Skip to content
Snippets Groups Projects
Commit 33fa0fa1 authored by lazarog98's avatar lazarog98
Browse files

#232 add exceptions for encryption

parent 5ff7c6f6
Branches
Tags
2 merge requests!58Onboarding screens swift ui merge dev,!35Resolve "SMIME Support"
......@@ -473,6 +473,10 @@ PkfA6mR7rtcyIbHi34tfkCv/qolV3QivMHov0IJpRyNO
*/
}
func testCryptoObjectMethods() {
}
func testKeyEnc() {
let (pKeyEnc, errArrEnc) = getEncryptedPemFromPKey(pem: test_key, passwd: "testpwd")
......@@ -537,7 +541,7 @@ PkfA6mR7rtcyIbHi34tfkCv/qolV3QivMHov0IJpRyNO
let fps = privateKeyKeychain.allKeys()
for f in fps{
if f != fp{
(decStr,errArr) = decryptWithPem(message: text, certAsPem: certsKeychain[f]!, keyAsPem: privateKeyKeychain[f]!)
(decStr, errArr) = decryptWithPem(message: text, certAsPem: certsKeychain[f]!, keyAsPem: privateKeyKeychain[f]!)
if decStr != nil{
encState = EncryptionState.ValidEncryptedWithOldKey
break
......@@ -626,50 +630,52 @@ PkfA6mR7rtcyIbHi34tfkCv/qolV3QivMHov0IJpRyNO
// TODO: Exception no valid signatures
}
func encrypt(plainData: Data, ids: [String], ownId: String, encryptForMyId: Bool = true) -> CryptoObject? {
func encrypt(plainData: Data, ids: [String], ownId: String, encryptForMyId: Bool = true) throws -> CryptoObject {
let text = String(data: plainData, encoding: .utf8)
var pems: [String] = []
var ownFp: String? = nil
// retrieve the certs as pems for each ID (email), certsKeychain stores for each email a fingerprint of the cert of that user and under a fingerprint a cert is stored
for id in ids {
if let fp = certsKeychain[id] {
// TODO: Exception try catch
pems.append(certsKeychain[fp]!)
}
else{
// TODO: Exception
print("No cert for email ", id)
throw SMIMEError(message: "No cert for email " + id + "!", errorArray: nil, type: SMIMEError.ErrorType.encryption)
}
}
// TODO: Ask Oliver why signing is allowed only with encryptForMyID = true
// if we want to encrypt with the user's own key, retrieve the key and handle errors
if encryptForMyId {
if let fp = getOwnKeyFP() {
ownFp = fp
// TODO: Exception try catch
pems.append(certsKeychain[fp]!)
}
else {
// TODO: Exception
print("No cert for own key!")
throw SMIMEError(message: "Tried to encrypt email with the user's key but no cert for own key present!", errorArray: nil, type: SMIMEError.ErrorType.encryption)
}
}
// TODO: try-catch text
let (encStr, errArr) = encryptWithPem(message: text!, certPems: pems)
let encData = encStr?.data(using: .utf8)
// TODO: check if errArr empty, exception
// do the actual encryption
let (encStr, errArr) = encryptWithPem(message: text!, certPems: pems)
if errArr != nil && errArr!.count > 0 {
throw SMIMEError(message: "Encryption failed!", errorArray: errArr, type: SMIMEError.ErrorType.encryption)
}
// check if the user has a certificate
if ownFp != nil {
let ownCert = certsKeychain[ownFp!]!
let ownPk = privateKeyKeychain[ownFp!]!
let (sigText, sigErrArr) = signWithPem(message: encStr!, certAsPem: ownCert, keyAsPem: ownPk, detached: false)
// TODO: check if errArr empty, exception
if sigErrArr != nil && sigErrArr!.count > 0 {
throw SMIMEError(message: "Signing during encryption failed!", errorArray: sigErrArr, type: SMIMEError.ErrorType.encryption)
}
return CryptoObject(chiphertext: sigText!.data(using: .utf8), plaintext: text, decryptedData: plainData, sigState: SignatureState.ValidSignature, encState: EncryptionState.ValidedEncryptedWithCurrentKey, signKey: ownFp, encType: CryptoScheme.SMIME, signedAdrs: [ownId])
}
return nil
// TODO: Exception
// throw SMIMEError
throw SMIMEError(message: "Tried to sign with user's certificate but none was present!", errorArray: errArr, type: SMIMEError.ErrorType.encryption)
}
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment