeOrigin>;

		/// An interface for reserving deposits for opening channels.

		///

		/// NOTE that this Currency instance will be charged with the amounts defined in the

		/// `Configuration` pallet. Specifically, that means that the `Balance` of the `Currency`

		/// implementation should be the same as `Balance` as used in the `Configuration`.

		type Currency: ReservableCurrency<Self::AccountId>;

		/// The default channel size and capacity to use when opening a channel to a system

		/// parachain.

		type DefaultChannelSizeAndCapacityWithSystem: Get<(u32, u32)>;

		/// Means of converting an `Xcm` into a `VersionedXcm`. This pallet sends HRMP XCM

		/// notifications to the channel-related parachains, while the `WrapVersion` implementation

		/// attempts to wrap them into the most suitable XCM version for the destination parachain.

		///

		/// NOTE: For example, `pallet_xcm` provides an accurate implementation (recommended), or

		/// the default `()` implementation uses the latest XCM version for all parachains.

		type VersionWrapper: xcm::WrapVersion;

		/// Something that provides the weight of this pallet.

		type WeightInfo: WeightInfo;

	}

	pub enum Event<T: Config> {

		OpenChannelRequested {

		HrmpChannelForceOpened {

		HrmpSystemChannelOpened {

	}

	pub enum Error<T> {

	}

	/// The set of pending HRMP open channel requests.

	///

	/// The set is accompanied by a list for iteration.

	///

	/// Invariant:

	/// - There are no channels that exists in list but not in the set and vice versa.

	pub type HrmpOpenChannelRequests<T: Config> =

		StorageMap<_, Twox64Concat, HrmpChannelId, HrmpOpenChannelRequest>;

	// NOTE: could become bounded, but we don't have a global maximum for this.

	// `HRMP_MAX_INBOUND_CHANNELS_BOUND` are per parachain, while this storage tracks the

	// global state.

	pub type HrmpOpenChannelRequestsList<T: Config> =

		StorageValue<_, Vec<HrmpChannelId>, ValueQuery>;

	/// This mapping tracks how many open channel requests are initiated by a given sender para.

	/// Invariant: `HrmpOpenChannelRequests` should contain the same number of items that has

	/// `(X, _)` as the number of `HrmpOpenChannelRequestCount` for `X`.

	pub type HrmpOpenChannelRequestCount<T: Config> =

		StorageMap<_, Twox64Concat, ParaId, u32, ValueQuery>;

	/// This mapping tracks how many open channel requests were accepted by a given recipient para.

	/// Invariant: `HrmpOpenChannelRequests` should contain the same number of items `(_, X)` with

	/// `confirmed` set to true, as the number of `HrmpAcceptedChannelRequestCount` for `X`.

	pub type HrmpAcceptedChannelRequestCount<T: Config> =

		StorageMap<_, Twox64Concat, ParaId, u32, ValueQuery>;

	/// A set of pending HRMP close channel requests that are going to be closed during the session

	/// change. Used for checking if a given channel is registered for closure.

	///

	/// The set is accompanied by a list for iteration.

	///

	/// Invariant:

	/// - There are no channels that exists in list but not in the set and vice versa.

	pub type HrmpCloseChannelRequests<T: Config> = StorageMap<_, Twox64Concat, HrmpChannelId, ()>;

	pub type HrmpCloseChannelRequestsList<T: Config> =

		StorageValue<_, Vec<HrmpChannelId>, ValueQuery>;

	/// The HRMP watermark associated with each para.

	/// Invariant:

	/// - each para `P` used here as a key should satisfy `Paras::is_valid_para(P)` within a

	///   session.

	pub type HrmpWatermarks<T: Config> = StorageMap<_, Twox64Concat, ParaId, BlockNumberFor<T>>;

	/// HRMP channel data associated with each para.

	/// Invariant:

	/// - each participant in the channel should satisfy `Paras::is_valid_para(P)` within a session.

	pub type HrmpChannels<T: Config> = StorageMap<_, Twox64Concat, HrmpChannelId, HrmpChannel>;

	/// Ingress/egress indexes allow to find all the senders and receivers given the opposite side.

