#pragma once

#include <optional>
#include <stdint.h>
#include <string>
#include <vector>

#include "json.hpp"

#include "expiring_signature.h"
#include "time_helpers.h"

namespace BareMinimumCrypto {
	using namespace std;
	using nlohmann::json;
	
	string get_machine_id ();
	string get_passphrase_from_user ();
	optional <json> try_load_msgpack_file (const string & file_path);
	
	struct SigningKey {
		Bytes sk;
		
		SigningKey ();
		
		Bytes pubkey () const;
		Bytes pub_to_msgpack () const;
		
		optional <ExpiringSignature> sign (
			const Bytes & payload,
			TimeRange tr
		) const;
		
		optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const;
		optional <ExpiringSignature> sign_data (const Bytes & v, Instant now) const;
	};
	
	struct HumanKeyFile {
		Bytes salt;
		Instant time_created;
		Bytes pubkey;
		string machine_id;
		
		// This doesn't fsync, so it's possible to lose the key due to a power outage
		// or filesystem nonsense right after this function returns.
		// It also doesn't do the rename trick. The caller may do that.
		
		static optional <SigningKey> generate (const string & file_path, const string & passphrase);
		
		static optional <SigningKey> load (const string & file_path, const string & passphrase);
		
		static optional <SigningKey> unlock_key (const Bytes & salt, const string & passphrase);
		
		Bytes to_msgpack () const;
		static optional <HumanKeyFile> try_from_msgpack (const json & msg);
	};
	
	struct MachineKeyFile {
		Bytes secretkey;
		Instant time_created;
		string machine_id;
		
		static optional <SigningKey> generate (const string & file_path);
		
		Bytes pubkey () const;
		
		Bytes to_msgpack () const;
		static optional <MachineKeyFile> try_from_msgpack (const json & msg);
	};
}