/// <summary>
/// Writes a collection of shared access policies to the specified stream in XML format.
/// </summary>
/// <param name="sharedAccessPolicies">A collection of shared access policies.</param>
/// <param name="outputStream">An output stream.</param>
public static void WriteSharedAccessIdentifiers(SharedAccessBlobPolicies sharedAccessPolicies, Stream outputStream)
{
Request.WriteSharedAccessIdentifiers(
sharedAccessPolicies,
outputStream,
(policy, writer) =>
{
writer.WriteElementString(
Constants.Start,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
writer.WriteElementString(
Constants.Expiry,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
writer.WriteElementString(
Constants.Permission,
SharedAccessBlobPolicy.PermissionsToString(policy.Permissions));
});
}
private static UriQueryBuilder GetSignature(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceType,
string signature,
string accountKeyName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange)
{
UriQueryBuilder builder = new UriQueryBuilder();
AddEscapedIfNotNull(builder, SignedVersion, sasVersion);
AddEscapedIfNotNull(builder, SignedResource, resourceType);
AddEscapedIfNotNull(builder, SignedIdentifier, accessPolicyIdentifier);
AddEscapedIfNotNull(builder, SignedKey, accountKeyName);
AddEscapedIfNotNull(builder, Signature, signature);
AddEscapedIfNotNull(builder, SignedProtocols, GetProtocolString(protocols));
AddEscapedIfNotNull(builder, SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString());
if (policy != null)
{
AddEscapedIfNotNull(builder, SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
AddEscapedIfNotNull(builder, SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));
string permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
if (!string.IsNullOrEmpty(permissions))
{
AddEscapedIfNotNull(builder, SignedPermissions, permissions);
}
}
if (headers != null)
{
AddEscapedIfNotNull(builder, CacheControl, headers.CacheControl);
AddEscapedIfNotNull(builder, ContentType, headers.ContentType);
AddEscapedIfNotNull(builder, ContentEncoding, headers.ContentEncoding);
AddEscapedIfNotNull(builder, ContentLanguage, headers.ContentLanguage);
AddEscapedIfNotNull(builder, ContentDisposition, headers.ContentDisposition);
}
return(builder);
}
/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a blob returned with this SAS. Not valid for the 2012-02-12 version.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceType">Either "b" for blobs or "c" for containers.</param>
/// <param name="signature">The signature to use.</param>
/// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format. Value must be <c>2012-02-12</c> or later.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetSignature(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceType,
string signature,
string accountKeyName,
string sasVersion)
{
CommonUtility.AssertNotNullOrEmpty("resourceType", resourceType);
UriQueryBuilder builder = new UriQueryBuilder();
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedResource, resourceType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName);
AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
if (policy != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));
string permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
if (!string.IsNullOrEmpty(permissions))
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
}
}
if (headers != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.CacheControl, headers.CacheControl);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentType, headers.ContentType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentEncoding, headers.ContentEncoding);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentLanguage, headers.ContentLanguage);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentDisposition, headers.ContentDisposition);
}
return(builder);
}
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
//// Note that the final five headers are invalid for the 2012-02-12 version.
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion);
if (string.Equals(sasVersion, Constants.VersionConstants.February2012))
{
if (headers != null)
{
string errorString = string.Format(CultureInfo.CurrentCulture, SR.InvalidHeaders);
throw new ArgumentException(errorString);
}
}
else
{
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
stringToSign = stringToSign + string.Format(
CultureInfo.InvariantCulture,
"\n{0}\n{1}\n{2}\n{3}\n{4}",
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
}
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a blob returned with this SAS.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
GetProtocolString(protocols),
sasVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
private static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = null;
if (sasVersion.StartsWith("2012-02-12"))
{
stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion);
}
else if (string.CompareOrdinal(sasVersion, "2015-04-05") >= 0)
{
stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
GetProtocolString(protocols),
sasVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
}
else
{
stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
}
return(ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the signature hash embedded inside the User Delegation Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a blob returned with this SAS.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="resourceIdentifier">Resource type id string.</param>
/// <param name="snapTime">Time of snapshot if applicable.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="delegationKey">The user delegaion key used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string resourceName,
string sasVersion,
string resourceIdentifier,
DateTimeOffset?snapTime,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
UserDelegationKey delegationKey)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
CommonUtility.AssertNotNull("delegationKey", delegationKey);
CommonUtility.AssertNotNull("delegationKey.SignedOid", delegationKey.SignedOid);
CommonUtility.AssertNotNull("delegationKey.SignedTid", delegationKey.SignedTid);
CommonUtility.AssertNotNull("delegationKey.SignedStart", delegationKey.SignedStart);
CommonUtility.AssertNotNull("delegationKey.SignedExpiry", delegationKey.SignedExpiry);
CommonUtility.AssertNotNullOrEmpty("delegationKey.SignedService", delegationKey.SignedService);
CommonUtility.AssertNotNullOrEmpty("delegationKey.SignedVersion", delegationKey.SignedVersion);
CommonUtility.AssertNotNullOrEmpty("delegationKey.Value", delegationKey.Value);
CommonUtility.AssertNotNull("policy", policy);
CommonUtility.AssertNotNull("policy.SharedAccessExpiryTime", policy.SharedAccessExpiryTime);
CommonUtility.AssertNotNullOrEmpty("policy.Permissions", SharedAccessBlobPolicy.PermissionsToString(policy.Permissions));
string permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
DateTimeOffset?startTime = policy.SharedAccessStartTime;
DateTimeOffset?expiryTime = policy.SharedAccessExpiryTime;
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedoid + "\n" +
//// signedtid + "\n" +
//// signedkeystart + "\n" +
//// signedkeyexpiry + "\n" +
//// signedkeyservice + "\n" +
//// signedkeyverion + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion + "\n" +
//// signedResourceIdentifier + "\n" +
//// signedTimeStamp + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}\n{13}\n{14}\n{15}\n{16}\n{17}\n{18}\n{19}",
permissions,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(startTime),
SharedAccessSignatureHelper.GetDateTimeOrEmpty(expiryTime),
resourceName,
delegationKey.SignedOid,
delegationKey.SignedTid,
delegationKey.SignedStart.Value.UtcDateTime.ToString(Constants.DateTimeFormatter),
delegationKey.SignedExpiry.Value.UtcDateTime.ToString(Constants.DateTimeFormatter),
delegationKey.SignedService,
delegationKey.SignedVersion,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
SharedAccessSignatureHelper.GetProtocolString(protocols),
sasVersion,
resourceIdentifier,
snapTime.ToString(),
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(Convert.FromBase64String(delegationKey.Value), stringToSign));
}
internal static string GetHash(
SharedAccessBlobPolicy policy,
SharedAccessBlobHeaders headers,
string accessPolicyIdentifier,
string resourceName,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessBlobPolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
Constants.HeaderConstants.TargetStorageVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
