diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift
index 63c2ae111e22b52f73e3ba4cbe735cbdc34c9800..6fb937aa549a7ef1573a22e8efac499d7bf4389a 100644
--- a/enzevalos_iphone/SMIME.swift
+++ b/enzevalos_iphone/SMIME.swift
@@ -473,6 +473,10 @@ PkfA6mR7rtcyIbHi34tfkCv/qolV3QivMHov0IJpRyNO
*/
}
+ func testCryptoObjectMethods() {
+
+ }
+
func testKeyEnc() {
let (pKeyEnc, errArrEnc) = getEncryptedPemFromPKey(pem: test_key, passwd: "testpwd")
@@ -537,7 +541,7 @@ PkfA6mR7rtcyIbHi34tfkCv/qolV3QivMHov0IJpRyNO
let fps = privateKeyKeychain.allKeys()
for f in fps{
if f != fp{
- (decStr,errArr) = decryptWithPem(message: text, certAsPem: certsKeychain[f]!, keyAsPem: privateKeyKeychain[f]!)
+ (decStr, errArr) = decryptWithPem(message: text, certAsPem: certsKeychain[f]!, keyAsPem: privateKeyKeychain[f]!)
if decStr != nil{
encState = EncryptionState.ValidEncryptedWithOldKey
break
@@ -626,50 +630,52 @@ PkfA6mR7rtcyIbHi34tfkCv/qolV3QivMHov0IJpRyNO
// TODO: Exception no valid signatures
}
- func encrypt(plainData: Data, ids: [String], ownId: String, encryptForMyId: Bool = true) -> CryptoObject? {
+ func encrypt(plainData: Data, ids: [String], ownId: String, encryptForMyId: Bool = true) throws -> CryptoObject {
let text = String(data: plainData, encoding: .utf8)
var pems: [String] = []
var ownFp: String? = nil
+
+ // retrieve the certs as pems for each ID (email), certsKeychain stores for each email a fingerprint of the cert of that user and under a fingerprint a cert is stored
for id in ids {
if let fp = certsKeychain[id] {
- // TODO: Exception try catch
pems.append(certsKeychain[fp]!)
}
else{
- // TODO: Exception
- print("No cert for email ", id)
+ throw SMIMEError(message: "No cert for email " + id + "!", errorArray: nil, type: SMIMEError.ErrorType.encryption)
}
}
- // TODO: Ask Oliver why signing is allowed only with encryptForMyID = true
+
+ // if we want to encrypt with the user's own key, retrieve the key and handle errors
if encryptForMyId {
if let fp = getOwnKeyFP() {
ownFp = fp
- // TODO: Exception try catch
pems.append(certsKeychain[fp]!)
}
else {
- // TODO: Exception
- print("No cert for own key!")
+ throw SMIMEError(message: "Tried to encrypt email with the user's key but no cert for own key present!", errorArray: nil, type: SMIMEError.ErrorType.encryption)
}
}
- // TODO: try-catch text
- let (encStr, errArr) = encryptWithPem(message: text!, certPems: pems)
- let encData = encStr?.data(using: .utf8)
- // TODO: check if errArr empty, exception
+ // do the actual encryption
+ let (encStr, errArr) = encryptWithPem(message: text!, certPems: pems)
+ if errArr != nil && errArr!.count > 0 {
+ throw SMIMEError(message: "Encryption failed!", errorArray: errArr, type: SMIMEError.ErrorType.encryption)
+ }
+ // check if the user has a certificate
if ownFp != nil {
let ownCert = certsKeychain[ownFp!]!
let ownPk = privateKeyKeychain[ownFp!]!
let (sigText, sigErrArr) = signWithPem(message: encStr!, certAsPem: ownCert, keyAsPem: ownPk, detached: false)
- // TODO: check if errArr empty, exception
+
+ if sigErrArr != nil && sigErrArr!.count > 0 {
+ throw SMIMEError(message: "Signing during encryption failed!", errorArray: sigErrArr, type: SMIMEError.ErrorType.encryption)
+ }
return CryptoObject(chiphertext: sigText!.data(using: .utf8), plaintext: text, decryptedData: plainData, sigState: SignatureState.ValidSignature, encState: EncryptionState.ValidedEncryptedWithCurrentKey, signKey: ownFp, encType: CryptoScheme.SMIME, signedAdrs: [ownId])
}
- return nil
- // TODO: Exception
- // throw SMIMEError
+ throw SMIMEError(message: "Tried to sign with user's certificate but none was present!", errorArray: errArr, type: SMIMEError.ErrorType.encryption)
}
}