////////////////////////////////////////////////////////////////////////////////
// Copyright 2019 Google LLC.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

#ifndef COMMON_CLIENT_CERT_H__
#define COMMON_CLIENT_CERT_H__

#include <memory>

#include "common/drm_root_certificate.h"
#include "common/status.h"
#include "protos/public/client_identification.pb.h"
#include "protos/public/license_protocol.pb.h"

namespace widevine {

// Handler class for LicenseRequests; validates requests and encrypts licenses.
class ClientCert {
 protected:
  ClientCert() = default;

 public:
  // Creates a ClientCert from the |token|. The type of ClientCert created is
  // determined by the |token_type|.
  static Status Create(
      const DrmRootCertificate* root_certificate,
      widevine::ClientIdentification::TokenType token_type,
      const std::string& token, std::unique_ptr<ClientCert>* client_cert);

  // Creates a Keybox based ClientCert. The |client_cert| is a caller supplied
  // unique_ptr to receive the new ClientCert.
  static Status CreateWithKeybox(const std::string& keybox_token,
                                 std::unique_ptr<ClientCert>* client_cert);

  // Creates a Device Certificate based ClientCert.
  static Status CreateWithDrmCertificate(
      const DrmRootCertificate* root_certificate,
      const std::string& drm_certificate,
      std::unique_ptr<ClientCert>* client_cert);

  virtual ~ClientCert() = default;
  ClientCert(const ClientCert&) = delete;
  ClientCert& operator=(const ClientCert&) = delete;

  // Checks the passed in signature against a signature created used the
  // classes information and the passed in message.  Returns OK if signature
  // is valid.
  virtual Status VerifySignature(const std::string& message,
                                 const std::string& signature,
                                 ProtocolVersion protocol_version) const = 0;

  // Creates a signing_key that is accessible using signing_key().  Signing_key
  // is constructed by doing a key derivation using the key() and message.
  virtual void GenerateSigningKey(const std::string& message,
                                  ProtocolVersion protocol_version) = 0;

  virtual const std::string& encrypted_key() const = 0;
  virtual const std::string& key() const = 0;
  virtual SignedMessage::SessionKeyType key_type() const = 0;
  virtual const std::string& serial_number() const = 0;
  virtual const std::string& service_id() const = 0;
  virtual const std::string& signing_key() const = 0;
  virtual const std::string& signer_serial_number() const = 0;
  virtual uint32_t signer_creation_time_seconds() const = 0;
  virtual bool signed_by_provisioner() const = 0;
  virtual uint32_t system_id() const = 0;
  virtual widevine::ClientIdentification::TokenType type() const = 0;
  virtual const std::string& encrypted_unique_id() const = 0;
  virtual const std::string& unique_id_hash() const = 0;
};

}  // namespace widevine

#endif  // COMMON_CLIENT_CERT_H__