<?php
/**
 * Copyright (C) 2015-2018 Virgil Security Inc.
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 *     (1) Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *     (2) Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *
 *     (3) Neither the name of the copyright holder nor the names of its
 *     contributors may be used to endorse or promote products derived from
 *     this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
 */

include_once "@PHP_MODULE_FILE_NAME@";
include_once "StringSource.php";
include_once "StringSink.php";

/**
 * @coversDefaultClass VirgilChunkCipher
 */
class VirgilChunkCipher_Test extends PHPUnit\Framework\TestCase {

    /**
     * @covers VirgilChunkCipher::addKeyRecipient
     * @covers VirgilChunkCipher::addPasswordRecipient
     * @covers VirgilChunkCipher::encrypt
     * @covers VirgilChunkCipher::decryptWithKey
     * @covers VirgilChunkCipher::decryptWithPassword
     * @covers VirgilChunkCipher::decryptWithPassword
     * @covers VirgilChunkCipher::getContentInfo
     * @covers VirgilChunkCipher::setContentInfo
     */
    public function test_encryption_decryption_with_generated_keys() {
        $this->check_encryption_decryption_with_generated_keys(false);
    }

    /**
     * @covers VirgilChunkCipher::addKeyRecipient
     * @covers VirgilChunkCipher::addPasswordRecipient
     * @covers VirgilChunkCipher::encrypt
     * @covers VirgilChunkCipher::decryptWithKey
     * @covers VirgilChunkCipher::decryptWithPassword
     * @covers VirgilChunkCipher::decryptWithPassword
     */
    public function test_encryption_decryption_with_generated_keys_and_embedded_content_info() {
        $this->check_encryption_decryption_with_generated_keys(true);
    }

    private function check_encryption_decryption_with_generated_keys($embedContentInfo) {
        $initialString = "very long string to be encrypted";
        // Key recipient - Bob
        $bobCertificateId = "BOB-CERT-1234";
        $bobKey = VirgilKeyPair::generateRecommended();
        // Key recipient - Ted
        $tedCertificateId = "TED-CERT-1234";
        $tedKeyPassword = "ted-private-key-password";
        $tedKey = VirgilKeyPair::generateRecommended($tedKeyPassword);
        // Password recipient - Alice
        $alicePassword = "alice-password";
        // Create cipher
        $cipher = new VirgilChunkCipher();
        $this->assertNotNull($cipher, "Cipher was not created.");
        $this->assertNotNull($cipher->_cPtr, "Underlying cipher was not created.");
        // Add recipients to the cipher
        $cipher->addKeyRecipient($bobCertificateId, $bobKey->publicKey());
        $cipher->addKeyRecipient($tedCertificateId, $tedKey->publicKey());
        $cipher->addPasswordRecipient($alicePassword);
        // Encrypt data
        $encryptSource = new StringSource($initialString);
        $encryptSink = new StringSink();
        $cipher->encrypt($encryptSource, $encryptSink, $embedContentInfo);
        if ($embedContentInfo == false) {
            $encryptedContentInfo = $cipher->getContentInfo();
        }
        // Create new cipher
        $cipher = new VirgilChunkCipher();
        if ($embedContentInfo == false) {
            // Set content info
            $cipher->setContentInfo($encryptedContentInfo);
        }
        // Decrypt encrypted data
        $bobDecryptSource = new StringSource($encryptSink->getResult());
        $bobDecryptSink = new StringSink();

        $tedDecryptSource = new StringSource($encryptSink->getResult());
        $tedDecryptSink = new StringSink();

        $aliceDecryptSource = new StringSource($encryptSink->getResult());
        $aliceDecryptSink = new StringSink();

        $cipher->decryptWithKey($bobDecryptSource, $bobDecryptSink, $bobCertificateId, $bobKey->privateKey());
        $cipher->decryptWithKey($tedDecryptSource, $tedDecryptSink, $tedCertificateId, $tedKey->privateKey(),
                $tedKeyPassword);
        $cipher->decryptWithPassword($aliceDecryptSource, $aliceDecryptSink, $alicePassword);
        // Check decrypted data
        $this->assertEquals($initialString, $bobDecryptSink->getResult());
        $this->assertEquals($initialString, $tedDecryptSink->getResult());
        $this->assertEquals($initialString, $aliceDecryptSink->getResult());
    }

