// This code is derived from jcifs smb client library <jcifs at samba dot org>
// Ported by J. Arturo <webmaster at komodosoft dot net>
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 2.1 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
using System ;
using SharpCifs.Util ;
using SharpCifs.Util.Sharpen ;
namespace SharpCifs.Smb
{
/// <summary>This class stores and encrypts NTLM user credentials.</summary>
/// <remarks>
/// This class stores and encrypts NTLM user credentials. The default
/// credentials are retrieved from the <tt>jcifs.smb.client.domain</tt>,
/// <tt>jcifs.smb.client.username</tt>, and <tt>jcifs.smb.client.password</tt>
/// properties.
/// <p>
/// Read <a href="../../../authhandler.html">jCIFS Exceptions and
/// NtlmAuthenticator</a> for related information.
/// </remarks>
public sealed class NtlmPasswordAuthentication : Principal
{
private static readonly int LmCompatibility = Config . GetInt ( "jcifs.smb.lmCompatibility"
, 3 ) ;
private static readonly Random Random = new Random ( ) ;
private static LogStream _log = LogStream . GetInstance ( ) ;
private static readonly byte [ ] S8 = { unchecked ( unchecked ( 0x4b ) ) , unchecked ( unchecked ( 0x47 ) ) , unchecked ( unchecked ( 0x53 ) ) , unchecked ( unchecked ( 0x21 ) ) , unchecked ( unchecked ( 0x40 ) ) , unchecked ( unchecked ( 0x23 ) ) , unchecked ( unchecked ( 0x24 ) ) , unchecked ( unchecked ( 0x25 ) ) } ;
// KGS!@#$%
private static void E ( byte [ ] key , byte [ ] data , byte [ ] e )
{
byte [ ] key7 = new byte [ 7 ] ;
byte [ ] e8 = new byte [ 8 ] ;
for ( int i = 0 ; i < key . Length / 7 ; i + + )
{
Array . Copy ( key , i * 7 , key7 , 0 , 7 ) ;
DES des = new DES ( key7 ) ;
des . Encrypt ( data , e8 ) ;
Array . Copy ( e8 , 0 , e , i * 8 , 8 ) ;
}
}
internal static string DefaultDomain ;
internal static string DefaultUsername ;
internal static string DefaultPassword ;
internal static readonly string Blank = string . Empty ;
public static readonly NtlmPasswordAuthentication Anonymous = new NtlmPasswordAuthentication
( string . Empty , string . Empty , string . Empty ) ;
internal static void InitDefaults ( )
{
if ( DefaultDomain ! = null )
{
return ;
}
DefaultDomain = Config . GetProperty ( "jcifs.smb.client.domain" , "?" ) ;
DefaultUsername = Config . GetProperty ( "jcifs.smb.client.username" , "GUEST" ) ;
DefaultPassword = Config . GetProperty ( "jcifs.smb.client.password" , Blank ) ;
}
/// <summary>Generate the ANSI DES hash for the password associated with these credentials.
/// </summary>
/// <remarks>Generate the ANSI DES hash for the password associated with these credentials.
/// </remarks>
public static byte [ ] GetPreNtlmResponse ( string password , byte [ ] challenge )
{
byte [ ] p14 = new byte [ 14 ] ;
byte [ ] p21 = new byte [ 21 ] ;
byte [ ] p24 = new byte [ 24 ] ;
byte [ ] passwordBytes ;
try
{
passwordBytes = Runtime . GetBytesForString ( password . ToUpper ( ) , SmbConstants . OemEncoding ) ;
}
catch ( UnsupportedEncodingException uee )
{
throw new RuntimeException ( "Try setting jcifs.encoding=US-ASCII" , uee ) ;
}
int passwordLength = passwordBytes . Length ;
// Only encrypt the first 14 bytes of the password for Pre 0.12 NT LM
if ( passwordLength > 14 )
{
passwordLength = 14 ;
}
Array . Copy ( passwordBytes , 0 , p14 , 0 , passwordLength ) ;
E ( p14 , S8 , p21 ) ;
E ( p21 , challenge , p24 ) ;
return p24 ;
}
/// <summary>Generate the Unicode MD4 hash for the password associated with these credentials.
/// </summary>
/// <remarks>Generate the Unicode MD4 hash for the password associated with these credentials.
