132 lines
6.1 KiB
Swift
132 lines
6.1 KiB
Swift
|
//
|
||
|
// ChangeVerificatorHash.swift
|
||
|
// Befund
|
||
|
//
|
||
|
// Created by Artur Savitskiy on 02.08.22.
|
||
|
// Copyright © 2022 MVZ Dr. Stein und Kollegen. All rights reserved.
|
||
|
//
|
||
|
import Foundation
|
||
|
|
||
|
extension Core.Models.Request
|
||
|
{
|
||
|
public class ChangeVerificatorHash : Encodable, Decodable
|
||
|
{
|
||
|
public var udid: String? = nil
|
||
|
public var old_verificator_hash: String? = nil
|
||
|
public var new_verificator_hash: String? = nil
|
||
|
public var pin: String? = nil
|
||
|
}
|
||
|
|
||
|
public class ChangeVerificatorHashProvider
|
||
|
{
|
||
|
private static let password_policy = "^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!+@$%^&<>*~:`-]).{8,}$"
|
||
|
|
||
|
public static func IsPasswordStrong(password: String) -> Bool
|
||
|
{
|
||
|
return NSPredicate(format: "SELF MATCHES %@", password_policy).evaluate(with: password)
|
||
|
}
|
||
|
|
||
|
public static func GetDecryptedOldPasswordByPassword(settings: Core.Models.Settings, oldPassword: String) -> String?
|
||
|
{
|
||
|
let oldPassAESKey=Core.Security.AES.GetKey(password: oldPassword)
|
||
|
let oldPwdDecryptedKey = Core.Security.AES.Decrypt(value: (settings.hashed_private_key ?? ""), password: String( decoding: oldPassAESKey, as: UTF8.self))
|
||
|
return oldPwdDecryptedKey
|
||
|
}
|
||
|
|
||
|
public static func GetDecryptedOldPasswordByPin(settings: Core.Models.Settings, pin: String) -> String?
|
||
|
{
|
||
|
let oldPassAESKey=Core.Security.AES.GetKey(password: (settings.password_reset_hash ?? "") + pin)
|
||
|
let oldPwdDecryptedKey = Core.Security.AES.Decrypt(value: (settings.password_hash ?? ""), password: String(decoding: oldPassAESKey, as: UTF8.self))
|
||
|
return oldPwdDecryptedKey
|
||
|
}
|
||
|
|
||
|
public static func PrepareChangeVerificatorHash(settings: Core.Models.Settings, oldPassword: String, newPassword: String, newPin: String) -> Core.Models.Request.ChangeVerificatorHash
|
||
|
{
|
||
|
|
||
|
let oldPassAESKey=Core.Security.AES.GetKey(password: oldPassword)
|
||
|
let newPassAESkey = Core.Security.AES.GetKey(password: newPassword)
|
||
|
|
||
|
let changeVerificatorHash = Core.Models.Request.ChangeVerificatorHash()
|
||
|
|
||
|
changeVerificatorHash.old_verificator_hash = settings.verificator_hash
|
||
|
|
||
|
changeVerificatorHash.new_verificator_hash = Core.Security.SHA512.HMAC(message: Core.Security.SHA512.VerificatorHashingValue.data(using: .utf8)!, key: String(decoding: newPassAESkey, as: UTF8.self))
|
||
|
|
||
|
changeVerificatorHash.udid = settings.udid
|
||
|
|
||
|
changeVerificatorHash.pin = newPin // String(Int.random(in: 10000..<99999))
|
||
|
|
||
|
let results = Core.Database.Results.GetResults()
|
||
|
|
||
|
if(results != nil && results!.count>0)
|
||
|
{
|
||
|
for res in results!
|
||
|
{
|
||
|
|
||
|
let file = Core.System.GetPathForStorageEncryptedFile(filename: res.pgs!)
|
||
|
|
||
|
if(file != nil && Core.System.FileExists(atPath: file!))
|
||
|
{
|
||
|
let encrypted_content = Core.System.ReadFromEncryptedStorage(filename: res.pgs!)
|
||
|
|
||
|
if(!encrypted_content!.isEmpty)
|
||
|
{
|
||
|
let decrypted_content = Core.Security.AES.Decrypt(
|
||
|
value: String (decoding: encrypted_content!, as: UTF8.self),
|
||
|
password: String(decoding: oldPassAESKey, as: UTF8.self))
|
||
|
|
||
|
if(decrypted_content != nil)
|
||
|
{
|
||
|
let local_encrypted = Core.Security.AES.Encrypt(
|
||
|
value: decrypted_content!,
|
||
|
password: String(decoding: newPassAESkey, as: UTF8.self))
|
||
|
|
||
|
if(local_encrypted != nil)
|
||
|
{
|
||
|
Core.System.WriteToEncryptedStorage(filename: res.pgs!, data: local_encrypted!.data(using: .utf8)!)
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return changeVerificatorHash
|
||
|
}
|
||
|
|
||
|
public static func SaveChangedVerificatorBySuccess(settings: Core.Models.Settings, oldPassword: String, newPassword: String, pin: String, errorMsg: inout String?) -> Core.Models.Settings?
|
||
|
{
|
||
|
let oldPassAESKey=Core.Security.AES.GetKey(password: oldPassword)
|
||
|
let newPassAESkey = Core.Security.AES.GetKey(password: newPassword)
|
||
|
let decrypted_private_key = Core.Security.AES.Decrypt(value: (settings.hashed_private_key ?? ""), password: String( decoding: oldPassAESKey, as: UTF8.self))
|
||
|
|
||
|
settings.password_reset_hash = NSUUID().uuidString
|
||
|
|
||
|
let pwdPlus = (settings.password_reset_hash ?? "") + pin
|
||
|
|
||
|
let passwordHashKey = Core.Security.AES.GetKey(password: pwdPlus)
|
||
|
|
||
|
settings.password_hash = Core.Security.AES.Encrypt(value: newPassword, password: String(decoding: passwordHashKey, as: UTF8.self))
|
||
|
|
||
|
settings.verificator_hash = Core.Security.SHA512.HMAC(
|
||
|
message: Core.Security.SHA512.VerificatorHashingValue.data(using: .utf8)!,
|
||
|
key: String(decoding: newPassAESkey, as: UTF8.self))
|
||
|
|
||
|
settings.hashed_private_key = Core.Security.AES.Encrypt(value: decrypted_private_key!, password: String(decoding: newPassAESkey, as: UTF8.self))
|
||
|
|
||
|
if(!settings.save(atPath: Core.System.SettingsPath()))
|
||
|
{
|
||
|
errorMsg = Core.Lang.Get(key: "ERROR_COULD_NOT_SAVE")
|
||
|
return settings
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
errorMsg = nil
|
||
|
return Core.Models.Settings.loadFromFile(atPath: Core.System.SettingsPath())
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|