//--------------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Tests the encryption methods
/// </summary>
public static bool Test()
{
bool success = false;
//-----------------------------------------------------------------------------------------------------------------------------------------------------------
// Test the general encryption stuff ...
SecureString tempKey = MGLEncryption.GenerateKey();
Console.WriteLine(tempKey);
MGLEncryption.SetCryptKey = tempKey;
StringBuilder testStr = new StringBuilder("What a lovely __ time of it!");
StringBuilder encryptedStr = MGLEncryption.Encrypt(testStr);
StringBuilder decryptedStr = MGLEncryption.Decrypt(encryptedStr);
bool theSame = MGLEncryption.Compare(testStr, encryptedStr);
bool theSameStr = AreEqual(testStr, decryptedStr);
bool notTheSame = MGLEncryption.Compare(new StringBuilder("Oh dear"), encryptedStr);
StringBuilder htmledStr = MGLEncryption.HTMLifyString(encryptedStr);
StringBuilder deHtmledStr = MGLEncryption.DeHTMLifyString(htmledStr);
bool htmlWorking = MGLEncryption.AreEqual(deHtmledStr, encryptedStr);
// Now test the password stuff ...
SecureString tempKey2 = MGLEncryption.GenerateKey();
Console.WriteLine(tempKey2);
success = (theSame == true) && (theSameStr == true) && (notTheSame == false) && (htmlWorking == true);
return(success);
}
//---------------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Compares two passwords - note that this method includes a Threading element so that hackers cannot tell how similar strings are
/// by using code to time the comparison - e.g. a match on the first and second chars will be marginally slower than one that does not
/// match on the first character
///
/// The test password is UNencrypted, while the current password is fully encrypted ...
/// </summary>
public static bool Compare(StringBuilder testPassword, StringBuilder currentPassword)
{
bool success = false;
string[] bits = null;
try {
// get the attributes from the current Password
// have to conver it to a string unfortunately to split on the colons ....
bits = currentPassword.ToString().Split(new string[] { ":" }, StringSplitOptions.None);
int numIterations = 0;
int.TryParse(bits[3], out numIterations);
// Encrypt the test password
StringBuilder encryptedTestPassword = Encrypt(testPassword, bits[1], bits[2], numIterations);
// now do basic string comparison to compare the two strings!
if (MGLEncryption.AreEqual(encryptedTestPassword, currentPassword) == true)
{
success = true;
}
} catch (Exception ex) {
Logger.LogError(9, "MGLPasswordHash - error occurred while comparing two passwords: " + ex.ToString());
} finally {
// always kill the array of bits
bits = null;
}
// Now introduce a random response element, delaying by up to 100 ms. (0.1 seconds)
Thread.Sleep(new Random().Next(0, 100));
return(success);
}
//---------------------------------------------------------------------------------------------------------------------------------------------------------
/// <summary>
/// Compares the two secure strings and returns true if they are equivalent textually, both null or both empty
/// if isCaseSensitive == true, we also compare the case sensitivity of the information - but this needs a string comparison
/// so will result in strings popping into memory and is probably a little bit slower ...
/// </summary>
public static bool AreEqual(SecureString ss1, SecureString ss2, bool isCaseSensitive)
{
return(MGLEncryption.AreEqual(SecureStringWrapper.Decrypt(ss1), SecureStringWrapper.Decrypt(ss2), isCaseSensitive));
}
