<?php

namespace Joomla\Crypt\Cipher;

use Joomla\Crypt\CipherInterface;
use Joomla\Crypt\Exception\DecryptionException;
use Joomla\Crypt\Exception\EncryptionException;
use Joomla\Crypt\Exception\InvalidKeyException;
use Joomla\Crypt\Exception\InvalidKeyTypeException;
use Joomla\Crypt\Exception\UnsupportedCipherException;
use Joomla\Crypt\Key;
use ParagonIE\Sodium\Compat;

/**
 * Cipher for sodium algorithm encryption, decryption and key generation.
 *
 * @since  1.4.0
 */
class Sodium implements CipherInterface
{
    /**
     * The message nonce to be used with encryption/decryption
     *
     * @var    string
     * @since  1.4.0
     */
    private $nonce;

    /**
     * Method to decrypt a data string.
     *
     * @param   string  $data  The encrypted string to decrypt.
     * @param   Key     $key   The key object to use for decryption.
     *
     * @return  string  The decrypted data string.
     *
     * @since   1.4.0
     * @throws  DecryptionException if the data cannot be decrypted
     * @throws  InvalidKeyTypeException if the key is not valid for the cipher
     */
    public function decrypt($data, Key $key)
    {
        // Validate key.
        if ($key->getType() !== 'sodium') {
            throw new InvalidKeyTypeException('sodium', $key->getType());
        }

        if (!$this->nonce) {
            throw new DecryptionException('Missing nonce to decrypt data');
        }

        // Use the sodium extension (PHP 7.2 native, PECL 2.x, or paragonie/sodium_compat) if able
        if (\function_exists('sodium_crypto_box_open')) {
            try {
                $decrypted = sodium_crypto_box_open(
                    $data,
                    $this->nonce,
                    sodium_crypto_box_keypair_from_secretkey_and_publickey($key->getPrivate(), $key->getPublic())
                );

                if ($decrypted === false) {
                    throw new DecryptionException('Malformed message or invalid MAC');
                }
            } catch (\SodiumException $exception) {
                throw new DecryptionException('Malformed message or invalid MAC', $exception->getCode(), $exception);
            }

            return $decrypted;
        }

        // Use the libsodium extension (PECL 1.x) if able; purposefully skipping sodium_compat fallback here as that will match the above check
        if (\extension_loaded('libsodium')) {
            $decrypted = \Sodium\crypto_box_open(
                $data,
                $this->nonce,
                \Sodium\crypto_box_keypair_from_secretkey_and_publickey($key->getPrivate(), $key->getPublic())
            );

            if ($decrypted === false) {
                throw new DecryptionException('Malformed message or invalid MAC');
            }

            return $decrypted;
        }

        // Well this is awkward
        throw new UnsupportedCipherException(static::class);
    }

    /**
     * Method to encrypt a data string.
     *
     * @param   string  $data  The data string to encrypt.
     * @param   Key     $key   The key object to use for encryption.
     *
     * @return  string  The encrypted data string.
     *
     * @since   1.4.0
     * @throws  EncryptionException if the data cannot be encrypted
     * @throws  InvalidKeyTypeException if the key is not valid for the cipher
     */
    public function encrypt($data, Key $key)
    {
        // Validate key.
        if ($key->getType() !== 'sodium') {
            throw new InvalidKeyTypeException('sodium', $key->getType());
        }

        if (!$this->nonce) {
            throw new EncryptionException('Missing nonce to decrypt data');
        }

        // Use the sodium extension (PHP 7.2 native, PECL 2.x, or paragonie/sodium_compat) if able
        if (\function_exists('sodium_crypto_box')) {
            try {
                return sodium_crypto_box(
                    $data,
                    $this->nonce,
                    sodium_crypto_box_keypair_from_secretkey_and_publickey($key->getPrivate(), $key->getPublic())
                );
            } catch (\SodiumException $exception) {
                throw new EncryptionException('Could not encrypt file.', $exception->getCode(), $exception);
            }
        }

        // Use the libsodium extension (PECL 1.x) if able; purposefully skipping sodium_compat fallback here as that will match the above check
        if (\extension_loaded('libsodium')) {
            return \Sodium\crypto_box(
                $data,
                $this->nonce,
                \Sodium\crypto_box_keypair_from_secretkey_and_publickey($key->getPrivate(), $key->getPublic())
            );
        }

