public Token Signin(LoginRequest loginRequest)
{
var password = CryptoTools.ComputeHashMd5(loginRequest.Password);
var user = _userService.Get(loginRequest.Username);
if (user == null)
{
return(null);
}
if (user.Password == password)
{
//criado um token específico para ficar mais simples e performático
//o mesmo será utilizado na validação das requisições
var token = new Token
{
Id = user.Id,
Username = user.Username,
Password = user.Password
};
return(token);
}
return(null);
}
public async Task <ActionResult> Create(string deviceSessionId, string userName, string password)
{
//Create the Auth Server User
var hash = CryptoTools.GenerateHash(password);
var user = await DataContext.UserCollection.CreateAsync(userName, hash.Hash, hash.Salt).ConfigureAwait(false);
//Generate Token for this User Authenticated
var scheme = Request.Url.Scheme;
var server = Request.Url.Host;
var port = Request.Url.Port;
var content = new StringContent(string.Format("grant_type=password&username={0}&password={1}&session_id={2}", userName, password, deviceSessionId), Encoding.UTF8, "application/x-www-form-urlencoded");
var authRequest = new HttpClient();
authRequest.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(Request.Headers["Authorization"]);
var response = await authRequest.PostAsync(scheme + "://" + server + ":" + port + "/" + "/oauth2/token", content);
if (response.IsSuccessStatusCode)
{
var resp = await response.Content.ReadAsStringAsync();
JObject responseItems = JObject.Parse(resp);
var accessTokenModel = new AccessToken()
{
access_token = (string)responseItems["access_token"],
token_type = (string)responseItems["token_type"],
expires_in = (string)responseItems["expires_in"]
};
return(View(accessTokenModel));
}
throw new InvalidOperationException("Error creating user");
}
public async Task <Token> LoginAsync(LoginRequest loginRequest)
{
var result = await GetAllAsync(x => x.Login.ToUpper() == loginRequest.Login.ToUpper());
var user = result.FirstOrDefault();
if (user == null)
{
return(null);
}
var password = CryptoTools.ComputeHashMd5(loginRequest.Password);
if (user.Password != password)
{
return(null);
}
var token = new Token
{
UserId = user.Id,
UserName = user.Name,
Login = user.Login,
ExpirateAt = DateTime.Now.AddHours(12)
};
return(token);
}
/// <summary>
/// Opens and decrypts AccountList asynchronous from file and loads into ObservableCollection<AccountList>.
/// If null, will create new ObservableCollection<AccountModel>()
/// </summary>
public async Task <bool> OpenAccountList()
{
if (settings != null)
{
byte[] o = await FileManager.OpenFile(settings.saveFileLocation);
KeyFile key = await CryptoTools.LoadStoredKeyFile(settings.keyLocation);
// MessageBox.Show(Convert.ToBase64String(key.key));
if (o != null && o.Length > 0 && key != null)
{
object decryptedData = CryptoTools.DecryptData(key.key, key.IV, o);
if (decryptedData != null)
{
AccountsList = (BetterObservableCollection <AccountModel>)decryptedData;
}
}
else
{
AccountsList = new BetterObservableCollection <AccountModel>();
SaveAccountList();
}
Locked = false;
}
AccountsList.CollectionChanged += AccountListChanged;
return(true);
}
/// <summary>
/// Asynchronous save of ObservableCollection<AccountList>.
/// </summary>
public async void SaveAccountList()
{
if (AccountsList == null)
{
return;
}
//remove all empty rows.
for (int i = AccountsList.Count - 1; i >= 0; i--)
{
if (AccountsList[i].IsEmpty)
{
AccountsList.RemoveAt(i);
}
}
KeyFile key;
if (File.Exists(settings.keyLocation))
{
//load key from appdata.
key = await CryptoTools.LoadStoredKeyFile(settings.keyLocation);
}
else
{
//create new keyfile if none created yet in appdata.
key = await CryptoTools.CreateStoredKeyFile(settings.keyLocation);
}
//encrypt accountlist into byte array.
byte[] listAsBytes = CryptoTools.EncryptData(key.key, key.IV, AccountsList);
//save encrypted accountlist
await FileManager.SaveFileAsync(settings.saveFileLocation, listAsBytes, false);
}
public UserManageResult SetPassword(string id, SecureString password)
{
bool passwordIsValid = validatePassword(password.Unsecure());
if (!passwordIsValid)
{
return new UserManageResult {
Success = false,
Errors = new List <string> {
"Password does not meet minimum complexity requirements."
