API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 18th, 2016
155
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.12 KB | None | 0 0
raw download clone embed print report
  1. generate: function (username, domain, password) {
  2.  
  3. if (username && domain && password) {
  4. // If the user is providing credentials, then create a new key.
  5. this.logout();
  6. }
  7.  
  8. //Set the username
  9. SecurityManager.username = SecurityManager.username || username;
  10.  
  11.  
  12. //Set the domain
  13. SecurityManager.domain = SecurityManager.domain || domain;
  14.  
  15. // Set the key to a hash of the user's password + salt.
  16. SecurityManager.key = SecurityManager.key || CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256([password, SecurityManager.salt].join(':'), SecurityManager.salt));
  17.  
  18. $log.log("security key: " + SecurityManager.key);
  19.  
  20. // Set the client IP address.
  21. SecurityManager.ip = SecurityManager.ip || this.getIp();
  22.  
  23. // Persist key pieces.
  24. if (SecurityManager.username) {
  25. localStorage['SecurityManager.username'] = SecurityManager.username;
  26. localStorage['SecurityManager.domain'] = SecurityManager.domain;
  27. localStorage['SecurityManager.key'] = SecurityManager.key;
  28. }
  29.  
  30. // Get the (C# compatible) ticks to use as a timestamp. http://stackoverflow.com/a/7968483/2596404
  31. var ticks = ((new Date().getTime() * 10000) + 621355968000000000);
  32.  
  33. // Construct the hash body by concatenating the username, domnain, ip, and userAgent.
  34. var message = [SecurityManager.username, SecurityManager.domain, SecurityManager.ip, navigator.userAgent.replace(/ .NET.+;/, ''), ticks].join(':');
  35.  
  36.  
  37. $log.log("values are:" + message.split(':'));
  38.  
  39.  
  40. // Hash the body, using the key.
  41. var hash = CryptoJS.HmacSHA256(message, SecurityManager.key);
  42.  
  43. $log.log("security key hash: " + hash);
  44.  
  45.  
  46. // Base64-encode the hash to get the resulting token.
  47. var token = CryptoJS.enc.Base64.stringify(hash);
  48.  
  49. $log.log("base 64 encoded hash: " + token);
  50.  
  51. // Include the username, domain and timestamp on the end of the token, so the server can validate.
  52. var tokenId = [SecurityManager.username, SecurityManager.domain, ticks].join(':');
  53.  
  54. // Base64-encode the final resulting token.
  55. var tokenStr = CryptoJS.enc.Base64.parse([token, tokenId].join(':'));
  56.  
  57. var finalToken = CryptoJS.enc.Base64.stringify(tokenStr);
  58.  
  59. $log.log("Token is " + finalToken);
  60.  
  61. return finalToken;
  62. }
  63.  
  64. 1 414448 log security key: LGlemne7vnKZMI35qNw2pgv7YsLerXTaegcycy6x5n0=
  65. 2 414562 log values are:joe,cs,127.0.0.1,Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586,635887772145620000
  66. 3 414564 log security key hash: d27a0346ea0ad6b50ae158cdc4433a129f957a1c965e126d9b2060f9fb11c0b7
  67. 4 414565 log base 64 encoded hash: 0noDRuoK1rUK4VjNxEM6Ep+VehyWXhJtmyBg+fsRwLc=
  68. 5 414566 log Token is 0noDRuoK1rUK4VjNxEM6Ep+VehyWXhJtmyBg+fsRwLc=
  69.  
  70. public static string GenerateToken(string username, string domain, string password, string ip, string userAgent, long ticks)
  71. {
  72. string hash = string.Join(":", new string[] { username, domain, userAgent, ticks.ToString() });
  73. string hashLeft = string.Empty;
  74. string hashRight = string.Empty;
  75.  
  76. using (HMAC hmac = HMACSHA512.Create(_alg))
  77. {
  78. hmac.Key = Encoding.UTF8.GetBytes(GetHashedPassword(password));
  79. **var a = System.Text.Encoding.UTF8.GetString(hmac.Key); //correct**
  80.  
  81. hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
  82. hashLeft = Convert.ToBase64String(hmac.Hash);
  83. hashRight = string.Join(":", new string[] { username, domain, ticks.ToString() });
  84. }
  85.  
  86. var c = Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, hashRight)));
  87. return c;
  88. }
  89. private static string GetHashedPassword(string password)
  90. {
  91. string key = string.Join(":", new string[] { password, _salt });
  92.  
  93. using (HMAC hmac = HMACSHA512.Create(_alg))
  94. {
  95. // Hash the key.
  96. hmac.Key = Encoding.UTF8.GetBytes(_salt);
  97. hmac.ComputeHash(Encoding.UTF8.GetBytes(key));
  98.  
  99. return Convert.ToBase64String(hmac.Hash);
  100. }
  101. }
  102.  
  103. [TestMethod]
  104. public void GenerateTokenTest2()
  105. {
  106. string username = "joe";
  107. string domain = "cs";
  108. string password = "password";
  109. string ip = "127.0.0.1";
  110. string userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586";
  111.  
  112. long ticks = 635887772145620000;
  113.  
  114. var token = SecurityManager.GenerateToken(username, domain, password, ip, userAgent, ticks);
  115.  
  116. Assert.IsNotNull(token);
  117. }
  118.  
  119. <!--Crypto-JS-->
  120. <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha256.js"></script>
  121. <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/enc-base64-min.js"></script>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!