// Copyright 2017 Google Inc. All Rights Reserved.
//
#ifndef WVCDM_CORE_SERVICE_CERTIFICATE_H_
#define WVCDM_CORE_SERVICE_CERTIFICATE_H_

// Service Certificates are used to encrypt the ClientIdentification message
// that is part of Device Provisioning, License, Renewal, and Release requests.
// It also supplies a provider_id setting used in device provisioning.
// Service Certificates are typically supplied by the application. If one
// is not supplied and privacy mode is enabled, the CDM will send a Service
// Certificate Request to the target server to get one. Once the Service
// Certificate is established for the session, it should not change.

#include "license_protocol.pb.h"
#include "wv_cdm_types.h"

namespace video_widevine {
class SignedMessage;
class LicenseRequest;
}  // namespace video_widevine

namespace wvcdm {

class CryptoSession;

class ServiceCertificate {
 public:
  ServiceCertificate() {}
  virtual ~ServiceCertificate() {}

  // Set up a new service certificate.
  // Accept a serialized video_widevine::SignedDrmDeviceCertificate message.
  virtual CdmResponseType Init(const std::string& signed_certificate);

  // Initialize the service certificate.
  // Set the certificate with no certificate and provider ID.
  virtual void Clear();

  // Current state of certificate.
  // If !HasCertificate() and privacy mode is enabled, then should call
  // PrepareRequest() and pass the request to the license server.
  virtual bool HasCertificate() { return !certificate_.empty(); }
  virtual bool HasProviderId() { return !provider_id_.empty(); }
  virtual const std::string& provider_id() { return provider_id_; }

  // Encrypt the ClientIdentification message for a provisioning or
  // licensing request.  Encryption is performed using the current
  // service certificate.  Return a failure if the service certificate is
  // not present, not valid, or if some other error occurs.
  // The routine should not be called if privacy mode is off or if the
  // certificate is empty.
  virtual CdmResponseType EncryptClientId(
      CryptoSession* crypto_session,
      const video_widevine::ClientIdentification* clear_client_id,
      video_widevine::EncryptedClientIdentification* encrypted_client_id);

  // Construct service certificate request.
  virtual bool PrepareRequest(CdmKeyMessage* signed_request);

  // Parse service certificate response and make it usable.
  virtual CdmResponseType HandleResponse(
      const std::string& signed_respnse);

 private:
  // Verify the signature on the signed service certificate.
  // Extract and save the certificate and provider_id.
  // Expected format: serialized video_widevine::SignedDrmDeviceCertificate.
  virtual CdmResponseType VerifyAndExtract(
      const std::string& raw_certificate);

  // True while waiting for response to service certificate request.
  bool fetch_in_progress_;

  // Certificate, verified and extracted from signed message.
  std::string certificate_;

  // Provider ID, extracted from certificate message.
  std::string provider_id_;

  CORE_DISALLOW_COPY_AND_ASSIGN(ServiceCertificate);
};

}  // namespace wvcdm

#endif  // WVCDM_CORE_SERVICE_CERTIFICATE_H_