diff --git a/default.ps1 b/default.ps1 index f20c57db5..6fe6d1e07 100644 --- a/default.ps1 +++ b/default.ps1 @@ -11,7 +11,7 @@ properties { $nuget_path = "$base_directory\nuget.exe" $buildNumber = 0; - $version = "2.6.1.0" + $version = "2.6.2.0" $preRelease = $null } @@ -94,5 +94,5 @@ task CreateNuGetPackage -depends ILMerge { copy-item $src_directory\IdentityServer3.nuspec $dist_directory copy-item $output_directory\IdentityServer3.xml $dist_directory\lib\net45\ - exec { . $nuget_path pack $dist_directory\IdentityServer3.nuspec -BasePath $dist_directory -o $dist_directory -version $packageVersion } + exec { . $nuget_path pack $dist_directory\IdentityServer3.nuspec -BasePath $dist_directory -OutputDirectory $dist_directory -version $packageVersion } } diff --git a/source/Core/Configuration/X509CertificateDataProtector.cs b/source/Core/Configuration/X509CertificateDataProtector.cs index dad9a3ab8..01cf6ea49 100644 --- a/source/Core/Configuration/X509CertificateDataProtector.cs +++ b/source/Core/Configuration/X509CertificateDataProtector.cs @@ -14,8 +14,11 @@ * limitations under the License. */ +using System; using System.IdentityModel; +using System.Linq; using System.Security.Cryptography.X509Certificates; +using System.Text; namespace IdentityServer3.Core.Configuration { @@ -45,7 +48,12 @@ public X509CertificateDataProtector(X509Certificate2 certificate) /// public byte[] Protect(byte[] data, string entropy = "") { - var encrypted = _encrypt.Encode(data); + //as there is no way to include entropy as separate attribute or flag we just append it to the end of the data + //to be able to take it into consideration when unprotecting + var entropyBytes = GetBytes(entropy); + var dataWithEntropy = Combine(data, entropyBytes); + + var encrypted = _encrypt.Encode(dataWithEntropy); return _sign.Encode(encrypted); } @@ -58,7 +66,36 @@ public byte[] Protect(byte[] data, string entropy = "") public byte[] Unprotect(byte[] data, string entropy = "") { var validated = _sign.Decode(data); - return _encrypt.Decode(validated); + var decoded = _encrypt.Decode(validated); + + //need to reverse things done in protect before returning: subtract entropy from the end and ensure it matches + var entropyBytes = GetBytes(entropy); + var decodedEntropy = new byte[entropyBytes.Length]; + var decodedDataLength = decoded.Length - entropyBytes.Length; + Array.Copy(decoded, decodedDataLength, decodedEntropy, 0, entropyBytes.Length); + + var rez = decodedEntropy.SequenceEqual(entropyBytes) ? GetSubArray(decoded, decodedDataLength) : null; + return rez; + } + + private static byte[] GetBytes(string value) + { + return Encoding.UTF8.GetBytes(value); + } + + private static byte[] GetSubArray(byte[] src, int length) + { + var dst = new byte[length]; + Array.Copy(src, dst, length); + return dst; + } + + private static byte[] Combine(byte[] first, byte[] second) + { + var combined = new byte[first.Length + second.Length]; + Buffer.BlockCopy(first, 0, combined, 0, first.Length); + Buffer.BlockCopy(second, 0, combined, first.Length, second.Length); + return combined; } } } \ No newline at end of file diff --git a/source/VersionAssemblyInfo.cs b/source/VersionAssemblyInfo.cs index 923304a43..49771755d 100644 Binary files a/source/VersionAssemblyInfo.cs and b/source/VersionAssemblyInfo.cs differ