public static bool ValidatePassword(CT_SheetProtection xobj, String password, String prefix)
{
if (password == null)
{
return(false);
}
string xorHashVal = xobj.password;
string algoName = xobj.algorithmName;
string hashVal = xobj.hashValue;
string saltVal = xobj.saltValue;
string spinCount = xobj.spinCount;
if (xorHashVal != null)
{
int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber);
int hash2 = CryptoFunctions.CreateXorVerifier1(password);
return(hash1 == hash2);
}
else
{
if (hashVal == null || algoName == null || saltVal == null || spinCount == null)
{
return(false);
}
byte[] hash1 = Convert.FromBase64String(hashVal);
HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName);
byte[] salt = Convert.FromBase64String(saltVal);
int spinCnt = Int32.Parse(spinCount);
byte[] hash2 = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false);
return(Arrays.Equals(hash1, hash2));
}
}
/**
* Validates the password, i.e.
* calculates the hash of the given password and Compares it against the stored hash
*
* @param xobj the xmlbeans object which Contains the password attributes
* @param password the password, if null the method will always return false,
* even if there's no password Set
* @param prefix the prefix of the password attributes, may be null
*
* @return true, if the hashes match
*/
public static bool ValidatePassword(XmlNode xobj, String password, String prefix)
{
// TODO: is "velvetSweatshop" the default password?
if (password == null)
{
return(false);
}
XPathNavigator cur = xobj.CreateNavigator();
cur.MoveToAttribute("password", prefix);
String xorHashVal = cur.Value;
cur.MoveToAttribute("algorithmName", prefix);
String algoName = cur.Value;
cur.MoveToAttribute("hashValue", prefix);
String hashVal = cur.Value;
cur.MoveToAttribute("saltValue", prefix);
String saltVal = cur.Value;
cur.MoveToAttribute("spinCount", prefix);
String spinCount = cur.Value;
//cur.Dispose();
if (xorHashVal != null)
{
int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber);
int hash2 = CryptoFunctions.CreateXorVerifier1(password);
return(hash1 == hash2);
}
else
{
if (hashVal == null || algoName == null || saltVal == null || spinCount == null)
{
return(false);
}
byte[] hash1 = Convert.FromBase64String(hashVal);
HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName);
byte[] salt = Convert.FromBase64String(saltVal);
int spinCnt = Int32.Parse(spinCount);
byte[] hash2 = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false);
return(Arrays.Equals(hash1, hash2));
}
}
