/*
 *  $URL: $
 *  $Author: $
 *  $Revision: $
 *  $Date: $
 */
/*
 *
 *  Written by Tom Gutwin - WebARTS Design.
 *  Copyright (C) 2016-2018 WebARTS Design, North Vancouver Canada
 *  http://www.webarts.bc.ca
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without_ even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
package ca.bc.webarts.tools;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.text.NumberFormat;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
//import java.util.Base64;

import es.vocali.util.AESCrypt;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;

import javax.xml.bind.DatatypeConverter;
import com.aftexsw.util.bzip.BZip;

/**
 * A simple application that encrypts files with AES. It encrypts the file and saves it with an added suffix
   *  all you need to do is:
   *  <pre>
   *  // Encrypt
   * String encryptedFilename = instance.encrypt(instance.getloadFilePath());
   *  if (encryptedFilename!=null && !encryptedFilename.equals(""))
   *  {
   *    // Send File to GDrive
   *    instance.setloadFilePath(encryptedFilename);
   *    File uploadedFile = instance.uploadFile(false);
   *  }
   *  </pre>
   * <br />
   * If You want to use this from the commandline to encrypt or de-crypt, all you have to do is pass it the file name.<br />
   * if the filename ends with '_etbg' it will try to decrypt the file; if not it will encrypt it AND add the '_etbg' to
   * the end of the filename (before any existing extension).<br />
   * <br />
   * The encrypted file <i>can</i> also be compressed bz2.<br />
   * Optionally, you can also pass it a AES password/key as a 2nd arg.
   *
   *
   **/
public class TomsCrypter
{
  /**  A holder for this clients System File Separator.  */
  public final static String SYSTEM_FILE_SEPERATOR = java.io.File.separator;

  /**  A holder for this clients System line termination separator.  */
  public final static String SYSTEM_LINE_SEPERATOR =
                                           System.getProperty("line.separator");
  private static final String APPLICATION_NAME = "WebARTSDesign-TomsCrypter/0.1";
  private static final String DEFAULT_DOWNLOAD_DIR = ".";
  private static final String DEFAULT_LOAD_FILENAME = "./cryptDoc.txt";
  private static final String DEFAULT_DATASTORE_DIR = System.getProperty("user.home")+
                                                      SYSTEM_FILE_SEPERATOR+
                                                      ".store"+
                                                      SYSTEM_FILE_SEPERATOR+
                                                      "TomsCrypter";

  /** The Extension to use on the filename to markk it as AESEncrypted. **/
  private static final String ECRYPT_FILEMARKER_DEFAULT="etbg";

  /**  The VM classpath (used in some methods)..  */
  public static String CLASSPATH = System.getProperty("class.path");

  /**  The users home ditrectory.  */
  public static String USERHOME = System.getProperty("user.home");

  /**  The users pwd ditrectory.  */
  public static String USERDIR = System.getProperty("user.dir");

  /**  A holder This classes name (used when logging).  */
  private static String CLASSNAME = "ca.bc.webarts.widgets.TomsCrypter";

  private String loadFilePath_ = DEFAULT_LOAD_FILENAME;
  private String dirForDownload_ = DEFAULT_DOWNLOAD_DIR;
  private java.io.File loadFile_ = new java.io.File(loadFilePath_);

  /** Directory to store user credentials. */
  private  java.io.File dataStoreDir_ = null;

  /** Filename suffix for the encrypted file. */
  private  String encryptFilemarker_ = ECRYPT_FILEMARKER_DEFAULT;

  /** Password for the AES Encryption **/
  private String eCryptPass = "k2yaRe9~hQ2g^43kL;p[;@3dnldiqnhyw68nayiqgT351TQ[P]ov_QbjqU8&6.+/?0^5%1~";
  String jceKey1 = "BFr4r482vW;6Hnj("; // 128 bit key
  String jceKey2 = "^gaRe1%8sm8&54hL";

  private static Cipher cipher = null;


