// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/jwk_serializer.h"

#include <cert.h>
#include <keyhi.h>
#include <nss.h>

#include "base/base64.h"
#include "base/values.h"
#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"

namespace net {

namespace JwkSerializer {

namespace {

bool ConvertEcPrime256v1PublicKeyInfoToJwk(
    CERTSubjectPublicKeyInfo* spki,
    base::DictionaryValue* public_key_jwk) {
  static const int kUncompressedEncodingType = 4;
  static const int kPrime256v1PublicKeyLength = 64;
  // The public key value is encoded as 0x04 + 64 bytes of public key.
  // NSS gives the length as the bit length.
  if (spki->subjectPublicKey.len != (kPrime256v1PublicKeyLength + 1) * 8 ||
      spki->subjectPublicKey.data[0] != kUncompressedEncodingType)
    return false;

  public_key_jwk->SetString("kty", "EC");
  public_key_jwk->SetString("crv", "P-256");

  base::StringPiece x(
      reinterpret_cast<char*>(spki->subjectPublicKey.data + 1),
      kPrime256v1PublicKeyLength / 2);
  std::string x_b64;
  base::Base64Encode(x, &x_b64);
  public_key_jwk->SetString("x", x_b64);

  base::StringPiece y(
      reinterpret_cast<char*>(spki->subjectPublicKey.data + 1 +
                              kPrime256v1PublicKeyLength / 2),
      kPrime256v1PublicKeyLength / 2);
  std::string y_b64;
  base::Base64Encode(y, &y_b64);
  public_key_jwk->SetString("y", y_b64);
  return true;
}

bool ConvertEcPublicKeyInfoToJwk(
    CERTSubjectPublicKeyInfo* spki,
    base::DictionaryValue* public_key_jwk) {
  // 1.2.840.10045.3.1.7
  // (iso.member-body.us.ansi-x9-62.ellipticCurve.primeCurve.prime256v1)
  // (This includes the DER-encoded type (OID) and length: parameters can be
  // anything, so the DER type isn't implied, and NSS includes it.)
  static const unsigned char kPrime256v1[] = {
    0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
  };
  if (spki->algorithm.parameters.len == sizeof(kPrime256v1) &&
      !memcmp(spki->algorithm.parameters.data, kPrime256v1,
              sizeof(kPrime256v1))) {
    return ConvertEcPrime256v1PublicKeyInfoToJwk(spki, public_key_jwk);
  }
  // TODO(juanlang): other curves
  return false;
}

typedef scoped_ptr<
    CERTSubjectPublicKeyInfo,
    crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
                         SECKEY_DestroySubjectPublicKeyInfo> >
    ScopedCERTSubjectPublicKeyInfo;

}  // namespace

bool ConvertSpkiFromDerToJwk(
    const base::StringPiece& spki_der,
    base::DictionaryValue* public_key_jwk) {
  public_key_jwk->Clear();

  crypto::EnsureNSSInit();

  if (!NSS_IsInitialized())
    return false;

  SECItem sec_item;
  sec_item.data = const_cast<unsigned char*>(
      reinterpret_cast<const unsigned char*>(spki_der.data()));
  sec_item.len = spki_der.size();
  ScopedCERTSubjectPublicKeyInfo spki(
      SECKEY_DecodeDERSubjectPublicKeyInfo(&sec_item));
  if (!spki)
    return false;

  // 1.2.840.10045.2
  // (iso.member-body.us.ansi-x9-62.id-ecPublicKey)
  // (This omits the ASN.1 encoding of the type (OID) and length: the fact that
  // this is an OID is already clear, and NSS omits it here.)
  static const unsigned char kIdEcPublicKey[] = {
    0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01
  };
  bool rv = false;
  if (spki->algorithm.algorithm.len == sizeof(kIdEcPublicKey) &&
      !memcmp(spki->algorithm.algorithm.data, kIdEcPublicKey,
              sizeof(kIdEcPublicKey))) {
    rv = ConvertEcPublicKeyInfoToJwk(spki.get(), public_key_jwk);
  }
  // TODO(juanlang): other algorithms
  return rv;
}

}  // namespace JwkSerializer

}  // namespace net