// Copyright 2021 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.

#ifndef WIDEVINE_PROVISIONER_H_
#define WIDEVINE_PROVISIONER_H_

#include <cppbor.h>

#include <cstddef>
#include <cstdint>
#include <memory>
#include <string>
#include <vector>

#include "WidevineOemcryptoInterface.h"

namespace widevine {

class WidevineProvisioner {
 public:
  WidevineProvisioner();
  WidevineProvisioner(const WidevineProvisioner&) = delete;
  WidevineProvisioner& operator=(const WidevineProvisioner&) = delete;
  virtual ~WidevineProvisioner() = default;

  bool GenerateCertificateRequest(
      bool testMode, const std::vector<uint8_t>& endpointEncCertChain,
      std::vector<uint8_t>& deviceInfo, std::vector<uint8_t>& protectedData);
  bool GenerateCertificateRequestV2(const std::vector<uint8_t>& challenge,
                                    std::vector<uint8_t>* csr);

 private:
  bool GetDeviceInfo(std::vector<uint8_t>& device_info);
  bool GenerateProtectedData(
      bool test_mode,
      const std::vector<uint8_t>& endpoint_encryption_cert_chain,
      std::vector<uint8_t> bcc, std::vector<uint8_t>& protected_data) const;
  bool ValidateAndExtractEekPubAndId(
      bool test_mode,
      const std::vector<uint8_t>& endpoint_encryption_cert_chain,
      std::vector<uint8_t>* eek_pub, std::vector<uint8_t>* eek_id) const;
  cppbor::Array BuildCertReqRecipients(const std::vector<uint8_t>& pubkey,
                                       const std::vector<uint8_t>& kid) const;
  void InitializeCryptoInterface();
  bool GetDeviceInfoCommon(cppbor::Map& device_info_map);
  bool TryAddVerifiedDeviceInfo(cppbor::Map& device_info_map);
  bool GetDeviceInfoV2(cppbor::Map& device_info_map);

  std::unique_ptr<OEMCryptoInterface> crypto_interface_;
};

}  // namespace widevine

#endif  // WIDEVINE_PROVISIONER_H_