/*
 Password Encryption Controller
 
 Copyright 2013 Thincast Technologies GmbH, Author: Dorian Johnson
 
 This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0. 
 If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

#import "EncryptionController.h"
#import "SFHFKeychainUtils.h"
#import "TSXAdditions.h"

@interface EncryptionController (Private)

- (BOOL)verifyPassword:(Encryptor*)decryptor;
- (NSData*)encryptedVerificationData;
- (void)setEncryptedVerificationData:(Encryptor*)encryptor;

- (NSString*)keychainServerName;
- (NSString*)keychainUsername;
- (void)setKeychainPassword:(NSString*)password;
- (NSString*)keychainPassword;
- (NSString*)keychainDefaultPassword;

@end

static EncryptionController* _shared_encryption_controller = nil;


#pragma mark -

@implementation EncryptionController

+ (EncryptionController*)sharedEncryptionController
{
	@synchronized(self)
	{
		if (_shared_encryption_controller == nil)
			_shared_encryption_controller = [[EncryptionController alloc] init];		
	}
	
	return _shared_encryption_controller;	
}

#pragma mark Getting an encryptor or decryptor

- (Encryptor*)encryptor
{
	if (_shared_encryptor)
		return _shared_encryptor;
	
	NSString* saved_password = [self keychainPassword];    
	if (saved_password == nil)
    {
        saved_password = [self keychainDefaultPassword];        
        Encryptor* encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease];
        [self setEncryptedVerificationData:encryptor];        
        _shared_encryptor = [encryptor retain];
    }
    else
    {
        Encryptor* encryptor = [[[Encryptor alloc] initWithPassword:saved_password] autorelease];
        if ([self verifyPassword:encryptor])
            _shared_encryptor = [encryptor retain];
    }    
    
    return _shared_encryptor;
}

// For the current implementation, decryptors and encryptors are equivilant.
- (Encryptor*)decryptor { return [self encryptor]; }

@end

#pragma mark -

@implementation EncryptionController (Private)

#pragma mark -
#pragma mark Keychain password storage

- (NSString*)keychainServerName
{
	return [[[NSBundle mainBundle] infoDictionary] objectForKey:@"CFBundleName"];
}

- (NSString*)keychainUsername
{
	return @"master.password";
}

- (void)setKeychainPassword:(NSString*)password
{	
    NSError* error;
	if (password == nil)
	{
        [SFHFKeychainUtils deleteItemForUsername:[self keychainUsername] andServerName:[self keychainServerName] error:&error];
		return;
	}

	[SFHFKeychainUtils storeUsername:[self keychainUsername] andPassword:password forServerName:[self keychainServerName] updateExisting:YES error:&error];
}

- (NSString*)keychainPassword
{
    NSError* error;
    return [SFHFKeychainUtils getPasswordForUsername:[self keychainUsername] andServerName:[self keychainServerName] error:&error];
}

- (NSString*)keychainDefaultPassword
{
    NSString* password = [[NSUserDefaults standardUserDefaults] stringForKey:@"UUID"];
    if ([password length] == 0)
    {
        password = [NSString stringWithUUID];
        [[NSUserDefaults standardUserDefaults] setObject:password forKey:@"UUID"];
        [[NSUserDefaults standardUserDefaults] removeObjectForKey:@"TSXMasterPasswordVerification"];
    }
    return password;
}

#pragma mark -
#pragma mark Verification of encryption key against verification data

- (BOOL)verifyPassword:(Encryptor*)decryptor 
{
	return [[decryptor plaintextPassword] isEqualToString:[decryptor decryptString:[self encryptedVerificationData]]];
}

- (NSData*)encryptedVerificationData
{
	return [[NSUserDefaults standardUserDefaults] dataForKey:@"TSXMasterPasswordVerification"];
}

- (void)setEncryptedVerificationData:(Encryptor*)encryptor
{
	[[NSUserDefaults standardUserDefaults] setObject:[encryptor encryptString:[encryptor plaintextPassword]] forKey:@"TSXMasterPasswordVerification"];
}

@end