protected internal override IEnumerable <IAsyncResult> AuthorizePublicAccess(AsyncIteratorContext <AuthorizationResult> context, AuthorizationResult authorizationResult, IStorageManager storageManager, string resourceAccount, string resourceContainer, string resourceIdentifier, IAccountIdentifier requestor, PermissionLevel permission, Duration d, TimeSpan timeout)
{
using (IBlobContainer blobContainer = storageManager.CreateBlobContainerInstance(resourceAccount, resourceContainer))
{
blobContainer.Timeout = d.Remaining(timeout);
IAsyncResult asyncResult = blobContainer.BeginGetProperties(ContainerPropertyNames.ServiceMetadata, null, context.GetResumeCallback(), context.GetResumeState("NephosAuthorizationManager.AuthorizeRequestImpl"));
yield return(asyncResult);
try
{
blobContainer.EndGetProperties(asyncResult);
}
catch (ContainerNotFoundException containerNotFoundException)
{
throw new ContainerUnauthorizedException(resourceAccount, resourceContainer, resourceIdentifier, requestor, permission, containerNotFoundException);
}
catch (ServerBusyException serverBusyException)
{
Logger <IRestProtocolHeadLogger> .Instance.ErrorDebug.Log("Got ServerBusy while trying to get container Acl settings during Authorization so not continuing");
throw;
}
catch (TimeoutException timeoutException)
{
Logger <IRestProtocolHeadLogger> .Instance.ErrorDebug.Log("Request timed out while trying to get container Acl settings during Authorization so not continuing");
throw;
}
catch (StorageManagerException storageManagerException1)
{
StorageManagerException storageManagerException = storageManagerException1;
IStringDataEventStream verboseDebug = Logger <IRestProtocolHeadLogger> .Instance.VerboseDebug;
verboseDebug.Log("Got and swallowed exception when accessing acl setting for authorization: {0}", new object[] { storageManagerException });
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
goto Label0;
}
string str = (new ContainerAclSettings(blobContainer.ServiceMetadata)).PublicAccessLevel;
if (!string.IsNullOrEmpty(str))
{
if (string.IsNullOrEmpty(resourceIdentifier))
{
if (Comparison.StringEqualsIgnoreCase(str, "container") || Comparison.StringEqualsIgnoreCase(str, bool.TrueString))
{
authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable;
authorizationResult.Authorized = true;
context.ResultData = authorizationResult;
goto Label0;
}
}
else if (Comparison.StringEqualsIgnoreCase(str, "blob") || Comparison.StringEqualsIgnoreCase(str, "container") || Comparison.StringEqualsIgnoreCase(str, bool.TrueString))
{
authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable;
authorizationResult.Authorized = true;
context.ResultData = authorizationResult;
goto Label0;
}
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
else
{
authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure;
authorizationResult.Authorized = false;
context.ResultData = authorizationResult;
}
}
Label0:
yield break;
}
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context)
{
bool flag;
SignedAccessHelper blobSignedAccessHelper;
IStorageAccount operationStatus;
ContainerAclSettings containerAclSetting;
Duration startingNow = Duration.StartingNow;
NameValueCollection queryParameters = requestContext.QueryParameters;
if (AuthenticationManager.IsInvalidAccess(requestContext))
{
throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access");
}
bool flag1 = AuthenticationManager.IsAuthenticatedAccess(requestContext);
bool flag2 = AuthenticationManager.IsSignatureAccess(requestContext);
flag = (!flag1 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey"));
bool flag3 = flag;
bool flag4 = (flag1 ? false : !flag2);
bool flag5 = string.IsNullOrEmpty(requestContext.RequestHeaderRestVersion);
if (this.DenyUnversionedAuthenticatedAccess && flag5 && flag1)
{
throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "Unversioned authenticated access is not allowed.", new object[0]));
}
if ((!flag1 || flag3) && !flag4)
{
NephosAssertionException.Assert((flag2 ? true : flag3));
bool flag6 = (flag2 ? false : flag3);
if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters))
{
blobSignedAccessHelper = new BlobSignedAccessHelper(requestContext, uriComponents);
}
else
{
if (flag6)
{
throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS.");
}
blobSignedAccessHelper = new AccountSasHelper(requestContext, uriComponents);
