protected override MD5PasswordHashingOptions DoExtractPasswordHashingOptions(HashedPassword hash, out bool needRehash)
{
needRehash = false;
return(new MD5PasswordHashingOptions
{
Salt = Convert.FromBase64String(hash["salt"].AsString())
});
}
protected virtual bool DoAreEquivalent(HashedPassword a, HashedPassword b)
{
var algo = m_Algorithms[a.AlgoName];
if (algo == null)
{
return(false);
}
return(algo.AreEquivalent(a, b));
}
protected override MD5PasswordHashingOptions DoExtractPasswordHashingOptions(HashedPassword hash, out bool needRehash)
{
var salt = hash["salt"].AsString(string.Empty);
needRehash = salt.IsNullOrWhiteSpace();
return(new MD5PasswordHashingOptions
{
Salt = Convert.FromBase64String(salt)
});
}
public bool AreEquivalent(HashedPassword hash, HashedPassword rehash)
{
if (hash == null || rehash == null)
{
return(false);
}
if (!hash.AlgoName.EqualsOrdIgnoreCase(rehash.AlgoName))
{
return(false);
}
return(DoAreEquivalent(hash, rehash));
}
public bool AreEquivalent(HashedPassword a, HashedPassword b)
{
if (a == null || b == null)
{
return(false);
}
if (a.AlgoName != b.AlgoName)
{
return(false);
}
CheckDaemonInactive();
return(DoAreEquivalent(a, b));
}
public static HashedPassword FromString(string str)
{
if (str.IsNullOrWhiteSpace())
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "HashedPassword.FromString(str==null|empty)");
}
var password = new HashedPassword();
var json = str.JSONToDataObject() as JSONDataMap;
if (json == null || json[KEY_ALGO].AsString().IsNullOrWhiteSpace())
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "HashedPassword.FromString(!map|!algo)");
}
password.m_Content = json;
return(password);
}
public bool AreEquivalent(HashedPassword a, HashedPassword b)
{
if (a == null || b == null)
{
return(false);
}
if (a.AlgoName != b.AlgoName)
{
return(false);
}
if (!Running)
{
return(false);
}
return(DoAreEquivalent(a, b));
}
public bool Verify(SecureBuffer password, HashedPassword hash, out bool needRehash)
{
if (password == null || hash == null)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.Verify((password|hash)==null)");
}
if (!password.IsSealed)
{
throw new SecurityException(StringConsts.ARGUMENT_ERROR + "PasswordManager.Verify(!password.IsSealed)");
}
needRehash = false;
if (!Running)
{
return(false);
}
return(DoVerify(password, hash, out needRehash));
}
protected virtual bool DoVerify(SecureBuffer password, HashedPassword hash, out bool needRehash)
{
needRehash = false;
var algo = m_Algorithms[hash.AlgoName];
if (algo == null)
{
return(false);
}
bool need = false;
if (!algo.Verify(password, hash, out need))
{
return(false);
}
needRehash = !algo.IsDefault || need;
return(true);
}
protected override HashedPassword DoComputeHash(PasswordFamily family, SecureBuffer password, PBKDF2PasswordHashingOptions options)
{
var salt = options.Salt;
var content = password.Content;
var iterations = getIterations();
//https://stackoverflow.com/questions/18648084/rfc2898-pbkdf2-with-sha256-as-digest-in-c-sharp
var hash = PlatformAbstractionLayer.Cryptography.ComputePBKDF2(content, salt, HASH_LENGTH_BYTES, iterations, HashAlgorithmName.SHA256);
var pwd = new HashedPassword(Name, family)
{
{ "h", hash.ToWebSafeBase64() },
{ "s", salt.ToWebSafeBase64() }
};
Array.Clear(hash, 0, hash.Length);
return(pwd);
}
protected abstract bool DoAreEquivalent(HashedPassword hash, HashedPassword rehash);
protected override PBKDF2PasswordHashingOptions DoExtractPasswordHashingOptions(HashedPassword hash, out bool needRehash)
{
needRehash = false;
try
{
return(new PBKDF2PasswordHashingOptions
{
Salt = hash["s"].AsString().FromWebSafeBase64()
});
}
catch (Exception error)
{
WriteLog(Log.MessageType.TraceErrors, nameof(DoExtractPasswordHashingOptions), "Leaked: " + error.ToMessageWithType(), error);
}
return(DefaultPasswordHashingOptions);
}
protected abstract bool DoVerify(SecureBuffer password, HashedPassword hash, out bool needRehash);
protected override bool DoAreEquivalent(HashedPassword hash, HashedPassword rehash)
{
return(hash["hash"].AsString().EqualsOrdIgnoreCase(rehash["hash"].AsString()));
}
private IConfigSectionNode findUserNode(IConfigSectionNode securityRootNode, IDPasswordCredentials cred)
{
var users = securityRootNode[CONFIG_USERS_SECTION];
using (var password = cred.SecurePassword)
{
bool needRehash = false;
return(users.Children.FirstOrDefault(cn => cn.IsSameName(CONFIG_USER_SECTION) &&
string.Equals(cn.AttrByName(CONFIG_ID_ATTR).Value, cred.ID, StringComparison.InvariantCulture) &&
m_PasswordManager.Verify(password, HashedPassword.FromString(cn.AttrByName(CONFIG_PASSWORD_ATTR).Value), out needRehash)
) ?? users.Configuration.EmptySection);
}
}
protected override IPasswordHashingOptions DoExtractPasswordHashingOptions(HashedPassword hash, out bool needRehash)
{
needRehash = false;
return(null);
}
protected override PBKDF2PasswordHashingOptions DoExtractPasswordHashingOptions(HashedPassword hash, out bool needRehash)
{
needRehash = false;
return(new PBKDF2PasswordHashingOptions
{
Salt = hash["s"].AsString().FromWebSafeBase64()
});
}