private Task <HttpResponseMessage> GetSharedKeyAuthenticationTask(StorageRequestMessage request, CancellationToken cancellationToken)
{
StorageRequestMessage storageRequest = request as StorageRequestMessage;
ICanonicalizer canonicalizer = storageRequest.Canonicalizer;
StorageCredentials credentials = storageRequest.Credentials;
string accountName = storageRequest.AccountName;
if (!request.Headers.Contains(Constants.HeaderConstants.Date))
{
string dateString = HttpWebUtility.ConvertDateTimeToHttpString(DateTimeOffset.UtcNow);
request.Headers.Add(Constants.HeaderConstants.Date, dateString);
}
if (credentials.IsSharedKey)
{
StorageAccountKey accountKey = credentials.Key;
if (!string.IsNullOrEmpty(accountKey.KeyName))
{
request.Headers.Add(Constants.HeaderConstants.KeyNameHeader, accountKey.KeyName);
}
string message = canonicalizer.CanonicalizeHttpRequest(request, accountName);
string signature = CryptoUtility.ComputeHmac256(accountKey.KeyValue, message);
request.Headers.Authorization = new AuthenticationHeaderValue(
canonicalizer.AuthorizationScheme,
string.Format(CultureInfo.InvariantCulture, "{0}:{1}", credentials.AccountName, signature));
}
return(base.SendAsync(request, cancellationToken));
}
/// <summary>
/// Signs the specified HTTP request with a shared key.
/// </summary>
/// <param name="request">The HTTP request to sign.</param>
/// <param name="operationContext">An <see cref="OperationContext"/> object for tracking the current operation.</param>
public void SignRequest(HttpWebRequest request, OperationContext operationContext)
{
CommonUtility.AssertNotNull("request", request);
string dateString = HttpWebUtility.ConvertDateTimeToHttpString(DateTime.UtcNow);
request.Headers.Add(Constants.HeaderConstants.Date, dateString);
if (this.credentials.IsSharedKey)
{
string message = this.canonicalizer.CanonicalizeHttpRequest(request, this.accountName);
Logger.LogVerbose(operationContext, SR.TraceStringToSign, message);
StorageAccountKey accountKey = this.credentials.Key;
string signature = CryptoUtility.ComputeHmac256(accountKey.KeyValue, message);
if (!string.IsNullOrEmpty(accountKey.KeyName))
{
request.Headers.Add(Constants.HeaderConstants.KeyNameHeader, accountKey.KeyName);
}
request.Headers.Add(
"Authorization",
string.Format(CultureInfo.InvariantCulture, "{0} {1}:{2}", this.canonicalizer.AuthorizationScheme, this.credentials.AccountName, signature));
}
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="permissions">The permissions string for the resource, or null.</param>
/// <param name="startTime">The start time, or null.</param>
/// <param name="expiryTime">The expiration time, or null.</param>
/// <param name="startPartitionKey">The start partition key, or null.</param>
/// <param name="startRowKey">The start row key, or null.</param>
/// <param name="endPartitionKey">The end partition key, or null.</param>
/// <param name="endRowKey">The end row key, or null.</param>
/// <param name="useTableSas">Whether to use the table string-to-sign.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="credentials">The credentials to be used for signing.</param>
/// <returns>The signed hash.</returns>
private static string GetSharedAccessSignatureHashImpl(
string permissions,
DateTimeOffset?startTime,
DateTimeOffset?expiryTime,
string startPartitionKey,
string startRowKey,
string endPartitionKey,
string endRowKey,
bool useTableSas,
string accessPolicyIdentifier,
string resourceName,
StorageCredentials credentials)
{
CommonUtils.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtils.AssertNotNull("credentials", credentials);
if (!credentials.IsSharedKey)
{
throw new ArgumentException();
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion
////
//// TableStringToSign = StringToSign + "\n" +
//// startpk + "\n" +
//// startrk + "\n" +
//// endpk + "\n" +
//// endrk
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string stringToSign = string.Format(
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
Constants.HeaderConstants.TargetStorageVersion);
if (useTableSas)
{
stringToSign = string.Format(
"{0}\n{1}\n{2}\n{3}\n{4}",
stringToSign,
startPartitionKey,
startRowKey,
endPartitionKey,
endRowKey);
}
string signature = CryptoUtility.ComputeHmac256(credentials.KeyValue, stringToSign);
return(signature);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string dateString = HttpUtility.ConvertDateTimeToHttpString(DateTimeOffset.UtcNow);
request.Headers.Add(Constants.HeaderConstants.Date, dateString);
if (this.credentials.IsSharedKey)
{
string message = this.canonicalizer.CanonicalizeHttpRequest(request, this.accountName);
#if RTMD
string signature = CryptoUtility.ComputeHmac256(this.credentials.KeyValue, message);
#else
string signature = CryptoUtility.ComputeHmac256(this.credentials.ExportKey(), message);
#endif
if (!string.IsNullOrEmpty(this.credentials.KeyName))
{
request.Headers.Add(Constants.HeaderConstants.KeyNameHeader, this.credentials.KeyName);
}
request.Headers.Authorization = new AuthenticationHeaderValue(
