126 lines
3.7 KiB
C#
126 lines
3.7 KiB
C#
/*
|
|
* Copyright (c) 2024 ETH Zürich, IT Services
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
using System;
|
|
using System.Security.Cryptography;
|
|
using System.Text;
|
|
using SafeExamBrowser.Configuration.Contracts;
|
|
using SafeExamBrowser.Configuration.Contracts.Cryptography;
|
|
using SafeExamBrowser.Configuration.Contracts.Integrity;
|
|
using SafeExamBrowser.Logging.Contracts;
|
|
|
|
namespace SafeExamBrowser.Configuration.Cryptography
|
|
{
|
|
public class KeyGenerator : IKeyGenerator
|
|
{
|
|
private readonly object @lock = new object();
|
|
|
|
private readonly SHA256Managed algorithm;
|
|
private readonly AppConfig appConfig;
|
|
private readonly IIntegrityModule integrityModule;
|
|
private readonly ILogger logger;
|
|
|
|
private string browserExamKey;
|
|
|
|
public KeyGenerator(AppConfig appConfig, IIntegrityModule integrityModule, ILogger logger)
|
|
{
|
|
this.algorithm = new SHA256Managed();
|
|
this.appConfig = appConfig;
|
|
this.integrityModule = integrityModule;
|
|
this.logger = logger;
|
|
}
|
|
|
|
public string CalculateAppSignatureKey(string connectionToken, string salt)
|
|
{
|
|
if (integrityModule.TryCalculateAppSignatureKey(connectionToken, salt, out var appSignatureKey))
|
|
{
|
|
logger.Debug("Successfully calculated app signature key using integrity module.");
|
|
}
|
|
else
|
|
{
|
|
logger.Error("Failed to calculate app signature key using integrity module!");
|
|
}
|
|
|
|
return appSignatureKey;
|
|
}
|
|
|
|
public string CalculateBrowserExamKeyHash(string configurationKey, byte[] salt, string url)
|
|
{
|
|
var urlWithoutFragment = url.Split('#')[0];
|
|
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey(configurationKey, salt))));
|
|
var key = ToString(hash);
|
|
|
|
return key;
|
|
}
|
|
|
|
public string CalculateConfigurationKeyHash(string configurationKey, string url)
|
|
{
|
|
var urlWithoutFragment = url.Split('#')[0];
|
|
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + configurationKey));
|
|
var key = ToString(hash);
|
|
|
|
return key;
|
|
}
|
|
|
|
public void UseCustomBrowserExamKey(string browserExamKey)
|
|
{
|
|
if (browserExamKey != default)
|
|
{
|
|
this.browserExamKey = browserExamKey;
|
|
logger.Debug("Initialized custom browser exam key.");
|
|
}
|
|
}
|
|
|
|
private string ComputeBrowserExamKey(string configurationKey, byte[] salt)
|
|
{
|
|
lock (@lock)
|
|
{
|
|
if (browserExamKey == default)
|
|
{
|
|
logger.Debug("Initializing browser exam key...");
|
|
|
|
if (configurationKey == default)
|
|
{
|
|
configurationKey = "";
|
|
logger.Warn("The current configuration does not contain a value for the configuration key!");
|
|
}
|
|
|
|
if (salt == default || salt.Length == 0)
|
|
{
|
|
salt = new byte[0];
|
|
logger.Warn("The current configuration does not contain a salt value for the browser exam key!");
|
|
}
|
|
|
|
if (integrityModule.TryCalculateBrowserExamKey(configurationKey, ToString(salt), out browserExamKey))
|
|
{
|
|
logger.Debug("Successfully calculated browser exam key using integrity module.");
|
|
}
|
|
else
|
|
{
|
|
logger.Warn("Failed to calculate browser exam key using integrity module! Falling back to simplified calculation...");
|
|
|
|
using (var algorithm = new HMACSHA256(salt))
|
|
{
|
|
var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + configurationKey));
|
|
var key = ToString(hash);
|
|
|
|
browserExamKey = key;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return browserExamKey;
|
|
}
|
|
|
|
private string ToString(byte[] bytes)
|
|
{
|
|
return BitConverter.ToString(bytes).ToLower().Replace("-", string.Empty);
|
|
}
|
|
}
|
|
}
|