<?php
//encrypt_decrypt.php
// ⚠️ هذا الملف للتوافقية فقط. استخدم core/Security/EncryptionHelper.php للتشفير الجديد
require_once realpath(__DIR__ . '/../vendor/autoload.php');

require_once 'load_env.php';
$env_file = '/home/siro-api/env/.env';
loadEnvironment($env_file);

// ✅ FIX C-02: استخدام getenv بدلاً من file_get_contents الثابت
$keyPath = getenv('ENCRYPTION_KEY_PATH');
$key = '';
if ($keyPath && file_exists($keyPath)) {
    $key = trim(file_get_contents($keyPath));
}
if (!$key) {
    $key = getenv('ENC_KEY') ?: '';
}
$iv = getenv('initializationVector'); // 16 bytes


class EncryptionHelper {
    private $key;
    private $iv;

    public function __construct($key, $iv) {
        if (strlen($key) !== 32) {
            throw new Exception("❌ المفتاح (Key) لازم يكون 32 بايت.");
        }
        if (strlen($iv) !== 16) {
            throw new Exception("❌ الـ IV لازم يكون 16 بايت.");
        }

        $this->key = $key;
        $this->iv = $iv;
    }

    // --------- النصوص ----------
    private function addPadding($data, $blockSize = 16) {
        $pad = $blockSize - (strlen($data) % $blockSize);
        return $data . str_repeat(chr($pad), $pad);
    }

    private function removePadding($data) {
        $pad = ord($data[strlen($data) - 1]);
        return substr($data, 0, -$pad);
    }

    public function encryptData($plainText) {
        $plainText = mb_convert_encoding($plainText, 'UTF-8');
        $paddedText = $this->addPadding($plainText);
        $encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
        return base64_encode($encrypted);
    }

    public function decryptData($encryptedText) {
    $decoded = base64_decode($encryptedText, true);

    if ($decoded === false) {
        error_log("[ERROR] base64_decode failed for input: $encryptedText");
        return false;
    }

    $decrypted = openssl_decrypt($decoded, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);

    if ($decrypted === false) {
        error_log("[ERROR] openssl_decrypt failed for input: $encryptedText");
        return false;
    }

    // Verify padding is valid before removal
    $pad = ord($decrypted[strlen($decrypted) - 1]);
    if ($pad < 1 || $pad > 16) {
        error_log("[ERROR] Invalid padding value ($pad) for decrypted input: $encryptedText");
        return false;
    }

    return substr($decrypted, 0, -$pad);
}

    public function decryptFile($encryptedFilePath, $destinationPath) {
        if (!file_exists($encryptedFilePath)) {
            throw new Exception("❌ الملف المشفر غير موجود: $encryptedFilePath");
        }

        $encryptedData = file_get_contents($encryptedFilePath);
        $decryptedData = openssl_decrypt($encryptedData, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
        
        if ($decryptedData === false) {
            error_log("[ERROR] openssl_decrypt failed for file: $encryptedFilePath");
            throw new Exception("❌ فشل فك تشفير الملف: $encryptedFilePath");
        }

        file_put_contents($destinationPath, $decryptedData);
        return true;
    }
  public function encryptBinary($data) {
    $encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
    return $encrypted;
	}

	public function decryptBinary($data) {
    $decrypted = openssl_decrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
    // CRIT-07 FIX: التحقق من فشل openssl_decrypt
    if ($decrypted === false) {
        error_log('[CRIT-07] openssl_decrypt failed in decryptBinary');
        throw new Exception('Decryption failed');
    }
    return $decrypted;
	}
}
// ✅ Load the key and IV from .env or use default values

// ✅ Ensure the lengths are correct
 //echo "Key Length: " . $key . PHP_EOL;
 //echo "IV Length: " . $iv . PHP_EOL;

try {
    $encryptionHelper = new EncryptionHelper($key, $iv);

   
} catch (Exception $e) {
    echo "Error: " . $e->getMessage() . PHP_EOL;
}

?>