  /** Default constructor that gets all the basic class settimgs setup and gives you a class instance to do the work.
   *  Then all you need to do is:
   *  <pre>
   *  GDriveCrypter instance = new GDriveCrypter(); // uses the DEFAULT_LOAD_FILENAME
   *  //Authorize GDrive
   *  instance.initDrive(instance.authorize());
   *
   *  // Encrypt
   * String encryptedFilename = instance.encrypt(instance.getloadFilePath());
   *  if (encryptedFilename!=null && !encryptedFilename.equals(""))
   *  {
   *    // Send File to GDrive
   *    instance.setloadFilePath(encryptedFilename);
   *    File uploadedFile = instance.uploadFile(false);
   *  }
   *  </pre>
   *
   **/
  public  TomsCrypter() throws GeneralSecurityException, IOException
  {
    loadFilePath_ = DEFAULT_LOAD_FILENAME;
    dirForDownload_  = DEFAULT_DOWNLOAD_DIR;
    loadFile_ = new java.io.File(loadFilePath_);
    dataStoreDir_ = new java.io.File(DEFAULT_DATASTORE_DIR);
  }


  /** Constructor that gets all the basic class settimgs setup, setsup the filename to upload and gives you a class instance to do the work.
   *  Then all you need to do is:
   *  <pre>
   *  String fileNameToUpload = "someFile.txt";
   *  TomsCrypter instance = new TomsCrypter(fileNameToUpload);

   *  instance.initDrive(instance.authorize());
   *
   *  // Encrypt
   * String encryptedFilename = instance.encrypt(instance.getloadFilePath());
   *  if (encryptedFilename!=null && !encryptedFilename.equals(""))
   *  {
   *    // Send File to GDrive
   *    instance.setloadFilePath(encryptedFilename);
   *    File uploadedFile = instance.uploadFile(false);
   *  }
   *  </pre>
   *
   **/
  public  TomsCrypter(String fileName) throws GeneralSecurityException, IOException
  {
    loadFilePath_ = fileName;
    dirForDownload_  = DEFAULT_DOWNLOAD_DIR;
    loadFile_ = new java.io.File(loadFilePath_);
    dataStoreDir_ = new java.io.File(DEFAULT_DATASTORE_DIR);
  }


  /**
   * Returns the value of encryptFilemarker.
   */
  public String getEncryptFilemarker()
  {
    return encryptFilemarker_;
  }


  /**
   * Sets the value of encryptFilemarker_.
   * @param encryptFilemarker The value to assign encryptFilemarker_.
   */
  public void setEncryptFilemarker(String encryptFilemarker)
  {
    this.encryptFilemarker_ = encryptFilemarker;
  }


  /** set the eCryptPass password used for encryption. **/
  protected void seteCryptPass(String pass)
  {
      eCryptPass = pass;
  }
  /** get the eCryptPass password used for encryption. **/
  private String geteCryptPass() { return eCryptPass; }


  /** Set the filename path for the file that will be uploaded. **/
  private void setloadFilePath(String path)
  {
      loadFilePath_ = path;
      loadFile_ = new java.io.File(loadFilePath_);
  }
  /** get the filename path for the file that will be uploaded. **/
  private String getloadFilePath() { return loadFilePath_; }



  /** recursively creates parent dirs and the requested dir **/
  public static void ensureFolderExists(java.io.File folder)
  {
    if ((folder != null) && !(folder.isDirectory() ))
    {
      ensureFolderExists(folder.getParentFile());
      boolean suc = folder.mkdir();
    }
  }


  /** Alias for encryptFile.**/
  public String encrypt(String pass,String filename) { return encryptFile(pass, filename);}
  /** Alias for encryptFile using the default Pass.**/
  public String encrypt(String filename) { return encryptFile(geteCryptPass(), filename);}
  /**
    * encrypts the file with AES using the current class passwordKey and returns the encrypted filename.
    * <br />
    * When the file is encrypted it is saved with the same filename BUT with a '_etbg' appended to the end.
    **/
  public String encryptFile(String filename) { return encrypt(geteCryptPass(), filename);}


