<?php declare(strict_types = 1);
/*
** Zabbix
** Copyright (C) 2001-2022 Zabbix SIA
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by
** the Free Software Foundation; either version 2 of the License, or
** (at your option) any later version.
**
** This program is distributed in the hope that it will be useful,
** but WITHOUT ANY WARRANTY; without even the implied warranty of
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
** GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
**/


/**
 * Helper class for sign / encrypt data.
 */
class CEncryptHelper {

	/**
	 * Signature algorithm.
	 */
	public const SIGN_ALGO = 'sha256';

	/**
	 * Session secret key.
	 *
	 * @var string
	 */
	private static $key;

	/**
	 * Return session key.
	 *
	 * @return string|null
	 */
	private static function getKey(): ?string {
		if (!self::$key) {
			// This if contain copy in CEncryptedCookieSession class.
			if (CSettingsHelper::getGlobal(CSettingsHelper::SESSION_KEY) === '') {
				self::$key = self::generateKey();

				if (!self::updateKey(self::$key)) {
					return null;
				}

				return self::$key;
			}

			self::$key = CSettingsHelper::getGlobal(CSettingsHelper::SESSION_KEY);
		}

		return self::$key;
	}

	/**
	 * Timing attack safe string comparison.
	 *
	 * @param string $known_string
	 * @param string $user_string
	 *
	 * @return boolean
	 */
	public static function checkSign(string $known_string, string $user_string): bool {
		return hash_equals($known_string, $user_string);
	}

	/**
	 * Encrypt string with session key.
	 *
	 * @param string $data
	 *
	 * @return string
	 */
	public static function sign(string $data): string {
		$key = self::getKey() ?? '';

		return hash_hmac(self::SIGN_ALGO, $data, $key);
	}

	/**
	 * Generate random 16 bytes key.
	 *
	 * @return string
	 */
	public static function generateKey(): string {
		return bin2hex(openssl_random_pseudo_bytes(16));
	}

	/**
	 * Update secret session key.
	 *
	 * @param string $key
	 *
	 * @return boolean
	 */
	public static function updateKey(string $key): bool {
		$db_config = DB::select('config', ['output' => ['configid']])[0];

		return DBexecute(
			'UPDATE config'.
			' SET session_key='.zbx_dbstr($key).
			' WHERE '.dbConditionInt('configid', [$db_config['configid']])
		);
	}
}