#ifndef __CREDDY_H__
#define __CREDDY_H__

#include <library.h>
#include <credentials/certificates/certificate.h>
#include <credentials/certificates/x509.h>

typedef struct _subject_t {
    char *cert;
    char *id;
    char *role;
} subject_t;

typedef struct _options_t {
    int help;
    int mode;

    char *cert;

    // generate options
    char *cn;
    int validity;

    // attribute options
    char *issuer;
    char *key;
    char *role;
    subject_t *subjects;
    int num_subjects;
    char *out;

    // verify options
    char *attrcert;
} options_t;

#define MODE_GENERATE   1
#define MODE_VERIFY     2
#define MODE_KEYID      3
#define MODE_ATTRIBUTE  4
#define MODE_ROLES      5
#define MODE_VERSION    6

// returns true if a name starts with a letter and is otherwise alphanumeric
int clean_name(char *string);

// load an ID/attr cert from file (aborts on fail)
certificate_t *cert_from_file(char *filename);
certificate_t *attr_cert_from_file(char *filename);

// get the keyid from a cert (free result when done)
char *cert_keyid(certificate_t *cert);

// generate a random serial
chunk_t generate_serial();

void usage(options_t *opts);
void *xmalloc(size_t len);
void *xrealloc(void *ptr, size_t size);
char *xstrdup(char *string);

// sub programs
void generate_main(options_t *opts);
void keyid_main(options_t *opts);
void attribute_main(options_t *opts);
void roles_main(options_t *opts);
void verify_main(options_t *opts);

#define CREDDY_SUCCESS                      0
#define CREDDY_GENERATE_INVALID_CN          -1
#define CREDDY_GENERATE_INVALID_VALIDITY    -2

/**
 * Generate an ID cert / private key pair. Returns one of the error
 * codes above. Validity is in days. Output is in ${cn}_ID.pem and
 * ${cn}_private.der.
 */
int creddy_generate(char *cn, int validity);

#endif /* __CREDDY_H__ */