1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
using System;
using System.Collections.Generic;
using System.Text;
namespace MediaBrowser.Model.Cryptography
{
public class PasswordHash
{
// Defined from this hash storage spec
// https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
// $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
// with one slight amendment to ease the transition, we're writing out the bytes in hex
// rather than making them a BASE64 string with stripped padding
private string _id;
private Dictionary<string, string> _parameters = new Dictionary<string, string>();
private string _salt;
private byte[] _saltBytes;
private string _hash;
private byte[] _hashBytes;
public string Id { get => _id; set => _id = value; }
public Dictionary<string, string> Parameters { get => _parameters; set => _parameters = value; }
public string Salt { get => _salt; set => _salt = value; }
public byte[] SaltBytes { get => _saltBytes; set => _saltBytes = value; }
public string Hash { get => _hash; set => _hash = value; }
public byte[] HashBytes { get => _hashBytes; set => _hashBytes = value; }
public PasswordHash(string storageString)
{
string[] splitted = storageString.Split('$');
_id = splitted[1];
if (splitted[2].Contains("="))
{
foreach (string paramset in (splitted[2].Split(',')))
{
if (!string.IsNullOrEmpty(paramset))
{
string[] fields = paramset.Split('=');
if (fields.Length == 2)
{
_parameters.Add(fields[0], fields[1]);
}
else
{
throw new Exception($"Malformed parameter in password hash string {paramset}");
}
}
}
if (splitted.Length == 5)
{
_salt = splitted[3];
_saltBytes = ConvertFromByteString(_salt);
_hash = splitted[4];
_hashBytes = ConvertFromByteString(_hash);
}
else
{
_salt = string.Empty;
_hash = splitted[3];
_hashBytes = ConvertFromByteString(_hash);
}
}
else
{
if (splitted.Length == 4)
{
_salt = splitted[2];
_saltBytes = ConvertFromByteString(_salt);
_hash = splitted[3];
_hashBytes = ConvertFromByteString(_hash);
}
else
{
_salt = string.Empty;
_hash = splitted[2];
_hashBytes = ConvertFromByteString(_hash);
}
}
}
public PasswordHash(ICryptoProvider cryptoProvider)
{
_id = cryptoProvider.DefaultHashMethod;
_saltBytes = cryptoProvider.GenerateSalt();
_salt = ConvertToByteString(SaltBytes);
}
public static byte[] ConvertFromByteString(string byteString)
{
List<byte> bytes = new List<byte>();
for (int i = 0; i < byteString.Length; i += 2)
{
// TODO: NetStandard2.1 switch this to use a span instead of a substring.
bytes.Add(Convert.ToByte(byteString.Substring(i, 2),16));
}
return bytes.ToArray();
}
public static string ConvertToByteString(byte[] bytes)
{
return BitConverter.ToString(bytes).Replace("-", "");
}
private string SerializeParameters()
{
string ReturnString = string.Empty;
foreach (var KVP in _parameters)
{
ReturnString += $",{KVP.Key}={KVP.Value}";
}
if ((!string.IsNullOrEmpty(ReturnString)) && ReturnString[0] == ',')
{
ReturnString = ReturnString.Remove(0, 1);
}
return ReturnString;
}
public override string ToString()
{
string outString = "$" +_id;
string paramstring = SerializeParameters();
if (!string.IsNullOrEmpty(paramstring))
{
outString += $"${paramstring}";
}
if (!string.IsNullOrEmpty(_salt))
{
outString += $"${_salt}";
}
outString += $"${_hash}";
return outString;
}
}
}
|