  /**
    * encrypts the AES  file using the passed in passwordKey and returns the encrypted filename.
    * <br />
    * When the file is encrypted it is saved with the same filename BUT with a '_etbg' appended to the end.
    **/
  public String encryptFile(String pass, String filename)
  {
    String retVal = "";
    String encryptedFilename = loadFilePath_+"_"+getEncryptFilemarker() ;
    try
    {
      AESCrypt aes = new AESCrypt(pass); //debug, passwd, AESCrypt.DIGEST_ALG_256
      if (loadFilePath_.lastIndexOf(".")!= -1)
      {
        encryptedFilename = loadFilePath_.substring(0,loadFilePath_.lastIndexOf("."))+
                                 "_"+getEncryptFilemarker() +"."+
                                 loadFilePath_.substring(loadFilePath_.lastIndexOf(".")+1);
      }
      //else
      //  encryptedFilename = loadFilePath_+"_"+getEncryptFilemarker() ;
      aes.encrypt(2, loadFilePath_, encryptedFilename);
      retVal = encryptedFilename;
    }
    catch(Exception ex)
    {
      System.err.println("did NOT encrypt file: "+loadFilePath_ + " to "+encryptedFilename);
      ex.printStackTrace();
    }
    return retVal;
  }


  /** Alias for encryptString using the default Pass.**/
  public String encryptString(String value) {return jceEncryptString(value);};
  public String jceEncryptString(String value) {return jceEncryptString(jceKey1, jceKey2, value);};
  public String jceEncryptString(String key1, String key2, String value)
  {
    try
    {
      IvParameterSpec iv = new IvParameterSpec(key2.getBytes("UTF-8"));

      SecretKeySpec skeySpec = new SecretKeySpec(key1.getBytes("UTF-8"),
              "AES");
      if (cipher == null) cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
      cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
      byte[] encrypted = cipher.doFinal(value.getBytes());
      //System.out.println("encrypted string:" + Base64.encodeBase64String(encrypted));
      return Base64.encodeBase64String(encrypted);
      //return new String(encrypted);
    } catch (Exception ex) {
        ex.printStackTrace();
    }
    return null;
  }


  public String decryptString(String encrypted) {return jceEncryptString(encrypted);};
  public String jceDecryptString(String encrypted) {return jceDecryptString(jceKey1, jceKey2, encrypted);};
  public String jceDecryptString(String key1, String key2, String encrypted)
  {
    try
    {
      IvParameterSpec iv = new IvParameterSpec(key2.getBytes("UTF-8"));

      SecretKeySpec skeySpec = new SecretKeySpec(key1.getBytes("UTF-8"),
              "AES");
      if (cipher == null) cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
      cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
      byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));
      //byte[] original = cipher.doFinal(encrypted.getBytes());

      return new String(original);
    } catch (Exception ex) {
        ex.printStackTrace();
    }
    return null;
  }


  /** Takes a Base64 encoded string and creates an AES SecretKey from it. **/
  public static SecretKey decodeBase64ToAESKey(final String encodedKey)
        throws IllegalArgumentException
  {
    try
    {
        // throws IllegalArgumentException - if src is not in valid Base64
        // scheme
        final byte[] keyData = Base64.decodeBase64(encodedKey); //     Base64.getDecoder().decode(encodedKey);
        final int keysize = keyData.length * Byte.SIZE;

        // this should be checked by a SecretKeyFactory, but that doesn't exist for AES
        switch (keysize)
        {
          case 128:
          case 192:
          case 256:
              break;
          default:
            throw new IllegalArgumentException("Invalid key size for AES: " + keysize);
        }

        if (Cipher.getMaxAllowedKeyLength("AES") < keysize)
        {
            // this may be an issue if unlimited crypto is not installed
            throw new IllegalArgumentException("Key size of " + keysize
                    + " not supported in this runtime");
        }

