2019-03-28 22:43:32 +01:00
|
|
|
using System;
|
|
|
|
|
using System.Collections.Generic;
|
2019-05-21 19:28:34 +02:00
|
|
|
using System.IO;
|
2019-03-28 22:43:32 +01:00
|
|
|
using System.Text;
|
|
|
|
|
|
|
|
|
|
namespace MediaBrowser.Model.Cryptography
|
|
|
|
|
{
|
|
|
|
|
public class PasswordHash
|
|
|
|
|
{
|
|
|
|
|
// Defined from this hash storage spec
|
|
|
|
|
// https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
|
|
|
|
|
// $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
|
|
|
|
|
// with one slight amendment to ease the transition, we're writing out the bytes in hex
|
|
|
|
|
// rather than making them a BASE64 string with stripped padding
|
|
|
|
|
|
|
|
|
|
private string _id;
|
|
|
|
|
|
|
|
|
|
private Dictionary<string, string> _parameters = new Dictionary<string, string>();
|
|
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
private byte[] _salt;
|
2019-03-28 22:43:32 +01:00
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
private byte[] _hash;
|
2019-03-28 22:43:32 +01:00
|
|
|
|
|
|
|
|
public PasswordHash(string storageString)
|
|
|
|
|
{
|
|
|
|
|
string[] splitted = storageString.Split('$');
|
2019-05-21 19:28:34 +02:00
|
|
|
// The string should at least contain the hash function and the hash itself
|
|
|
|
|
if (splitted.Length < 3)
|
|
|
|
|
{
|
|
|
|
|
throw new ArgumentException("String doesn't contain enough segments", nameof(storageString));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Start at 1, the first index shouldn't contain any data
|
|
|
|
|
int index = 1;
|
|
|
|
|
|
|
|
|
|
// Name of the hash function
|
|
|
|
|
_id = splitted[index++];
|
|
|
|
|
|
|
|
|
|
// Optional parameters
|
|
|
|
|
if (splitted[index].IndexOf('=') != -1)
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
foreach (string paramset in splitted[index++].Split(','))
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
if (string.IsNullOrEmpty(paramset))
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
continue;
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
2019-05-21 19:28:34 +02:00
|
|
|
|
|
|
|
|
string[] fields = paramset.Split('=');
|
|
|
|
|
if (fields.Length != 2)
|
|
|
|
|
{
|
|
|
|
|
throw new InvalidDataException($"Malformed parameter in password hash string {paramset}");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_parameters.Add(fields[0], fields[1]);
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
2019-05-21 19:28:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check if the string also contains a salt
|
|
|
|
|
if (splitted.Length - index == 2)
|
|
|
|
|
{
|
|
|
|
|
_salt = ConvertFromByteString(splitted[index++]);
|
|
|
|
|
_hash = ConvertFromByteString(splitted[index++]);
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
_salt = Array.Empty<byte>();
|
|
|
|
|
_hash = ConvertFromByteString(splitted[index++]);
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
public string Id { get => _id; set => _id = value; }
|
|
|
|
|
|
|
|
|
|
public Dictionary<string, string> Parameters { get => _parameters; set => _parameters = value; }
|
|
|
|
|
|
|
|
|
|
public byte[] Salt { get => _salt; set => _salt = value; }
|
|
|
|
|
|
|
|
|
|
public byte[] Hash { get => _hash; set => _hash = value; }
|
|
|
|
|
|
2019-03-28 22:43:32 +01:00
|
|
|
public PasswordHash(ICryptoProvider cryptoProvider)
|
|
|
|
|
{
|
|
|
|
|
_id = cryptoProvider.DefaultHashMethod;
|
2019-05-21 19:28:34 +02:00
|
|
|
_salt = cryptoProvider.GenerateSalt();
|
|
|
|
|
_hash = Array.Empty<Byte>();
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static byte[] ConvertFromByteString(string byteString)
|
|
|
|
|
{
|
|
|
|
|
byte[] bytes = new byte[byteString.Length / 2];
|
|
|
|
|
for (int i = 0; i < byteString.Length; i += 2)
|
|
|
|
|
{
|
|
|
|
|
// TODO: NetStandard2.1 switch this to use a span instead of a substring.
|
|
|
|
|
bytes[i / 2] = Convert.ToByte(byteString.Substring(i, 2), 16);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return bytes;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static string ConvertToByteString(byte[] bytes)
|
2019-05-21 19:28:34 +02:00
|
|
|
=> BitConverter.ToString(bytes).Replace("-", string.Empty);
|
2019-03-28 22:43:32 +01:00
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
private void SerializeParameters(StringBuilder stringBuilder)
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
if (_parameters.Count == 0)
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
return;
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
stringBuilder.Append('$');
|
|
|
|
|
foreach (var pair in _parameters)
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
stringBuilder.Append(pair.Key);
|
|
|
|
|
stringBuilder.Append('=');
|
|
|
|
|
stringBuilder.Append(pair.Value);
|
|
|
|
|
stringBuilder.Append(',');
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
// Remove last ','
|
|
|
|
|
stringBuilder.Length -= 1;
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public override string ToString()
|
|
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
var str = new StringBuilder();
|
|
|
|
|
str.Append('$');
|
|
|
|
|
str.Append(_id);
|
|
|
|
|
SerializeParameters(str);
|
2019-03-28 22:43:32 +01:00
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
if (_salt.Length == 0)
|
2019-03-28 22:43:32 +01:00
|
|
|
{
|
2019-05-21 19:28:34 +02:00
|
|
|
str.Append('$');
|
|
|
|
|
str.Append(ConvertToByteString(_salt));
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-21 19:28:34 +02:00
|
|
|
str.Append('$');
|
|
|
|
|
str.Append(ConvertToByteString(_hash));
|
|
|
|
|
|
|
|
|
|
return str.ToString();
|
2019-03-28 22:43:32 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
