// Copyright 2017 Google Inc. All Rights Reserved.
//
#ifndef WVCDM_CORE_SERVICE_CERTIFICATE_H_
#define WVCDM_CORE_SERVICE_CERTIFICATE_H_

// Service Certificates are used to encrypt the ClientIdentification message
// that is part of Device Provisioning, License, Renewal, and Release requests.
// They may be supplied by the application, or a default certificate may be
// configured into the CDM, or the CDM may send a Service Certificate Request
// to the target server to get one. Separate certificates are maintained for
// the License and Provisioning Servers (the default service certificates
// are currently identical for both servers). Once the Service Certificates are
// established for the session, they should not change.

#include "license_protocol.pb.h"
#include "wv_cdm_types.h"

namespace video_widevine {
class SignedMessage;
class LicenseRequest;
}  // namespace video_widevine

namespace wvcdm {

class CryptoSession;

class ServiceCertificate {
 public:
  ServiceCertificate();
  virtual ~ServiceCertificate();

  virtual bool Init(const CdmSessionId& session_id, CryptoSession* session);

  virtual bool IsRequired();
  virtual bool IsAvailable();
  virtual bool PrepareServiceCertificateRequest(CdmKeyMessage* signed_request);

  virtual CdmResponseType VerifyAndSet(
      const std::string& signed_service_certificate);

  virtual CdmResponseType EncryptClientId(
      const video_widevine::ClientIdentification* clear_client_id,
      video_widevine::EncryptedClientIdentification* encrypted_client_id);

  static CdmResponseType VerifySignedServiceCertificate(
      const std::string& signed_certificate) {
    bool has_provider_id;
    return VerifyAndExtractFromSignedCertificate(signed_certificate, NULL,
                                                 &has_provider_id, NULL);
  }

 private:
  // Take a signed certificate, parse it, and verify it.
  // If a pointer to a string object is passed in, the certificate
  // will be copied to it.
  static CdmResponseType VerifyAndExtractFromSignedCertificate(
      const std::string& signed_service_certificate,
      std::string* service_certificate, bool* has_provider_id,
      std::string* provider_id);

  virtual bool SetupServiceCertificate();

  CryptoSession* crypto_session_;
  CdmSessionId session_id_;
  bool privacy_mode_enabled_;
  bool valid_;
  bool initialized_;

  // Certificate, verified and extracted from signed message.
  std::string certificate_;

  // Provider ID, extracted from certificate message.
  bool has_provider_id_;
  std::string provider_id_;

  CORE_DISALLOW_COPY_AND_ASSIGN(ServiceCertificate);
};

}  // namespace wvcdm

#endif  // WVCDM_CORE_SERVICE_CERTIFICATE_H_