Merge pull request #333 from xamarin/dh_PasswordHardCoded_Fix

Fix for PasswordHardCoded bug
xamarin · Nov 5, 2018 · 63397b7 · 63397b7
2 parents 3495aa0 + 2dab27b
commit 63397b7
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 15 deletions.
diff --git a/nuget/Xamarin.Auth.Extensions.nuspec b/nuget/Xamarin.Auth.Extensions.nuspec
@@ -21,11 +21,10 @@
 		http://semver.org/
 		-->
 		<version>
-			1.6.0.2
+			1.6.0.3
 		</version>
 		<releaseNotes>
-            - Xamarin.Android KeyStore not initialized fix
-			- cake script fixes for VS2015 and older projects
+            - Fix migrations from old PasswordHardCoded value to new
 		</releaseNotes>
 		<licenseUrl>
 			https://github.com/xamarin/Xamarin.Auth/blob/master/License.md

diff --git a/nuget/Xamarin.Auth.XamarinForms.nuspec b/nuget/Xamarin.Auth.XamarinForms.nuspec
@@ -24,11 +24,10 @@
 		http://semver.org/
 		-->
 		<version>
-			1.6.0.2
+			1.6.0.3
 		</version>
 		<releaseNotes>
-            - Xamarin.Android KeyStore not initialized fix
-			- cake script fixes for VS2015 and older projects
+            - Fix migrations from old PasswordHardCoded value to new
 		</releaseNotes>
 		<licenseUrl>
 			https://github.com/xamarin/Xamarin.Auth/blob/master/License.md

diff --git a/nuget/Xamarin.Auth.nuspec b/nuget/Xamarin.Auth.nuspec
@@ -24,11 +24,10 @@
         http://semver.org/
         -->
 		<version>
-			1.6.0.2
+			1.6.0.3
 		</version>
 		<releaseNotes>
-            - Xamarin.Android KeyStore not initialized fix
-			- cake script fixes for VS2015 and older projects
+            - Fix migrations from old PasswordHardCoded value to new
 		</releaseNotes>
         <licenseUrl>
             https://github.com/xamarin/Xamarin.Auth/blob/master/License.md

diff --git a/source/Core/Xamarin.Auth.XamarinAndroid/AccountStore/AndroidAccountStore.cs b/source/Core/Xamarin.Auth.XamarinAndroid/AccountStore/AndroidAccountStore.cs
@@ -48,6 +48,7 @@ internal partial class AndroidAccountStore : AccountStore
         // NOTE security hole! Left for backwards compatibility
         // PR56
         static readonly char[] PasswordHardCoded = "3295043EA18CA264B2C40E0B72051DEF2D07AD2B4593F43DDDE1515A7EC32617".ToCharArray();
+        static readonly char[] PasswordHardCodedOriginal = "System.Char[]".ToCharArray();
 
         public AndroidAccountStore(Context context)
             : this(context, new string(PasswordHardCoded))
@@ -67,6 +68,7 @@ public AndroidAccountStore(Context context, string password)
             {
                 throw new ArgumentNullException("password");
             }
+
             Password = password.ToCharArray();
 
             this.context = context;
@@ -104,7 +106,17 @@ public AndroidAccountStore(Context context, string password)
                     // that was encoded with the old hard coded password, which was deprecated.
                     // We'll try to open the keystore with the old password, and migrate the contents
                     // to a new one that will be encoded with the new password.
-                    MigrateKeyStore(context);
+                    //MigrateKeyStore(context);
+                    try
+                    {
+                        //try with the original password
+                        MigrateKeyStore(context, PasswordHardCodedOriginal);
+                    }
+                    catch ()
+                    {
+                        //migrate using the default
+                        MigrateKeyStore(context);
+                    }
                 }
             }
         }
@@ -211,7 +223,19 @@ public bool FileExists(Context context, String filename)
         }
 
         #region Migration of key store with hard coded password
+
+        //Keep for backward compatibility
         void MigrateKeyStore(Context context)
+        {
+            MigrateKeyStore(context, PasswordHardCoded);
+        }
+
+        /// <summary>
+        /// Migrates the key store.
+        /// </summary>
+        /// <param name="context">Context.</param>
+        /// <param name="password">Password.</param>
+        void MigrateKeyStore(Context context, char[] oldpassword)
         {
             // Moves aside the old keystore, opens it with the old hard coded password
             // and copies all entries to the new keystore, secured with the app provided password
@@ -225,13 +249,13 @@ void MigrateKeyStore(Context context)
                 {
                     using (var s = context.OpenFileInput(FileName))
                     {
-                        ks.Load(s, PasswordHardCoded);
+                        ks.Load(s, oldpassword);
                     }
                 }
 
                 MoveKeyStoreFile(context, FileName, FileName + "Old");
                 LoadEmptyKeyStore(Password);
-                CopyKeyStoreContents();
+                CopyKeyStoreContents(oldpassword);
 
                 context.DeleteFile(FileName + "Old");
             }
@@ -254,14 +278,14 @@ protected void MoveKeyStoreFile(Context context, string source, string destinati
             context.DeleteFile(FileName);
         }
 
-        protected void CopyKeyStoreContents()
+        protected void CopyKeyStoreContents(char[] oldPassword)
         {
             var oldKeyStore = KeyStore.GetInstance(KeyStore.DefaultType);
-            var oldProtection = new KeyStore.PasswordProtection(PasswordHardCoded);
+            var oldProtection = new KeyStore.PasswordProtection(oldPassword);
 
             using (var s = context.OpenFileInput(FileName + "Old"))
             {
-                oldKeyStore.Load(s, PasswordHardCoded);
+                oldKeyStore.Load(s, oldPassword);
                 // Copy all aliases to a new keystore, using a different password
                 var aliases = oldKeyStore.Aliases();
                 while (aliases.HasMoreElements)