diff --git a/EduNetworkBuilder/PersonClass.cs b/EduNetworkBuilder/PersonClass.cs index 09d9ed9..ed464a3 100644 --- a/EduNetworkBuilder/PersonClass.cs +++ b/EduNetworkBuilder/PersonClass.cs @@ -7,6 +7,8 @@ using System.Xml; using System.IO; using System.Windows.Forms; using System.Drawing; +using System.Security.Cryptography; +using System.Security.Cryptography.Xml; namespace EduNetworkBuilder { @@ -30,7 +32,7 @@ namespace EduNetworkBuilder /// public string FullName = ""; - List Passwords = new List(); + string Password = ""; string PasswordHint = ""; /// @@ -79,22 +81,9 @@ namespace EduNetworkBuilder } - public string Password(int index = 0) - { - if (Passwords.Count == 0) return ""; - if (index < 0) return ""; - if (index >= Passwords.Count) return ""; - return Passwords[index]; - } - public void ChangePassword(string NewPassword) { - Passwords.Insert(0, NewPassword); - int maxPWs = 1; - if (isAdmin) - maxPWs = 10; //Admins store the last 10 passwords. If the admin changed his PW, we still need to decrypt the student's files - for (int a = Passwords.Count - 1; a >= maxPWs; a--) - Passwords.RemoveAt(a); //Remove all but the one password + Password = NewPassword; } #region Load and Save @@ -149,7 +138,7 @@ namespace EduNetworkBuilder ChangePassAtFirstLogin = changepw; break; case "password": - Passwords.Add(Individual.InnerText); + Password = Individual.InnerText; break; case "settings": UserSettings = NB.Deserialize(Individual.InnerText); @@ -198,7 +187,12 @@ namespace EduNetworkBuilder writer.WriteEndElement(); writer.WriteEndDocument(); } - doc.Save(filename); + if(TryToEncrypt(doc) != null) + doc.Save(filename); + else + { + //We should blow up gracefully. Not sure why we failed. + } } @@ -222,8 +216,7 @@ namespace EduNetworkBuilder string settingsstring = NB.SerializeObject(UserSettings); writer.WriteElementString("Settings", settingsstring); - foreach(string One in Passwords) - writer.WriteElementString("Password", One); + writer.WriteElementString("Password", Password); foreach (PersonClass PC in Students) PC.Save(writer, true); //Save as a student entry //Save all the devices @@ -233,6 +226,43 @@ namespace EduNetworkBuilder } writer.WriteEndElement(); } + + private XmlDocument TryToEncrypt(XmlDocument What) + { + string UserPassword = UserName + Password; + if (UserPassword == "") return null; //This should never happen + string salt = TrippleDESDocumentEncryption.GenSalt(NB.GetRandom()); + + TripleDES tDESkey = TrippleDESDocumentEncryption.GenKey(UserPassword, salt); + TrippleDESDocumentEncryption xmlTDES = new TrippleDESDocumentEncryption(What, tDESkey); + + try + { + // Encrypt the "user" element. + xmlTDES.Encrypt("User"); + //make the entries for the key + XmlNode tNode = xmlTDES.Doc.CreateElement("EncryptedKey"); + tNode.InnerText = UserPassword; + XmlElement inputElement = xmlTDES.Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; + xmlTDES.Doc.DocumentElement.InsertAfter(tNode, inputElement); + + //add the salt + tNode = xmlTDES.Doc.CreateElement("Salt"); + tNode.InnerText = salt; + xmlTDES.Doc.DocumentElement.InsertAfter(tNode, inputElement); + + //encrypt the user key with the admin key + xmlTDES.SetKey(AltPassword, salt); + xmlTDES.Encrypt("EncryptedKey"); + + } + catch (Exception e) + { + Console.WriteLine(e.Message); + return null; + } + return xmlTDES.Doc; + } #endregion public bool AddHomework(SchoolworkClass ToAdd)