	/// I.e.

	///

	/// (a) ingress index allows to find all the senders for a given recipient.

	/// (b) egress index allows to find all the recipients for a given sender.

	///

	/// Invariants:

	/// - for each ingress index entry for `P` each item `I` in the index should present in

	///   `HrmpChannels` as `(I, P)`.

	/// - for each egress index entry for `P` each item `E` in the index should present in

	///   `HrmpChannels` as `(P, E)`.

	/// - there should be no other dangling channels in `HrmpChannels`.

	/// - the vectors are sorted.

	pub type HrmpIngressChannelsIndex<T: Config> =

		StorageMap<_, Twox64Concat, ParaId, Vec<ParaId>, ValueQuery>;

	// NOTE that this field is used by parachains via merkle storage proofs, therefore changing

	// the format will require migration of parachains.

	pub type HrmpEgressChannelsIndex<T: Config> =

		StorageMap<_, Twox64Concat, ParaId, Vec<ParaId>, ValueQuery>;

	/// Storage for the messages for each channel.

	/// Invariant: cannot be non-empty if the corresponding channel in `HrmpChannels` is `None`.

	pub type HrmpChannelContents<T: Config> = StorageMap<

		_,

		Twox64Concat,

		HrmpChannelId,

		Vec<InboundHrmpMessage<BlockNumberFor<T>>>,

		ValueQuery,

	>;

	/// Maintains a mapping that can be used to answer the question: What paras sent a message at

	/// the given block number for a given receiver. Invariants:

	/// - The inner `Vec<ParaId>` is never empty.

	/// - The inner `Vec<ParaId>` cannot store two same `ParaId`.

	/// - The outer vector is sorted ascending by block number and cannot store two items with the

	///   same block number.

	pub type HrmpChannelDigests<T: Config> =

		StorageMap<_, Twox64Concat, ParaId, Vec<(BlockNumberFor<T>, Vec<ParaId>)>, ValueQuery>;

	/// Preopen the given HRMP channels.

	///

	/// The values in the tuple corresponds to

	/// `(sender, recipient, max_capacity, max_message_size)`, i.e. similar to `init_open_channel`.

	/// In fact, the initialization is performed as if the `init_open_channel` and

	/// `accept_open_channel` were called with the respective parameters and the session change take

	///  place.

	///

	/// As such, each channel initializer should satisfy the same constraints, namely:

	///

	/// 1. `max_capacity` and `max_message_size` should be within the limits set by the

	///    configuration pallet.

	/// 2. `sender` and `recipient` must be valid paras.

	#[pallet::genesis_config]

	#[derive(DefaultNoBound)]

	pub struct GenesisConfig<T: Config> {

		#[serde(skip)]

		_config: core::marker::PhantomData<T>,

		preopen_hrmp_channels: Vec<(ParaId, ParaId, u32, u32)>,

	}

	impl<T: Config> BuildGenesisConfig for GenesisConfig<T> {

	}

	impl<T: Config> Pallet<T> {

		/// Initiate opening a channel from a parachain to a given recipient with given channel

		/// parameters.

		///

		/// - `proposed_max_capacity` - specifies how many messages can be in the channel at once.

		/// - `proposed_max_message_size` - specifies the maximum size of the messages.

		///

		/// These numbers are a subject to the relay-chain configuration limits.

		///

		/// The channel can be opened only after the recipient confirms it and only on a session

		/// change.

		#[pallet::call_index(0)]

		#[pallet::weight(<T as Config>::WeightInfo::hrmp_init_open_channel())]

		pub fn hrmp_init_open_channel(

			origin: OriginFor<T>,

			recipient: ParaId,

			proposed_max_capacity: u32,

			proposed_max_message_size: u32,

		}

		/// Accept a pending open channel request from the given sender.

		///

		/// The channel will be opened only on the next session boundary.