        // throws IllegalArgumentException - if key is empty
        final SecretKeySpec aesKey = new SecretKeySpec(keyData, "AES");
        return aesKey;
    }
    catch (final NoSuchAlgorithmException e)
    {
        // AES functionality is a requirement for any Java SE runtime
        throw new IllegalStateException(
                "AES should always be present in a Java SE runtime", e);
    }
  }


  /** Serializes an AES SecretKkey to a Base64 encoded string. **/
  public static String encodeAESKeyToBase64(final SecretKey aesKey)
        throws IllegalArgumentException
  {
    if (!aesKey.getAlgorithm().equalsIgnoreCase("AES"))
    {
        throw new IllegalArgumentException("Not an AES key");
    }

    final byte[] keyData = aesKey.getEncoded();
    final String encodedKey = new String(Base64.encodeBase64(keyData)); //  Base64.getEncoder().encodeToString(keyData);
    return encodedKey;
  }



  /** Alias for decryptFile.**/
  public String decrypt(String pass,String filename) { return decryptFile(pass, filename);}
  /** Alias for decryptFile using the default Pass.**/
  public String decrypt(String filename) { return decryptFile(geteCryptPass(), filename);}
  /**
    * Decrypts the AES crypted file using the current class passwordKey and returns the decrypted filename.
    **/
  public String decryptFile(String filename) { return decryptFile(geteCryptPass(), filename);}


  /**
    * Decrypts the AES crypted file using the passed in passwordKey and returns the decrypted filename.
    **/
  public String decryptFile(String pass, String filename)
  {
    String retVal = "";
    String decryptedFilename = filename.substring(0,filename.lastIndexOf("_"+getEncryptFilemarker() )) +
                               filename.substring( filename.lastIndexOf("_"+getEncryptFilemarker() ) +
                                                   ("_"+getEncryptFilemarker() ).length());
    try
    {
      AESCrypt aes = new AESCrypt( pass); //debug, passwd
      aes.decrypt( filename, decryptedFilename);
      if(new java.io.File(decryptedFilename).length()>0)
        retVal = decryptedFilename;
      //new java.io.File(decryptedFilename).length();
    }
    catch(Exception ex)
    {
      System.err.println("did NOT decrypt file: "+filename);
      ex.printStackTrace();
    }
    return retVal;
  }


  /** Alias for decryptString using the default Pass.**/
  //public String decryptString(String eText) { return decryptString(geteCryptPass(), eText);}
  /**
    * decrypts the text with AES using the passed in passwordKey and returns the encrypted textString.
    * @return the AES encrypted text or "" if error
    **/
    /*
  public String decryptString(String pass, String eText)
  {
    String retVal = "";
    java.io.InputStream eStream = new java.io.ByteArrayInputStream(eText.getBytes(java.nio.charset.Charset.forName("UTF-8")));
    java.io.ByteArrayOutputStream stream = new java.io.ByteArrayOutputStream();
    try
    {
      String tmpFilename = System.getProperty("java.io.tmpdir")+SYSTEM_FILE_SEPERATOR+"eh6H71mxh9S_etbg.txt";
      ca.bc.webarts.widgets.Util.writeStringToFile(eText ,tmpFilename);
      String dFilename = decryptFile(tmpFilename);
      retVal = ca.bc.webarts.widgets.Util.readFileToString(dFilename);
      java.nio.file.Path path = java.nio.file.FileSystems.getDefault().getPath(dFilename);
      java.nio.file.Files.deleteIfExists(path);
      path = java.nio.file.FileSystems.getDefault().getPath(tmpFilename);
      java.nio.file.Files.deleteIfExists(path);
    }
    catch(Exception ex)
    {
      System.err.println("did NOT decrypt "+eText);
      ex.printStackTrace();
    }
    return retVal;
  }
*/

