From 58ec2dde352cff58d2c43b87c887af2da16b4cfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damian=20B=C3=BCchel?= Date: Wed, 20 Jul 2022 16:03:53 +0200 Subject: [PATCH] SEBWIN-510: Added safeguard against missing configuration key value. --- .../Cryptography/KeyGenerator.cs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs b/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs index a103d1ee..3a91f787 100644 --- a/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs +++ b/SafeExamBrowser.Configuration/Cryptography/KeyGenerator.cs @@ -56,15 +56,22 @@ namespace SafeExamBrowser.Configuration.Cryptography private string ComputeBrowserExamKey() { + var configurationKey = settings.Browser.ConfigurationKey; var salt = settings.Browser.BrowserExamKeySalt; + if (configurationKey == default) + { + configurationKey = ""; + logger.Warn("The current configuration does not contain a value for the configuration key!"); + } + if (salt == default || salt.Length == 0) { salt = new byte[0]; logger.Warn("The current configuration does not contain a salt value for the browser exam key!"); } - if (integrityModule.TryCalculateBrowserExamKey(settings.Browser.ConfigurationKey, ToString(salt), out browserExamKey)) + if (integrityModule.TryCalculateBrowserExamKey(configurationKey, ToString(salt), out browserExamKey)) { logger.Debug("Successfully calculated BEK using integrity module."); } @@ -74,7 +81,7 @@ namespace SafeExamBrowser.Configuration.Cryptography using (var algorithm = new HMACSHA256(salt)) { - var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.Browser.ConfigurationKey)); + var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + configurationKey)); var key = ToString(hash); browserExamKey = key;