// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_
#define NET_QUIC_CRYPTO_PROOF_SOURCE_H_

#include <string>
#include <vector>

#include "base/memory/ref_counted.h"
#include "net/base/net_export.h"
#include "net/quic/quic_protocol.h"

namespace net {

class IPAddress;

// ProofSource is an interface by which a QUIC server can obtain certificate
// chains and signatures that prove its identity.
class NET_EXPORT_PRIVATE ProofSource {
 public:
  // Chain is a reference-counted wrapper for a std::vector of std::stringified
  // certificates.
  struct NET_EXPORT_PRIVATE Chain : public base::RefCounted<Chain> {
    explicit Chain(const std::vector<std::string>& certs);

    const std::vector<std::string> certs;

   private:
    friend class base::RefCounted<Chain>;

    virtual ~Chain();

    DISALLOW_COPY_AND_ASSIGN(Chain);
  };

  virtual ~ProofSource() {}

  // GetProof finds a certificate chain for |hostname|, sets |out_certs| to
  // point to it (in leaf-first order), calculates a signature of
  // |server_config| using that chain and puts the result in |out_signature|.
  //
  // The signature uses SHA-256 as the hash function and PSS padding when the
  // key is RSA.
  //
  // The signature uses SHA-256 as the hash function when the key is ECDSA.
  //
  // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the
  // signature must use an RSA key.
  //
  // |out_chain| is reference counted to avoid the (assumed) expense of copying
  // out the certificates.
  //
  // The number of certificate chains is expected to be small and fixed thus
  // the ProofSource retains ownership of the contents of |out_certs|. The
  // expectation is that they will be cached forever.
  //
  // For version before QUIC_VERSION_30, the signature values should be cached
  // because |server_config| will be somewhat static. However, since they aren't
  // bounded, the ProofSource may wish to evicit entries from that cache, thus
  // the caller takes ownership of |*out_signature|.
  //
  // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash|
  // which means that the signature can not be cached. The caller takes
  // ownership of |*out_signature|.
  //
  // |hostname| may be empty to signify that a default certificate should be
  // used.
  //
  // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf
  // cert.
  // This function may be called concurrently.
  virtual bool GetProof(const IPAddress& server_ip,
                        const std::string& hostname,
                        const std::string& server_config,
                        QuicVersion quic_version,
                        base::StringPiece chlo_hash,
                        bool ecdsa_ok,
                        scoped_refptr<Chain>* out_chain,
                        std::string* out_signature,
                        std::string* out_leaf_cert_sct) = 0;
};

}  // namespace net

#endif  // NET_QUIC_CRYPTO_PROOF_SOURCE_H_