using System;
using System.Text;
using System.Security.Cryptography;
using System.Linq;
 
 
namespace Deckard.Jared
{
    /// <summary>
    /// AES256 class uses the AES algorithm with a provided 256 bit key and a random 128 bit IV to meet PCI standards
    /// The IV is randomly generated before each encryption and encoded with the final encrypted string
    /// </summary>
    public class AES256
    {
        // Symmetric algorithm interface is used to store the AES service provider
        private SymmetricAlgorithm AESProvider;
 
        /// <summary>
        /// Constructor for AES class that takes a byte array for the key
        /// </summary>
        /// <param name="key">256 bit key (32 bytes)</param>
        public AES256(byte[] key)
        {
            // Throw error if key is not 256 bits
            if (key.Length != 32) throw new CryptographicException("Key must be 256 bits (32 bytes)");
 
            // Initialize AESProvider with AES algorithm service
            AESProvider = new AesCryptoServiceProvider();
            AESProvider.KeySize = 256;
 
            // Set the key for AESProvider
            AESProvider.Key = key;
        }
 
        /// <summary>
        /// Constructor for AES class that generates the key from a hashed, salted password
        /// </summary>
        /// <param name="password">Password used to generate the key (Minimum of 8 characters)</param>
        /// <param name="salt">Salt used to secure hash from rainbow table attacks (Minimum of 8 characters)</param>
        public AES256(string password, string salt)
        {
            // Throw error if the password or salt are too short
            if (password.Length < 8) throw new CryptographicException("Password must be at least 8 characters long");
            if (salt.Length < 8) throw new CryptographicException("Salt must be at least 8 characters long");
 
            // Initialize AESProvider with AES algorithm service
            AESProvider = new AesCryptoServiceProvider();
            AESProvider.KeySize = 256;
 
            // Initialize a hasher with the 256 bit SHA algorithm
            SHA256 sha256 = System.Security.Cryptography.SHA256.Create();
 
            // Hash salted password
            byte[] key = sha256.ComputeHash(UnicodeEncoding.Unicode.GetBytes(password + salt));
 
            // Set the key for AESProvider
            AESProvider.Key = key;
 
        }
 
        /// <summary>
        /// Encrypts a string with AES algorithm
        /// </summary>
        /// <param name="plainText">String to encrypt</param>
        /// <returns>Encrypted string with IV prefix</returns>
        public string Encrypt(string plainText)
        {
            // Create new random IV
            AESProvider.GenerateIV();
 
            // Initialize encryptor now that the IV is set
            ICryptoTransform encryptor = AESProvider.CreateEncryptor();
 
            // Convert string to bytes
            byte[] plainBytes = UnicodeEncoding.Unicode.GetBytes(plainText);
 
            // Encrypt plain bytes
            byte[] secureBytes = encryptor.TransformFinalBlock(plainBytes, 0, plainBytes.Length);
 
            // Add IV to the beginning of the encrypted bytes
            secureBytes = AESProvider.IV.Concat(secureBytes).ToArray();
 
            // Return encrypted bytes as a string
            return Convert.ToBase64String(secureBytes);
        }
 
        /// <summary>
        /// Decrypts a string with AES algorithm
        /// </summary>
        /// <param name="secureText">Encrypted string with IV prefix</param>
        /// <returns>Decrypted string</returns>
        public string Decrypt(string secureText)
        {
            // Convert encrypted string to bytes
            byte[] secureBytes = Convert.FromBase64String(secureText);
 
            // Take IV from beginning of secureBytes
            AESProvider.IV = secureBytes.Take(16).ToArray();
 
            // Initialize decryptor now that the IV is set
            ICryptoTransform decryptor = AESProvider.CreateDecryptor();
 
            // Decrypt bytes after the IV
            byte[] plainBytes = decryptor.TransformFinalBlock(secureBytes, 16, secureBytes.Length - 16);
 
            // Return decrypted bytes as a string
            return UnicodeEncoding.Unicode.GetString(plainBytes);
        }
 