this.canonicalizer.AuthorizationScheme,
string.Format(CultureInfo.InvariantCulture, "{0}:{1}", this.credentials.AccountName, signature));
}
return(base.SendAsync(request, cancellationToken));
}
public void SignRequest(HttpWebRequest request, OperationContext operationContext)
{
string dateString = HttpUtility.ConvertDateTimeToHttpString(DateTime.UtcNow);
request.Headers.Add(Constants.HeaderConstants.Date, dateString);
if (this.credentials.IsSharedKey)
{
// Canonicalize request
string message = this.canonicalizer.CanonicalizeHttpRequest(request, this.resourceAccountName);
// Compute hash
string computedBase64Signature = CryptoUtility.ComputeHmac256(this.credentials.KeyValue, message);
// Add authorization headers
if (!string.IsNullOrEmpty(this.credentials.KeyName))
{
request.Headers.Add(Constants.HeaderConstants.KeyNameHeader, this.credentials.KeyName);
}
request.Headers.Add(
"Authorization",
string.Format(CultureInfo.InvariantCulture, "{0} {1}:{2}", this.canonicalizer.AuthorizationScheme, this.credentials.AccountName, computedBase64Signature));
}
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param>
/// <param name="startRowKey">The start row key, or <c>null</c>.</param>
/// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param>
/// <param name="endRowKey">The end row key, or <c>null</c>.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessTablePolicy policy,
string accessPolicyIdentifier,
string startPartitionKey,
string startRowKey,
string endPartitionKey,
string endRowKey,
string resourceName,
string sasVersion,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion + "\n" +
//// startpk + "\n" +
//// startrk + "\n" +
//// endpk + "\n" +
//// endrk
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion,
startPartitionKey,
startRowKey,
endPartitionKey,
endRowKey);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
GetProtocolString(protocols),
sasVersion);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
internal static string GetHash(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
private Task <HttpResponseMessage> GetSharedKeyAuthenticationTask(StorageRequestMessage request, CancellationToken cancellationToken)
{
ICanonicalizer canonicalizer = request.Canonicalizer;
StorageCredentials credentials = request.Credentials;
string accountName = request.AccountName;
if (!request.Headers.Contains("x-ms-date"))
{
string value = HttpWebUtility.ConvertDateTimeToHttpString(DateTimeOffset.UtcNow);
request.Headers.Add("x-ms-date", value);
}
if (credentials.IsSharedKey)
{
string key = credentials.Key;
string message = canonicalizer.CanonicalizeHttpRequest(request, accountName);
string arg = CryptoUtility.ComputeHmac256(key, message);
request.Headers.Authorization = new AuthenticationHeaderValue(canonicalizer.AuthorizationScheme, string.Format(CultureInfo.InvariantCulture, "{0}:{1}", credentials.AccountName, arg));
}
return(base.SendAsync((HttpRequestMessage)request, cancellationToken));
}
internal static void AddSharedKeyAuth(StorageRequestMessage request)
{
string accountName = request.AccountName;
StorageCredentials credentials = request.Credentials;
ICanonicalizer canonicalizer = request.Canonicalizer;
if (credentials.IsSharedKey)
{
StorageAccountKey accountKey = credentials.Key;
if (!string.IsNullOrEmpty(accountKey.KeyName))
{
request.Headers.Add(Constants.HeaderConstants.KeyNameHeader, accountKey.KeyName);
}
string message = canonicalizer.CanonicalizeHttpRequest(request, accountName);
string signature = CryptoUtility.ComputeHmac256(accountKey.KeyValue, message);
request.Headers.Authorization = new AuthenticationHeaderValue(
canonicalizer.AuthorizationScheme,
string.Format(CultureInfo.InvariantCulture, "{0}:{1}", credentials.AccountName, signature));
}
}
internal static string GetHash(
SharedAccessAccountPolicy policy,
string accountName,
string sasVersion,
byte[] keyValue)
{
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}",
accountName,
SharedAccessAccountPolicy.PermissionsToString(policy.Permissions),
SharedAccessAccountPolicy.ServicesToString(policy.Services),
SharedAccessAccountPolicy.ResourceTypesToString(policy.ResourceTypes),
GetDateTimeOrEmpty(policy.SharedAccessStartTime),
GetDateTimeOrEmpty(policy.SharedAccessExpiryTime),
policy.IPAddressOrRange == null ? string.Empty : policy.IPAddressOrRange.ToString(),
GetProtocolString(policy.Protocols),
sasVersion,
string.Empty);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a file returned with this SAS.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessFilePolicy policy,
SharedAccessFileHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}",
permissions,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(startTime),
SharedAccessSignatureHelper.GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
SharedAccessSignatureHelper.GetProtocolString(protocols),
sasVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
//// Note that the final five headers are invalid for the 2012-02-12 version.