		#[pallet::call_index(1)]

		#[pallet::weight(<T as Config>::WeightInfo::hrmp_accept_open_channel())]

		}

		/// Initiate unilateral closing of a channel. The origin must be either the sender or the

		/// recipient in the channel being closed.

		///

		/// The closure can only happen on a session change.

		#[pallet::call_index(2)]

		#[pallet::weight(<T as Config>::WeightInfo::hrmp_close_channel())]

		pub fn hrmp_close_channel(

			origin: OriginFor<T>,

			channel_id: HrmpChannelId,

		}

		/// This extrinsic triggers the cleanup of all the HRMP storage items that a para may have.

		/// Normally this happens once per session, but this allows you to trigger the cleanup

		/// immediately for a specific parachain.

		///

		/// Number of inbound and outbound channels for `para` must be provided as witness data.

		///

		/// Origin must be the `ChannelManager`.

		#[pallet::call_index(3)]

		#[pallet::weight(<T as Config>::WeightInfo::force_clean_hrmp(*num_inbound, *num_outbound))]

		pub fn force_clean_hrmp(

			origin: OriginFor<T>,

			para: ParaId,

			num_inbound: u32,

			num_outbound: u32,

			);

			);

		}

		/// Force process HRMP open channel requests.

		///

		/// If there are pending HRMP open channel requests, you can use this function to process

		/// all of those requests immediately.

		///

		/// Total number of opening channels must be provided as witness data.

		///

		/// Origin must be the `ChannelManager`.

		#[pallet::call_index(4)]

		#[pallet::weight(<T as Config>::WeightInfo::force_process_hrmp_open(*channels))]

			);

		}

		/// Force process HRMP close channel requests.

		///

		/// If there are pending HRMP close channel requests, you can use this function to process

		/// all of those requests immediately.

		///

		/// Total number of closing channels must be provided as witness data.

		///

		/// Origin must be the `ChannelManager`.

		#[pallet::call_index(5)]

		#[pallet::weight(<T as Config>::WeightInfo::force_process_hrmp_close(*channels))]

			);

		}

		/// This cancels a pending open channel request. It can be canceled by either of the sender

		/// or the recipient for that request. The origin must be either of those.

		///

		/// The cancellation happens immediately. It is not possible to cancel the request if it is

		/// already accepted.

		///

		/// Total number of open requests (i.e. `HrmpOpenChannelRequestsList`) must be provided as

		/// witness data.

		#[pallet::call_index(6)]

		#[pallet::weight(<T as Config>::WeightInfo::hrmp_cancel_open_request(*open_requests))]

		pub fn hrmp_cancel_open_request(

			origin: OriginFor<T>,

			channel_id: HrmpChannelId,

			open_requests: u32,

			);

		}

		/// Open a channel from a `sender` to a `recipient` `ParaId`. Although opened by governance,

		/// the `max_capacity` and `max_message_size` are still subject to the Relay Chain's

		/// configured limits.

		///

		/// Expected use is when one (and only one) of the `ParaId`s involved in the channel is

		/// governed by the system, e.g. a system parachain.

		///

		/// Origin must be the `ChannelManager`.

		#[pallet::call_index(7)]

		#[pallet::weight(<T as Config>::WeightInfo::force_open_hrmp_channel(1))]

		pub fn force_open_hrmp_channel(

			origin: OriginFor<T>,

			sender: ParaId,

			recipient: ParaId,

			max_capacity: u32,

			max_message_size: u32,

			// Guard against a common footgun where someone makes a channel request to a system

			// parachain and then makes a proposal to open the channel via governance, which fails

			// because `init_open_channel` fails if there is an existing request. This check will

			// clear an existing request such that `init_open_channel` should otherwise succeed.

				} else {

				};

			// Now we proceed with normal init/accept, except that we set `no_deposit` to true such

			// that it will not require deposits from either member.

		}

		/// Establish an HRMP channel between two system chains. If the channel does not already

		/// exist, the transaction fees will be refunded to the caller. The system does not take

		/// deposits for channels between system chains, and automatically sets the message number

		/// and size limits to the maximum allowed by the network's configuration.

