zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-899, SEBWIN-893, #883: Patch of version 3.7.0 which fixes concurrency issue with CK and BEK hash calculation.

Browse source
This commit is contained in:
Damian Büchel 2024-06-14 13:57:33 +02:00
parent ff16743ae7
commit 35f144a7af
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs
View file

@ -9,6 +9,7 @@
using System; using System;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;
using System.Threading;
using SafeExamBrowser.Configuration.Contracts; using SafeExamBrowser.Configuration.Contracts;
using SafeExamBrowser.Configuration.Contracts.Cryptography; using SafeExamBrowser.Configuration.Contracts.Cryptography;
using SafeExamBrowser.Configuration.Contracts.Integrity; using SafeExamBrowser.Configuration.Contracts.Integrity;
@ -20,7 +21,7 @@ namespace SafeExamBrowser.Configuration.Cryptography
{ {
private readonly object @lock = new object(); private readonly object @lock = new object();
private readonly SHA256Managed algorithm; private readonly ThreadLocal<SHA256Managed> algorithm;
private readonly AppConfig appConfig; private readonly AppConfig appConfig;
private readonly IIntegrityModule integrityModule; private readonly IIntegrityModule integrityModule;
private readonly ILogger logger; private readonly ILogger logger;
@ -29,7 +30,7 @@ namespace SafeExamBrowser.Configuration.Cryptography
public KeyGenerator(AppConfig appConfig, IIntegrityModule integrityModule, ILogger logger) public KeyGenerator(AppConfig appConfig, IIntegrityModule integrityModule, ILogger logger)
{ {
this.algorithm = new SHA256Managed(); this.algorithm = new ThreadLocal<SHA256Managed>(() => new SHA256Managed());
this.appConfig = appConfig; this.appConfig = appConfig;
this.integrityModule = integrityModule; this.integrityModule = integrityModule;
this.logger = logger; this.logger = logger;
@ -52,7 +53,7 @@ namespace SafeExamBrowser.Configuration.Cryptography
public string CalculateBrowserExamKeyHash(string configurationKey, byte[] salt, string url) public string CalculateBrowserExamKeyHash(string configurationKey, byte[] salt, string url)
{ {
var urlWithoutFragment = url.Split('#')[0]; var urlWithoutFragment = url.Split('#')[0];
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey(configurationKey, salt)))); var hash = algorithm.Value.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey(configurationKey, salt))));
var key = ToString(hash); var key = ToString(hash);
return key; return key;
@ -61,7 +62,7 @@ namespace SafeExamBrowser.Configuration.Cryptography
public string CalculateConfigurationKeyHash(string configurationKey, string url) public string CalculateConfigurationKeyHash(string configurationKey, string url)
{ {
var urlWithoutFragment = url.Split('#')[0]; var urlWithoutFragment = url.Split('#')[0];
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + configurationKey)); var hash = algorithm.Value.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + configurationKey));
var key = ToString(hash); var key = ToString(hash);
return key; return key;