// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine License
// Agreement.
//
//  Reference implementation utilities of OEMCrypto APIs
//
#ifndef WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_
#define WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_

#include <sstream>
#include <string>

#include "cbor_validator.h"
#include "cppbor.h"

namespace wvoec {
namespace util {
// SignedCsrPayloadValidator parses and validates a Cbor struct of
// SignedData<CsrPayload>. The definition of SignedData<T> and CsrPayload can be
// found at:
// https://source.corp.google.com/h/googleplex-android/platform/superproject/main/+/main:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
class SignedCsrPayloadValidator : public CborValidator {
 public:
  explicit SignedCsrPayloadValidator() {}
  virtual ~SignedCsrPayloadValidator() override = default;
  SignedCsrPayloadValidator(const SignedCsrPayloadValidator&) = delete;
  SignedCsrPayloadValidator& operator=(const SignedCsrPayloadValidator&) =
      delete;

  // Verifies the Cbor struct of a client generated SignedData<CsrPayload>.
  virtual CborMessageStatus Validate() override;
  // Outputs SignedData<CsrPayload> in YAML.
  virtual std::string GetFormattedMessage() const override;

 private:
  CborMessageStatus ValidateProtectedParams(
      const cppbor::Bstr* protected_params);
  CborMessageStatus ValidateDataToBeSigned(const cppbor::Bstr* data);
  // Used to generate formatted message.
  std::stringstream msg_ss_;
};
}  // namespace util
}  // namespace wvoec
#endif  // WVOEC_UTIL_SIGNED_CSR_PAYLOAD_VALIDATOR_H_