Exemple #1
0
        /// <summary>
        /// Get the signature hash embedded inside the Shared Access Signature.
        /// </summary>
        /// <param name="policy">The shared access policy to hash.</param>
        /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
        /// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param>
        /// <param name="startRowKey">The start row key, or <c>null</c>.</param>
        /// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param>
        /// <param name="endRowKey">The end row key, or <c>null</c>.</param>
        /// <param name="resourceName">The canonical resource string, unescaped.</param>
        /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
        /// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
        /// <returns>The signed hash.</returns>
        internal static string GetHash(
            SharedAccessTablePolicy policy,
            string accessPolicyIdentifier,
            string startPartitionKey,
            string startRowKey,
            string endPartitionKey,
            string endRowKey,
            string resourceName,
            string sasVersion,
            byte[] keyValue)
        {
            CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
            CommonUtility.AssertNotNull("keyValue", keyValue);
            CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);

            string         permissions = null;
            DateTimeOffset?startTime   = null;
            DateTimeOffset?expiryTime  = null;

            if (policy != null)
            {
                permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions);
                startTime   = policy.SharedAccessStartTime;
                expiryTime  = policy.SharedAccessExpiryTime;
            }

            //// StringToSign =      signedpermissions + "\n" +
            ////                     signedstart + "\n" +
            ////                     signedexpiry + "\n" +
            ////                     canonicalizedresource + "\n" +
            ////                     signedidentifier + "\n" +
            ////                     signedversion + "\n" +
            ////                     startpk + "\n" +
            ////                     startrk + "\n" +
            ////                     endpk + "\n" +
            ////                     endrk
            ////
            //// HMAC-SHA256(UTF8.Encode(StringToSign))

            string stringToSign = string.Format(
                CultureInfo.InvariantCulture,
                "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}",
                permissions,
                GetDateTimeOrEmpty(startTime),
                GetDateTimeOrEmpty(expiryTime),
                resourceName,
                accessPolicyIdentifier,
                sasVersion,
                startPartitionKey,
                startRowKey,
                endPartitionKey,
                endRowKey);

            Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);

            return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
        }
Exemple #2
0
 private static void WriteSharedAccessIdentifiers(SharedAccessTablePolicies sharedAccessPolicies, Stream outputStream)
 {
     WriteSharedAccessIdentifiers(sharedAccessPolicies, outputStream, delegate(SharedAccessTablePolicy policy, XmlWriter writer)
     {
         writer.WriteElementString("Start", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
         writer.WriteElementString("Expiry", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
         writer.WriteElementString("Permission", SharedAccessTablePolicy.PermissionsToString(policy.Permissions));
     });
 }
Exemple #3
0
        /// <summary>
        /// Get the complete query builder for creating the Shared Access Signature query.
        /// </summary>
        /// <param name="policy">The shared access policy to hash.</param>
        /// <param name="tableName">The name of the table associated with this shared access signature.</param>
        /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
        /// <param name="startPartitionKey">The start partition key, or null.</param>
        /// <param name="startRowKey">The start row key, or null.</param>
        /// <param name="endPartitionKey">The end partition key, or null.</param>
        /// <param name="endRowKey">The end row key, or null.</param>
        /// <param name="signature">The signature to use.</param>
        /// <param name="accountKeyName">The name of the key used to create the signature, or null if the key is implicit.</param>
        /// <returns>The finished query builder.</returns>
        internal static UriQueryBuilder GetSharedAccessSignatureImpl(
            SharedAccessTablePolicy policy,
            string tableName,
            string accessPolicyIdentifier,
            string startPartitionKey,
            string startRowKey,
            string endPartitionKey,
            string endRowKey,
            string signature,
            string accountKeyName)
        {
            CommonUtils.AssertNotNull("signature", signature);

            if (policy == null)
            {
                return(GetSharedAccessSignatureImpl(
                           null /* policy.Permissions */,
                           null /* policy.SharedAccessStartTime */,
                           null /* policy.SharedAccessExpiryTime */,
                           startPartitionKey,
                           startRowKey,
                           endPartitionKey,
                           endRowKey,
                           accessPolicyIdentifier,
                           null /* resourceType (blob only) */,
                           tableName,
                           signature,
                           accountKeyName));
            }

            string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions);

            if (string.IsNullOrEmpty(permissions))
            {
                permissions = null;
            }