/// </remarks>
public static byte [ ] GetNtlmResponse ( string password , byte [ ] challenge )
{
byte [ ] uni = null ;
byte [ ] p21 = new byte [ 21 ] ;
byte [ ] p24 = new byte [ 24 ] ;
try
{
uni = Runtime . GetBytesForString ( password , SmbConstants . UniEncoding ) ;
}
catch ( UnsupportedEncodingException uee )
{
if ( _log . Level > 0 )
{
Runtime . PrintStackTrace ( uee , _log ) ;
}
}
Md4 md4 = new Md4 ( ) ;
md4 . Update ( uni ) ;
try
{
md4 . Digest ( p21 , 0 , 16 ) ;
}
catch ( Exception ex )
{
if ( _log . Level > 0 )
{
Runtime . PrintStackTrace ( ex , _log ) ;
}
}
E ( p21 , challenge , p24 ) ;
return p24 ;
}
/// <summary>Creates the LMv2 response for the supplied information.</summary>
/// <remarks>Creates the LMv2 response for the supplied information.</remarks>
/// <param name="domain">The domain in which the username exists.</param>
/// <param name="user">The username.</param>
/// <param name="password">The user's password.</param>
/// <param name="challenge">The server challenge.</param>
/// <param name="clientChallenge">The client challenge (nonce).</param>
public static byte [ ] GetLMv2Response ( string domain , string user , string password ,
byte [ ] challenge , byte [ ] clientChallenge )
{
try
{
byte [ ] hash = new byte [ 16 ] ;
byte [ ] response = new byte [ 24 ] ;
// The next 2-1/2 lines of this should be placed with nTOWFv1 in place of password
Md4 md4 = new Md4 ( ) ;
md4 . Update ( Runtime . GetBytesForString ( password , SmbConstants . UniEncoding )
) ;
Hmact64 hmac = new Hmact64 ( md4 . Digest ( ) ) ;
hmac . Update ( Runtime . GetBytesForString ( user . ToUpper ( ) , SmbConstants . UniEncoding
) ) ;
hmac . Update ( Runtime . GetBytesForString ( domain . ToUpper ( ) , SmbConstants . UniEncoding
) ) ;
hmac = new Hmact64 ( hmac . Digest ( ) ) ;
hmac . Update ( challenge ) ;
hmac . Update ( clientChallenge ) ;
hmac . Digest ( response , 0 , 16 ) ;
Array . Copy ( clientChallenge , 0 , response , 16 , 8 ) ;
return response ;
}
catch ( Exception ex )
{
if ( _log . Level > 0 )
{
Runtime . PrintStackTrace ( ex , _log ) ;
}
return null ;
}
}
public static byte [ ] GetNtlm2Response ( byte [ ] nTowFv1 , byte [ ] serverChallenge , byte
[] clientChallenge )
{
byte [ ] sessionHash = new byte [ 8 ] ;
try
{
MessageDigest md5 ;
md5 = MessageDigest . GetInstance ( "MD5" ) ;
md5 . Update ( serverChallenge ) ;
md5 . Update ( clientChallenge , 0 , 8 ) ;
Array . Copy ( md5 . Digest ( ) , 0 , sessionHash , 0 , 8 ) ;
}
catch ( Exception gse )
{
if ( _log . Level > 0 )
{
Runtime . PrintStackTrace ( gse , _log ) ;
}
throw new RuntimeException ( "MD5" , gse ) ;
}
byte [ ] key = new byte [ 21 ] ;
Array . Copy ( nTowFv1 , 0 , key , 0 , 16 ) ;
byte [ ] ntResponse = new byte [ 24 ] ;
E ( key , sessionHash , ntResponse ) ;
return ntResponse ;
}
public static byte [ ] NtowFv1 ( string password )
{
if ( password = = null )
{
throw new RuntimeException ( "Password parameter is required" ) ;
}
try
{
Md4 md4 = new Md4 ( ) ;
md4 . Update ( Runtime . GetBytesForString ( password , SmbConstants . UniEncoding )
) ;
return md4 . Digest ( ) ;
}
catch ( UnsupportedEncodingException uee )
{
throw new RuntimeException ( uee . Message ) ;
}
}