}
}
}
;
byte[] salt = CryptoTools.CreateSalt();
IdentityUser user = _bifUserStore.LoadUserById(id);
user.Entropy = salt;
user.PasswordHash = password.HashValue(salt);
_bifUserStore.Update();
return(new UserManageResult {
Success = true
});
}
private void btnHash_Click(object sender, EventArgs e)
{
/*
* uint t;
* int zaman = Environment.TickCount;
*
* for (uint i = 5000000; i < 5225000; i++)
* t = CryptoTools.OneWayFunction32Bit(i);
*
* zaman = Environment.TickCount - zaman;
*
* MessageBox.Show(zaman.ToString());
*/
try
{
string hash = CryptoTools.OneWayFunction32Bit(txtInput.Text.ToByteArray()).ToByteArray().ToStringValue();
txtOutput.Text = hash;
txtHashInput.Text = hash;
}
catch (Exception exp)
{
MessageBox.Show("MESSAGE: " + exp.Message + "\r\nSTACK TRACE: " + exp.StackTrace, this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public void Seed()
{
var centros = Centros.AddRange(new[]
{
new Centro()
{
IdCentro = "CentroA", ListaAulas = new [] { "1-1", "1-2", "2-1" }, ClaveUsuario = "1234", ClaveAdmin = "admin1234"
},
new Centro()
{
IdCentro = "CentroB", ListaAulas = new [] { "a", "b", "c" }, ClaveUsuario = "aaa", ClaveAdmin = "adminaaa"
},
new Centro()
{
IdCentro = "CentroC", ListaAulas = new [] { "A1-42" }, ClaveUsuario = "bbb", ClaveAdmin = "adminbbb"
},
}).ToArray();
foreach (Centro centro in centros)
{
centro.SaltUsuario = CryptoTools.GenerateSalt();
centro.ClaveUsuario = CryptoTools.GenerateHash(centro.ClaveUsuario, centro.SaltUsuario);
centro.SaltAdmin = CryptoTools.GenerateSalt();
centro.ClaveAdmin = CryptoTools.GenerateHash(centro.ClaveAdmin, centro.SaltAdmin);
}
Incidencias.AddRange(new[]
{
new Incidencia()
{
Timestamp = DateTime.UtcNow, Asunto = "Incidencia 1", Comentario = "Comentario 1", Centro = centros[1], Aula = "b", Equipo = "E11", Cerrada = true
},
new Incidencia()
{
Timestamp = DateTime.UtcNow, Asunto = "Incidencia 2", Comentario = "Comentario 2", Centro = centros[0], Aula = "1-1", Equipo = "E26", Cerrada = true
},
new Incidencia()
{
Timestamp = DateTime.UtcNow, Asunto = "Incidencia 3", Comentario = "Comentario 3", Centro = centros[0], Aula = "2-1", Equipo = "E27", Cerrada = false
},
new Incidencia()
{
Timestamp = DateTime.UtcNow, Asunto = "Incidencia 4", Comentario = "Comentario 4", Centro = centros[1], Aula = "c", Equipo = "E32", Cerrada = false
},
new Incidencia()
{
Timestamp = DateTime.UtcNow, Asunto = "Incidencia 5", Comentario = "Comentario 5", Centro = centros[2], Aula = "A1-42", Equipo = "E49", Cerrada = false
},
new Incidencia()
{
Timestamp = DateTime.UtcNow, Asunto = "Incidencia 6", Comentario = "Comentario 6", Centro = centros[2], Aula = "A1-42", Equipo = "E50", Cerrada = false
}
});
SaveChanges();
}
public void CryptoTools_Create3Des()
{
var prov = CryptoTools.CreateSymmetricCryptoProvider("3DES");
Assert.IsNotNull(prov);
Assert.AreEqual(typeof(TripleDESCryptoServiceProvider), prov.GetType());
prov = CryptoTools.CreateSymmetricCryptoProvider("3des");
Assert.IsNotNull(prov);
Assert.AreEqual(typeof(TripleDESCryptoServiceProvider), prov.GetType());
}
public void CryptoTools_CreateRc2()
{
var prov = CryptoTools.CreateSymmetricCryptoProvider("RC2");
Assert.IsNotNull(prov);
Assert.AreEqual(typeof(RC2CryptoServiceProvider), prov.GetType());
prov = CryptoTools.CreateSymmetricCryptoProvider("rc2");
Assert.IsNotNull(prov);
Assert.AreEqual(typeof(RC2CryptoServiceProvider), prov.GetType());
}
public void CryptoTools_CreateRijndael()
{
var prov = CryptoTools.CreateSymmetricCryptoProvider("RIJNDAEL");
Assert.IsNotNull(prov);
Assert.AreEqual(typeof(RijndaelManaged), prov.GetType());
prov = CryptoTools.CreateSymmetricCryptoProvider("rijndael");
Assert.IsNotNull(prov);
Assert.AreEqual(typeof(RijndaelManaged), prov.GetType());
}
private static string GetCacheKey(string folderPath, bool ignoreSystemAssemblies = true, params string[] ignoredAssemblies)
{
var cacheKey = string.Empty;
var ignoredString = string.Join(",", ignoredAssemblies);
var result = $"{folderPath}_{ignoredAssemblies}_{ignoredString}";
cacheKey = CryptoTools.CalculateMD5Hash(result);
return(cacheKey);
}
/// <summary>
/// demo encryption method
/// </summary>
public byte[] Encrypt(byte[] data, SecureString mutatedKey)
{
using (var encryptor = Aes.Create()) {
using (var pdb = CryptoTools.DeriveBytes(mutatedKey, salt)) {
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
}
using (var ms = new MemoryStream()) {
using (var cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