  /** UnBzips the passed file (that must have a '.bz2' extension) to its same filename
   *  in the same dir  without the '.bz2' extension.
   * @param  fo  The File object to unzip - must have a '.bz2' extension.
   **/
  public static long unBzip2It(java.io.File fo)
  {
    final String methodName = CLASSNAME + ".bzip2It(File)";
    //logger_.debug("Entering " + methodName);
    long retVal = 0L;

    String fullFilename = fo.getAbsolutePath().trim();
      java.io.File outFile = null;
    if (fullFilename.lastIndexOf(".bz2")>-1)
    {
      String unzippedFilename = fullFilename.substring(0, fullFilename.lastIndexOf(".bz2"));
      outFile = new java.io.File(unzippedFilename);
      BZip.decompress(fo, outFile);
      }
  retVal = outFile.length();

    //logger_.debug("Exiting " + methodName);
    return retVal;
  }


  /**
   *  Wrapper method to accept a dir or individual file in the passed in File
   *  object AND then calls the method that writes the passed file/dir to this
   *  MultiZip instances zip output stream. This is a recursive function. If the
   *  passed File object is a file then it calls the function to write to zip
   *  output stream. If it is a directory it gets the list of file objects in
   *  the child directory and recurses on them.
   *
   * @param  fo  The File object to zip up (can be an actual file or dir).
   * @return     the new length in bytes of the zipped file
   */
  public static long bzip2It(java.io.File fo)
  {
    final String methodName = CLASSNAME + ".bzip2It(File)";
    //logger_.debug("Entering " + methodName);
    long retVal = 0L;

    String fullFilename = fo.getAbsolutePath().trim();
    if (!fo.isDirectory())
    {
      //logger_.info("Bzip2ing "+fullFilename);
        StringBuffer outLocation = new StringBuffer();
          // zip it in place
          //logger_.info("Bzip2ing "+fullFilename);
          java.io.File outFile = new java.io.File(fullFilename + ".bz2");

          ensureFolderExists(outFile.getParentFile());
          try
          {
            BZip.compress(fo, outFile, 9);
            //compressedFilenames_.add(fullFilename + ".bz2");
            retVal += outFile.length();
          }
          catch (java.lang.ArithmeticException mathEx)
          {
            //logger_.error("BZip2 ERROR: " + fullFilename);
            //logger_.error(mathEx.getMessage());
          }
    }
    else
    {
        //logger_.info("Recursing " + fo.getPath());
        String srcFileNames[] = fo.list();
        for (int i = 0; i < srcFileNames.length; i++)
        {
          retVal += bzip2It(new java.io.File(fullFilename + java.io.File.separator +
              srcFileNames[i]));
        }
    }

    //logger_.debug("Exiting " + methodName);
    return retVal;
  }


  /** Prints out the help syntax and usage details. **/
  public static String printUsage()
  {
    final String methodName = CLASSNAME + ": printUsage()";
    String retVal = "";

    retVal += "\n"+"\n"+APPLICATION_NAME+"\n- - - - - - - - - - - - - - - - - - - - \n"+"Class "+CLASSNAME+"\n";
    retVal += "A simple application that encrypts (or de-crypts) files with AES.  All it requires is the filename.\n\n";
    retVal += "  If the filename ends with '_etbg' it will try to decrypt the file; if not, it will encrypt it AND add ";
    retVal += "the '_etbg' to the end of the filename (before any existing extension).\n";
    retVal += "   --> The encrypted file can also be compressed bz2. \n";
    retVal += "   --> It does NOT remove the original file after completion.\n";
    retVal += "   --> Optionally, you can also pass it a AES passPhrase/key as an optional argumnent before the filename.\n";
    retVal += "   --> if a phassphrase is not passed... it uses a default passphrae.. \n";
    retVal += "\n";
    retVal += "Usage: java "+CLASSNAME+" filename  [passPhrase]\n";
    retVal += "      one command parameter is required... filename - the the filename to encrypt or decrypt\n\n";
    retVal += "Examples:\n";
    retVal += "      java "+CLASSNAME+" mySecretStuff.txt\n"+"        --> encrypts mySecretStuff.txt\n\n";
    retVal += "      java "+CLASSNAME+" mySecretStuff_etbg.txt\n"+"        --> de-crypts mySecretStuff.txt\n\n";
    retVal += "      java "+CLASSNAME+" mySecretStuff.txt gYre%8B9@dsw}\n";
    retVal += "        --> uses gYre%8B9@dsw} as the passphrase  when encrypting (or de-crypting) the mySecretStuff.txt file\n\n";
    System.out.println(retVal);
    return retVal;
  }



