Documentation
//! Lifecycle operations on OpenPGP transferable keys

use minipgp6_packet::{
    packet::signature::{RawSubpacket, Signature, SignatureType, subpacket::Subpacket},
    types::Timestamp,
};
use minipgp6_sign::{SigningKey, component::sign_direct_key};
use rand::{CryptoRng, Rng};

use crate::Error;

/// Produce a revocation signature over a primary key
///
/// TODO: parametrize "reason"
pub fn revoke_primary<RNG: Rng + CryptoRng, S: SigningKey>(
    mut rng: RNG,
    primary: &S,
) -> Result<Signature, Error> {
    let created = Subpacket::SignatureCreationTime(Timestamp::now());
    let issuer = Subpacket::IssuerFingerprint(primary.public().fingerprint());
    let reason = RawSubpacket::new(
        29, // Reason for Revocation
        false,
        vec![1u8], // Code: "Key is superseded"
    );

    let hashed_subpackets: Vec<RawSubpacket> = vec![created.into(), issuer.into(), reason];

    // Make a revocation signature
    let config = minipgp6_sign::config::new(
        &mut rng,
        SignatureType::KeyRevocation,
        primary.public().public_key_algorithm,
        primary.public().public_key_algorithm.hash_algorithm()?,
        hashed_subpackets,
        Vec::new(),
    );

    let revocation = sign_direct_key(config, &primary, primary.public())?;

    Ok(revocation)
}