105 lines
4.7 KiB
Swift
105 lines
4.7 KiB
Swift
|
//
|
||
|
// EncryptedResponse.swift
|
||
|
// Befund
|
||
|
//
|
||
|
// Created by Irakli Abetschkhrischwili on 15.05.22.
|
||
|
// Copyright © 2022 MVZ Dr. Stein und Kollegen. All rights reserved.
|
||
|
|
||
|
import Foundation
|
||
|
import CryptoKit
|
||
|
|
||
|
extension Core.Models.Response
|
||
|
{
|
||
|
public class EncryptedResponse : Encodable, Decodable
|
||
|
{
|
||
|
public var descriptor: String!
|
||
|
public var encrypted_content: String? = nil
|
||
|
public var hmac: String? = nil
|
||
|
|
||
|
public func Decrypt(key: CryptoKit.SymmetricKey) -> Any?
|
||
|
{
|
||
|
var result: Any? = nil
|
||
|
|
||
|
do
|
||
|
{
|
||
|
self.descriptor = Core.Security.AES.Decrypt(value: self.descriptor, deriveKey: key)
|
||
|
|
||
|
if(self.descriptor != nil && self.encrypted_content != nil)
|
||
|
{
|
||
|
self.encrypted_content = Core.Security.AES.Decrypt(value: self.encrypted_content!, deriveKey: key)
|
||
|
|
||
|
if(self.encrypted_content != nil)
|
||
|
{
|
||
|
let data : Data? = self.encrypted_content!.data(using: .utf8)
|
||
|
|
||
|
if(data != nil)
|
||
|
{
|
||
|
let decoder = JSONDecoder()
|
||
|
|
||
|
if(self.descriptor.lowercased() == "success")
|
||
|
{
|
||
|
result = try decoder.decode(Core.Models.Response.Success.self, from: data!)
|
||
|
}
|
||
|
else if(self.descriptor!.lowercased() == "responseexception")
|
||
|
{
|
||
|
result = try decoder.decode(Core.Models.Response.Exception.self, from: data!)
|
||
|
}
|
||
|
else if(self.descriptor!.lowercased() == "list<status>")
|
||
|
{
|
||
|
result = try decoder.decode([Core.Models.Database.Status].self, from: data!)
|
||
|
}
|
||
|
else if(self.descriptor!.lowercased() == "download")
|
||
|
{
|
||
|
result = try decoder.decode(Core.Models.Response.Download.self, from: data!)
|
||
|
}
|
||
|
else if(self.descriptor!.lowercased() == "pin")
|
||
|
{
|
||
|
result = try decoder.decode(Core.Models.Response.PIN.self, from: data!)
|
||
|
}
|
||
|
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
catch
|
||
|
{
|
||
|
Core.Log.Error(err: error, namespace: "Core.Models.Response.EncryptedResponse", method: "Decrypt(SymmetricKey)")
|
||
|
}
|
||
|
|
||
|
return result;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Validates the encrypted request by HMAC and Ed25519
|
||
|
*
|
||
|
* @param deriveKey - shared derive key, that should be used for the HMAC Authentification
|
||
|
* @param clientSignature - client signature, that should be verified
|
||
|
* @param clientSignatureKey - client public signature key, that was used in client signature
|
||
|
* @return returns true if request is valid
|
||
|
*/
|
||
|
public func ValidSignature(deriveKey: SymmetricKey, clientSignature: String, clientSignatureKey: String) -> Bool
|
||
|
{
|
||
|
if(self.encrypted_content != nil && !self.encrypted_content!.isEmpty)
|
||
|
{
|
||
|
return
|
||
|
// Validate over HMAC
|
||
|
(self.hmac != nil && !self.hmac!.isEmpty &&
|
||
|
Core.Security.SHA512.isValidAuthenticationCode(hmac: self.hmac!, message: self.encrypted_content!.data(using: .utf8)!, key: deriveKey) &&
|
||
|
|
||
|
//Validate over Ed25519
|
||
|
Core.Security.Curve25519.CheckValid(signature: Core.Security.Base64.FromBase64String(base64: clientSignature)!, message: self.encrypted_content!.data(using: .utf8)!, publicKey: Core.Security.Base64.FromBase64String(base64: clientSignatureKey)!))
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
return
|
||
|
// Validate over HMAC
|
||
|
(self.hmac != nil && !self.hmac!.isEmpty &&
|
||
|
Core.Security.SHA512.isValidAuthenticationCode(hmac: self.hmac!, message: self.descriptor.data(using: .utf8)!, key: deriveKey) &&
|
||
|
|
||
|
//Validate over Ed25519
|
||
|
Core.Security.Curve25519.CheckValid(signature: Core.Security.Base64.FromBase64String(base64: clientSignature)!, message: self.descriptor.data(using: .utf8)!, publicKey: Core.Security.Base64.FromBase64String(base64: clientSignatureKey)!))
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|