From 704feb359fbc08ad12c0a302a02f7e24134c4e42 Mon Sep 17 00:00:00 2001
From: Ronit Jain <rjra2611@gmail.com>
Date: Tue, 28 Nov 2023 18:48:04 +0530
Subject: [PATCH 1/2] add encryption checks

---
 lean/commands/library/add.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lean/commands/library/add.py b/lean/commands/library/add.py
index 7e9dd280..71ecaf21 100644
--- a/lean/commands/library/add.py
+++ b/lean/commands/library/add.py
@@ -303,6 +303,19 @@ def add(project: Path, name: str, version: Optional[str], no_local: bool) -> Non
     library_dir = Path(name).expanduser().resolve()
 
     if library_manager.is_lean_library(library_dir):
+        # check encryption conditions
+        if project_config.get('encrypted', False) and project_config.get('encryption-key-path', None):
+            library_project_config = container.project_config_manager.get_project_config(library_dir)
+            is_library_encrypted = library_project_config.get('encrypted', False)
+            library_encryption_key_path = library_project_config.get('encryption-key-path', None)
+            if library_encryption_key_path:
+                library_encryption_key_path = Path(library_encryption_key_path)
+            project_encryption_key_path = project_config.get('encryption-key-path', None)
+            if project_encryption_key_path:
+                project_encryption_key_path = Path(project_encryption_key_path)
+            if is_library_encrypted and library_encryption_key_path != project_encryption_key_path:
+                raise RuntimeError(f"Library is encrypted with a different key {library_encryption_key_path}. "
+                                   f"Please use the same key as project {project_encryption_key_path}.")
         logger.info(f"Adding Lean CLI library {library_dir} to project {project}")
         if project_language == "CSharp":
             library_manager.add_lean_library_to_csharp_project(project, library_dir, no_local)

From 99d5ab79203f8e6c5b592c492cd03522989c1cf7 Mon Sep 17 00:00:00 2001
From: Ronit Jain <rjra2611@gmail.com>
Date: Tue, 28 Nov 2023 19:35:31 +0530
Subject: [PATCH 2/2] use key hash to compare

---
 lean/commands/library/add.py              | 12 +++++-------
 lean/components/util/encryption_helper.py | 13 +++++++++++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/lean/commands/library/add.py b/lean/commands/library/add.py
index 71ecaf21..01fc74af 100644
--- a/lean/commands/library/add.py
+++ b/lean/commands/library/add.py
@@ -304,16 +304,14 @@ def add(project: Path, name: str, version: Optional[str], no_local: bool) -> Non
 
     if library_manager.is_lean_library(library_dir):
         # check encryption conditions
-        if project_config.get('encrypted', False) and project_config.get('encryption-key-path', None):
+        is_project_encrypted = project_config.get('encrypted', False)
+        project_encryption_key_path = project_config.get('encryption-key-path', None)
+        if is_project_encrypted and project_encryption_key_path:
+            from lean.components.util.encryption_helper import are_encryption_keys_equal
             library_project_config = container.project_config_manager.get_project_config(library_dir)
             is_library_encrypted = library_project_config.get('encrypted', False)
             library_encryption_key_path = library_project_config.get('encryption-key-path', None)
-            if library_encryption_key_path:
-                library_encryption_key_path = Path(library_encryption_key_path)
-            project_encryption_key_path = project_config.get('encryption-key-path', None)
-            if project_encryption_key_path:
-                project_encryption_key_path = Path(project_encryption_key_path)
-            if is_library_encrypted and library_encryption_key_path != project_encryption_key_path:
+            if is_library_encrypted and are_encryption_keys_equal(library_encryption_key_path, project_encryption_key_path) == False:
                 raise RuntimeError(f"Library is encrypted with a different key {library_encryption_key_path}. "
                                    f"Please use the same key as project {project_encryption_key_path}.")
         logger.info(f"Adding Lean CLI library {library_dir} to project {project}")
diff --git a/lean/components/util/encryption_helper.py b/lean/components/util/encryption_helper.py
index b4aa6198..09f8db74 100644
--- a/lean/components/util/encryption_helper.py
+++ b/lean/components/util/encryption_helper.py
@@ -73,6 +73,19 @@ def get_project_iv(project_key_path: Path):
     key_id = get_project_key_hash(project_key_path)
     return key_id[:16]
 
+def are_encryption_keys_equal(key1: Path, key2: Path) -> bool:
+    """Check if two encryption keys are equal
+
+    :param key1: The first key to compare
+    :param key2: The second key to compare
+    :return: True if the keys are equal, False otherwise
+    """
+    if key1 is None and key2 is None:
+        return True
+    if key1 is None or key2 is None:
+        return False
+    return get_project_key_hash(key1) == get_project_key_hash(key2)
+
 def get_decrypted_file_content_for_local_project(project: Path, source_files: List[Path], encryption_key: Path, project_config_manager: ProjectConfigManager, organization_id: str) -> List[str]:
     project_config = project_config_manager.get_project_config(project)