////////////////////////////////////////////////////////////////////////////////
// Copyright 2017 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////
//
// Description:
//   Singleton object which validates VMP (Verified Media Pipeline) data for
//   purposes of platform software verification.

#ifndef COMMON_VMP_CHECKER_H_
#define COMMON_VMP_CHECKER_H_

#include <memory>
#include <string>

#include "common/certificate_type.h"
#include "common/status.h"

namespace widevine {
class X509CA;

class VmpChecker {
 public:
  enum Result {
    kUnverified = 0,
    kVerified = 1,
    kSecureStorageVerified = 2,
    kTampered = 3
  };

  // Singleton accessor.
  static VmpChecker* Instance();

  // Select the type of root to use. Not thread-safe.
  virtual Status SelectCertificateType(CertificateType cert_type);

  // Verify VMP data and return appropriate result.
  virtual Status VerifyVmpData(const std::string& vmp_data, Result* result);

  // Enable/disable development code signing certificates.
  void set_allow_development_vmp(bool allow) { allow_development_vmp_ = allow; }
  bool allow_development_vmp() const { return allow_development_vmp_; }

 private:
  VmpChecker();
  ~VmpChecker();

  std::unique_ptr<X509CA> ca_;
  bool allow_development_vmp_ = false;
};

}  // namespace widevine

#endif  // COMMON_VMP_CHECKER_H_