public static byte [ ] NtowFv2 ( string domain , string username , string password )
{
try
{
Md4 md4 = new Md4 ( ) ;
md4 . Update ( Runtime . GetBytesForString ( password , SmbConstants . UniEncoding )
) ;
Hmact64 hmac = new Hmact64 ( md4 . Digest ( ) ) ;
hmac . Update ( Runtime . GetBytesForString ( username . ToUpper ( ) , SmbConstants . UniEncoding
) ) ;
hmac . Update ( Runtime . GetBytesForString ( domain , SmbConstants . UniEncoding ) ) ;
return hmac . Digest ( ) ;
}
catch ( UnsupportedEncodingException uee )
{
throw new RuntimeException ( uee . Message ) ;
}
}
internal static byte [ ] ComputeResponse ( byte [ ] responseKey , byte [ ] serverChallenge
, byte [ ] clientData , int offset , int length )
{
Hmact64 hmac = new Hmact64 ( responseKey ) ;
hmac . Update ( serverChallenge ) ;
hmac . Update ( clientData , offset , length ) ;
byte [ ] mac = hmac . Digest ( ) ;
byte [ ] ret = new byte [ mac . Length + clientData . Length ] ;
Array . Copy ( mac , 0 , ret , 0 , mac . Length ) ;
Array . Copy ( clientData , 0 , ret , mac . Length , clientData . Length ) ;
return ret ;
}
public static byte [ ] GetLMv2Response ( byte [ ] responseKeyLm , byte [ ] serverChallenge
, byte [ ] clientChallenge )
{
return ComputeResponse ( responseKeyLm , serverChallenge
, clientChallenge , 0 , clientChallenge . Length ) ;
}
public static byte [ ] GetNtlMv2Response ( byte [ ] responseKeyNt , byte [ ] serverChallenge
, byte [ ] clientChallenge , long nanos1601 , byte [ ] targetInfo )
{
int targetInfoLength = targetInfo ! = null ? targetInfo . Length : 0 ;
byte [ ] temp = new byte [ 28 + targetInfoLength + 4 ] ;
Encdec . Enc_uint32le ( unchecked ( 0x00000101 ) , temp , 0 ) ;
// Header
Encdec . Enc_uint32le ( unchecked ( 0x00000000 ) , temp , 4 ) ;
// Reserved
Encdec . Enc_uint64le ( nanos1601 , temp , 8 ) ;
Array . Copy ( clientChallenge , 0 , temp , 16 , 8 ) ;
Encdec . Enc_uint32le ( unchecked ( 0x00000000 ) , temp , 24 ) ;
// Unknown
if ( targetInfo ! = null )
{
Array . Copy ( targetInfo , 0 , temp , 28 , targetInfoLength ) ;
}
Encdec . Enc_uint32le ( unchecked ( 0x00000000 ) , temp , 28 + targetInfoLength ) ;
// mystery bytes!
return ComputeResponse ( responseKeyNt , serverChallenge
, temp , 0 , temp . Length ) ;
}
internal static readonly NtlmPasswordAuthentication Null = new NtlmPasswordAuthentication
( string . Empty , string . Empty , string . Empty ) ;
internal static readonly NtlmPasswordAuthentication Guest = new NtlmPasswordAuthentication
( "?" , "GUEST" , string . Empty ) ;
internal static readonly NtlmPasswordAuthentication Default = new NtlmPasswordAuthentication
( null ) ;
internal string Domain ;
internal string Username ;
internal string Password ;
internal byte [ ] AnsiHash ;
internal byte [ ] UnicodeHash ;
internal bool HashesExternal ;
internal byte [ ] ClientChallenge ;
internal byte [ ] Challenge ;
/// <summary>
/// Create an <tt>NtlmPasswordAuthentication</tt> object from the userinfo
/// component of an SMB URL like "<tt>domain;user:pass</tt>".
/// </summary>
/// <remarks>
/// Create an <tt>NtlmPasswordAuthentication</tt> object from the userinfo
/// component of an SMB URL like "<tt>domain;user:pass</tt>". This constructor
/// is used internally be jCIFS when parsing SMB URLs.
