public override void ExecuteCmdlet()
{
if (String.IsNullOrEmpty(ShareName) || String.IsNullOrEmpty(Policy)) return;
NamingUtil.ValidateShareName(this.ShareName, false);
if (!NameUtil.IsValidStoredAccessPolicyName(this.Policy))
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, this.Policy));
}
//Get existing permissions
CloudFileShare fileShare = this.Channel.GetShareReference(this.ShareName);
FileSharePermissions fileSharePermissions = fileShare.GetPermissions();
//Add new policy
if (fileSharePermissions.SharedAccessPolicies.Keys.Contains(this.Policy))
{
throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, this.Policy));
}
SharedAccessFilePolicy policy = new SharedAccessFilePolicy();
AccessPolicyHelper.SetupAccessPolicy<SharedAccessFilePolicy>(policy, this.StartTime, this.ExpiryTime, this.Permission);
fileSharePermissions.SharedAccessPolicies.Add(this.Policy, policy);
//Set permissions back to container
fileShare.SetPermissions(fileSharePermissions);
WriteObject(Policy);
}
public override void ExecuteCmdlet()
{
if (String.IsNullOrEmpty(ShareName)) return;
CloudFileShare fileShare = Channel.GetShareReference(this.ShareName);
SharedAccessFilePolicy accessPolicy = new SharedAccessFilePolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateShareAccessPolicy(
Channel,
this.ShareName,
accessPolicyIdentifier,
!string.IsNullOrEmpty(this.Permission),
this.StartTime.HasValue,
this.ExpiryTime.HasValue);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken = fileShare.GetSharedAccessSignature(accessPolicy, accessPolicyIdentifier);
if (FullUri)
{
string fullUri = SasTokenHelper.GetFullUriWithSASToken(fileShare.Uri.AbsoluteUri.ToString(), sasToken);
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
public void ValidateSetupAccessPolicyPermissionTest()
{
SharedAccessBlobPolicy blobAccessPolicy = new SharedAccessBlobPolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, null);
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, "");
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(blobAccessPolicy, "D");
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.Delete);
SharedAccessTablePolicy tableAccessPolicy = new SharedAccessTablePolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, null);
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, "");
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(tableAccessPolicy, "ar");
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.Add | SharedAccessTablePermissions.Query);
SharedAccessQueuePolicy queueAccessPolicy = new SharedAccessQueuePolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, null);
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, "");
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(queueAccessPolicy, "p");
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.ProcessMessages);
SharedAccessFilePolicy fileAccessPolicy = new SharedAccessFilePolicy();
AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, null);
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, "");
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.None);
AccessPolicyHelper.SetupAccessPolicyPermission(fileAccessPolicy, "lwc");
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.List | SharedAccessFilePermissions.Write | SharedAccessFilePermissions.Create);
}
public override bool Execute()
{
Log.LogMessage(MessageImportance.High, "Creating file share named '{0}' in storage account {1}.", ShareName, AccountName);
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(String.Format("DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1}", AccountName, AccountKey));
CloudFileClient fileClient = storageAccount.CreateCloudFileClient();
CloudFileShare fileShare = fileClient.GetShareReference(ShareName);
fileShare.CreateIfNotExists();
StorageUri = fileShare.Uri.ToString();
// NOTE: by convention the tokens don't contain the leading '?' character.
if (ReadOnlyTokenDaysValid > 0)
{
SharedAccessFilePolicy rFilePolicy = new SharedAccessFilePolicy();
rFilePolicy.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(ReadOnlyTokenDaysValid);
rFilePolicy.Permissions = SharedAccessFilePermissions.Read;
ReadOnlyToken = fileShare.GetSharedAccessSignature(rFilePolicy).Substring(1);
}
if (WriteOnlyTokenDaysValid > 0)
{
SharedAccessFilePolicy wFilePolicy = new SharedAccessFilePolicy();
wFilePolicy.SharedAccessExpiryTime = DateTime.UtcNow.AddDays(WriteOnlyTokenDaysValid);
wFilePolicy.Permissions = SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write | SharedAccessFilePermissions.List | SharedAccessFilePermissions.Delete;
WriteOnlyToken = fileShare.GetSharedAccessSignature(wFilePolicy).Substring(1);
}
return true;
}
private static string GetFileSASToken(CloudFile file)
{
if (null == file.ServiceClient.Credentials
|| file.ServiceClient.Credentials.IsAnonymous)
{
return string.Empty;
}
else if (file.ServiceClient.Credentials.IsSAS)
{
return file.ServiceClient.Credentials.SASToken;
}
// SAS life time is at least 10 minutes.
