// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CAST_RECEIVER_CHANNEL_DEVICE_AUTH_NAMESPACE_HANDLER_H_
#define CAST_RECEIVER_CHANNEL_DEVICE_AUTH_NAMESPACE_HANDLER_H_

#include <openssl/evp.h>

#include <string>
#include <vector>

#include "absl/types/span.h"
#include "cast/common/channel/cast_message_handler.h"

namespace openscreen {
namespace cast {

struct DeviceCredentials {
  // The device's certificate chain in DER form, where |certs[0]| is the
  // device's certificate and |certs[certs.size()-1]| is the last intermediate
  // before a Cast root certificate.
  std::vector<std::string> certs;

  // The device's private key that corresponds to the certificate in |certs[0]|.
  bssl::UniquePtr<EVP_PKEY> private_key;

  // If non-empty, this contains a serialized CrlBundle protobuf.  This may be
  // used by the sender as part of verifying |certs|.
  std::string serialized_crl;
};

class DeviceAuthNamespaceHandler final : public CastMessageHandler {
 public:
  class CredentialsProvider {
   public:
    virtual absl::Span<const uint8_t> GetCurrentTlsCertAsDer() = 0;
    virtual const DeviceCredentials& GetCurrentDeviceCredentials() = 0;
  };

  // |creds_provider| must outlive |this|.
  explicit DeviceAuthNamespaceHandler(CredentialsProvider* creds_provider);
  ~DeviceAuthNamespaceHandler();

  // CastMessageHandler overrides.
  void OnMessage(VirtualConnectionRouter* router,
                 CastSocket* socket,
                 ::cast::channel::CastMessage message) override;

 private:
  CredentialsProvider* const creds_provider_;
};

}  // namespace cast
}  // namespace openscreen

#endif  // CAST_RECEIVER_CHANNEL_DEVICE_AUTH_NAMESPACE_HANDLER_H_