            return(GetSharedAccessSignatureImpl(
                       permissions,
                       policy.SharedAccessStartTime,
                       policy.SharedAccessExpiryTime,
                       startPartitionKey,
                       startRowKey,
                       endPartitionKey,
                       endRowKey,
                       accessPolicyIdentifier,
                       null /* resourceType (blob only) */,
                       tableName,
                       signature,
                       accountKeyName));
        }
 /// <summary>
 /// Writes a collection of shared access policies to the specified stream in XML format.
 /// </summary>
 /// <param name="sharedAccessPolicies">A collection of shared access policies.</param>
 /// <param name="outputStream">An output stream.</param>
 public static void WriteSharedAccessIdentifiers(SharedAccessTablePolicies sharedAccessPolicies, Stream outputStream)
 {
     Request.WriteSharedAccessIdentifiers(
         sharedAccessPolicies,
         outputStream,
         (policy, writer) =>
     {
         writer.WriteElementString(
             Constants.Start,
             SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
         writer.WriteElementString(
             Constants.Expiry,
             SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
         writer.WriteElementString(
             Constants.Permission,
             SharedAccessTablePolicy.PermissionsToString(policy.Permissions));
     });
 }
Exemple #5
0
        /// <summary>
        /// Get the complete query builder for creating the Shared Access Signature query.
        /// </summary>
        /// <param name="policy">The shared access policy to hash.</param>
        /// <param name="tableName">The name of the table associated with this shared access signature.</param>
        /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
        /// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param>
        /// <param name="startRowKey">The start row key, or <c>null</c>.</param>
        /// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param>
        /// <param name="endRowKey">The end row key, or <c>null</c>.</param>
        /// <param name="signature">The signature to use.</param>
        /// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param>
        /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
        /// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
        /// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
        /// <returns>The finished query builder.</returns>
        internal static UriQueryBuilder GetSignature(
            SharedAccessTablePolicy policy,
            string tableName,
            string accessPolicyIdentifier,
            string startPartitionKey,
            string startRowKey,
            string endPartitionKey,
            string endRowKey,
            string signature,
            string accountKeyName,
            string sasVersion,
            SharedAccessProtocol?protocols,
            IPAddressOrRange ipAddressOrRange)
        {
            CommonUtility.AssertNotNull("signature", signature);

            UriQueryBuilder builder = new UriQueryBuilder();

            AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.SasTableName, tableName);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.StartPartitionKey, startPartitionKey);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.StartRowKey, startRowKey);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.EndPartitionKey, endPartitionKey);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.EndRowKey, endRowKey);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
            AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, GetProtocolString(protocols));
            AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString());

            if (policy != null)
            {
                AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
                AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));

                string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions);
                if (!string.IsNullOrEmpty(permissions))
                {
                    AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
                }
            }

            return(builder);
        }
Exemple #6
0
        /// <summary>
        /// Get the signature hash embedded inside the Shared Access Signature.
        /// </summary>
        /// <param name="policy">The shared access policy to hash.</param>
        /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
        /// <param name="startPartitionKey">The start partition key, or null.</param>
        /// <param name="startRowKey">The start row key, or null.</param>
        /// <param name="endPartitionKey">The end partition key, or null.</param>
        /// <param name="endRowKey">The end row key, or null.</param>
        /// <param name="resourceName">The canonical resource string, unescaped.</param>
        /// <param name="credentials">Credentials to be used for signing.</param>
        /// <returns>The signed hash.</returns>
        internal static string GetSharedAccessSignatureHashImpl(
            SharedAccessTablePolicy policy,
            string accessPolicyIdentifier,
            string startPartitionKey,
            string startRowKey,
            string endPartitionKey,
            string endRowKey,
            string resourceName,
            StorageCredentials credentials)
        {
            if (policy == null)
            {
                return(GetSharedAccessSignatureHashImpl(
                           null /* policy.Permissions */,
                           null /* policy.SharedAccessStartTime */,
                           null /* policy.SharedAccessExpiryTime */,
                           startPartitionKey,
                           startRowKey,
                           endPartitionKey,
                           endRowKey,
                           true /* using table SAS */,
                           accessPolicyIdentifier,
                           resourceName,
                           credentials));
            }

            return(GetSharedAccessSignatureHashImpl(
                       SharedAccessTablePolicy.PermissionsToString(policy.Permissions),
                       policy.SharedAccessStartTime,
                       policy.SharedAccessExpiryTime,
                       startPartitionKey,
                       startRowKey,
                       endPartitionKey,
                       endRowKey,
                       true /* using table SAS */,
                       accessPolicyIdentifier,
                       resourceName,
                       credentials));
        }