/// </remarks>
public NtlmPasswordAuthentication ( string userInfo )
{
Domain = Username = Password = null ;
if ( userInfo ! = null )
{
try
{
userInfo = Unescape ( userInfo ) ;
}
catch ( UnsupportedEncodingException )
{
}
int i ;
int u ;
int end ;
char c ;
end = userInfo . Length ;
for ( i = 0 , u = 0 ; i < end ; i + + )
{
c = userInfo [ i ] ;
if ( c = = ';' )
{
Domain = Runtime . Substring ( userInfo , 0 , i ) ;
u = i + 1 ;
}
else
{
if ( c = = ':' )
{
Password = Runtime . Substring ( userInfo , i + 1 ) ;
break ;
}
}
}
Username = Runtime . Substring ( userInfo , u , i ) ;
}
InitDefaults ( ) ;
if ( Domain = = null )
{
Domain = DefaultDomain ;
}
if ( Username = = null )
{
Username = DefaultUsername ;
}
if ( Password = = null )
{
Password = DefaultPassword ;
}
}
/// <summary>
/// Create an <tt>NtlmPasswordAuthentication</tt> object from a
/// domain, username, and password.
/// </summary>
/// <remarks>
/// Create an <tt>NtlmPasswordAuthentication</tt> object from a
/// domain, username, and password. Parameters that are <tt>null</tt>
/// will be substituted with <tt>jcifs.smb.client.domain</tt>,
/// <tt>jcifs.smb.client.username</tt>, <tt>jcifs.smb.client.password</tt>
/// property values.
/// </remarks>
public NtlmPasswordAuthentication ( string domain , string username , string password
)
{
int ci ;
if ( username ! = null )
{
ci = username . IndexOf ( '@' ) ;
if ( ci > 0 )
{
domain = Runtime . Substring ( username , ci + 1 ) ;
username = Runtime . Substring ( username , 0 , ci ) ;
}
else
{
ci = username . IndexOf ( '\\' ) ;
if ( ci > 0 )
{
domain = Runtime . Substring ( username , 0 , ci ) ;
username = Runtime . Substring ( username , ci + 1 ) ;
}
}
}
this . Domain = domain ;
this . Username = username ;
this . Password = password ;
InitDefaults ( ) ;
if ( domain = = null )
{
this . Domain = DefaultDomain ;
}
if ( username = = null )
{
this . Username = DefaultUsername ;
}
if ( password = = null )
{
this . Password = DefaultPassword ;
}
}
/// <summary>
/// Create an <tt>NtlmPasswordAuthentication</tt> object with raw password
/// hashes.
/// </summary>
/// <remarks>
/// Create an <tt>NtlmPasswordAuthentication</tt> object with raw password
/// hashes. This is used exclusively by the <tt>jcifs.http.NtlmSsp</tt>
/// class which is in turn used by NTLM HTTP authentication functionality.
/// </remarks>
public NtlmPasswordAuthentication ( string domain , string username , byte [ ] challenge
, byte [ ] ansiHash , byte [ ] unicodeHash )
{
if ( domain = = null | | username = = null | | ansiHash = = null | | unicodeHash = = null )
{
throw new ArgumentException ( "External credentials cannot be null" ) ;
}
this . Domain = domain ;
this . Username = username ;
Password = null ;
this . Challenge = challenge ;
this . AnsiHash = ansiHash ;
this . UnicodeHash = unicodeHash ;
HashesExternal = true ;
}
/// <summary>Returns the domain.</summary>
/// <remarks>Returns the domain.</remarks>
public string GetDomain ( )
{
return Domain ;
}
/// <summary>Returns the username.</summary>
/// <remarks>Returns the username.</remarks>
public string GetUsername ( )
{
return Username ;
}
/// <summary>
/// Returns the password in plain text or <tt>null</tt> if the raw password
/// hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
/// object which will be the case when NTLM HTTP Authentication is
/// used.
/// </summary>
/// <remarks>
/// Returns the password in plain text or <tt>null</tt> if the raw password
/// hashes were used to construct this <tt>NtlmPasswordAuthentication</tt>
/// object which will be the case when NTLM HTTP Authentication is
/// used. There is no way to retrieve a users password in plain text unless
/// it is supplied by the user at runtime.
/// </remarks>
public string GetPassword ( )
{
return Password ;
}
/// <summary>
/// Return the domain and username in the format:
/// <tt>domain\\username</tt>.
/// </summary>
/// <remarks>
/// Return the domain and username in the format:
/// <tt>domain\\username</tt>. This is equivalent to <tt>toString()</tt>.
