Documentation
// SPDX-FileCopyrightText: Heiko Schaefer <heiko@schaefer.name>
// SPDX-License-Identifier: MIT OR Apache-2.0

//! Lifecycle operations on OpenPGP transferable keys

use minipgp6_packet::{
    body::signature::{
        Signature,
        SignatureType,
        Subpacket,
        subpacket_data::{IssuerFingerprint, SignatureCreationTime},
    },
    types::time::Timestamp,
};
use minipgp6_sign::{SigningKey, component::sign_direct_key};
use rand::{CryptoRng, Rng};

use crate::Error;

/// Produce a revocation signature over a primary key
///
/// TODO: parametrize "reason"
pub fn revoke_primary<RNG: Rng + CryptoRng, S: SigningKey>(
    mut rng: RNG,
    primary: &S,
) -> Result<Signature, Error> {
    let created = SignatureCreationTime(Timestamp::now());
    let issuer = IssuerFingerprint(primary.public().fingerprint());
    let reason = Subpacket::new(
        29, // Reason for Revocation
        false,
        Box::new([1u8]), // Code: "Key is superseded"
    );

    let hashed_subpackets: Vec<Subpacket> = vec![
        Subpacket::regular(created)?,
        Subpacket::regular(issuer)?,
        reason?,
    ];

    // Make a revocation signature
    let config = minipgp6_sign::new_signature(
        &mut rng,
        SignatureType::KeyRevocation,
        primary.public().public_key_algorithm(),
        primary.public().public_key_algorithm().hash_algorithm()?,
        hashed_subpackets,
        Vec::new(),
    )?;

    let revocation = sign_direct_key(config, &primary, primary.public())?;

    Ok(revocation)
}