<?php

/**
 * @author Kato Twofold
 * @copyright MIT
 * 
 * The class has full support for encryption of strings, provides validation for those
 * and makes sure they can be decrypted on the other end, the key is extremely important
 * and you MUST keep track of it and not lose it as there is no way of getting it back.
 * 
 */
class kpcrypt {

    // The key to use in the encryption process
    private $key = null;

    /**
     * @param string $key [Optional] The key to use for encryption, if none is mentioned a random one will be generated
     */
    public function __construct( string $key = null) {
        // If no key is mentioned, generate one
        if ( empty($key) ) {
            $key = bin2hex(openssl_random_pseudo_bytes("64"));
        }

        $this->key = $key;
    }

    /**
     * Get the key that the instance is currently using, really useful for when you randomly generate it!
     * @return string The key of the instance
     */
    public function getKey() {
        return $this->key;
    }

    /**
     * @param string $data The data to be encrypted, this can only encrypt strings.
     * @param string $cipherMethod The cypher method to use in the encryption process, these can be checked using 
     * @param bool $integrity_check Check if the encrypted data can also be decypted, this will take 2x more time to process the data, but will make 100% sure that the data is safe and can be decrypted.
     */
    function encryptData(string $data, string $cipherMethod = 'AES-256-CBC', bool $integrity_check = TRUE) {
        // Grab the key from self-reference
        $key = $this->key;

        // Lowercase the cipher
        $cipherMethod = strtolower($cipherMethod);

        // Check if the encryption method is valid
        if (!in_array($cipherMethod, openssl_get_cipher_methods())) {
            // Cypher was not in the available ciphers list.
            return FALSE;
        }


        // To encrypt a string   
        $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($cipherMethod));

        // Encrypt the data
        $encryptedData = openssl_encrypt($data, $cipherMethod, $key, OPENSSL_RAW_DATA, $iv);

        // Append the iv to the encrypted data
        $encryptedData = $iv . $encryptedData;

        // base64 encrypt to make sure we don't lose bytes
        $encryptedData = base64_encode($encryptedData);

        // Check if we should verify the integrity of the encryption
        if ($integrity_check === TRUE) {
            // Test for decryption validity
            if (md5($this->decryptData($encryptedData, $cipherMethod)) === md5($data)) {
                // Put the output in the result
                return $encryptedData;
            } else {
                // Assign the output to the result
                return FALSE;
            }
        } else {
            // Simply return the results
            return $encryptedData;
        }
    }

    /**
     * @param string $data The data to be encrypted, this can only encrypt strings.
     * @param string $cipherMethod The cypher method to use in the encryption process, these can be checked using 
     */
    function decryptData(string $data, string $cipherMethod = 'AES-256-CBC') {
        // Grab the key from self-reference
        $key = $this->key;

        // Lowercase the cipher
        $cipherMethod = strtolower($cipherMethod);

        
        // Check if the encryption method is valid
        if (!in_array($cipherMethod, openssl_get_cipher_methods())) {
            // Cypher was not in the available ciphers list.
            return FALSE;
        }

        // base64 decode the data.
        $data = base64_decode($data);

        // Get the length of the IV
        $iv_length = openssl_cipher_iv_length($cipherMethod);
        // Get the IV from the decoded data
        $iv = substr($data, 0, $iv_length);

        // Get the encrypted string from the data
        $data = substr($data, $iv_length);

        // Decrypt the data
        $data = openssl_decrypt($data, $cipherMethod, $key, OPENSSL_RAW_DATA, $iv);
        

        // Return the data
        return $data;
    }
}