  /**
    * Syntax:<br />
    * java ca.bc.webarts.tools.TomsCrypter [passwordKey] filename<br />
    * <br />
    * NOTE: if filename has the encrypted filemarker 'etbg' in its filename,
    * then this will DEcrypt the passed in filename.
    *
    * <br />
    * When the file is encrypted it is saved with the same filename BUT with a '_etbg' appended to the end.
    * <br />
    **/
  public static void main(String[] args)
  {
    boolean encrypting = false;
    boolean compressing = false;
    String fileName = DEFAULT_LOAD_FILENAME;
    try
    {
      TomsCrypter instance = null;
      TomsCrypter instance2 = new TomsCrypter();
      if (args.length>0)
      {
        fileName = args[0];
        System.out.println(fileName);
        instance = new TomsCrypter(fileName);
      }
      else
      {
        if ((new File(fileName)).exists())
          instance = new TomsCrypter();
        else
          printUsage();
      }
      if (args.length>1)
      {
        instance.seteCryptPass(args[1]);
        instance2.seteCryptPass(args[1]);
      }

      if (instance.getloadFilePath().lastIndexOf(instance.getEncryptFilemarker() ) == -1)
        encrypting=true;

      if(encrypting)
      {
        // Encrypt
        View.header1("encrypting File:"+instance.getloadFilePath());
        String encryptedFilename = instance.encrypt(instance.getloadFilePath());
        System.out.print("Testing encryptString("+"ec5e0705142ac3e10fb22c0f5bfbd97b62082b1002e1e52003e782da8cd7c142"+") = \n   ");
        String eString = instance2.encryptString("ec5e0705142ac3e10fb22c0f5bfbd97b62082b1002e1e52003e782da8cd7c142");
        System.out.println(eString);
        System.out.print("\nTesting decryptString("+eString+") = ");
        String decryptedString = instance2.decryptString(eString);
        System.out.println(decryptedString);

        if (compressing && encryptedFilename!=null && !encryptedFilename.equals(""))
        {
          // BZip it
          View.header1("BZipping encrypted File:"+encryptedFilename);
          if (bzip2It(new java.io.File(encryptedFilename))>0L)
          {
            View.header1("Success");
            encryptedFilename=encryptedFilename+ ".bz2";
          }
          View.header1("Success!");
        }
        //return;
      }
      else // download and decrypt
      {

       if (args.length>0)
       {
          View.header1("Uncompressing ");
          //uncompress it
          if (fileName.indexOf(".bz2")!=-1)
          {
            instance.unBzip2It(new File(fileName));
            fileName = fileName.substring(0,fileName.lastIndexOf(".bz2"));
          }

          //decrypting
          View.header1("decrypting "+fileName);
          instance.decryptFile(fileName);
        }
      }
    }
    catch (GeneralSecurityException gSecEx)
    {
      System.err.println(gSecEx.getMessage());
    }
    catch (IOException e)
    {
      System.err.println(e.getMessage());
    }
    catch (Throwable t)
    {
      t.printStackTrace();
    }
    System.exit(1);
  }
}

/**
 * Utility methods to print to the command line.
 */
class View {

  static void header1(String name) {
    System.out.println();
    System.out.println("================== " + name + " ==================");
    System.out.println();
  }

  static void header2(String name) {
    System.out.println();
    System.out.println("~~~~~~~~~~~~~~~~~~ " + name + " ~~~~~~~~~~~~~~~~~~");
    System.out.println();
  }
}