}
blobSignedAccessHelper.ParseAccessPolicyFields(flag6);
blobSignedAccessHelper.PerformSignedAccessAuthenticationFirstPhaseValidations();
AccountIdentifier signedAccessAccountIdentifier = null;
if (!flag6)
{
byte[] sign = blobSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign();
if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName))
{
try
{
operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName);
if (requestContext != null)
{
operationStatus.OperationStatus = requestContext.OperationStatus;
}
}
catch (ArgumentOutOfRangeException argumentOutOfRangeException)
{
throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0]));
}
operationStatus.Timeout = startingNow.Remaining(timeout);
IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult);
try
{
operationStatus.EndGetProperties(asyncResult);
}
catch (AccountNotFoundException accountNotFoundException1)
{
AccountNotFoundException accountNotFoundException = accountNotFoundException1;
CultureInfo invariantCulture = CultureInfo.InvariantCulture;
object[] name = new object[] { operationStatus.Name };
throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException);
}
catch (Exception exception1)
{
Exception exception = exception1;
IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning;
object[] objArray = new object[] { operationStatus.Name, exception };
warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray);
throw;
}
}
else
{
operationStatus = storageAccount;
}
if (!blobSignedAccessHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3))
{
throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign)));
}
NephosAssertionException.Assert(blobSignedAccessHelper.KeyUsedForSigning != null, "Key used for signing cannot be null");
signedAccessAccountIdentifier = blobSignedAccessHelper.CreateAccountIdentifier(operationStatus);
if (storageAccount != operationStatus)
{
operationStatus.Dispose();
}
}
else
{
IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult1);
IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1);
signedAccessAccountIdentifier = new SignedAccessAccountIdentifier(authenticationResult.AccountIdentifier);
}
if (blobSignedAccessHelper.IsRevocableAccess)
{
using (IBlobContainer blobContainer = this.storageManager.CreateBlobContainerInstance(uriComponents.AccountName, uriComponents.ContainerName))
{
ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata;
if (requestContext != null)
{
blobContainer.OperationStatus = requestContext.OperationStatus;
}
blobContainer.Timeout = startingNow.Remaining(timeout);
IAsyncResult asyncResult2 = blobContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult2);
try
{
blobContainer.EndGetProperties(asyncResult2);
}
catch (Exception exception3)
{
Exception exception2 = exception3;
if (exception2 is ContainerNotFoundException)
{
throw new AuthenticationFailureException("Error locating SAS identifier", exception2);
}
IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning;
object[] accountName = new object[] { uriComponents.AccountName, uriComponents.ContainerName, exception2 };
stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName);
throw;
}
try
{
containerAclSetting = new ContainerAclSettings(blobContainer.ServiceMetadata);
}
catch (MetadataFormatException metadataFormatException1)
{
MetadataFormatException metadataFormatException = metadataFormatException1;
throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", uriComponents.ContainerName), metadataFormatException);
}
}
try
{
blobSignedAccessHelper.ValidateAndDeriveEffectiveAccessPolicy(blobSignedAccessHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers));
blobSignedAccessHelper.PerformSignedAccessAuthenticationSecondPhaseValidations();
signedAccessAccountIdentifier.Initialize(blobSignedAccessHelper);
context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, blobSignedAccessHelper.SignedVersion, true);
}
catch (FormatException formatException)
{
throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
}
}
else
{
signedAccessAccountIdentifier.Initialize(blobSignedAccessHelper);
context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, blobSignedAccessHelper.SignedVersion, true);
}
}
else
{
IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult3);
context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3);
}
}
