/**
 * Wrapper for OpenSSL cryptographic functions.
 * @author SE/Linux Team <se-linux@inso.tuwien.ac.at>
 *
 * NOTE: you need to link with -lcrypto when using this class!
 */

#ifndef _SECURITY_H
#define _SECURITY_H

#include <string>
#include <vector>
#include <exception>

#include <Ice/Config.h> // For Ice::Byte

//! Exception thrown by security class
class SecurityException : public std::exception {
	public:
		//! Construtor.
		//! @param what Error message.
		SecurityException(const std::string& what);
		//! Returns the error message
		virtual const char *what() const throw() { return _what.c_str(); }
		virtual ~SecurityException() throw() {}
	private:
		std::string _what;
};

//! Interface of the Security class.
//! Use the instance() member to get the singleton instance.
class Security {

	public:
    virtual ~Security()
    {};

		//! Definition of Byte, for compatibility with ICE.
		typedef Ice::Byte Byte;

		//! Vector (sequence) of Bytes.
		typedef std::vector<Byte> ByteStream;

		//! Returns the singleton Security instance.
		static Security& instance();
	
		//! Encrypts binary data using envelope encryption (RSA + aes_256_cbc).
		//! See the man page for EVP_SealInit(3SSL) for an explenation of envelope
		//! ecnryption.
		//! @param certificateFile Path to certificate in PEM format used for
		//! 	encryption.
		//! @param data Data to encrypt.
		//! @param iv Output parameter. Randoml initia vector for AES. 
		//! @param ek Output parameter. Ramdom AES key encrypted with RSA.
		//! @param output Output paramenter. Encrypted data.
		//! @throws SecurityException on error.
		virtual void encryptPublic(
			const std::string& certificateFile,
			const ByteStream& data,
			ByteStream& iv,
			ByteStream& ek,
			ByteStream& output
		) = 0;

		//! Decrypts binary data using envelope encryption (RSA + aes_256_cbc)
		//! See the man page for EVP_SealInit(3SSL) for an expenation of envelope
		//! ecnryption.
		//! @param privateKeyFile Path to private key in PEM format used for 
		//! 	decryption.
		//! @param data Data to decrypt.
		//! @param iv Initial vector for AES.
		//! @param ek Key for AES encrypted with RSA.
		//! @param output. Output parameter. Decrypted data.
		//! @throws SecurityException on error.
		virtual void decryptPrivate(
			const std::string& privateKeyFile,
			const ByteStream& data,
			const ByteStream& iv,
			const ByteStream& ek,
			ByteStream& output
		) = 0;

		//! Signs binary data using SHA1 + RSA.
		//! @param privateKeyFile Path to private key in PEM format used for
		//! 	encryption.
		//! @param data Data to sign.
		//! @param output Output parameter. The signature.
		//! @throws SecurityException on error.
		virtual void sign(
			const std::string& privateKeyFile,
			const ByteStream& data,
			ByteStream& output
		) = 0;

		//! Verifies a signature using SHA1 + RSA.
		//! @param certificateFile Path to certificate file in PEM format used for
		//! 	decryption.
		//! @param data Data to verify.
		//! @param signature Signature to verify.
		//! @throws SecurityException On error or if the signature could not be verified.
		virtual void verifySignature(
			const std::string& certificateFile,
			const ByteStream& data,
			const ByteStream& signature
		) = 0;

		//! Returns the common name (CN) field of a certificate.
		//! @param certificateFile Path to certificate in PEM format.
		//! @throws SecurityException on error.
		virtual std::string getCommonName(
			const std::string& certificateFile
		) = 0;

	private:

		static Security *_instance;
};

#endif