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion);
if (string.Equals(sasVersion, Constants.VersionConstants.February2012))
{
if (headers != null)
{
string errorString = string.Format(CultureInfo.CurrentCulture, SR.InvalidHeaders);
throw new ArgumentException(errorString);
}
}
else
{
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
stringToSign = stringToSign + string.Format(
CultureInfo.InvariantCulture,
"\n{0}\n{1}\n{2}\n{3}\n{4}",
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
}
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the signature hash embedded inside the User Delegation Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a blob returned with this SAS.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="resourceIdentifier">Resource type id string.</param>
/// <param name="snapTime">Time of snapshot if applicable.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="delegationKey">The user delegaion key used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string resourceName,
string sasVersion,
string resourceIdentifier,
DateTimeOffset?snapTime,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
UserDelegationKey delegationKey)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
CommonUtility.AssertNotNull("delegationKey", delegationKey);
CommonUtility.AssertNotNull("delegationKey.SignedOid", delegationKey.SignedOid);
CommonUtility.AssertNotNull("delegationKey.SignedTid", delegationKey.SignedTid);
CommonUtility.AssertNotNull("delegationKey.SignedStart", delegationKey.SignedStart);
CommonUtility.AssertNotNull("delegationKey.SignedExpiry", delegationKey.SignedExpiry);
CommonUtility.AssertNotNullOrEmpty("delegationKey.SignedService", delegationKey.SignedService);
CommonUtility.AssertNotNullOrEmpty("delegationKey.SignedVersion", delegationKey.SignedVersion);
CommonUtility.AssertNotNullOrEmpty("delegationKey.Value", delegationKey.Value);
CommonUtility.AssertNotNull("policy", policy);
CommonUtility.AssertNotNull("policy.SharedAccessExpiryTime", policy.SharedAccessExpiryTime);
CommonUtility.AssertNotNullOrEmpty("policy.Permissions", SharedAccessBlobPolicy.PermissionsToString(policy.Permissions));
string permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
DateTimeOffset?startTime = policy.SharedAccessStartTime;
DateTimeOffset?expiryTime = policy.SharedAccessExpiryTime;
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedoid + "\n" +
//// signedtid + "\n" +
//// signedkeystart + "\n" +
//// signedkeyexpiry + "\n" +
//// signedkeyservice + "\n" +
//// signedkeyverion + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion + "\n" +
//// signedResourceIdentifier + "\n" +
//// signedTimeStamp + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}\n{13}\n{14}\n{15}\n{16}\n{17}\n{18}\n{19}",
permissions,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(startTime),
SharedAccessSignatureHelper.GetDateTimeOrEmpty(expiryTime),
resourceName,
delegationKey.SignedOid,
delegationKey.SignedTid,
delegationKey.SignedStart.Value.UtcDateTime.ToString(Constants.DateTimeFormatter),
delegationKey.SignedExpiry.Value.UtcDateTime.ToString(Constants.DateTimeFormatter),
delegationKey.SignedService,
delegationKey.SignedVersion,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
SharedAccessSignatureHelper.GetProtocolString(protocols),
sasVersion,
resourceIdentifier,
snapTime.ToString(),
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(Convert.FromBase64String(delegationKey.Value), stringToSign));
}
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceName,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
Constants.HeaderConstants.TargetStorageVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
