/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="groupPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceType">Either "b" for blobs or "c" for containers.</param>
/// <param name="signature">The signature to use.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetShareAccessSignatureImpl(
SharedAccessPolicy policy,
string groupPolicyIdentifier,
string resourceType,
string signature)
{
CommonUtils.AssertNotNullOrEmpty("resourceType", resourceType);
CommonUtils.AssertNotNull("signature", signature);
UriQueryBuilder builder = new UriQueryBuilder();
// FUTURE blob for blob and container for container
if (policy != null)
{
string permissions = SharedAccessPolicy.PermissionsToString(policy.Permissions);
if (String.IsNullOrEmpty(permissions))
{
permissions = null;
}
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
}
builder.Add(Constants.QueryConstants.SignedResource, resourceType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, groupPolicyIdentifier);
AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
return(builder);
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="groupPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="client">The client whose credentials are to be used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetSharedAccessSignatureHashImpl(
SharedAccessPolicy policy,
string groupPolicyIdentifier,
string resourceName,
CloudBlobClient client)
{
CommonUtils.AssertNotNull("policy", policy);
CommonUtils.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtils.AssertNotNull("client", client);
////StringToSign = signedpermissions + "\n"
//// signedstart + "\n"
//// signedexpiry + "\n"
//// canonicalizedresource + "\n"
//// signedidentifier
////HMAC-SHA256(URL.Decode(UTF8.Encode(StringToSign)))
string stringToSign = string.Format(
"{0}\n{1}\n{2}\n{3}\n{4}",
SharedAccessPolicy.PermissionsToString(policy.Permissions),
GetDateTimeOrEmpty(policy.SharedAccessStartTime),
GetDateTimeOrEmpty(policy.SharedAccessExpiryTime),
resourceName,
groupPolicyIdentifier);
string signature = client.Credentials.ComputeHmac(stringToSign);
return(signature);
}
////public string SharedAccessAuthenticatedURI(Uri uri, string permission) { return ""; }
/// <summary>
/// Writes a collection of shared access policies to the specified stream in XML format.
/// </summary>
/// <param name="sharedAccessPolicies">A collection of shared access policies.</param>
/// <param name="outputStream">An output stream.</param>
public static void WriteSharedAccessIdentifiers(SharedAccessPolicies sharedAccessPolicies, Stream outputStream)
{
CommonUtils.AssertNotNull("sharedAccessPolicies", sharedAccessPolicies);
CommonUtils.AssertNotNull("outputStream", outputStream);
if (sharedAccessPolicies.Count > Constants.MaxSharedAccessPolicyIdentifiers)
{
string errorMessage = string.Format(
CultureInfo.CurrentCulture,
SR.TooManyPolicyIdentifiers,
sharedAccessPolicies.Count,
Constants.MaxSharedAccessPolicyIdentifiers);
throw new ArgumentOutOfRangeException("sharedAccessPolicies", errorMessage);
}
XmlWriterSettings settings = new XmlWriterSettings();
settings.Encoding = Encoding.UTF8;
using (XmlWriter writer = XmlWriter.Create(outputStream, settings))
{
writer.WriteStartElement(Constants.SignedIdentifiers);
foreach (var key in sharedAccessPolicies.Keys)
{
writer.WriteStartElement(Constants.SignedIdentifier);
// Set the identifier
writer.WriteElementString(Constants.Id, key);
// Set the permissions
writer.WriteStartElement(Constants.AccessPolicy);
var policy = sharedAccessPolicies[key];
writer.WriteElementString(
Constants.Start,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
writer.WriteElementString(
Constants.Expiry,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
writer.WriteElementString(
Constants.Permission,
SharedAccessPolicy.PermissionsToString(policy.Permissions));
writer.WriteEndElement();
writer.WriteEndElement();
}
writer.WriteEndDocument();
}
}