// // ChangeVerificatorHash.swift // Befund // // Created by Artur Savitskiy on 02.08.22. // Copyright © 2022 MVZ Dr. Stein und Kollegen. All rights reserved. // import Foundation extension Core.Models.Request { public class ChangeVerificatorHash : Encodable, Decodable { public var udid: String? = nil public var old_verificator_hash: String? = nil public var new_verificator_hash: String? = nil public var pin: String? = nil } public class ChangeVerificatorHashProvider { private static let password_policy = "^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!+@$%^&<>*~:`-]).{8,}$" public static func IsPasswordStrong(password: String) -> Bool { return NSPredicate(format: "SELF MATCHES %@", password_policy).evaluate(with: password) } public static func GetDecryptedOldPasswordByPassword(settings: Core.Models.Settings, oldPassword: String) -> String? { let oldPassAESKey=Core.Security.AES.GetKey(password: oldPassword) let oldPwdDecryptedKey = Core.Security.AES.Decrypt(value: (settings.hashed_private_key ?? ""), password: String( decoding: oldPassAESKey, as: UTF8.self)) return oldPwdDecryptedKey } public static func GetDecryptedOldPasswordByPin(settings: Core.Models.Settings, pin: String) -> String? { let oldPassAESKey=Core.Security.AES.GetKey(password: (settings.password_reset_hash ?? "") + pin) let oldPwdDecryptedKey = Core.Security.AES.Decrypt(value: (settings.password_hash ?? ""), password: String(decoding: oldPassAESKey, as: UTF8.self)) return oldPwdDecryptedKey } public static func PrepareChangeVerificatorHash(settings: Core.Models.Settings, oldPassword: String, newPassword: String, newPin: String) -> Core.Models.Request.ChangeVerificatorHash { let oldPassAESKey=Core.Security.AES.GetKey(password: oldPassword) let newPassAESkey = Core.Security.AES.GetKey(password: newPassword) let changeVerificatorHash = Core.Models.Request.ChangeVerificatorHash() changeVerificatorHash.old_verificator_hash = settings.verificator_hash changeVerificatorHash.new_verificator_hash = Core.Security.SHA512.HMAC(message: Core.Security.SHA512.VerificatorHashingValue.data(using: .utf8)!, key: String(decoding: newPassAESkey, as: UTF8.self)) changeVerificatorHash.udid = settings.udid changeVerificatorHash.pin = newPin // String(Int.random(in: 10000..<99999)) let results = Core.Database.Results.GetResults() if(results != nil && results!.count>0) { for res in results! { let file = Core.System.GetPathForStorageEncryptedFile(filename: res.pgs!) if(file != nil && Core.System.FileExists(atPath: file!)) { let encrypted_content = Core.System.ReadFromEncryptedStorage(filename: res.pgs!) if(!encrypted_content!.isEmpty) { let decrypted_content = Core.Security.AES.Decrypt( value: String (decoding: encrypted_content!, as: UTF8.self), password: String(decoding: oldPassAESKey, as: UTF8.self)) if(decrypted_content != nil) { let local_encrypted = Core.Security.AES.Encrypt( value: decrypted_content!, password: String(decoding: newPassAESkey, as: UTF8.self)) if(local_encrypted != nil) { Core.System.WriteToEncryptedStorage(filename: res.pgs!, data: local_encrypted!.data(using: .utf8)!) } } } } } } return changeVerificatorHash } public static func SaveChangedVerificatorBySuccess(settings: Core.Models.Settings, oldPassword: String, newPassword: String, pin: String, errorMsg: inout String?) -> Core.Models.Settings? { let oldPassAESKey=Core.Security.AES.GetKey(password: oldPassword) let newPassAESkey = Core.Security.AES.GetKey(password: newPassword) let decrypted_private_key = Core.Security.AES.Decrypt(value: (settings.hashed_private_key ?? ""), password: String( decoding: oldPassAESKey, as: UTF8.self)) settings.password_reset_hash = NSUUID().uuidString let pwdPlus = (settings.password_reset_hash ?? "") + pin let passwordHashKey = Core.Security.AES.GetKey(password: pwdPlus) settings.password_hash = Core.Security.AES.Encrypt(value: newPassword, password: String(decoding: passwordHashKey, as: UTF8.self)) settings.verificator_hash = Core.Security.SHA512.HMAC( message: Core.Security.SHA512.VerificatorHashingValue.data(using: .utf8)!, key: String(decoding: newPassAESkey, as: UTF8.self)) settings.hashed_private_key = Core.Security.AES.Encrypt(value: decrypted_private_key!, password: String(decoding: newPassAESkey, as: UTF8.self)) if(!settings.save(atPath: Core.System.SettingsPath())) { errorMsg = Core.Lang.Get(key: "ERROR_COULD_NOT_SAVE") return settings } else { errorMsg = nil return Core.Models.Settings.loadFromFile(atPath: Core.System.SettingsPath()) } } } }