    /**
     * @covers VirgilChunkCipher::addKeyRecipient
     * @covers VirgilChunkCipher::addPasswordRecipient
     * @covers VirgilChunkCipher::encrypt
     * @covers VirgilChunkCipher::decryptWithKey
     * @covers VirgilChunkCipher::decryptWithPassword
     */
    public function test_encryption_decryption_with_known_keys() {
        $initialString = "very long string to be encrypted";
        // Key recipient - Bob (EC)
        $bobCertificateId = "BOB-CERT-1234";
        $bobPublicKey =
                "-----BEGIN PUBLIC KEY-----\n".
                "MIGbMBQGByqGSM49AgEGCSskAwMCCAEBDQOBggAEA8GVpzCcTiISVsHjuMZg4gvS\n".
                "nIT5ubLZ6TZ8LRzPjYah5h71TrHOgJVXkPtzpFbHdWdvcSsAMbLCnvEnTlXFMDn5\n".
                "3a3YhN+cTdWZCgleKQCc2keY/alCRdgtjL3po90DuT8WcxSreTlVGkE/TZvCZEes\n".
                "o+yIBPaohqMzfjvj4Yw=\n".
                "-----END PUBLIC KEY-----\n";
        $bobPrivateKey =
                "-----BEGIN EC PRIVATE KEY-----\n".
                "MIHaAgEBBEBbGZvQqVS+z9QGVlef12ogHS+cGjICfR8oyhBySZTadhRqGmgkWNiS\n".
                "b+IcSjzaw8xEZuIkT/wG/yVlx4Zimk0XoAsGCSskAwMCCAEBDaGBhQOBggAEA8GV\n".
                "pzCcTiISVsHjuMZg4gvSnIT5ubLZ6TZ8LRzPjYah5h71TrHOgJVXkPtzpFbHdWdv\n".
                "cSsAMbLCnvEnTlXFMDn53a3YhN+cTdWZCgleKQCc2keY/alCRdgtjL3po90DuT8W\n".
                "cxSreTlVGkE/TZvCZEeso+yIBPaohqMzfjvj4Yw=\n".
                "-----END EC PRIVATE KEY-----\n";
        // Key recipient - Ted (RSA)
        $tedCertificateId = "TED-CERT-1234";
        $tedPublicKey =
                "-----BEGIN PUBLIC KEY-----\n".
                "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMk/B8TlOOwNnxpOBGUo0bW9HbNuiaro\n".
                "K+GG5ZcLA9AnA2Fwkx8hFozP0hQp97kbA/RS96/NdbreSjVqltlotc0CAwEAAQ==\n".
                "-----END PUBLIC KEY-----\n";
        $tedPrivateKey =
                "-----BEGIN RSA PRIVATE KEY-----\n".
                "MIIBOQIBAAJBAMk/B8TlOOwNnxpOBGUo0bW9HbNuiaroK+GG5ZcLA9AnA2Fwkx8h\n".
                "FozP0hQp97kbA/RS96/NdbreSjVqltlotc0CAwEAAQJAYML8olAwoVcfU8+FT3pj\n".
                "8sU+faK9cL53MtXgmFJEgBUWlg0aGq67an8vgReCdIK6F3500f6Yf9LhjkoZ4ZBl\n".
                "QQIhAPvyiVFhizURqzZHn4cQtKR2bgGJsARdvlg6KKHP/XXRAiEAzHu3uJ1mIFHH\n".
                "MGMrpKC4mcnyvM4UEETIINUA+pabMz0CIGeJQA0FfOOOI0HnJROoNdPwJzzSjFb+\n".
                "/x3aqJ/2jT5BAiBTLEtpY1Rj9v9/VgctelY776G1XFla2K9Sc3FnfBT6vQIgJlqb\n".
                "tFCwQZczpa/OtOqYKHHpFevnLEVWrlHvCRgJeJU=\n".
                "-----END RSA PRIVATE KEY-----\n";
        // Password recipient - Alice
        $alicePassword = "alice-password";
        // Create cipher
        $cipher = new VirgilChunkCipher();
        $this->assertNotNull($cipher, "Cipher was not created.");
        $this->assertNotNull($cipher->_cPtr, "Underlying cipher was not created.");
        // Add recipients to the cipher
        $cipher->addKeyRecipient($bobCertificateId, $bobPublicKey);
        $cipher->addKeyRecipient($tedCertificateId, $tedPublicKey);
        $cipher->addPasswordRecipient($alicePassword);
        // Encrypt data
        $encryptSource = new StringSource($initialString);
        $encryptSink = new StringSink();
        $cipher->encrypt($encryptSource, $encryptSink, false);
        $encryptedContentInfo = $cipher->getContentInfo();
        // Create new cipher
        $cipher = new VirgilChunkCipher();
        // Set content info
        $cipher->setContentInfo($encryptedContentInfo);
        // Decrypt encrypted data
        $bobDecryptSource = new StringSource($encryptSink->getResult());
        $bobDecryptSink = new StringSink();

        $tedDecryptSource = new StringSource($encryptSink->getResult());
        $tedDecryptSink = new StringSink();

        $aliceDecryptSource = new StringSource($encryptSink->getResult());
        $aliceDecryptSink = new StringSink();

        $cipher->decryptWithKey($bobDecryptSource, $bobDecryptSink, $bobCertificateId, $bobPrivateKey);
        $cipher->decryptWithKey($tedDecryptSource, $tedDecryptSink, $tedCertificateId, $tedPrivateKey);
        $cipher->decryptWithPassword($aliceDecryptSource, $aliceDecryptSink, $alicePassword);
        // Check decrypted data
        $this->assertEquals($initialString, $bobDecryptSink->getResult());
        $this->assertEquals($initialString, $tedDecryptSink->getResult());
        $this->assertEquals($initialString, $aliceDecryptSink->getResult());
    }
}

?>