		///

		/// Arguments:

		///

		/// - `sender`: A system chain, `ParaId`.

		/// - `recipient`: A system chain, `ParaId`.

		///

		/// Any signed origin can call this function, but _both_ inputs MUST be system chains. If

		/// the channel does not exist yet, there is no fee.

		#[pallet::call_index(8)]

		#[pallet::weight(<T as Config>::WeightInfo::establish_system_channel())]

		pub fn establish_system_channel(

			origin: OriginFor<T>,

			sender: ParaId,

			recipient: ParaId,

			// both chains must be system

			);

		}

		/// Update the deposits held for an HRMP channel to the latest `Configuration`. Channels

		/// with system chains do not require a deposit.

		///

		/// Arguments:

		///

		/// - `sender`: A chain, `ParaId`.

		/// - `recipient`: A chain, `ParaId`.

		///

		/// Any signed origin can call this function.

		#[pallet::call_index(9)]

		#[pallet::weight(<T as Config>::WeightInfo::poke_channel_deposits())]

		pub fn poke_channel_deposits(

			origin: OriginFor<T>,

			sender: ParaId,

			recipient: ParaId,

			// Channels with and amongst the system do not require a deposit.

			} else {

			};

					{

						// Can never underflow, but be paranoid.

					// recipient

					// update storage

				} else {

				}

		}

		/// Establish a bidirectional HRMP channel between a parachain and a system chain.

		///

		/// Arguments:

		///

		/// - `target_system_chain`: A system chain, `ParaId`.

		///

		/// The origin needs to be the parachain origin.

		#[pallet::call_index(10)]

		#[pallet::weight(<T as Config>::WeightInfo::establish_channel_with_system())]

		pub fn establish_channel_with_system(

			origin: OriginFor<T>,

			target_system_chain: ParaId,

		}

	}

}

		{

	}

/// Routines and getters related to HRMP.

impl<T: Config> Pallet<T> {

	/// Block initialization logic, called by initializer.

	/// Block finalization logic, called by initializer.

	/// Called by the initializer to note that a new session has started.

	/// Iterate over all paras that were noted for offboarding and remove all the data

	/// associated with them.

	// Go over the HRMP open channel requests and remove all in which offboarding paras participate.

	//

	// This will also perform the refunds for the counterparty if it doesn't offboard.

		// Then iterate over all open requests to be removed, pull them out of the set and perform

		// the refunds if applicable.

				None => {

					// Can't normally happen but no need to panic.

				},

			};

			// Return the deposit of the sender, but only if it is not the para being offboarded.

			// If the request was confirmed, then it means it was confirmed in the finished session.

			// Therefore, the config's hrmp_recipient_deposit represents the actual value of the

			// deposit.

			//

			// We still want to refund the deposit only if the para is not being offboarded.

		}

	/// Remove all storage entries associated with the given para.

	/// Iterate over all open channel requests and:

	///

	/// - prune the stale requests

	/// - enact the confirmed requests

		loop {

			// bail if we've iterated over all items.

		}

	/// Iterate over all close channel requests unconditionally closing the channels.

	/// Close and remove the designated HRMP channel.

	///

	/// This includes returning the deposits.

	///

	/// This function is idempotent, meaning that after the first application it should have no

	/// effect (i.e. it won't return the deposits twice).

	/// Check that the candidate of the given recipient controls the HRMP watermark properly.

		// Second, check where the watermark CAN land. It's one of the following:

		//

		// (a) The relay parent block number (checked above).

		// (b) A relay-chain block in which this para received at least one message (checked here)

		{

	/// Returns HRMP watermarks of previously sent messages to a given para.

		{

				// the messages must be sorted in ascending order and there must be no two messages

				// sent to the same recipient. Thus we can check that every recipient is strictly

				// greater than the previous one.

			};

		}

	/// Returns remaining outbound channels capacity in messages and in bytes per recipient para.

			};

		}

			}

			// prune each channel up to the new watermark keeping track how many messages we removed