var __SEED1 = __.bytes.fromBase64('tdYcsSYN6tkKAEylW0TBfqiiKwea6AA/WMEyyfnRYacR3+DmflIpupFWbVovSfXvculFc7XUjV71jkID1+JJKg==');
var __SEED2 = __readSeedFromFile(1024, '~/.jssp/.local-encryption-seed');
var __SEED3 = __readSeedFromFile(2048, '~/.jssp-local-encryption-seed');

function __readSeedFromFile(len, filename) {
    var seed;
    var seedFile = $$.rFile(filename);
    if (seedFile.exists()) {
        seed = seedFile.string().trim();
    } else {
        seed = $$.random().nextIoBytes(len).asBase64();
        seedFile.write(seed);
    }
    return seed;
}

var __SEED = __SEED1 + '|' + __SEED2 + '|' + __SEED3;
var Bytes = Packages.me.hatter.tools.commons.bytes.Bytes;
var AESCryptTool = Packages.me.hatter.tools.commons.security.crypt.AESCryptTool;

function encrypt(content) {
    var key = $$.digests().sha256().digest(Bytes.from(__SEED).bytes());
    var nonce = $$.random().nextIoBytes(12);

    var cipher = AESCryptTool.gcmEncrypt(key.bytes(), nonce.bytes()).from(Bytes.from(content)).toBytes();
    return 'LOCALENC-V1.' + nonce.asBase64URI() + '.' + cipher.asBase64URI();
}

function decrypt(localEncCiphertext) {
    localEncCiphertext = $STR(localEncCiphertext);
    if (localEncCiphertext.indexOf('LOCALENC-V1.') != 0) {
        throw 'Invalid local encryption ciphertext: ' + localEncCiphertext;
    }
    var key = $$.digests().sha256().digest(Bytes.from(__SEED).bytes());

    var ciphertextParts = localEncCiphertext.split('\.');
    var nonce = Bytes.fromBase64URI(ciphertextParts[1]);
    var ciphertext = Bytes.fromBase64URI(ciphertextParts[2]);
    var plaintext = AESCryptTool.gcmDecrypt(key.bytes(), nonce.bytes()).from(ciphertext).toBytes();
    return $STR(plaintext.string());
}

if (typeof exports == 'object') {
    exports.encrypt = encrypt;
    exports.decrypt = decrypt;
}