public static void SetPassword(CT_SheetProtection xobj, String password, HashAlgorithm hashAlgo, String prefix)
{
if (password == null)
{
xobj.password = null;
xobj.algorithmName = null;
xobj.hashValue = null;
xobj.saltValue = null;
xobj.spinCount = null;
return;
}
if (hashAlgo == null)
{
int hash = CryptoFunctions.CreateXorVerifier1(password);
xobj.password = String.Format("{0:X4}", hash).ToUpper();
}
else
{
SecureRandom random = new SecureRandom();
byte[] salt = random.GenerateSeed(16);
int spinCount = 100000;
byte[] hash = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCount, false);
xobj.algorithmName = hashAlgo.jceId;
xobj.hashValue = Convert.ToBase64String(hash);
xobj.saltValue = Convert.ToBase64String(salt);
xobj.spinCount = "" + spinCount;
}
}
public static bool ValidatePassword(CT_SheetProtection xobj, String password, String prefix)
{
if (password == null)
{
return(false);
}
string xorHashVal = xobj.password;
string algoName = xobj.algorithmName;
string hashVal = xobj.hashValue;
string saltVal = xobj.saltValue;
string spinCount = xobj.spinCount;
if (xorHashVal != null)
{
int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber);
int hash2 = CryptoFunctions.CreateXorVerifier1(password);
return(hash1 == hash2);
}
else
{
if (hashVal == null || algoName == null || saltVal == null || spinCount == null)
{
return(false);
}
byte[] hash1 = Convert.FromBase64String(hashVal);
HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName);
byte[] salt = Convert.FromBase64String(saltVal);
int spinCnt = Int32.Parse(spinCount);
byte[] hash2 = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false);
return(Arrays.Equals(hash1, hash2));
}
}
/// <summary>
/// protect a spreadsheet with a password (not encrypted, just sets protect flags and the password.)
/// </summary>
/// <param name="password">password to set;Pass <code>null</code> to remove all protection</param>
/// <param name="shouldProtectObjects">shouldProtectObjects are protected</param>
/// <param name="shouldProtectScenarios">shouldProtectScenarios are protected</param>
public void ProtectSheet(String password, bool shouldProtectObjects,
bool shouldProtectScenarios)
{
if (password == null)
{
_passwordRecord = null;
_protectRecord = null;
_objectProtectRecord = null;
_scenarioProtectRecord = null;
return;
}
ProtectRecord prec = this.Protect;
PasswordRecord pass = this.Password;
prec.Protect = true;
pass.Password = (short)CryptoFunctions.CreateXorVerifier1(password);
if (_objectProtectRecord == null && shouldProtectObjects)
{
ObjectProtectRecord rec = CreateObjectProtect();
rec.Protect = (true);
_objectProtectRecord = rec;
}
if (_scenarioProtectRecord == null && shouldProtectScenarios)
{
ScenarioProtectRecord srec = CreateScenarioProtect();
srec.Protect = (true);
_scenarioProtectRecord = srec;
}
}
/**
* Validates the password, i.e.
* calculates the hash of the given password and Compares it against the stored hash
*
* @param xobj the xmlbeans object which Contains the password attributes
* @param password the password, if null the method will always return false,
* even if there's no password Set
* @param prefix the prefix of the password attributes, may be null
*
* @return true, if the hashes match
*/
public static bool ValidatePassword(XmlNode xobj, String password, String prefix)
{
// TODO: is "velvetSweatshop" the default password?
