/*

 Password Encryption Controller

 Copyright 2013 Thincast Technologies GmbH, Author: Dorian Johnson

 This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.

 If a copy of the MPL was not distributed with this file, You can obtain one at

 http://mozilla.org/MPL/2.0/.

 */

#import "EncryptionController.h"

#import "SFHFKeychainUtils.h"

#import "TSXAdditions.h"

@interface EncryptionController (Private)

- (BOOL)verifyPassword:(Encryptor *)decryptor;

- (NSData *)encryptedVerificationData;

- (void)setEncryptedVerificationData:(Encryptor *)encryptor;

- (NSString *)keychainServerName;

- (NSString *)keychainUsername;

- (void)setKeychainPassword:(NSString *)password;

- (NSString *)keychainPassword;

- (NSString *)keychainDefaultPassword;

@end

static EncryptionController *_shared_encryption_controller = nil;

#pragma mark -

@implementation EncryptionController

+ (EncryptionController *)sharedEncryptionController

{

	@synchronized(self)

	{

		if (_shared_encryption_controller == nil)

			_shared_encryption_controller = [[EncryptionController alloc] init];

	}

	return _shared_encryption_controller;

}

#pragma mark Getting an encryptor or decryptor

- (Encryptor *)encryptor

{

	if (_shared_encryptor)

		return _shared_encryptor;

	NSString *saved_password = [self keychainPassword];

	if (saved_password == nil)

	{

		saved_password = [self keychainDefaultPassword];

		Encryptor *encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease];

		[self setEncryptedVerificationData:encryptor];

		_shared_encryptor = [encryptor retain];

	}

	else

	{

		Encryptor *encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease];

		if ([self verifyPassword:encryptor])

			_shared_encryptor = [encryptor retain];

	}

	return _shared_encryptor;

}

// For the current implementation, decryptors and encryptors are equivilant.

- (Encryptor *)decryptor

{

	return [self encryptor];

}

@end

#pragma mark -

@implementation EncryptionController (Private)

#pragma mark -

#pragma mark Keychain password storage

- (NSString *)keychainServerName

{

	return [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleName"];

}

- (NSString *)keychainUsername

{

	return @"master.password";

}

- (void)setKeychainPassword:(NSString *)password

{

	NSError *error;

	if (password == nil)

	{

		[SFHFKeychainUtils deleteItemForUsername:[self keychainUsername]

		                           andServerName:[self keychainServerName]

		                                   error:&error];

		return;

	}

	[SFHFKeychainUtils storeUsername:[self keychainUsername]

	                     andPassword:password

	                   forServerName:[self keychainServerName]

	                  updateExisting:YES

	                           error:&error];

}

- (NSString *)keychainPassword

{

	NSError *error;

	return [SFHFKeychainUtils getPasswordForUsername:[self keychainUsername]

	                                   andServerName:[self keychainServerName]

	                                           error:&error];

}

- (NSString *)keychainDefaultPassword

{

	NSString *password = [[NSUserDefaults standardUserDefaults] stringForKey:@"UUID"];

	if ([password length] == 0)

	{

		password = [NSString stringWithUUID];

		[[NSUserDefaults standardUserDefaults] setObject:password forKey:@"UUID"];

		[[NSUserDefaults standardUserDefaults] removeObjectForKey:@"TSXMasterPasswordVerification"];

	}

	return password;

}

#pragma mark -

#pragma mark Verification of encryption key against verification data

- (BOOL)verifyPassword:(Encryptor *)decryptor

{

	return [[decryptor plaintextPassword]

	    isEqualToString:[decryptor decryptString:[self encryptedVerificationData]]];

}

- (NSData *)encryptedVerificationData

{

	return [[NSUserDefaults standardUserDefaults] dataForKey:@"TSXMasterPasswordVerification"];

}

- (void)setEncryptedVerificationData:(Encryptor *)encryptor

{

	[[NSUserDefaults standardUserDefaults]

	    setObject:[encryptor encryptString:[encryptor plaintextPassword]]

	       forKey:@"TSXMasterPasswordVerification"];

}

@end