// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/ct_log_verifier.h"

#include "base/logging.h"
#include "net/cert/ct_serialization.h"

namespace net {

// static
scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
    const base::StringPiece& public_key,
    const base::StringPiece& description) {
  scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
  if (!result->Init(public_key, description))
    result.reset();
  return result.Pass();
}

bool CTLogVerifier::Verify(const ct::LogEntry& entry,
                           const ct::SignedCertificateTimestamp& sct) {
  if (sct.log_id != key_id()) {
    DVLOG(1) << "SCT is not signed by this log.";
    return false;
  }

  if (sct.signature.hash_algorithm != hash_algorithm_) {
    DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_
             << ", got " << sct.signature.hash_algorithm << ".";
    return false;
  }

  if (sct.signature.signature_algorithm != signature_algorithm_) {
    DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_
             << ", got " << sct.signature.signature_algorithm << ".";
    return false;
  }

  std::string serialized_log_entry;
  if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
    DVLOG(1) << "Unable to serialize entry.";
    return false;
  }
  std::string serialized_data;
  if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
                                 sct.extensions, &serialized_data)) {
    DVLOG(1) << "Unable to create SCT to verify.";
    return false;
  }

  return VerifySignature(serialized_data, sct.signature.signature_data);
}

}  // namespace net