////////////////////////////////////////////////////////////////////////////////
// Copyright 2013 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////
//
// Description:
//   Root device certificate holder class which deserializes, validates,
//   and extracts the root certificate public key.

#ifndef COMMON_DRM_ROOT_CERTIFICATE_H_
#define COMMON_DRM_ROOT_CERTIFICATE_H_

#include <memory>
#include <string>

#include "base/macros.h"
#include "util/status.h"

#include "common/certificate_type.h"

namespace widevine {

class DrmRootCertificate {
 public:
  virtual ~DrmRootCertificate() {}
  // Creates a DrmRootCertificate object given a certificate type.
  // |cert| may not be nullptr, and it points to a
  // std::unique_ptr<DrmRootCertificate> which will be used to return a newly
  // created DrmRootCertificate* if successful. The caller assumes ownership of
  // the new DrmRootCertificate. This method returns util::Status::OK on
  // success, or appropriate error status otherwise.
  static util::Status CreateByType(CertificateType cert_type,
                                   std::unique_ptr<DrmRootCertificate>* cert);
  // Returns the hex-encoded SHA-256 digest for the specified root certificate.
  static std::string GetDigest(CertificateType cert_type);
  // Given |cert_type|, the appropiate root certificate is returned as
  // a serialized SignedDrmCertificates.
  static std::string GetDrmRootCertificate(CertificateType cert_type);
  const std::string& public_key() const { return public_key_; }

  // Verifies a DRM certificate.
 private:
  friend class DrmRootCertificateTest;

  // Creates a DrmRootCertificate object given a serialized
  // SignedDrmCertificate. |cert| may not be nullptr, and it points to a
  // std::unique_ptr<DrmRootCertificate> which will be used to return a newly
  // created DrmRootCertificate* if successful. The caller assumes ownership of
  // the new DrmRootCertificate. This method returns util::Status::OK on
  // success, or appropriate error status otherwise.
  // TODO(user): Consider moving to private.
  static util::Status Create(const std::string& signed_drm_certificate,
                             std::unique_ptr<DrmRootCertificate>* cert);
  explicit DrmRootCertificate(const std::string& public_key)
      : public_key_(public_key) {}

  std::string public_key_;
  DISALLOW_IMPLICIT_CONSTRUCTORS(DrmRootCertificate);
};

}  // namespace widevine

#endif  // COMMON_DRM_ROOT_CERTIFICATE_H_