public void Should_upgrade_the_secret_with_the_new_hash()
            {
                var config = _configProvider.GetHashConfiguration();

                A.CallTo(() => _securePackedHashProvider.ComputePackedHashString(Secret,
                                                                                 config.GetAlgorithmHashCode(), config.Iterations, config.GetSaltSizeInBytes())).MustHaveHappened();
            }
        /// <summary>
        /// Generates a new Secret for the given ApiClient object; the new Secret is hashed, and the pre-hash plain text is returned
        /// </summary>
        /// <param name="apiClient">ApiClient entity for which a new secure secret should be generated</param>
        /// <param name="securePackedHashProvider">Hash provider service</param>
        /// <param name="hashConfigurationProvider">Hash configuration settings provider</param>
        /// <returns>Plain text value of Secret, before hasing algorithm has been applied</returns>
        public static string GenerateSecureClientSecret(this ApiClient apiClient, ISecurePackedHashProvider securePackedHashProvider, IHashConfigurationProvider hashConfigurationProvider)
        {
            var hashConfiguration = hashConfigurationProvider.GetHashConfiguration();
            var plainTextSecret   = apiClient.GenerateSecret();

            var hashedSecret = securePackedHashProvider.ComputePackedHashString(
                plainTextSecret,
                hashConfiguration.GetAlgorithmHashCode(),
                hashConfiguration.Iterations,
                hashConfiguration.GetSaltSizeInBytes());

            apiClient.Secret         = hashedSecret;
            apiClient.SecretIsHashed = true;

            return(plainTextSecret);
        }
Ejemplo n.º 3
0
        public bool VerifySecret(string key, string presentedSecret, ApiClientSecret actualSecret)
        {
            if (!_next.VerifySecret(key, presentedSecret, actualSecret))
            {
                _logger.Warn(
                    $"Unable to decode the secret for vendor \"{key}\" using the secret verifier \"{_next.GetType().Name}\". You may need to reset the secret for this vendor.");

                return(false);
            }

            var hashAlgorithm = _hashConfiguration.GetAlgorithmHashCode();

            if (actualSecret.IsHashed)
            {
                var packedHash = _packedHashConverter.GetPackedHash(actualSecret.Secret);

                if (packedHash.HashAlgorithm == hashAlgorithm &&
                    packedHash.Iterations == _hashConfiguration.Iterations &&
                    packedHash.Salt.Length == _hashConfiguration.GetSaltSizeInBytes())
                {
                    return(true);
                }
            }

            actualSecret.Secret = _securePackedHashProvider.ComputePackedHashString(
                presentedSecret,
                hashAlgorithm,
                _hashConfiguration.Iterations,
                _hashConfiguration.GetSaltSizeInBytes());

            actualSecret.IsHashed = true;

            _apiClientSecretProvider.SetSecret(key, actualSecret);

            return(true);
        }
 protected override void Act()
 {
     _actualResponse = _securePackedHashProvider.ComputePackedHashString("MySecret", 123, 321, 3);
 }