zervo/seb-win-refactoring
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SEBWIN-510: Added safeguard against missing configuration key value.

Browse source
This commit is contained in:
Damian Büchel 2022-07-20 16:03:53 +02:00
parent a5029dbdd9
commit 58ec2dde35
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs
View file

@ -56,15 +56,22 @@ namespace SafeExamBrowser.Configuration.Cryptography
private string ComputeBrowserExamKey()
{
var configurationKey = settings.Browser.ConfigurationKey;
var salt = settings.Browser.BrowserExamKeySalt;
if (configurationKey == default)
{
configurationKey = "";
logger.Warn("The current configuration does not contain a value for the configuration key!");
}
if (salt == default || salt.Length == 0)
{
salt = new byte[0];
logger.Warn("The current configuration does not contain a salt value for the browser exam key!");
}
if (integrityModule.TryCalculateBrowserExamKey(settings.Browser.ConfigurationKey, ToString(salt), out browserExamKey))
if (integrityModule.TryCalculateBrowserExamKey(configurationKey, ToString(salt), out browserExamKey))
{
logger.Debug("Successfully calculated BEK using integrity module.");
}
@ -74,7 +81,7 @@ namespace SafeExamBrowser.Configuration.Cryptography
using (var algorithm = new HMACSHA256(salt))
{
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.Browser.ConfigurationKey));
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + configurationKey));
var key = ToString(hash);
browserExamKey = key;