if (password == null)
{
return(false);
}
XPathNavigator cur = xobj.CreateNavigator();
cur.MoveToAttribute("password", prefix);
String xorHashVal = cur.Value;
cur.MoveToAttribute("algorithmName", prefix);
String algoName = cur.Value;
cur.MoveToAttribute("hashValue", prefix);
String hashVal = cur.Value;
cur.MoveToAttribute("saltValue", prefix);
String saltVal = cur.Value;
cur.MoveToAttribute("spinCount", prefix);
String spinCount = cur.Value;
//cur.Dispose();
if (xorHashVal != null)
{
int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber);
int hash2 = CryptoFunctions.CreateXorVerifier1(password);
return(hash1 == hash2);
}
else
{
if (hashVal == null || algoName == null || saltVal == null || spinCount == null)
{
return(false);
}
byte[] hash1 = Convert.FromBase64String(hashVal);
HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName);
byte[] salt = Convert.FromBase64String(saltVal);
int spinCnt = Int32.Parse(spinCount);
byte[] hash2 = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false);
return(Arrays.Equals(hash1, hash2));
}
}
public void TestXorEncryption1()
{
// Xor-Password: abc
// 2.5.343 XORObfuscation
// key = 20810
// verifier = 52250
int verifier = CryptoFunctions.CreateXorVerifier1("abc");
int key = CryptoFunctions.CreateXorKey1("abc");
Assert.AreEqual(20810, key);
Assert.AreEqual(52250, verifier);
byte[] xorArrAct = CryptoFunctions.CreateXorArray1("abc");
byte[] xorArrExp = HexRead.ReadFromString("AC-CC-A4-AB-D6-BA-C3-BA-D6-A3-2B-45-D3-79-29-BB");
//assertThat(xorArrExp, EqualTo(xorArrAct));
Assert.That(xorArrExp, Is.EqualTo(xorArrAct));
}
/**
* Sets the XORed or hashed password
*
* @param xobj the xmlbeans object which Contains the password attributes
* @param password the password, if null, the password attributes will be Removed
* @param hashAlgo the hash algorithm, if null the password will be XORed
* @param prefix the prefix of the password attributes, may be null
*/
public static void SetPassword(XmlNode xobj, String password, HashAlgorithm hashAlgo, String prefix)
{
XPathNavigator cur = xobj.CreateNavigator();
if (password == null)
{
//dose the prefix is namespace? check it!!!
if (cur.MoveToAttribute("password", prefix))
{
cur.DeleteSelf();
}
if (cur.MoveToAttribute("algorithmName", prefix))
{
cur.DeleteSelf();
}
if (cur.MoveToAttribute("hashValue", prefix))
{
cur.DeleteSelf();
}
if (cur.MoveToAttribute("saltValue", prefix))
{
cur.DeleteSelf();
}
if (cur.MoveToAttribute("spinCount", prefix))
{
cur.DeleteSelf();
}
return;
}
//cur.ToFirstContentToken();
if (hashAlgo == null)
{
int hash = CryptoFunctions.CreateXorVerifier1(password);
cur.CreateAttribute(prefix, "password", null, String.Format("{0:X4}", hash).ToUpper());
//cur.InsertAttributeWithValue(GetAttrName(prefix, "password"),
// String.Format("{0:X}", hash).ToUpper());
}
else
{
SecureRandom random = new SecureRandom();
byte[] salt = random.GenerateSeed(16);
// Iterations specifies the number of times the hashing function shall be iteratively run (using each
// iteration's result as the input for the next iteration).
int spinCount = 100000;
// Implementation Notes List:
// --> In this third stage, the reversed byte order legacy hash from the second stage shall
// be Converted to Unicode hex string representation
byte[] hash = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCount, false);
cur.CreateAttribute(prefix, "algorithmName", null, hashAlgo.jceId);
cur.CreateAttribute(prefix, "hashValue", null, Convert.ToBase64String(hash));
cur.CreateAttribute(prefix, "saltValue", null, Convert.ToBase64String(salt));
cur.CreateAttribute(prefix, "spinCount", null, "" + spinCount);
//cur.InsertAttributeWithValue(GetAttrName(prefix, "algorithmName"), hashAlgo.jceId);
//cur.InsertAttributeWithValue(GetAttrName(prefix, "hashValue"), Convert.ToBase64String(hash));
//cur.InsertAttributeWithValue(GetAttrName(prefix, "saltValue"), Convert.ToBase64String(salt));
//cur.InsertAttributeWithValue(GetAttrName(prefix, "spinCount"), "" + spinCount);
}
//cur.Dispose();
}