cs.Write(data, 0, data.Length);
return(ms.ToArray());
}
}
}
internal void GenerateKeys()
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
rsa.PersistKeyInCsp = false; //This is important because we don't want to store these keys in the windows files system
string publicPrivateKeyXML = rsa.ToXmlString(true);
string publicOnlyKeyXML = rsa.ToXmlString(false);
string publicPrivateKeystring = CryptoTools.UrlBase64Encode(publicPrivateKeyXML);
string publicOnlyKeystring = CryptoTools.UrlBase64Encode(publicOnlyKeyXML);
// do stuff with keys...
}
}
public void ChangePassword(ChangePasswordRequest changePasswordRequest)
{
var oldPassword = CryptoTools.ComputeHashMd5(changePasswordRequest.OldPassword);
var user = GetAll(x =>
x.Login.ToUpper() == changePasswordRequest.Login.ToUpper() &&
x.Password == oldPassword).FirstOrDefault();
if (user == null)
{
throw new ValidatorException("Old Password is invalid!");
}
user.Password = CryptoTools.ComputeHashMd5(changePasswordRequest.NewPassword);
base.Update(user);
}
public Token Signup(User user)
{
user.Password = CryptoTools.ComputeHashMd5(user.Password);
_userService.Save(user);
if (user.Id > 0)
{
var token = new Token
{
Id = user.Id,
Username = user.Username,
Password = user.Password
};
return(token);
}
return(null);
}
public UserManageResult CreateUser(string email, SecureString password)
{
User user = _userStore.LoadUserByEmail(email);
if (user != null)
{
return new UserManageResult {
Success = false,
Errors = new List <string> {
"User already exists."
}
}
}
;
bool passwordIsValid = validatePassword(password.Unsecure());
if (!passwordIsValid)
{
return new UserManageResult {
Success = false,
Errors = new List <string> {
"Password does not meet minimum complexity requirements."
}
}
}
;
byte[] salt = CryptoTools.CreateSalt();
user = new User
{
Id = Guid.NewGuid(),
Entropy = salt,
EmailAddress = email.Trim(),
PasswordHash = password.HashValue(salt)
};
_userStore.Add(user);
_userStore.Update();
return(new UserManageResult
{
Success = true
});
}
internal static NetworkCredential Get(NetworkCredentialXML value)
{
if (value == null)
{
return(null);
}
string password;
if (value.EncryptedPassword != null)
{
byte[] bytes = CryptoTools.Decrypt(value.EncryptedPassword, NetworkCredentialXML.PwdEncryptionKey);
password = Encoding.Unicode.GetString(bytes);
}
else
{
password = null;
}
return(new NetworkCredential(value.Username, password, value.Domain));
}
internal static NetworkCredentialXML Get(NetworkCredential nc)
{
if (nc == null)
{
return(null);
}
NetworkCredentialXML networkCredentialXML = new NetworkCredentialXML();
networkCredentialXML.Username = nc.UserName;
networkCredentialXML.Domain = nc.Domain;
if (string.IsNullOrEmpty(nc.Password))
{
networkCredentialXML.EncryptedPassword = null;
}
else
{
networkCredentialXML.EncryptedPassword = CryptoTools.Encrypt(Encoding.Unicode.GetBytes(nc.Password), NetworkCredentialXML.PwdEncryptionKey);
}
return(networkCredentialXML);
}
public void TestSignin()
{
var user = new User();
user.Name = "Fake Name";
user.Password = CryptoTools.ComputeHashMd5("blablabla");
user.Username = "******";
repository.Insert(user);
repository.Save();
var loginRequest = new LoginRequest();
loginRequest.Username = "******";
loginRequest.Password = "******";
Token token = authService.Signin(loginRequest);
Assert.True(token != null, "Signin implemented!");
}
void ThreadedFalsePositives()
{
int test = 100;
int falsePositives = 0;
UpdateLogWithDate("Starting to find preimages of hashes of " + test + " known random inputs.");
for (int i = 0; i < test; i++)
{
byte[] byt = new byte[4];
rnd.NextBytes(byt);
byt[1] = 0; byt[2] = 0; byt[3] = 0;
int tk = rnd.Next(test); tk++;
uint deger = byt.ToUInt32();
uint sondeger = 0;
for (int j = 0; j < tk; j++)
{
if (j == tk - 1)
{
sondeger = deger;
}
deger = CryptoTools.OneWayFunction32Bit(deger);
}
// yukarıdaki for'un yaptığı iş: hash(sondeger) = deger
uint?kntrl = hll.FindPreimageValue(deger);
if (kntrl != null)
{
uint kontrol = (uint)kntrl;
UpdateLogWithDate((i + 1) + "/100: Plaintext:" + sondeger.ToByteArray().ToStringValue() + " Hash: " + deger.ToByteArray().ToStringValue() + " Preimage of hash: " + kontrol.ToByteArray().ToStringValue());
// eğer bulunan preimage gerçek değerin hash'ine eşitse
if (kontrol != sondeger)
{
falsePositives++;
}
}
}
UpdateLogWithDate("Number of false positives: " + falsePositives + " over " + test + " tries.");
}
/// <summary>
/// Load app settings.
