<?php
/**
 * Part of the Joomla Framework Crypt Package
 *
 * @copyright  Copyright (C) 2005 - 2021 Open Source Matters, Inc. All rights reserved.
 * @license    GNU General Public License version 2 or later; see LICENSE
 */

namespace Joomla\Crypt\Cipher;

use Defuse\Crypto\Crypto as DefuseCrypto;
use Defuse\Crypto\Exception\EnvironmentIsBrokenException;
use Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException;
use Defuse\Crypto\Key as DefuseKey;
use Defuse\Crypto\RuntimeTests;
use Joomla\Crypt\CipherInterface;
use Joomla\Crypt\Exception\DecryptionException;
use Joomla\Crypt\Exception\EncryptionException;
use Joomla\Crypt\Exception\InvalidKeyException;
use Joomla\Crypt\Exception\InvalidKeyTypeException;
use Joomla\Crypt\Key;

/**
 * Joomla cipher for encryption, decryption and key generation via the php-encryption library.
 *
 * @since  2.0.0
 */
class Crypto implements CipherInterface
{
	/**
	 * Method to decrypt a data string.
	 *
	 * @param   string  $data  The encrypted string to decrypt.
	 * @param   Key     $key   The key object to use for decryption.
	 *
	 * @return  string  The decrypted data string.
	 *
	 * @since   2.0.0
	 * @throws  DecryptionException if the data cannot be decrypted
	 * @throws  InvalidKeyTypeException if the key is not valid for the cipher
	 */
	public function decrypt($data, Key $key)
	{
		// Validate key.
		if ($key->getType() !== 'crypto')
		{
			throw new InvalidKeyTypeException('crypto', $key->getType());
		}

		// Decrypt the data.
		try
		{
			return DefuseCrypto::decrypt($data, DefuseKey::loadFromAsciiSafeString($key->getPrivate()));
		}
		catch (WrongKeyOrModifiedCiphertextException $ex)
		{
			throw new DecryptionException('DANGER! DANGER! The ciphertext has been tampered with!', $ex->getCode(), $ex);
		}
		catch (EnvironmentIsBrokenException $ex)
		{
			throw new DecryptionException('Cannot safely perform decryption', $ex->getCode(), $ex);
		}
	}

	/**
	 * Method to encrypt a data string.
	 *
	 * @param   string  $data  The data string to encrypt.
	 * @param   Key     $key   The key object to use for encryption.
	 *
	 * @return  string  The encrypted data string.
	 *
	 * @since   2.0.0
	 * @throws  EncryptionException if the data cannot be encrypted
	 * @throws  InvalidKeyTypeException if the key is not valid for the cipher
	 */
	public function encrypt($data, Key $key)
	{
		// Validate key.
		if ($key->getType() !== 'crypto')
		{
			throw new InvalidKeyTypeException('crypto', $key->getType());
		}

		// Encrypt the data.
		try
		{
			return DefuseCrypto::encrypt($data, DefuseKey::loadFromAsciiSafeString($key->getPrivate()));
		}
		catch (EnvironmentIsBrokenException $ex)
		{
			throw new EncryptionException('Cannot safely perform encryption', $ex->getCode(), $ex);
		}
	}

	/**
	 * Method to generate a new encryption key object.
	 *
	 * @param   array  $options  Key generation options.
	 *
	 * @return  Key
	 *
	 * @since   2.0.0
	 * @throws  InvalidKeyException if the key cannot be generated
	 */
	public function generateKey(array $options = [])
	{
		// Generate the encryption key.
		try
		{
			$public = DefuseKey::createNewRandomKey();
		}
		catch (EnvironmentIsBrokenException $ex)
		{
			throw new InvalidKeyException('Cannot safely create a key', $ex->getCode(), $ex);
		}

		// Create the new encryption key object.
		return new Key('crypto', $public->saveToAsciiSafeString(), $public->getRawBytes());
	}

	/**
	 * Check if the cipher is supported in this environment.
	 *
	 * @return  boolean
	 *
	 * @since   2.0.0
	 */
	public static function isSupported(): bool
	{
		try
		{
			RuntimeTests::runtimeTest();

			return true;
		}
		catch (EnvironmentIsBrokenException $e)
		{
			return false;
		}
	}
}