// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_INTERNAL_SIGNATURE_POLICY_H_
#define NET_CERT_INTERNAL_SIGNATURE_POLICY_H_

#include <stddef.h>

#include "base/compiler_specific.h"
#include "net/base/net_export.h"
#include "net/cert/internal/cert_errors.h"
#include "net/cert/internal/signature_algorithm.h"

namespace net {

class CertErrors;
class SignatureAlgorithm;

// SignaturePolicy is an interface (and base implementation) for applying
// policies when verifying signed data. It lets callers override which
// algorithms, named curves, and key sizes to allow.
class NET_EXPORT SignaturePolicy {
 public:
  virtual ~SignaturePolicy() {}

  // Implementations should return true if |algorithm| is acceptable. For
  // instance, implementations could reject any signature algorithms that used
  // SHA-1.
  //
  // The default implementation accepts all signature algorithms.
  virtual bool IsAcceptableSignatureAlgorithm(
      const SignatureAlgorithm& algorithm,
      CertErrors* errors) const;

  // Implementations should return true if |curve_nid| is an allowed
  // elliptical curve. |curve_nid| is an object ID from BoringSSL (for example
  // NID_secp384r1).
  //
  // The default implementation accepts secp256r1, secp384r1, secp521r1 only.
  virtual bool IsAcceptableCurveForEcdsa(int curve_nid,
                                         CertErrors* errors) const;

  // Implementations should return true if |modulus_length_bits| is an allowed
  // RSA key size in bits.
  //
  // The default implementation accepts any modulus length >= 2048 bits.
  virtual bool IsAcceptableModulusLengthForRsa(size_t modulus_length_bits,
                                               CertErrors* errors) const;
};

// SimpleSignaturePolicy modifies the base SignaturePolicy by allowing the
// minimum RSA key length to be specified (rather than hard coded to 2048).
class NET_EXPORT SimpleSignaturePolicy : public SignaturePolicy {
 public:
  explicit SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits);

  bool IsAcceptableModulusLengthForRsa(size_t modulus_length_bits,
                                       CertErrors* errors) const override;

 private:
  const size_t min_rsa_modulus_length_bits_;
};

// TODO(crbug.com/634443): Move exported errors to a central location?
extern CertErrorId kRsaModulusTooSmall;

}  // namespace net

#endif  // NET_CERT_INTERNAL_SIGNATURE_POLICY_H_