Documentation
// SPDX-FileCopyrightText: Heiko Schaefer <heiko@schaefer.name>
// SPDX-License-Identifier: MIT OR Apache-2.0

//! Lifecycle operations on OpenPGP transferable keys

use minipgp6_packet::{
    body::signature::{RawSubpacket, Signature, SignatureType, subpacket::Subpacket},
    types::time::Timestamp,
};
use minipgp6_sign::{SigningKey, component::sign_direct_key};
use rand::{CryptoRng, Rng};

use crate::Error;

/// Produce a revocation signature over a primary key
///
/// TODO: parametrize "reason"
pub fn revoke_primary<RNG: Rng + CryptoRng, S: SigningKey>(
    mut rng: RNG,
    primary: &S,
) -> Result<Signature, Error> {
    let created = Subpacket::SignatureCreationTime(Timestamp::now());
    let issuer = Subpacket::IssuerFingerprint(primary.public().fingerprint());
    let reason = RawSubpacket::new(
        29, // Reason for Revocation
        false,
        Box::new([1u8]), // Code: "Key is superseded"
    );

    let hashed_subpackets: Vec<RawSubpacket> = vec![created.into(), issuer.into(), reason];

    // Make a revocation signature
    let config = minipgp6_sign::new_signature(
        &mut rng,
        SignatureType::KeyRevocation,
        primary.public().public_key_algorithm(),
        primary.public().public_key_algorithm().hash_algorithm()?,
        hashed_subpackets,
        Vec::new(),
    );

    let revocation = sign_direct_key(config, &primary, primary.public())?;

    Ok(revocation)
}