////////////////////////////////////////////////////////////////////////////////
// Copyright 2016 Google Inc.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

#include "provisioning_sdk/internal/oem_device_cert.h"

#include "gtest/gtest.h"
#include "provisioning_sdk/internal/certificates/test_certificates.h"

namespace widevine {

class OemDeviceCertTest : public ::testing::Test {
 protected:
  void SetUp() override {
    ASSERT_TRUE(oem_device_cert_.Initialize(kCertTesting));
  }

  OemDeviceCert oem_device_cert_;
  TestCertificates test_certificates_;
};

TEST_F(OemDeviceCertTest, EmptyCertificateChain) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  EXPECT_FALSE(oem_device_cert_.VerifyCertificateChain(
      "", &leaf_public_key, &system_id, &oem_ca_serial_number));
}

TEST_F(OemDeviceCertTest, InvalidCertificateChain) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  EXPECT_FALSE(oem_device_cert_.VerifyCertificateChain(
      "invalid certificte chain", &leaf_public_key, &system_id,
      &oem_ca_serial_number));
}

TEST_F(OemDeviceCertTest, OnlyOneCertificateInCertificateChain) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  EXPECT_FALSE(oem_device_cert_.VerifyCertificateChain(
      test_certificates_.single_certificate_chain_der(), &leaf_public_key,
      &system_id, &oem_ca_serial_number));
}

TEST_F(OemDeviceCertTest, ValidCertificateChain) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  ASSERT_TRUE(oem_device_cert_.VerifyCertificateChain(
      test_certificates_.valid_certificate_chain_der(), &leaf_public_key,
      &system_id, &oem_ca_serial_number));

  std::unique_ptr<RsaPublicKey> public_key(RsaPublicKey::Create(
      test_certificates_.valid_certificate_public_key_der()));
  ASSERT_TRUE(public_key);
  EXPECT_TRUE(leaf_public_key->MatchesPublicKey(*public_key));
  EXPECT_EQ(2001u, system_id);
  EXPECT_EQ("\x1", oem_ca_serial_number);
}

TEST_F(OemDeviceCertTest, ExpiredCertificateChain) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  ASSERT_FALSE(oem_device_cert_.VerifyCertificateChain(
      test_certificates_.expired_certificate_chain_der(), &leaf_public_key,
      &system_id, &oem_ca_serial_number));
}

TEST_F(OemDeviceCertTest, OutOfOrderCertificateChain) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  ASSERT_FALSE(oem_device_cert_.VerifyCertificateChain(
      test_certificates_.backwards_certificate_chain_der(), &leaf_public_key,
      &system_id, &oem_ca_serial_number));
}

TEST_F(OemDeviceCertTest, CertificateChainNotSignedByRoot) {
  std::unique_ptr<RsaPublicKey> leaf_public_key;
  uint32_t system_id;
  std::string oem_ca_serial_number;
  ASSERT_FALSE(oem_device_cert_.VerifyCertificateChain(
      test_certificates_.invalid_certificate_chain_der(), &leaf_public_key,
      &system_id, &oem_ca_serial_number));
}

}  // namespace widevine