use std::time::Duration;

use serde::Deserialize;

#[derive(Deserialize)]
/// Specification for how the OpenPGP certificate is supposed to look like
pub(crate) struct Spec {
    /// KeySpec for the primary key
    pub(crate) primary: KeySpec,
    /// List of KeySpec elements for the sub keys
    pub(crate) subs: Vec<KeySpec>,
    /// List of UserIdSpec elements for the user ids
    pub(crate) user_ids: Vec<UserIdSpec>,
    #[serde(flatten)]
    /// Expiry information
    pub(crate) expiry: Expiry,
}

#[derive(Deserialize)]
/// Specification for how the (sub) key is supposed to be configured
pub(crate) struct KeySpec {
    /// List of flags to set for the key, detailing what for and how the key can be used.
    pub(crate) flags: Vec<KeyFlag>,
    /// Which kind of cryptography the key is going to use
    pub(crate) cipher_suite: sequoia_openpgp::cert::CipherSuite,
    #[serde(flatten)]
    /// Expiry information
    pub(crate) expiry: Expiry,
}

#[derive(Deserialize)]
/// Specification on how a user ID is supposed to look
pub(crate) struct UserIdSpec {
    /// The string value of the user ID itself
    pub(crate) value: String,
    #[serde(default)]
    /// A list of notation keys and values to add to the binding signature of the user ID.
    pub(crate) notation: Vec<(String, String)>,
}

#[derive(Deserialize)]
/// Expiry spec, including right now only a validity period
pub(crate) struct Expiry {
    #[serde(with = "humantime_serde::option", default)]
    /// Validity period, how long a key is supposed to be usable for, starting with the date it was
    /// created
    pub(crate) validity_period: Option<Duration>,
}

#[derive(Deserialize)]
#[serde(rename_all = "snake_case")]
/// Flags that can be set for keys
pub(crate) enum KeyFlag {
    /// Key can certify
    Certify,
    /// Key can sign
    Sign,
    /// Key can be used for transport encryption
    EncryptForTransport,
    /// Key can be used for encrypting data at rest
    EncryptAtRest,
    /// Key is split by a secret-sharing mechanism
    SplitKey,
    /// Key can be used for authentication
    Authenticate,
    /// Key is in the possession of more than one person
    GroupKey,
}

impl KeyFlag {
    pub(crate) fn fold(
        flags: sequoia_openpgp::types::KeyFlags,
        flag: &Self,
    ) -> sequoia_openpgp::types::KeyFlags {
        match flag {
            Self::Certify => flags.set_certification(),
            Self::Sign => flags.set_signing(),
            Self::EncryptForTransport => flags.set_transport_encryption(),
            Self::EncryptAtRest => flags.set_storage_encryption(),
            Self::SplitKey => flags.set_split_key(),
            Self::Authenticate => flags.set_authentication(),
            Self::GroupKey => flags.set_group_key(),
        }
    }
}