From e3253d4e4037e8fb90263ffd28b2b3d5e4806de9 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Mon, 6 Jan 2020 08:35:44 +0000 Subject: [PATCH] More RNG.Fill() and UnixEpoch usage (#18132) Apply more changes omitted from #18126 and #18128, and use RandomNumberGenerator.Fill() and DateTimeOffset.UnixEpoch for supported TFMs. --- .../src/Managed/ManagedGenRandomImpl.cs | 6 ++++++ .../src/Rfc6238AuthenticationService.cs | 17 +++++++++++++---- src/Identity/Extensions.Core/src/UserManager.cs | 6 ++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/DataProtection/DataProtection/src/Managed/ManagedGenRandomImpl.cs b/src/DataProtection/DataProtection/src/Managed/ManagedGenRandomImpl.cs index d334f36672..1a96268960 100644 --- a/src/DataProtection/DataProtection/src/Managed/ManagedGenRandomImpl.cs +++ b/src/DataProtection/DataProtection/src/Managed/ManagedGenRandomImpl.cs @@ -8,7 +8,9 @@ namespace Microsoft.AspNetCore.DataProtection.Managed { internal unsafe sealed class ManagedGenRandomImpl : IManagedGenRandom { +#if NETSTANDARD2_0 private static readonly RandomNumberGenerator _rng = RandomNumberGenerator.Create(); +#endif public static readonly ManagedGenRandomImpl Instance = new ManagedGenRandomImpl(); private ManagedGenRandomImpl() @@ -18,7 +20,11 @@ namespace Microsoft.AspNetCore.DataProtection.Managed public byte[] GenRandom(int numBytes) { var bytes = new byte[numBytes]; +#if NETSTANDARD2_0 _rng.GetBytes(bytes); +#else + RandomNumberGenerator.Fill(bytes); +#endif return bytes; } } diff --git a/src/Identity/Extensions.Core/src/Rfc6238AuthenticationService.cs b/src/Identity/Extensions.Core/src/Rfc6238AuthenticationService.cs index 9a58683d22..9b2b98a392 100644 --- a/src/Identity/Extensions.Core/src/Rfc6238AuthenticationService.cs +++ b/src/Identity/Extensions.Core/src/Rfc6238AuthenticationService.cs @@ -1,27 +1,32 @@ // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using System; using System.Diagnostics; using System.Net; using System.Security.Cryptography; +using System.Text; namespace Microsoft.AspNetCore.Identity { - using System; - using System.Text; - internal static class Rfc6238AuthenticationService { - private static readonly DateTime _unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); private static readonly TimeSpan _timestep = TimeSpan.FromMinutes(3); private static readonly Encoding _encoding = new UTF8Encoding(false, true); +#if NETSTANDARD2_0 + private static readonly DateTime _unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc); private static readonly RandomNumberGenerator _rng = RandomNumberGenerator.Create(); +#endif // Generates a new 80-bit security token public static byte[] GenerateRandomKey() { byte[] bytes = new byte[20]; +#if NETSTANDARD2_0 _rng.GetBytes(bytes); +#else + RandomNumberGenerator.Fill(bytes); +#endif return bytes; } @@ -63,7 +68,11 @@ namespace Microsoft.AspNetCore.Identity // More info: https://tools.ietf.org/html/rfc6238#section-4 private static ulong GetCurrentTimeStepNumber() { +#if NETSTANDARD2_0 var delta = DateTime.UtcNow - _unixEpoch; +#else + var delta = DateTimeOffset.UtcNow - DateTimeOffset.UnixEpoch; +#endif return (ulong)(delta.Ticks / _timestep.Ticks); } diff --git a/src/Identity/Extensions.Core/src/UserManager.cs b/src/Identity/Extensions.Core/src/UserManager.cs index e3df5c7734..ddbf98f5df 100644 --- a/src/Identity/Extensions.Core/src/UserManager.cs +++ b/src/Identity/Extensions.Core/src/UserManager.cs @@ -43,7 +43,9 @@ namespace Microsoft.AspNetCore.Identity private TimeSpan _defaultLockout = TimeSpan.Zero; private bool _disposed; +#if NETSTANDARD2_0 private static readonly RandomNumberGenerator _rng = RandomNumberGenerator.Create(); +#endif private IServiceProvider _services; /// @@ -2428,7 +2430,11 @@ namespace Microsoft.AspNetCore.Identity private static string NewSecurityStamp() { byte[] bytes = new byte[20]; +#if NETSTANDARD2_0 _rng.GetBytes(bytes); +#else + RandomNumberGenerator.Fill(bytes); +#endif return Base32.ToBase32(bytes); }