jellyfin-server/MediaBrowser.Common/Cryptography/PasswordHash.cs

155 lines
4.8 KiB
C#
Raw Normal View History

#pragma warning disable CS1591
using System;
using System.Collections.Generic;
using System.IO;
using System.Text;
namespace MediaBrowser.Common.Cryptography
{
// Defined from this hash storage spec
// https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
// $<id>[$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
// with one slight amendment to ease the transition, we're writing out the bytes in hex
// rather than making them a BASE64 string with stripped padding
public class PasswordHash
{
private readonly Dictionary<string, string> _parameters;
2019-12-10 23:13:57 +00:00
private readonly byte[] _salt;
private readonly byte[] _hash;
public PasswordHash(string id, byte[] hash)
: this(id, hash, Array.Empty<byte>())
{
}
public PasswordHash(string id, byte[] hash, byte[] salt)
: this(id, hash, salt, new Dictionary<string, string>())
{
}
public PasswordHash(string id, byte[] hash, byte[] salt, Dictionary<string, string> parameters)
{
Id = id;
2019-12-10 23:13:57 +00:00
_hash = hash;
_salt = salt;
_parameters = parameters;
}
/// <summary>
/// Gets the symbolic name for the function used.
/// </summary>
/// <value>Returns the symbolic name for the function used.</value>
public string Id { get; }
/// <summary>
/// Gets the additional parameters used by the hash function.
/// </summary>
public IReadOnlyDictionary<string, string> Parameters => _parameters;
/// <summary>
/// Gets the salt used for hashing the password.
/// </summary>
/// <value>Returns the salt used for hashing the password.</value>
2019-12-10 23:13:57 +00:00
public ReadOnlySpan<byte> Salt => _salt;
/// <summary>
/// Gets the hashed password.
/// </summary>
/// <value>Return the hashed password.</value>
2019-12-10 23:13:57 +00:00
public ReadOnlySpan<byte> Hash => _hash;
public static PasswordHash Parse(string hashString)
{
// The string should at least contain the hash function and the hash itself
2019-12-10 23:13:57 +00:00
string[] splitted = hashString.Split('$');
if (splitted.Length < 3)
{
throw new ArgumentException("String doesn't contain enough segments", nameof(hashString));
}
// Start at 1, the first index shouldn't contain any data
int index = 1;
// Name of the hash function
string id = splitted[index++];
// Optional parameters
Dictionary<string, string> parameters = new Dictionary<string, string>();
2019-12-10 23:13:57 +00:00
if (splitted[index].IndexOf('=', StringComparison.Ordinal) != -1)
{
foreach (string paramset in splitted[index++].Split(','))
{
if (string.IsNullOrEmpty(paramset))
{
continue;
}
string[] fields = paramset.Split('=');
if (fields.Length != 2)
{
throw new InvalidDataException($"Malformed parameter in password hash string {paramset}");
}
parameters.Add(fields[0], fields[1]);
}
}
byte[] hash;
byte[] salt;
2019-12-10 23:13:57 +00:00
// Check if the string also contains a salt
if (splitted.Length - index == 2)
{
2019-10-18 22:22:08 +00:00
salt = Hex.Decode(splitted[index++]);
hash = Hex.Decode(splitted[index++]);
}
else
{
salt = Array.Empty<byte>();
2019-10-18 22:22:08 +00:00
hash = Hex.Decode(splitted[index++]);
}
return new PasswordHash(id, hash, salt, parameters);
}
private void SerializeParameters(StringBuilder stringBuilder)
{
if (_parameters.Count == 0)
{
return;
}
stringBuilder.Append('$');
foreach (var pair in _parameters)
{
2019-09-25 11:24:39 +00:00
stringBuilder.Append(pair.Key)
.Append('=')
.Append(pair.Value)
.Append(',');
}
// Remove last ','
stringBuilder.Length -= 1;
}
/// <inheritdoc />
public override string ToString()
{
2019-09-25 11:24:39 +00:00
var str = new StringBuilder()
.Append('$')
.Append(Id);
SerializeParameters(str);
2019-12-10 23:13:57 +00:00
if (_salt.Length != 0)
{
2019-09-25 11:24:39 +00:00
str.Append('$')
2019-12-10 23:13:57 +00:00
.Append(Hex.Encode(_salt, false));
}
2019-09-25 11:24:39 +00:00
return str.Append('$')
2019-12-10 23:13:57 +00:00
.Append(Hex.Encode(_hash, false)).ToString();
}
}
}