<?php
/** DomFramework
  * @package domframework
  * @author Dominique Fournier <dominique@fournier38.fr>
  * @license BSD
  */

//namespace Domframework;

/** Allow to encrypt/decrypt data
  */
class encrypt
{
  /** Check if openssl library is enabled
    */
  public function __construct ()
  // {{{
  {
    if (! function_exists ("openssl_random_pseudo_bytes"))
      throw new \Exception ("No OpenSSL support in PHP. Please install it",
      500);
  }
  // }}}

  /** Encrypt the payload to not be readable by anybody
    * @param string $payload The payload to encrypt
    * @param string $ckey The 24 chars for the cipher key
    * @param string|null $cipherMethod DES-EDE3-CBC by default
    * @return encrypted payload
    */
  public function encrypt ($payload, $ckey, $cipherMethod = "des-ede3-cbc")
  // {{{
  {
    if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
      throw new \Exception (dgettext ("domframework",
      "Invalid cipher provided to encrypt method : ".
      "doesn't exists in OpenSSL"), 500);
    if (! is_string ($payload))
      throw new \Exception (dgettext ("domframework",
      "Invalid payload provided to encrypt method : ".
      "Not a string"), 500);
    if (strlen ($ckey) !== 24)
      throw new \Exception (dgettext ("domframework",
      "Invalid cipherKey provided to encrypt method :" .
      " length different of 24 chars"), 500);
    // Must be the same as decrypt
    $options = true;
    $ivlen = openssl_cipher_iv_length ($cipherMethod);
    $iv = openssl_random_pseudo_bytes ($ivlen);
    $ciphertext = openssl_encrypt ($payload, $cipherMethod, $ckey, $options,
      $iv);
    if ($ciphertext === false)
      throw new \Exception (dgettext ("domframework",
      "Can not encrypt the payload"), 500);
    $ciphertext = $iv . $ciphertext;
    return $ciphertext;
  }
  // }}}

  /** Decrypt the ciphertext
    * @param string $ciphertext The payload to decrypt
    * @param string $ckey The 24 chars for the cipher key
    * @param string|null $cipherMethod DES-EDE3-CBC by default
    * @return decrypted text
    */
  public function decrypt ($ciphertext, $ckey, $cipherMethod = "des-ede3-cbc")
  // {{{
  {
    if (! is_string ($ciphertext))
      throw new \Exception (dgettext ("domframework",
      "Invalid ciphertext provided to decrypt method : not a string"), 500);
    if (! is_string ($ckey))
      throw new \Exception (dgettext ("domframework",
      "Invalid cipherkey provided to decrypt method : not a string"), 500);
    if (! is_string ($cipherMethod))
      throw new \Exception (dgettext ("domframework",
      "Invalid cipherMethod provided to decrypt method : not a string"), 500);
    if (trim ($ciphertext) === "")
      throw new \Exception (dgettext ("domframework",
      "Invalid ciphertext provided to decrypt method : empty string"), 500);
    if (! in_array ($cipherMethod, openssl_get_cipher_methods()))
      throw new \Exception (dgettext ("domframework",
      "Invalid cipherMethod provided to decrypt method : ".
      "doesn't exists in OpenSSL"), 500);
    if (strlen ($ckey) !== 24)
      throw new \Exception (dgettext ("domframework",
      "Invalid cipherKey provided to decrypt method :" .
      " length different of 24 chars"), 500);
    $ivlen = openssl_cipher_iv_length ($cipherMethod);
    $iv = substr ($ciphertext, 0, $ivlen);
    if (strlen ($iv) != $ivlen)
      throw new \Exception (dgettext ("domframework",
      "Can not decrypt the payload : invalid salt"), 500);
    // Must be the same as encrypt
    $options = true;
    $ciphertext = substr ($ciphertext, $ivlen);
    return openssl_decrypt ($ciphertext, $cipherMethod, $ckey, $options, $iv);
  }
  // }}}
}