// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "remoting/host/pin_hash.h"

#include "base/base64.h"
#include "base/logging.h"
#include "remoting/protocol/auth_util.h"
#include "remoting/protocol/me2me_host_authenticator_factory.h"

namespace remoting {

bool ParsePinHashFromConfig(const std::string& value,
                            const std::string& host_id,
                            std::string* pin_hash_out) {
  size_t separator = value.find(':');
  if (separator == std::string::npos)
    return false;

  if (!base::Base64Decode(value.substr(separator + 1), pin_hash_out))
    return false;

  std::string function_name = value.substr(0, separator);
  if (function_name == "plain") {
    *pin_hash_out = protocol::GetSharedSecretHash(host_id, *pin_hash_out);
    return true;
  } else if (function_name == "hmac") {
    return true;
  }

  pin_hash_out->clear();
  return false;
}

std::string MakeHostPinHash(const std::string& host_id,
                            const std::string& pin) {
  std::string hash = protocol::GetSharedSecretHash(host_id, pin);
  std::string hash_base64;
  base::Base64Encode(hash, &hash_base64);
  return "hmac:" + hash_base64;
}

bool VerifyHostPinHash(const std::string& hash,
                       const std::string& host_id,
                       const std::string& pin) {
  std::string hash_parsed;
  if (!ParsePinHashFromConfig(hash, host_id, &hash_parsed)) {
    LOG(FATAL) << "Failed to parse PIN hash.";
    return false;
  }
  std::string hash_calculated = protocol::GetSharedSecretHash(host_id, pin);
  return hash_calculated == hash_parsed;
}

}  // namespace remoting