2020-09-15 13:11:05 +00:00
|
|
|
|
/*
|
|
|
|
|
*
|
|
|
|
|
* (c) Copyright Ascensio System Limited 2010-2018
|
|
|
|
|
*
|
|
|
|
|
* This program is freeware. You can redistribute it and/or modify it under the terms of the GNU
|
|
|
|
|
* General Public License (GPL) version 3 as published by the Free Software Foundation (https://www.gnu.org/copyleft/gpl.html).
|
|
|
|
|
* In accordance with Section 7(a) of the GNU GPL its Section 15 shall be amended to the effect that
|
|
|
|
|
* Ascensio System SIA expressly excludes the warranty of non-infringement of any third-party rights.
|
|
|
|
|
*
|
|
|
|
|
* THIS PROGRAM IS DISTRIBUTED WITHOUT ANY WARRANTY; WITHOUT EVEN THE IMPLIED WARRANTY OF MERCHANTABILITY OR
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. For more details, see GNU GPL at https://www.gnu.org/copyleft/gpl.html
|
|
|
|
|
*
|
|
|
|
|
* You can contact Ascensio System SIA by email at sales@onlyoffice.com
|
|
|
|
|
*
|
|
|
|
|
* The interactive user interfaces in modified source and object code versions of ONLYOFFICE must display
|
|
|
|
|
* Appropriate Legal Notices, as required under Section 5 of the GNU GPL version 3.
|
|
|
|
|
*
|
|
|
|
|
* Pursuant to Section 7 <EFBFBD> 3(b) of the GNU GPL you must retain the original ONLYOFFICE logo which contains
|
|
|
|
|
* relevant author attributions when distributing the software. If the display of the logo in its graphic
|
|
|
|
|
* form is not reasonably feasible for technical reasons, you must include the words "Powered by ONLYOFFICE"
|
|
|
|
|
* in every copy of the program you distribute.
|
|
|
|
|
* Pursuant to Section 7 <EFBFBD> 3(e) we decline to grant you any rights under trademark law for use of our trademarks.
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
using System;
|
|
|
|
|
using System.Text;
|
|
|
|
|
|
|
|
|
|
using ASC.Common;
|
|
|
|
|
|
|
|
|
|
using Microsoft.AspNetCore.Cryptography.KeyDerivation;
|
|
|
|
|
using Microsoft.Extensions.Configuration;
|
|
|
|
|
|
|
|
|
|
namespace ASC.Security.Cryptography
|
|
|
|
|
{
|
2020-10-19 15:53:15 +00:00
|
|
|
|
[Singletone]
|
2020-09-15 13:11:05 +00:00
|
|
|
|
public class PasswordHasher
|
|
|
|
|
{
|
|
|
|
|
public PasswordHasher(IConfiguration configuration, MachinePseudoKeys machinePseudoKeys)
|
|
|
|
|
{
|
|
|
|
|
if (!int.TryParse(configuration["core:password:size"], out var size)) size = 256;
|
2020-09-29 15:08:54 +00:00
|
|
|
|
Size = size;
|
2020-09-15 13:11:05 +00:00
|
|
|
|
|
|
|
|
|
if (!int.TryParse(configuration["core.password.iterations"], out var iterations)) iterations = 100000;
|
2020-09-29 15:08:54 +00:00
|
|
|
|
Iterations = iterations;
|
2020-09-15 13:11:05 +00:00
|
|
|
|
|
2020-09-29 15:08:54 +00:00
|
|
|
|
Salt = (configuration["core:password:salt"] ?? "").Trim();
|
|
|
|
|
if (string.IsNullOrEmpty(Salt))
|
2020-09-15 13:11:05 +00:00
|
|
|
|
{
|
|
|
|
|
var salt = Hasher.Hash("{9450BEF7-7D9F-4E4F-A18A-971D8681722D}", HashAlg.SHA256);
|
|
|
|
|
|
|
|
|
|
var PasswordHashSaltBytes = KeyDerivation.Pbkdf2(
|
|
|
|
|
Encoding.UTF8.GetString(machinePseudoKeys.GetMachineConstant()),
|
|
|
|
|
salt,
|
|
|
|
|
KeyDerivationPrf.HMACSHA256,
|
2020-09-29 15:08:54 +00:00
|
|
|
|
Iterations,
|
|
|
|
|
Size / 8);
|
|
|
|
|
Salt = BitConverter.ToString(PasswordHashSaltBytes).Replace("-", string.Empty).ToLower();
|
2020-09-15 13:11:05 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-29 15:08:54 +00:00
|
|
|
|
public int Size
|
2020-09-15 13:11:05 +00:00
|
|
|
|
{
|
|
|
|
|
get;
|
|
|
|
|
private set;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-29 15:08:54 +00:00
|
|
|
|
public int Iterations
|
2020-09-15 13:11:05 +00:00
|
|
|
|
{
|
|
|
|
|
get;
|
|
|
|
|
private set;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-29 15:08:54 +00:00
|
|
|
|
public string Salt
|
2020-09-15 13:11:05 +00:00
|
|
|
|
{
|
|
|
|
|
get;
|
|
|
|
|
private set;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public string GetClientPassword(string password)
|
|
|
|
|
{
|
|
|
|
|
if (string.IsNullOrWhiteSpace(password)) password = Guid.NewGuid().ToString();
|
|
|
|
|
|
2020-09-29 15:08:54 +00:00
|
|
|
|
var salt = new UTF8Encoding(false).GetBytes(Salt);
|
2020-09-15 13:11:05 +00:00
|
|
|
|
|
|
|
|
|
var hashBytes = KeyDerivation.Pbkdf2(
|
|
|
|
|
password,
|
|
|
|
|
salt,
|
|
|
|
|
KeyDerivationPrf.HMACSHA256,
|
2020-09-29 15:08:54 +00:00
|
|
|
|
Iterations,
|
|
|
|
|
Size / 8);
|
2020-09-15 13:11:05 +00:00
|
|
|
|
|
|
|
|
|
var hash = BitConverter.ToString(hashBytes).Replace("-", string.Empty).ToLower();
|
|
|
|
|
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|