#pragma once

#include <optional>
#include <stdint.h>
#include <string>
#include <vector>

#include "json.hpp"

#include "expiring_signature.h"
#include "time_helpers.h"

namespace BareMinimumCrypto {
	using namespace std;
	using nlohmann::json;
	
	string get_machine_id ();
	
	struct HumanKeyFile {
		vector <uint8_t> salt;
		Instant time_created;
		vector <uint8_t> pubkey;
		string machine_id;
		
		vector <uint8_t> to_msgpack () const;
		static optional <HumanKeyFile> try_from_msgpack (const json & msg);
	};
	
	struct MachineKeyFile {
		vector <uint8_t> secretkey;
		Instant time_created;
		string machine_id;
		
		vector <uint8_t> to_msgpack () const;
		static optional <MachineKeyFile> try_from_msgpack (const json & msg);
		
		vector <uint8_t> pubkey () const;
	};
	
	struct SigningKey {
		vector <uint8_t> pk;
		vector <uint8_t> sk;
		
		SigningKey ();
		
		// This doesn't fsync, so it's possible to lose the key due to a power outage
		// or filesystem nonsense right after this function returns.
		// It also doesn't do the rename trick. The caller may do that.
		
		static optional <SigningKey> generate_human_key_file (const string & file_path, const string & passphrase);
		
		static optional <SigningKey> generate_machine_key_file (const string & file_path);
		
		static optional <SigningKey> load_human_key_file (const string & file_path, const string & passphrase);
		
		vector <uint8_t> pubkey () const;
		vector <uint8_t> pub_to_msgpack () const;
		
		optional <ExpiringSignature> sign (
			const vector <uint8_t> & payload,
			TimeRange tr
		) const;
		
		optional <ExpiringSignature> sign_key (const SigningKey & k, Instant now) const;
		optional <ExpiringSignature> sign_data (const vector <uint8_t> & v, Instant now) const;
	};
}