/// </summary>
/// <returns></returns>
public async Task <bool> LoadSettings()
{
byte[] o = await FileManager.OpenFile(Settings.SettingsFileURI);
if (o == null || o.Length <= 0)
{
settings = new Settings();
SaveSettings();
}
else
{
BinaryFormatter bf = new BinaryFormatter();
settings = (Settings)bf.Deserialize(new MemoryStream(o));
if (settings == null)
{
settings = new Settings();
SaveSettings();
}
}
o = await FileManager.OpenFile(settings.keyLocation);
if (o == null || o.Length < 0)
{
await CryptoTools.CreateStoredKeyFile(settings.keyLocation); //new KeyFile();
}
/* else
* {
* keyFile = await CryptoTools.LoadStoredKeyFile(settings.keyLocation);
* // BinaryFormatter bf = new BinaryFormatter();
* // keyFile = (KeyFile)bf.Deserialize(new MemoryStream(o));
* // if(keyFile == null)
* // {
* // keyFile = new KeyFile();
* // }
* }*/
return(true);
}
public ActionResult Index(LoginQuery query)
{
var centro = contexto.Centros.FirstOrDefault(c => c.IdCentro == query.Centro);
if (centro == null)
{
ViewBag.MensajeError = "Centro inválido.";
return(View());
}
string action = null;
var sesion = new SesionUsuario()
{
Centro = centro
};
if (CryptoTools.ValidateHash(query.Clave, centro.SaltUsuario, centro.ClaveUsuario))
{
action = "Create";
sesion.EsAdmin = false;
}
else if (CryptoTools.ValidateHash(query.Clave, centro.SaltAdmin, centro.ClaveAdmin))
{
action = "Incidencias";
sesion.EsAdmin = true;
}
else
{
ViewBag.MensajeError = "Contraseña incorrecta.";
SesionUsuario = null;
return(View());
}
SesionUsuario = sesion;
return(RedirectToAction(action));
}
public void TestSave()
{
var user = new User();
user.Name = "Fake Name Product";
user.Password = CryptoTools.ComputeHashMd5("blablablaProduct");
user.Username = "******";
userService.Save(user);
var product1 = new Product();
product1.Name = "Fake Product 1";
product1.Price = 100;
productService.Save(product1);
var product2 = new Product();
product2.Name = "Fake Product 2";
product2.Price = 200;
productService.Save(product2);
var idsProduct = new List <long> {
product1.Id, product2.Id
};
var orderRequest = new OrderRequest();
orderRequest.IdsProducts = idsProduct;
orderRequest.IdUser = user.Id;
orderService.Save(orderRequest);
Order order = repository.GetAll(true).FirstOrDefault();
Assert.True(order != null && order.Items.Count() == 2 && order.User.Id == user.Id, "Save Order Ok!");
}
public void CryptoTools_UnknownAlgorithm()
{
CryptoTools.CreateSymmetricCryptoProvider("nicetry");
}
public void CryptoTools_UnknownAlgorithm()
{
Assert.Throws <ArgumentException>(() =>
CryptoTools.CreateSymmetricCryptoProvider("nicetry"));
}
public override void Insert(User entity, string user = "******")
{
entity.Password = CryptoTools.ComputeHashMd5(entity.Password);
base.Insert(entity, user);
}
