// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// Copyright by contributors to this project.
// SPDX-License-Identifier: (Apache-2.0 OR MIT)

use mls_rs_core::{crypto::CipherSuiteProvider, protocol_version::ProtocolVersion};

use crate::{client::MlsError, signer::Signable, KeyPackage};

#[cfg_attr(not(mls_build_async), maybe_async::must_be_sync)]
pub(crate) async fn validate_key_package_properties<CSP: CipherSuiteProvider>(
    package: &KeyPackage,
    version: ProtocolVersion,
    cs: &CSP,
) -> Result<(), MlsError> {
    package
        .verify(cs, &package.leaf_node.signing_identity.signature_key, &())
        .await?;

    // Verify that the protocol version matches
    if package.version != version {
        return Err(MlsError::ProtocolVersionMismatch);
    }

    // Verify that the cipher suite matches
    if package.cipher_suite != cs.cipher_suite() {
        return Err(MlsError::CipherSuiteMismatch);
    }

    // Verify that the public init key is a valid format for this cipher suite
    cs.kem_public_key_validate(&package.hpke_init_key)
        .map_err(|_| MlsError::InvalidInitKey)?;

    // Verify that the init key and the leaf node public key are different
    if package.hpke_init_key.as_ref() == package.leaf_node.public_key.as_ref() {
        return Err(MlsError::InitLeafKeyEquality);
    }

    Ok(())
}