    }
}

dXNpbmcgU3lzdGVtOwp1c2luZyBTeXN0ZW0uVGV4dDsKdXNpbmcgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeTsKdXNpbmcgU3lzdGVtLkxpbnE7CgoKbmFtZXNwYWNlIERlY2thcmQuSmFyZWQKewogICAgLy8vIDxzdW1tYXJ5PgogICAgLy8vIEFFUzI1NiBjbGFzcyB1c2VzIHRoZSBBRVMgYWxnb3JpdGhtIHdpdGggYSBwcm92aWRlZCAyNTYgYml0IGtleSBhbmQgYSByYW5kb20gMTI4IGJpdCBJViB0byBtZWV0IFBDSSBzdGFuZGFyZHMKICAgIC8vLyBUaGUgSVYgaXMgcmFuZG9tbHkgZ2VuZXJhdGVkIGJlZm9yZSBlYWNoIGVuY3J5cHRpb24gYW5kIGVuY29kZWQgd2l0aCB0aGUgZmluYWwgZW5jcnlwdGVkIHN0cmluZwogICAgLy8vIDwvc3VtbWFyeT4KICAgIHB1YmxpYyBjbGFzcyBBRVMyNTYKICAgIHsKICAgICAgICAvLyBTeW1tZXRyaWMgYWxnb3JpdGhtIGludGVyZmFjZSBpcyB1c2VkIHRvIHN0b3JlIHRoZSBBRVMgc2VydmljZSBwcm92aWRlcgogICAgICAgIHByaXZhdGUgU3ltbWV0cmljQWxnb3JpdGhtIEFFU1Byb3ZpZGVyOwoKICAgICAgICAvLy8gPHN1bW1hcnk+CiAgICAgICAgLy8vIENvbnN0cnVjdG9yIGZvciBBRVMgY2xhc3MgdGhhdCB0YWtlcyBhIGJ5dGUgYXJyYXkgZm9yIHRoZSBrZXkKICAgICAgICAvLy8gPC9zdW1tYXJ5PgogICAgICAgIC8vLyA8cGFyYW0gbmFtZT0ia2V5Ij4yNTYgYml0IGtleSAoMzIgYnl0ZXMpPC9wYXJhbT4KICAgICAgICBwdWJsaWMgQUVTMjU2KGJ5dGVbXSBrZXkpCiAgICAgICAgewogICAgICAgICAgICAvLyBUaHJvdyBlcnJvciBpZiBrZXkgaXMgbm90IDI1NiBiaXRzCiAgICAgICAgICAgIGlmIChrZXkuTGVuZ3RoICE9IDMyKSB0aHJvdyBuZXcgQ3J5cHRvZ3JhcGhpY0V4Y2VwdGlvbigiS2V5IG11c3QgYmUgMjU2IGJpdHMgKDMyIGJ5dGVzKSIpOwoKICAgICAgICAgICAgLy8gSW5pdGlhbGl6ZSBBRVNQcm92aWRlciB3aXRoIEFFUyBhbGdvcml0aG0gc2VydmljZQogICAgICAgICAgICBBRVNQcm92aWRlciA9IG5ldyBBZXNDcnlwdG9TZXJ2aWNlUHJvdmlkZXIoKTsKICAgICAgICAgICAgQUVTUHJvdmlkZXIuS2V5U2l6ZSA9IDI1NjsKCiAgICAgICAgICAgIC8vIFNldCB0aGUga2V5IGZvciBBRVNQcm92aWRlcgogICAgICAgICAgICBBRVNQcm92aWRlci5LZXkgPSBrZXk7CiAgICAgICAgfQoKICAgICAgICAvLy8gPHN1bW1hcnk+CiAgICAgICAgLy8vIENvbnN0cnVjdG9yIGZvciBBRVMgY2xhc3MgdGhhdCBnZW5lcmF0ZXMgdGhlIGtleSBmcm9tIGEgaGFzaGVkLCBzYWx0ZWQgcGFzc3dvcmQKICAgICAgICAvLy8gPC9zdW1tYXJ5PgogICAgICAgIC8vLyA8cGFyYW0gbmFtZT0icGFzc3dvcmQiPlBhc3N3b3JkIHVzZWQgdG8gZ2VuZXJhdGUgdGhlIGtleSAoTWluaW11bSBvZiA4IGNoYXJhY3RlcnMpPC9wYXJhbT4KICAgICAgICAvLy8gPHBhcmFtIG5hbWU9InNhbHQiPlNhbHQgdXNlZCB