コード例 #1
0
        public bool RetrieveToken(string id, out PasswordHash.HashInfo hashedToken, out string encryptedUserId, out byte[] userIdSalt, out DateTime issuedAt, out DateTime refreshed)
        {
            try
            {
                var sql = @"SELECT [id]
                              ,[id_salt]
                              ,[token_hash]
                              ,[token_salt]
                              ,[token_method]
                              ,[token_iterations]
                              ,[issued_at]
                              ,[refreshed]
                          FROM [TokenStorage]
                          WHERE [id] = @id";


                var results = dataConnection.Query<TokenStorageDb>(sql, new { id = id });

                // get the first out of the result set and throw exception if there is more
                var token = results.Single();

                issuedAt = token.issued_at;
                refreshed = token.refreshed;
                hashedToken = new PasswordHash.HashInfo
                {
                    Hash = token.token_hash,
                    Iterations = token.token_iterations,
                    Method = token.token_method,
                    Salt = token.token_salt
                };
                encryptedUserId = token.id;
                userIdSalt = Convert.FromBase64String(token.id_salt);

                return true;

            }
            catch (Exception ex)
            {
                logger.Error(ex);
            }         
            
            // set all information on null or default
            hashedToken = null;
            encryptedUserId = null;
            userIdSalt = null;
            issuedAt = new DateTime();
            refreshed = new DateTime();

            return false;
        }
コード例 #2
0
        public bool StoreToken(int userId, PasswordHash.HashInfo hashedToken, string encryptedUserId, byte[] userIdSalt, DateTime issuedAt)
        {
            logger.Debug("Store access token");
            // cleanup table
            var cleanUpSql = @"DELETE FROM [TokenStorage] WHERE user_id = @user_id";
            var deleteResult = dataConnection.Execute(cleanUpSql, new { user_id = userId });

            // store the actual token
            var sql = @" INSERT INTO [TokenStorage]
                                ([id]
                                ,[id_salt]
                                ,[token_hash]
                                ,[token_salt]
                                ,[token_method]
                                ,[token_iterations]
                                ,[issued_at]
                                ,[refreshed]
                                ,[user_id])
                            VALUES
                                (@id
                                ,@id_salt
                                ,@token_hash
                                ,@token_salt
                                ,@token_method
                                ,@token_iterations
                                ,@issued_at
                                ,@refreshed
                                ,@user_id)";
            // maybe 
            var result = dataConnection.Execute(sql, new
            {
                id = encryptedUserId,
                id_salt = Convert.ToBase64String(userIdSalt),
                token_hash = hashedToken.Hash,
                token_salt = hashedToken.Salt,
                token_iterations = hashedToken.Iterations,
                token_method = hashedToken.Method,
                issued_at = issuedAt,
                refreshed = issuedAt,
                user_id = userId
            });
            
            logger.Debug("Store access token result: " + result);
            
            return result == 1 ? true : false;
            
        }
コード例 #3
0
        public void HashPasswordTest()
        {
            string orgPassword = "******";
            var passwordHash = new PasswordHash();
            var hashedPassword = passwordHash.CreateHash(orgPassword);

            StringBuilder sb = new StringBuilder(); 
            foreach(char c in hashedPassword.ToString()){
                sb.Append(c);
            }

            var enteredPassword = sb.ToString();
            var validateResult = passwordHash.ValidatePassword("org-password", hashedPassword.ToString());

            Assert.AreEqual(hashedPassword.ToString(), enteredPassword);
            Assert.IsTrue(validateResult);

            PasswordHash.HashInfo hi = new PasswordHash.HashInfo(hashedPassword.ToString());
            Assert.AreEqual("sha1", hi.Method);
            Assert.AreEqual(PasswordHash.PBKDF2_ITERATIONS, hi.Iterations);

            Assert.AreEqual(hashedPassword.ToString().Split(':')[0], hi.Method);
            Assert.AreEqual(Int32.Parse(hashedPassword.ToString().Split(':')[1]), hi.Iterations);
            Assert.AreEqual(hashedPassword.ToString().Split(':')[2], hi.Salt);
            Assert.AreEqual(hashedPassword.ToString().Split(':')[3], hi.Hash);

            hi.Dispose();
            Assert.AreEqual(":0::", hi.ToString());

            PasswordHash.HashInfo hi2 = new PasswordHash.HashInfo
            {
                Method = "sha1",
                Iterations = 1000,
                Salt = "salt",
                Hash = "hash"
            };

            Assert.AreEqual("sha1:1000:salt:hash", hi2.ToString());
            hi2.Dispose();
            Assert.AreEqual(":0::", hi2.ToString());
            

        }