2 // System.Collections.SecureHashCodeProvider.cs
5 // Sergey Chaban (serge@wildwestsoftware.com)
6 // Andreas Nahr (ClassDevelopment@A-SoftTech.com)
7 // Sebastien Pouliot <sebastien@ximian.com>
9 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
10 // Copyright 2012 Xamarin, Inc (http://xamarin.com)
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using System
.Collections
;
33 using System
.Globalization
;
35 namespace System
.Web
.Util
37 class SecureHashCodeProvider
: IHashCodeProvider
39 static readonly SecureHashCodeProvider singletonInvariant
= new SecureHashCodeProvider (CultureInfo
.InvariantCulture
);
40 static SecureHashCodeProvider singleton
;
41 static readonly object sync
= new object ();
42 static readonly int seed
;
44 TextInfo m_text
; // must match MS name for serialization
46 public static SecureHashCodeProvider Default
{
49 if (singleton
== null) {
50 singleton
= new SecureHashCodeProvider ();
51 } else if (singleton
.m_text
== null) {
52 if (!AreEqual (CultureInfo
.CurrentCulture
, CultureInfo
.InvariantCulture
))
53 singleton
= new SecureHashCodeProvider ();
54 } else if (!AreEqual (singleton
.m_text
, CultureInfo
.CurrentCulture
)) {
55 singleton
= new SecureHashCodeProvider ();
62 public static SecureHashCodeProvider DefaultInvariant
{
63 get { return singletonInvariant; }
66 static SecureHashCodeProvider ()
68 // It should be enough to fend off the attack described in
69 // https://bugzilla.novell.com/show_bug.cgi?id=739119
70 // In order to predict value of the seed, the attacker would have to know the exact time when
71 // the server process started and since it's a remote attack, this is next to impossible.
72 // Using milliseconds instead of ticks here would make it easier for the attackers since there
73 // would only be as many as 1000 possible values
74 seed
= (int)DateTime
.UtcNow
.Ticks
;
77 // Public instance constructor
78 public SecureHashCodeProvider ()
80 CultureInfo culture
= CultureInfo
.CurrentCulture
;
81 if (!AreEqual (culture
, CultureInfo
.InvariantCulture
))
82 m_text
= CultureInfo
.CurrentCulture
.TextInfo
;
85 public SecureHashCodeProvider (CultureInfo culture
)
88 throw new ArgumentNullException ("culture");
89 if (!AreEqual (culture
, CultureInfo
.InvariantCulture
))
90 m_text
= culture
.TextInfo
;
93 static bool AreEqual (CultureInfo a
, CultureInfo b
)
95 return a
.LCID
== b
.LCID
;
98 static bool AreEqual (TextInfo info
, CultureInfo culture
)
100 return info
.LCID
== culture
.LCID
;
103 public int GetHashCode (object obj
)
106 throw new ArgumentNullException ("obj");
108 string str
= obj
as string;
111 return obj
.GetHashCode ();
116 if ((m_text
!= null) && !AreEqual (m_text
, CultureInfo
.InvariantCulture
)) {
117 str
= m_text
.ToLower (str
);
118 for (int i
= 0; i
< str
.Length
; i
++) {
123 for (int i
= 0; i
< str
.Length
; i
++) {
124 c
= Char
.ToLower (str
[i
], CultureInfo
.InvariantCulture
);