-- Verify.hs: OpenPGP (RFC4880) signature verification
-- Copyright © 2012  Clint Adams
-- This software is released under the terms of the ISC license.
-- (See the LICENSE file).

module Data.Conduit.OpenPGP.Verify (
   conduitVerify
) where

import Data.Conduit
import qualified Data.Conduit.Util as CU
import Data.Time.Clock (UTCTime)

import Codec.Encryption.OpenPGP.Internal (PktStreamContext(..), emptyPSC)
import Codec.Encryption.OpenPGP.Types
import Codec.Encryption.OpenPGP.Verify (verifySig)

conduitVerify :: MonadResource m => Keyring -> Maybe UTCTime -> Conduit Pkt m (Either String Verification)
conduitVerify kr mt = CU.conduitState emptyPSC push close
    where
        push state ld@(LiteralDataPkt {}) = return $ CU.StateProducing (state { lastLD = ld }) []
        push state uid@(UserIdPkt _) = return $ CU.StateProducing (state { lastUIDorUAt = uid }) []
        push state uat@(UserAttributePkt _) = return $ CU.StateProducing (state { lastUIDorUAt = uat }) []
        push state pk@(PublicKeyPkt _) = return $ CU.StateProducing (state { lastPrimaryKey = pk }) []
        push state pk@(PublicSubkeyPkt _) = return $ CU.StateProducing (state { lastSubkey = pk }) []
        push state sk@(SecretKeyPkt _ _) = return $ CU.StateProducing (state { lastPrimaryKey = sk }) []
        push state sk@(SecretSubkeyPkt _ _) = return $ CU.StateProducing (state { lastSubkey = sk }) []
        push state sig@(SignaturePkt (SigV4 {})) = return $ CU.StateProducing state { lastSig = sig } [verifySig kr sig state mt]
        push state (OnePassSignaturePkt _ _ _ _ _ False) = return $ CU.StateProducing state []
        push state _ = return $ CU.StateProducing state []
        close _ = return []
        normLineEndings = id  -- FIXME