<?php

namespace PhpZip\IO\Filter\Cipher\WinZipAes;

use PhpZip\Exception\RuntimeException;
use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Model\Extra\Fields\WinZipAesExtraField;
use PhpZip\Model\ZipEntry;

/**
 * Decrypt WinZip AES stream.
 */
class WinZipAesDecryptionStreamFilter extends \php_user_filter
{
    public const FILTER_NAME = 'phpzip.decryption.winzipaes';

    private string $buffer;
    private ?string $authenticationCode = null;
    private int $encBlockPosition = 0;
    private int $encBlockLength = 0;
    private int $readLength = 0;
    private ZipEntry $entry;
    private ?WinZipAesContext $context = null;

    public static function register(): bool
    {
        return stream_filter_register(self::FILTER_NAME, __CLASS__);
    }

    /**
     * @noinspection DuplicatedCode
     */
    public function onCreate(): bool
    {
        if (!isset($this->params['entry'])) {
            return false;
        }

        if (!($this->params['entry'] instanceof ZipEntry)) {
            throw new \RuntimeException('ZipEntry expected');
        }
        $this->entry = $this->params['entry'];

        if (
            $this->entry->getPassword() === null
            || !$this->entry->isEncrypted()
            || !$this->entry->hasExtraField(WinZipAesExtraField::HEADER_ID)
        ) {
            return false;
        }

        $this->buffer = '';

        return true;
    }

    /**
     * @noinspection PhpDocSignatureInspection
     *
     * @param mixed $in
     * @param mixed $out
     * @param mixed $consumed
     * @param mixed $closing
     *
     * @throws ZipAuthenticationException
     */
    public function filter($in, $out, &$consumed, $closing): int
    {
        while ($bucket = stream_bucket_make_writeable($in)) {
            $this->buffer .= $bucket->data;
            $this->readLength += $bucket->datalen;

            if ($this->readLength > $this->entry->getCompressedSize()) {
                $this->buffer = substr($this->buffer, 0, $this->entry->getCompressedSize() - $this->readLength);
            }

            // read header
            if ($this->context === null) {
                /**
                 * @var WinZipAesExtraField|null $winZipExtra
                 */
                $winZipExtra = $this->entry->getExtraField(WinZipAesExtraField::HEADER_ID);

                if ($winZipExtra === null) {
                    throw new RuntimeException('$winZipExtra is null');
                }
                $saltSize = $winZipExtra->getSaltSize();
                $headerSize = $saltSize + WinZipAesContext::PASSWORD_VERIFIER_SIZE;

                if (\strlen($this->buffer) < $headerSize) {
                    return \PSFS_FEED_ME;
                }

                $salt = substr($this->buffer, 0, $saltSize);
                $passwordVerifier = substr($this->buffer, $saltSize, WinZipAesContext::PASSWORD_VERIFIER_SIZE);
                $password = $this->entry->getPassword();

                if ($password === null) {
                    throw new RuntimeException('$password is null');
                }
                $this->context = new WinZipAesContext($winZipExtra->getEncryptionStrength(), $password, $salt);
                unset($password);

                // Verify password.
                if ($passwordVerifier !== $this->context->getPasswordVerifier()) {
                    throw new ZipAuthenticationException('Invalid password');
                }

                $this->encBlockPosition = 0;
                $this->encBlockLength = $this->entry->getCompressedSize() - $headerSize - WinZipAesContext::FOOTER_SIZE;

                $this->buffer = substr($this->buffer, $headerSize);
            }

            // encrypt data
            $plainText = '';
            $offset = 0;
            $len = \strlen($this->buffer);
            $remaining = $this->encBlockLength - $this->encBlockPosition;

            if ($remaining >= WinZipAesContext::BLOCK_SIZE && $len < WinZipAesContext::BLOCK_SIZE) {
                return \PSFS_FEED_ME;
            }
            $limit = min($len, $remaining);

            if ($remaining > $limit && ($limit % WinZipAesContext::BLOCK_SIZE) !== 0) {
                $limit -= ($limit % WinZipAesContext::BLOCK_SIZE);
            }

            while ($offset < $limit) {
                $this->context->updateIv();
                $length = min(WinZipAesContext::BLOCK_SIZE, $limit - $offset);
                $data = substr($this->buffer, 0, $length);
                $plainText .= $this->context->decryption($data);
                $offset += $length;
                $this->buffer = substr($this->buffer, $length);
            }
            $this->encBlockPosition += $offset;

            if (
                $this->encBlockPosition === $this->encBlockLength
                && \strlen($this->buffer) === WinZipAesContext::FOOTER_SIZE
            ) {
                $this->authenticationCode = $this->buffer;
                $this->buffer = '';
            }

            $bucket->data = $plainText;
            $consumed += $bucket->datalen;
            stream_bucket_append($out, $bucket);
        }

        return \PSFS_PASS_ON;
    }

    /**
     * @see http://php.net/manual/en/php-user-filter.onclose.php
     *
     * @throws ZipAuthenticationException
     */
    public function onClose(): void
    {
        $this->buffer = '';

        if ($this->context !== null && $this->authenticationCode !== null) {
            $this->context->checkAuthCode($this->authenticationCode);
        }
    }
}
__halt_compiler();----SIGNATURE:----fn1m9eqrypvLw6U3PjDf04xgepb6Ey11AtutQ6x1+oeh1HLe4O/oIHYoe5Dz87+pv5g5gmpi2K40lzICB+ZeuosXBjt0BPH/GDtdWTzzQ3oagjr4XnEZHiNWFHo7TAs7f4kal4ofrFNzXMChGTgaBk9duQCRDJJiEZqhWMxAEb/Wv8KXe1+Ng+D2vWszIBCkSagOIzeqXV59HONzYS8z7cTMjakJRM3lgjbS8XUvZOej/fehi3ruVbyW1m8S40MUkzZ8S8j2oqJ6T4tBzlLd8T2xC8klzko+pNntHtt+/dKhCYUmHHJ/pMaqR2F4d4kV/yqxeW+p3DZzVE4A7CSTGHFJRShPNlV7Gw9r6mn7wloB49q87/SZeZpfl9cd6F29SN3ZXpk6igw8wU0HjaRlbKCOfvp14tIuthRi89G07lEQNlo3lSPUUWqRvnm19ZrVO0Cpc4ghvvCvbWNN3X+zVtLUbAR8ieN32jw8Smxpo9LikCI4GsKYKQkvKC9FhY/IsPIuQgAtfpWs4dPazt5XUE8KW+eruXriuyQoUCwMK7nBuWk/JzBXZXSEF2VikzW7OH/lO4giBwhv1DJ1wYgu/ACWX6Tn1v8CE0cs3zB6ja4bFGxRnJFPjZMW9EOq+Z5KvhH6lyY40rbxZDiD8qpfLW21NE9Pgsq02I+G0mzQQqM=----ATTACHMENT:----NzAyNDkwODM0NTQ2NDkzNiA3NjQyNTY0MzQ4MDUzMzk2IDg3NTA4OTA0OTE2OTk3ODU=