0byBzZWN1cmUgaGFzaCBmcm9tIHJhaW5ib3cgdGFibGUgYXR0YWNrcyAoTWluaW11bSBvZiA4IGNoYXJhY3RlcnMpPC9wYXJhbT4KICAgICAgICBwdWJsaWMgQUVTMjU2KHN0cmluZyBwYXNzd29yZCwgc3RyaW5nIHNhbHQpCiAgICAgICAgewogICAgICAgICAgICAvLyBUaHJvdyBlcnJvciBpZiB0aGUgcGFzc3dvcmQgb3Igc2FsdCBhcmUgdG9vIHNob3J0CiAgICAgICAgICAgIGlmIChwYXNzd29yZC5MZW5ndGggPCA4KSB0aHJvdyBuZXcgQ3J5cHRvZ3JhcGhpY0V4Y2VwdGlvbigiUGFzc3dvcmQgbXVzdCBiZSBhdCBsZWFzdCA4IGNoYXJhY3RlcnMgbG9uZyIpOwogICAgICAgICAgICBpZiAoc2FsdC5MZW5ndGggPCA4KSB0aHJvdyBuZXcgQ3J5cHRvZ3JhcGhpY0V4Y2VwdGlvbigiU2FsdCBtdXN0IGJlIGF0IGxlYXN0IDggY2hhcmFjdGVycyBsb25nIik7CgogICAgICAgICAgICAvLyBJbml0aWFsaXplIEFFU1Byb3ZpZGVyIHdpdGggQUVTIGFsZ29yaXRobSBzZXJ2aWNlCiAgICAgICAgICAgIEFFU1Byb3ZpZGVyID0gbmV3IEFlc0NyeXB0b1NlcnZpY2VQcm92aWRlcigpOwogICAgICAgICAgICBBRVNQcm92aWRlci5LZXlTaXplID0gMjU2OwoKICAgICAgICAgICAgLy8gSW5pdGlhbGl6ZSBhIGhhc2hlciB3aXRoIHRoZSAyNTYgYml0IFNIQSBhbGdvcml0aG0KICAgICAgICAgICAgU0hBMjU2IHNoYTI1NiA9IFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2LkNyZWF0ZSgpOwoKICAgICAgICAgICAgLy8gSGFzaCBzYWx0ZWQgcGFzc3dvcmQKICAgICAgICAgICAgYnl0ZVtdIGtleSA9IHNoYTI1Ni5Db21wdXRlSGFzaChVbmljb2RlRW5jb2RpbmcuVW5pY29kZS5HZXRCeXRlcyhwYXNzd29yZCArIHNhbHQpKTsKCiAgICAgICAgICAgIC8vIFNldCB0aGUga2V5IGZvciBBRVNQcm92aWRlcgogICAgICAgICAgICBBRVNQcm92aWRlci5LZXkgPSBrZXk7CiAgICAgICAgICAgIAogICAgICAgIH0KCiAgICAgICAgLy8vIDxzdW1tYXJ5PgogICAgICAgIC8vLyBFbmNyeXB0cyBhIHN0cmluZyB3aXRoIEFFUyBhbGdvcml0aG0KICAgICAgICAvLy8gPC9zdW1tYXJ5PgogICAgICAgIC8vLyA8cGFyYW0gbmFtZT0icGxhaW5UZXh0Ij5TdHJpbmcgdG8gZW5jcnlwdDwvcGFyYW0+CiAgICAgICAgLy8vIDxyZXR1cm5zPkVuY3J5cHRlZCBzdHJpbmcgd2l0aCBJViBwcmVmaXg8L3JldHVybnM+CiAgICAgICAgcHVibGljIHN0cmluZyBFbmNyeXB0KHN0cmluZyBwbGFpblRleHQpCiAgICAgICAgewogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHJhbmRvbSBJVgogICAgICAgICAgICBBRVNQcm92aWRlci5HZW5lcmF0ZUlWKCk7CgogICAgICAgICAgICAvLyBJbml0aWFsaXplIGVuY3J5cHRvciBub3cgdGhhdCB0aGUgSVYgaXMgc2V0CiAgICAgICAgICAgIElDcnlwdG9UcmFuc2Zvcm0gZW5jcnlwdG9yID0gQUVTUHJvdmlkZXIuQ3JlYXRlRW5jcnlwdG9yKCk7CgogICAgICAgICAgICAvLyBDb252ZXJ0IHN0cmluZyB0byBieXRlcwogICAgICAgICAgICBieXRlW10gcGxhaW5CeXRlcyA9IFVuaWNvZGVFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHBsYWluVGV4dCk7CgogICAgICAgICAgICAvLyBFbmNyeXB0IHBsYWluIGJ5dGVzCiAgICAgICAgICAgIGJ5dGVbXSBzZWN1cmVCeXRlcyA9IGVuY3J5cHRvci5UcmFuc2Zvcm1GaW5hbEJsb2NrKHBsYWluQnl0ZXMsIDAsIHBsYWluQnl0ZXMuTGVuZ3RoKTsKCiAgICAgICAgICAgIC8vIEFkZCBJViB0byB0aGUgYmVnaW5uaW5nIG9mIHRoZSBlbmNyeXB0ZWQgYnl0ZXMKICAgICAgICAgICAgc2VjdXJlQnl0ZXMgPSBBRVNQcm92aWRlci5JVi5Db25jYXQoc2VjdXJlQnl0ZXMpLlRvQXJyYXkoKTsKCiAgICAgICAgICAgIC8vIFJldHVybiBlbmNyeXB0ZWQgYnl0ZXMgYXMgYSBzdHJpbmcKICAgICAgICAgICAgcmV0dXJuIENvbnZlcnQuVG9CYXNlNjRTdHJpbmcoc2VjdXJlQnl0ZXMpOwogICAgICAgIH0KCiAgICAgICAgLy8vIDxzdW1tYXJ5PgogICAgICAgIC8vLyBEZWNyeXB0cyBhIHN0cmluZyB3aXRoIEFFUyBhbGdvcml0aG0KICAgICAgICAvLy8gPC9zdW1tYXJ5PgogICAgICAgIC8vLyA8cGFyYW0gbmFtZT0ic2VjdXJlVGV4dCI+RW5jcnlwdGVkIHN0cmluZyB3aXRoIElWIHByZWZpeDwvcGFyYW0+CiAgICAgICAgLy8vIDxyZXR1cm5zPkRlY3J5cHRlZCBzdHJpbmc8L3JldHVybnM+CiAgICAgICAgcHVibGljIHN0cmluZyBEZWNyeXB0KHN0cmluZyBzZWN1cmVUZXh0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gQ29udmVydCBlbmNyeXB0ZWQgc3RyaW5nIHRvIGJ5dGVzCiAgICAgICAgICAgIGJ5dGVbXSBzZWN1cmVCeXRlcyA9IENvbnZlcnQuRnJvbUJhc2U2NFN0cmluZyhzZWN1cmVUZXh0KTsKCiAgICAgICAgICAgIC8vIFRha2UgSVYgZnJvbSBiZWdpbm5pbmcgb2Ygc2VjdXJlQnl0ZXMKICAgICAgICAgICAgQUVTUHJvdmlkZXIuSVYgPSBzZWN1cmVCeXRlcy5UYWtlKDE2KS5Ub0FycmF5KCk7CgogICAgICAgICAgICAvLyBJbml0aWFsaXplIGRlY3J5cHRvciBub3cgdGhhdCB0aGUgSVYgaXMgc2V0CiAgICAgICAgICAgIElDcnlwdG9UcmFuc2Zvcm0gZGVjcnlwdG9yID0gQUVTUHJvdmlkZXIuQ3JlYXRlRGVjcnlwdG9yKCk7CgogICAgICAgICAgICAvLyBEZWNyeXB0IGJ5dGVzIGFmdGVyIHRoZSBJVgogICAgICAgICAgICBieXRlW10gcGxhaW5CeXRlcyA9IGRlY3J5cHRvci5UcmFuc2Zvcm1GaW5hbEJsb2NrKHNlY3VyZUJ5dGVzLCAxNiwgc2VjdXJlQnl0ZXMuTGVuZ3RoIC0gMTYpOwoKICAgICAgICAgICAgLy8gUmV0dXJuIGRlY3J5cHRlZCBieXRlcyBhcyBhIHN0cmluZwogICAgICAgICAgICByZXR1cm4gVW5pY29kZUVuY29kaW5nLlVuaWNvZGUuR2V0U3RyaW5nKHBsYWluQnl0ZXMpOwogICAgICAgIH0KCiAgICB9Cn0=