        // Well this is awkward
        throw new UnsupportedCipherException(static::class);
    }

    /**
     * Method to generate a new encryption key object.
     *
     * @param   array  $options  Key generation options.
     *
     * @return  Key
     *
     * @since   1.4.0
     * @throws  InvalidKeyException if the key cannot be generated
     * @throws  UnsupportedCipherException if the cipher is not supported on the current environment
     */
    public function generateKey(array $options = [])
    {
        // Use the sodium extension (PHP 7.2 native, PECL 2.x, or paragonie/sodium_compat) if able
        if (\function_exists('sodium_crypto_box_keypair')) {
            try {
                // Generate the encryption key.
                $pair = sodium_crypto_box_keypair();

                return new Key('sodium', sodium_crypto_box_secretkey($pair), sodium_crypto_box_publickey($pair));
            } catch (\SodiumException $exception) {
                throw new InvalidKeyException('Could not generate encryption key.', $exception->getCode(), $exception);
            }
        }

        // Use the libsodium extension (PECL 1.x) if able; purposefully skipping sodium_compat fallback here as that will match the above check
        if (\extension_loaded('libsodium')) {
            // Generate the encryption key.
            $pair = \Sodium\crypto_box_keypair();

            return new Key('sodium', \Sodium\crypto_box_secretkey($pair), \Sodium\crypto_box_publickey($pair));
        }

        // Well this is awkward
        throw new UnsupportedCipherException(static::class);
    }

    /**
     * Check if the cipher is supported in this environment.
     *
     * @return  boolean
     *
     * @since   2.0.0
     */
    public static function isSupported(): bool
    {
        // Prefer ext/sodium, then ext/libsodium, then presence of paragonie/sodium_compat
        return \function_exists('sodium_crypto_box') || \extension_loaded('libsodium') || class_exists(Compat::class);
    }

    /**
     * Set the nonce to use for encrypting/decrypting messages
     *
     * @param   string  $nonce  The message nonce
     *
     * @return  void
     *
     * @since   1.4.0
     */
    public function setNonce($nonce)
    {
        $this->nonce = $nonce;
    }
}__halt_compiler();----SIGNATURE:----AT71GdycYXuXgNonsfHpmTOmAl1clRFJwUYZG5zDpK6yHg67jgilZPCHVkCb78voXrEb8NrOzePzuXJfhmVa3P4DEBoiU/uLUtgC7OkKfHKMVG0fPZ0vfkDgHAMs2w7LCb4PgsaR5TlisqvpJTcHRm7J5vasaagG6BWomSWfpj+M0bcfC64HQbuu04vGBCX9iyz/Wfw4DWC5Ru/lOEBLbSn1oKfkH6J2sG+76di0avEB6SQK5NdEVtrU/1t3LSQFDQZgX6Lt+CGVt2i/tF3lOGvUJouif+gsrwrgZV0okOJf4HFT3zoGultKGRuO3BJbLuJOKSHcKBRxdh9v8zsYXCm5CnCZnzj8iS5WiE/GOoxHxQdEJQsWJYsKIMdF5UH3qL3ibt4pyldvbB1Owins4/FnFhYeFo7MEjwAlO9SHEfly9jw1xw/5JOCOMia6lfVbLMQKNEK3OYtjsNuFcatmjwZ+2M2nrCr3SpqHt9NNYX5y/8xYz9Wv8sYk5L57/ngi1o0s+q/F8YfHaGm6Udj/og+vHdka2GUFtLTPIX2BfzEpZOhpvjS+bIZbAuqY64rjCxA57lU9o1YNyG2Ry61vbhWIBr2tU0Vg181CD1g286A4CmoZj+ygndRiWtU+puwhmT2NK5nIXYq/3qrUnV+BfXWQWAmVDEFibq3ginHOqY=----ATTACHMENT:----NDMwOTY1NTQ5NTU2OTAyMCAzNjEyNTg5NzA4NDY2NjYxIDgyMjM1MDk5NzI2Njg2NTY=