/// </remarks>
public new string GetName ( )
{
bool d = Domain . Length > 0 & & Domain . Equals ( "?" ) = = false ;
return d ? Domain + "\\" + Username : Username ;
}
/// <summary>Computes the 24 byte ANSI password hash given the 8 byte server challenge.
/// </summary>
/// <remarks>Computes the 24 byte ANSI password hash given the 8 byte server challenge.
/// </remarks>
public byte [ ] GetAnsiHash ( byte [ ] challenge )
{
if ( HashesExternal )
{
return AnsiHash ;
}
switch ( LmCompatibility )
{
case 0 :
case 1 :
{
return GetPreNtlmResponse ( Password , challenge ) ;
}
case 2 :
{
return GetNtlmResponse ( Password , challenge ) ;
}
case 3 :
case 4 :
case 5 :
{
if ( ClientChallenge = = null )
{
ClientChallenge = new byte [ 8 ] ;
Random . NextBytes ( ClientChallenge ) ;
}
return GetLMv2Response ( Domain , Username , Password , challenge , ClientChallenge ) ;
}
default :
{
return GetPreNtlmResponse ( Password , challenge ) ;
}
}
}
/// <summary>Computes the 24 byte Unicode password hash given the 8 byte server challenge.
/// </summary>
/// <remarks>Computes the 24 byte Unicode password hash given the 8 byte server challenge.
/// </remarks>
public byte [ ] GetUnicodeHash ( byte [ ] challenge )
{
if ( HashesExternal )
{
return UnicodeHash ;
}
switch ( LmCompatibility )
{
case 0 :
case 1 :
case 2 :
{
return GetNtlmResponse ( Password , challenge ) ;
}
case 3 :
case 4 :
case 5 :
{
return new byte [ 0 ] ;
}
default :
{
return GetNtlmResponse ( Password , challenge ) ;
}
}
}
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
public byte [ ] GetSigningKey ( byte [ ] challenge )
{
switch ( LmCompatibility )
{
case 0 :
case 1 :
case 2 :
{
byte [ ] signingKey = new byte [ 40 ] ;
GetUserSessionKey ( challenge , signingKey , 0 ) ;
Array . Copy ( GetUnicodeHash ( challenge ) , 0 , signingKey , 16 , 24 ) ;
return signingKey ;
}
case 3 :
case 4 :
case 5 :
{
throw new SmbException ( "NTLMv2 requires extended security (jcifs.smb.client.useExtendedSecurity must be true if jcifs.smb.lmCompatibility >= 3)"
) ;
}
}
return null ;
}
/// <summary>Returns the effective user session key.</summary>
/// <remarks>Returns the effective user session key.</remarks>
/// <param name="challenge">The server challenge.</param>
/// <returns>
/// A <code>byte[]</code> containing the effective user session key,
/// used in SMB MAC signing and NTLMSSP signing and sealing.
/// </returns>
public byte [ ] GetUserSessionKey ( byte [ ] challenge )
{
if ( HashesExternal )
{
return null ;
}
byte [ ] key = new byte [ 16 ] ;
try
{
GetUserSessionKey ( challenge , key , 0 ) ;
}
catch ( Exception ex )
{
if ( _log . Level > 0 )
{
Runtime . PrintStackTrace ( ex , _log ) ;
}
}
return key ;
}
/// <summary>Calculates the effective user session key.</summary>
/// <remarks>Calculates the effective user session key.</remarks>
/// <param name="challenge">The server challenge.</param>
/// <param name="dest">
/// The destination array in which the user session key will be
/// placed.
/// </param>
/// <param name="offset">
/// The offset in the destination array at which the
/// session key will start.
