This repository has been archived by the owner on May 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
/
HaveIBeenPwnedRestClient.cs
166 lines (135 loc) · 5.47 KB
/
HaveIBeenPwnedRestClient.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
using SharpPwned.NET.Model;
using Newtonsoft.Json;
using System.Collections.Generic;
using SharpPwned.NET.Interfaces;
namespace SharpPwned.NET
{
public class HaveIBeenPwnedRestClient : IHaveIBeenPwnedRestClient
{
private static readonly HttpClient client = new HttpClient();
private readonly string URL = @"https://haveibeenpwned.com/api/v2";
private readonly string passwordRangeURL = @"https://api.pwnedpasswords.com";
private readonly string userAgent;
public HaveIBeenPwnedRestClient(string userAgent = null)
{
this.userAgent = userAgent;
if (string.IsNullOrWhiteSpace(this.userAgent))
{
this.userAgent = "SharpPwned.NET";
}
}
public async Task<List<Paste>> GetPasteAccount(string account)
{
string api = "pasteaccount";
var response = await GETRequestAsync($"{api}/{account}");
if (response.StatusCode == "OK")
{
string body = response.Body;
var allPastes = JsonConvert.DeserializeObject<List<Paste>>(body);
return allPastes;
}
return null;
}
public async Task<Breach> GetBreach(string site)
{
string api = "breach";
var response = await GETRequestAsync($"{api}/{site}");
if (response.StatusCode == "OK")
{
string body = response.Body;
var breach = JsonConvert.DeserializeObject<Breach>(body);
return breach;
}
return null;
}
public async Task<List<Breach>> GetAllBreaches()
{
string api = "breaches";
var response = await GETRequestAsync(api);
List<Breach> AllBreaches = new List<Breach>();
if (response.StatusCode == "OK")
{
string body = response.Body;
AllBreaches = JsonConvert.DeserializeObject<List<Breach>>(body);
return AllBreaches;
}
return AllBreaches;
}
public async Task<List<Breach>> GetAccountBreaches(string account, bool? includeUnverified = false)
{
string api = "breachedaccount";
string includeUnverifiedQueryString = string.Empty;
if(includeUnverified.HasValue && includeUnverified.Value)
{
includeUnverifiedQueryString = "?includeUnverified=true";
}
var response = await GETRequestAsync($"{api}/{account}{includeUnverifiedQueryString}");
List<Breach> AllBreaches = new List<Breach>();
if(response.StatusCode == "OK")
{
string body = response.Body;
AllBreaches = JsonConvert.DeserializeObject<List<Breach>>(body);
return AllBreaches;
}
return AllBreaches;
}
public async Task<bool> IsPasswordPwned(string password)
{
// Compute the SHA1 hash of the string
SHA1 sha1 = SHA1.Create();
byte[] byteString = Encoding.UTF8.GetBytes(password);
byte[] hashBytes = sha1.ComputeHash(byteString);
string hashString = "";
StringBuilder sb = new StringBuilder();
foreach (byte b in hashBytes)
{
sb.Append(b.ToString("X2"));
}
hashString = sb.ToString();
// Break the SHA1 into two pieces:
// 1) the first five characters of the hash
// 2) the rest of the hash
string hashFirstFive = hashString.Substring(0, 5);
string hashLeftover = hashString.Substring(5, hashString.Length - 5);
string api = "range";
var response = await GETRequestAsync($"{api}/{hashFirstFive}", passwordRangeURL);
var responseContainsHash = response.Body.Contains(hashLeftover);
return responseContainsHash;
}
private async Task<Response> GETRequestAsync(string parameters)
{
Response response = await GETRequestAsync(parameters, URL);
return response;
}
private async Task<Response> GETRequestAsync(string parameters, string overrideURL)
{
Response RestResponse = new Response();
Uri uri = new Uri($"{overrideURL}/{parameters}");
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, uri);
HttpResponseMessage response = null;
request.Headers.TryAddWithoutValidation("User-Agent", userAgent);
try
{
response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
string responseBody = await response.Content.ReadAsStringAsync();
string statusCode = response.StatusCode.ToString();
RestResponse.Body = responseBody;
RestResponse.StatusCode = statusCode;
return RestResponse;
}
catch(HttpRequestException e)
{
RestResponse.Body = null;
if (response != null) RestResponse.StatusCode = response.StatusCode.ToString();
RestResponse.HttpException = e.Message;
return RestResponse;
}
}
}
}