////////////////////////////////////////////////////////////////////////////////
// Copyright 2016 Google Inc.
//
// This software is licensed under the terms defined in the Widevine Master
// License Agreement. For a copy of this agreement, please contact
// widevine-licensing@google.com.
////////////////////////////////////////////////////////////////////////////////

#ifndef PROVISIONING_SDK_INTERNAL_OEM_DEVICE_CERT_H_
#define PROVISIONING_SDK_INTERNAL_OEM_DEVICE_CERT_H_

#include <stdint.h>

#include <memory>
#include <string>

#include "common/openssl_util.h"
#include "common/rsa_key.h"
#include "provisioning_sdk/public/certificate_type.h"

namespace widevine {

// Implements a class to handle OEM certificate: verifies the validity of the
// certificate and extracts leaf public key and system id.
class OemDeviceCert {
 public:
  OemDeviceCert();
  virtual ~OemDeviceCert();

  // Initialize with root certificate.
  bool Initialize(CertificateType certificate_type);

  // Verify the given certificate chain (in DER encoded pkcs7 format), which
  // includes the leaf certificate (a device unique certificate containing the
  // device public OEM key) and the intermediate certificate (OEM model
  // intermediate CA certificate for a specific device make + model), and
  // extract public key from the leaf certificate and system id extension and
  // oem ca serial number from the intermediate certificate.
  virtual bool VerifyCertificateChain(
      const std::string& certificate_chain,
      std::unique_ptr<RsaPublicKey>* leaf_public_key, uint32_t* system_id,
      std::string* oem_ca_serial_number) const;

 private:
  OemDeviceCert(const OemDeviceCert&) = delete;
  OemDeviceCert& operator=(const OemDeviceCert&) = delete;

  // Internal implementation of Initialize function.
  bool Initialize(const std::string& serialized_root_certificate);

  ScopedX509Store store_;
};

}  // namespace widevine

#endif  // PROVISIONING_SDK_INTERNAL_OEM_DEVICE_CERT_H_