/// </param>
/// <exception cref="SharpCifs.Smb.SmbException"></exception>
internal void GetUserSessionKey ( byte [ ] challenge , byte [ ] dest , int offset )
{
if ( HashesExternal )
{
return ;
}
try
{
Md4 md4 = new Md4 ( ) ;
md4 . Update ( Runtime . GetBytesForString ( Password , SmbConstants . UniEncoding )
) ;
switch ( LmCompatibility )
{
case 0 :
case 1 :
case 2 :
{
md4 . Update ( md4 . Digest ( ) ) ;
md4 . Digest ( dest , offset , 16 ) ;
break ;
}
case 3 :
case 4 :
case 5 :
{
if ( ClientChallenge = = null )
{
ClientChallenge = new byte [ 8 ] ;
Random . NextBytes ( ClientChallenge ) ;
}
Hmact64 hmac = new Hmact64 ( md4 . Digest ( ) ) ;
hmac . Update ( Runtime . GetBytesForString ( Username . ToUpper ( ) , SmbConstants . UniEncoding
) ) ;
hmac . Update ( Runtime . GetBytesForString ( Domain . ToUpper ( ) , SmbConstants . UniEncoding
) ) ;
byte [ ] ntlmv2Hash = hmac . Digest ( ) ;
hmac = new Hmact64 ( ntlmv2Hash ) ;
hmac . Update ( challenge ) ;
hmac . Update ( ClientChallenge ) ;
Hmact64 userKey = new Hmact64 ( ntlmv2Hash ) ;
userKey . Update ( hmac . Digest ( ) ) ;
userKey . Digest ( dest , offset , 16 ) ;
break ;
}
default :
{
md4 . Update ( md4 . Digest ( ) ) ;
md4 . Digest ( dest , offset , 16 ) ;
break ;
}
}
}
catch ( Exception e )
{
throw new SmbException ( string . Empty , e ) ;
}
}
/// <summary>
/// Compares two <tt>NtlmPasswordAuthentication</tt> objects for
/// equality.
/// </summary>
/// <remarks>
/// Compares two <tt>NtlmPasswordAuthentication</tt> objects for
/// equality. Two <tt>NtlmPasswordAuthentication</tt> objects are equal if
/// their caseless domain and username fields are equal and either both hashes are external and they are equal or both internally supplied passwords are equal. If one <tt>NtlmPasswordAuthentication</tt> object has external hashes (meaning negotiated via NTLM HTTP Authentication) and the other does not they will not be equal. This is technically not correct however the server 8 byte challage would be required to compute and compare the password hashes but that it not available with this method.
/// </remarks>
public override bool Equals ( object obj )
{
if ( obj is NtlmPasswordAuthentication )
{
NtlmPasswordAuthentication ntlm = ( NtlmPasswordAuthentication
) obj ;
if ( ntlm . Domain . ToUpper ( ) . Equals ( Domain . ToUpper ( ) ) & & ntlm . Username . ToUpper ( ) . Equals
( Username . ToUpper ( ) ) )
{
if ( HashesExternal & & ntlm . HashesExternal )
{
return Arrays . Equals ( AnsiHash , ntlm . AnsiHash ) & & Arrays . Equals ( UnicodeHash , ntlm .
UnicodeHash ) ;
}
if ( ! HashesExternal & & Password . Equals ( ntlm . Password ) )
{
return true ;
}
}
}
return false ;
}
/// <summary>Return the upcased username hash code.</summary>
/// <remarks>Return the upcased username hash code.</remarks>
public override int GetHashCode ( )
{
return GetName ( ) . ToUpper ( ) . GetHashCode ( ) ;
}
/// <summary>
/// Return the domain and username in the format:
/// <tt>domain\\username</tt>.
/// </summary>
/// <remarks>
/// Return the domain and username in the format:
/// <tt>domain\\username</tt>. This is equivalent to <tt>getName()</tt>.
/// </remarks>
public override string ToString ( )
{
return GetName ( ) ;
}
/// <exception cref="System.FormatException"></exception>
/// <exception cref="UnsupportedEncodingException"></exception>
internal static string Unescape ( string str )
{
char ch ;
int i ;
int j ;
int state ;
int len ;
char [ ] @out ;
byte [ ] b = new byte [ 1 ] ;
if ( str = = null )
{
return null ;
}
len = str . Length ;
@out = new char [ len ] ;
state = 0 ;
for ( i = j = 0 ; i < len ; i + + )
{
switch ( state )
{
case 0 :
{
ch = str [ i ] ;
if ( ch = = '%' )
{
state = 1 ;
}
else
{
@out [ j + + ] = ch ;
}
break ;
}
case 1 :
{
b [ 0 ] = unchecked ( ( byte ) ( Convert . ToInt32 ( Runtime . Substring ( str , i ,
i + 2 ) , 16 ) & unchecked ( 0xFF ) ) ) ;
@out [ j + + ] = ( Runtime . GetStringForBytes ( b , 0 , 1 , "ASCII" ) ) [ 0 ] ;
i + + ;
state = 0 ;
break ;
}
}
}
return new string ( @out , 0 , j ) ;
}
}
}