////////////////////////////////////////////////////////////////////////////////
// Copyright 2020 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////
//
// Description:
//   Container of device security profiles.  Security profiles indicate rules
//   to allow using the profile. The rules are based on DRM capabilities of a
//   device.

#ifndef COMMON_SECURITY_PROFILE_LIST_H_
#define COMMON_SECURITY_PROFILE_LIST_H_

#include <cstdint>

#include "absl/synchronization/mutex.h"
#include "common/hash_algorithm.h"
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/device_security_profile_data.pb.h"
#include "protos/public/device_security_profile_list.pb.h"
#include "protos/public/provisioned_device_info.pb.h"
#include "protos/public/security_profile.pb.h"

namespace widevine {
using ClientCapabilities = ClientIdentification::ClientCapabilities;

const char kDefaultProfileOwnerName[] = "Widevine";

// The SecurityProfileList will hold all security profiles.  During license
// acquisition, information from the client and information from the server are
// combined to deternmine the device's security profile level.

// TODO(user): Clean up the virtual/protected functions once subclass
// default_device_security_profile_list gets removed.
class SecurityProfileList {
 public:
  explicit SecurityProfileList(const std::string& profile_namespace);
  virtual ~SecurityProfileList() {}

  // Initialize the security profile list with Widevine default profiles. The
  // size of the profile list is returned.
  virtual int Init();

  // Add the specified profile to the existing list of profiles.  Returns true
  // if successfully inserted, false if unable to insert.
  bool InsertProfile(const SecurityProfile& profile_to_insert);

  // Populates |profiles_allow| with a list of profiles from the specified
  // |profiles_to_check| list that meet the requirements for the this device.
  // The number of profiles is returned.
  virtual int GetQualifiedProfilesFromSpecifiedProfiles(
      const std::vector<std::string>& profiles_to_check,
      const std::string& owner, const ClientIdentification& client_id,
      const ProvisionedDeviceInfo& device_info,
      std::vector<std::string>* qualified_profiles) const;

  // Populates |profiles_to_allow| with a list of profiles that meet the
  // requirements for the this device. The number of profiles is returned.
  virtual int GetQualifiedProfiles(
      const ClientIdentification& client_id,
      const ProvisionedDeviceInfo& device_info, const std::string& owner,
      std::vector<std::string>* qualified_profiles) const;

  // Return true if a profile exist matching the specified parameters {|name|,
  // |owner|}. |security_profiles| is owned by the caller and is populated if
  // one or more profile exist. For default DSP, the output profiles should
  // contain single record. For custom DSP, it may contain multiple records
  // since active dsp and inactive dsp could share the same dsp_name under the
  // same owner.
  virtual bool GetProfileByNameAndOwner(
      const std::string& name, const std::string& owner,
      std::vector<SecurityProfile>* security_profiles) const;

  // Populates |security_profiles| owned by the content owner.
  virtual int GetProfilesByOwner(
      const std::string& owner,
      std::vector<SecurityProfile>* security_profiles) const;

  // Populates |owner_list| for security profiles. |is_default_dsp| boolean
  // indicates the owner_list for default dsp or custom dsp.
  virtual int GetProfilesOwnerList(const bool is_default_dsp,
                                   std::vector<std::string>* owner_list) const;

  // Return the device security capabilities.  |drm_info| is populated with
  // data from |client_id| and |device_info|.  |drm_info| must not be null and
  // is owned by the caller.
  virtual bool GetDrmInfo(const ClientIdentification& client_id,
                          const ProvisionedDeviceInfo& device_info,
                          SecurityProfile::DrmInfo* drm_info) const;

  // Return the number of profiles in the list.
  int NumProfiles() const;

  // Return a list of profile names.
  virtual void GetProfileNames(std::vector<std::string>* profile_names) const;

  // Deserialized SignedDeviceSecurityProfiles for custom DSPs.
  static Status DeserializeSignedDeviceSecurityProfiles(
      const std::string& serialized_signed_device_security_profiles,
      std::string* serialized_device_security_profiles,
      HashAlgorithm* hash_algorithm, std::string* signature);

  // Validate signature and update security profile list for custom dsps.
  Status ValidateAndUpdateProfileList(
      const std::string& root_certificate_public_key,
      const std::string& serialized_device_security_profiles,
      HashAlgorithm hash_algorithm, const std::string& signature,
      int* added_profile_num);

  // Returns an instance of the Security profile list for default security
  // profiles.  Default security profiles are owned by Widevine.
  // TODO (b/187073516): This singleton can be moved to the "Environment" class
  // as a non-static API.
  static SecurityProfileList* GetInstanceForDefaultSecurityProfiles();

 protected:
  void ClearAllProfiles();

 private:
  // Add Widevine default profiles into profile_list. The number of added
  // default profiles will be returned.
  virtual int AddDefaultProfiles();
  // Add Widevine custom profiles into profile_list. The number of added custom
  // profiles will be returned.
  virtual int AddCustomProfiles(
      const DeviceSecurityProfileList& device_security_profile_list);
  virtual int GetDefaultProfileStrings(
      std::vector<std::string>* default_profile_strings) const;

  bool DoesProfileQualify(const SecurityProfile& profile,
                          const ClientIdentification& client_id,
                          const ProvisionedDeviceInfo& device_info) const;

  int64_t GetCurrentTimeSeconds() const;

  bool IsProfileActive(const SecurityProfile& profile,
                       int64_t current_time_seconds) const;

  bool InsertProfileLocked(const SecurityProfile& profile_to_insert)
      ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);

  // Return true if a profile already exists in the profile_list.
  bool DoesProfileExistLocked(const SecurityProfile& profile) const
      ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);

  void ClearAllDefaultProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
  void ClearAllCustomProfilesLocked() ABSL_EXCLUSIVE_LOCKS_REQUIRED(mutex_);
  mutable absl::Mutex mutex_;
  // Security profiles
  std::string profile_namespace_;
  // TODO(user): Modify as Map<owner, DSPs>.
  std::vector<SecurityProfile> security_profiles_ ABSL_GUARDED_BY(mutex_);
};

}  // namespace widevine
#endif  // COMMON_SECURITY_PROFILE_LIST_H_