/*! \file piauth.h
 * \brief PIP Authentication API
*/
/*
	PIP - Platform Independent Primitives
	PIP Authentication API
	Copyright (C) 2018 Andrey Bychkov work.a.b@yandex.ru

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#ifndef PIAUTH_H
#define PIAUTH_H

#include "piobject.h"
#include "picrypt.h"


class PIP_EXPORT PIAuth : public PIObject
{
	PIOBJECT(PIAuth)
public:
	enum Role {Client, Server};
	enum State {NotConnected, AuthProbe, PassRequest, AuthReply, KeyExchange, Connected};

	//! Create PIAuth with your digital sign
	PIAuth(const PIByteArray & sign);

	//! Set server info data for client authorize event
	void setInfoData(const PIByteArray & info) {server_info = info;}

	//! Set list of trusted clients/servers public digital sign keys
	void setAuthorizedPublicKeys(const PIVector<PIByteArray> & pkeys) {auth_pkeys = pkeys;}

	//! Get list of trusted clients/servers public digital sign keys
	PIVector<PIByteArray> getAuthorizedPublicKeys() {return auth_pkeys;}

	//! Get your digital sign public key
	PIByteArray getSignPublicKey() {return sign_pk;}


	//! Stop authorization
	void stop();

	//! Start authorization as client
	void startClient();

	//! Start authorization as server, return first server message for client
	PIByteArray startServer();

	//! Process reseived message both for client and server, return current state and new message writed in "ba"
	State receive(PIByteArray & ba);

	//! Get session secret key, return key only when Connected state
	PIByteArray getSecretKey();

	//! Generate digital sign from seed
	static PIByteArray generateSign(const PIByteArray & seed);


	//! Disconneted event
	EVENT(disconnected)

	//! Conneted event
	EVENT(connected)

	//! Client event for authorize new server
	EVENT2(authorize, PIByteArray, info, bool *, ok)

	//! Client event for input server password
	EVENT1(passwordRequest, PIString *, pass)

	//! Server event for check client password
	EVENT2(passwordCheck, PIByteArray, phash, bool *, ok)


	//EVENT_HANDLER1(void, received, PIByteArray, data);

private:
	State disconnect(PIByteArray & ba, const PIString & error = PIString());
	bool isAuthorizedKey(const PIByteArray & pkey);

	PIByteArray createSKMessage();

	Role role;
	State state;
	PIByteArray server_info;
	PICrypt crypt;
	PIByteArray sign_sk, sign_pk;
	PIByteArray auth_sign;
	PIByteArray box_sk, box_pk;
	PIByteArray my_pk;
	PIByteArray secret_key;
	PIVector<PIByteArray> auth_pkeys;
};

#endif // PIAUTH_H