TimeSpan sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutes);
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessExpiryTime = DateTime.Now.Add(sasLifeTime),
Permissions = SharedAccessFilePermissions.Read,
};
return file.GetSharedAccessSignature(policy);
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
return(GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, null, null));
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
if (!this.ServiceClient.Credentials.IsSharedKey)
{
string errorMessage = string.Format(CultureInfo.InvariantCulture, SR.CannotCreateSASWithoutAccountKey);
throw new InvalidOperationException(errorMessage);
}
string resourceName = this.GetCanonicalName();
StorageAccountKey accountKey = this.ServiceClient.Credentials.Key;
string signature = SharedAccessSignatureHelper.GetHash(policy, headers, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, accountKey.KeyValue);
UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, headers, groupPolicyIdentifier, "f", signature, accountKey.KeyName, Constants.HeaderConstants.TargetStorageVersion);
return builder.ToString();
}
/// <summary>
/// Set up access policy permission
/// </summary>
/// <param name="policy">SharedAccessFilePolicy object</param>
/// <param name="permission">Permission</param>
internal void SetupAccessPolicyPermission(SharedAccessFilePolicy policy, string permission)
{
if (string.IsNullOrEmpty(permission)) return;
permission = permission.ToLower(CultureInfo.CurrentCulture);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString(permission);
}
private static async Task CloudFileCopyAsync(bool sourceIsSas, bool destinationIsSas)
{
CloudFileShare share = GetRandomShareReference();
try
{
await share.CreateAsync();
// Create Source on server
CloudFile source = share.GetRootDirectoryReference().GetFileReference("source");
string data = "String data";
await UploadTextAsync(source, data, Encoding.UTF8);
source.Metadata["Test"] = "value";
await source.SetMetadataAsync();
// Create Destination on server
CloudFile destination = share.GetRootDirectoryReference().GetFileReference("destination");
await destination.CreateAsync(1);
CloudFile copySource = source;
CloudFile copyDestination = destination;
if (sourceIsSas)
{
// Source SAS must have read permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Read;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = source.GetSharedAccessSignature(policy);
// Get source
StorageCredentials credentials = new StorageCredentials(sasToken);
copySource = new CloudFile(credentials.TransformUri(source.Uri));
}
if (destinationIsSas)
{
Assert.IsTrue(sourceIsSas);
// Destination SAS must have write permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Write;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = destination.GetSharedAccessSignature(policy);
// Get destination
StorageCredentials credentials = new StorageCredentials(sasToken);
copyDestination = new CloudFile(credentials.TransformUri(destination.Uri));
}
// Start copy and wait for completion
string copyId = await copyDestination.StartCopyAsync(TestHelper.Defiddler(copySource));
await WaitForCopyAsync(destination);
// Check original file references for equality
Assert.AreEqual(CopyStatus.Success, destination.CopyState.Status);
Assert.AreEqual(source.Uri.AbsolutePath, destination.CopyState.Source.AbsolutePath);
Assert.AreEqual(data.Length, destination.CopyState.TotalBytes);
Assert.AreEqual(data.Length, destination.CopyState.BytesCopied);
Assert.AreEqual(copyId, destination.CopyState.CopyId);
Assert.IsTrue(destination.CopyState.CompletionTime > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
if (!destinationIsSas)
{
// Abort Copy is not supported for SAS destination
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await copyDestination.AbortCopyAsync(copyId, null, null, context),
context,
"Aborting a copy operation after completion should fail",
HttpStatusCode.Conflict,
"NoPendingCopyOperation");
}
await source.FetchAttributesAsync();
Assert.IsNotNull(destination.Properties.ETag);
Assert.AreNotEqual(source.Properties.ETag, destination.Properties.ETag);
Assert.IsTrue(destination.Properties.LastModified > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
string copyData = await DownloadTextAsync(destination, Encoding.UTF8);
Assert.AreEqual(data, copyData, "Data inside copy of file not equal.");
await destination.FetchAttributesAsync();
FileProperties prop1 = destination.Properties;
FileProperties prop2 = source.Properties;
Assert.AreEqual(prop1.CacheControl, prop2.CacheControl);
Assert.AreEqual(prop1.ContentEncoding, prop2.ContentEncoding);
Assert.AreEqual(prop1.ContentLanguage, prop2.ContentLanguage);
Assert.AreEqual(prop1.ContentMD5, prop2.ContentMD5);
Assert.AreEqual(prop1.ContentType, prop2.ContentType);
Assert.AreEqual("value", destination.Metadata["Test"], false, "Copied metadata not same");
await destination.DeleteAsync();
await source.DeleteAsync();
}
finally
{
share.DeleteIfExistsAsync().Wait();
}
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier)
{
return this.GetSharedAccessSignature(policy, null /* headers */, groupPolicyIdentifier);
}
public void CloudFileSASIPAddressHelper(Func <IPAddressOrRange> generateInitialIPAddressOrRange, Func <IPAddress, IPAddressOrRange> generateFinalIPAddressOrRange)
{
CloudFileShare share = GetRandomShareReference();
try
{
share.Create();
CloudFile file;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
Permissions = SharedAccessFilePermissions.Read,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
};
CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile");
byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 };
fileWithKey.UploadFromByteArray(data, 0, 4);
// We need an IP address that will never be a valid source
IPAddressOrRange ipAddressOrRange = generateInitialIPAddressOrRange();
string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange);
StorageCredentials fileSAS = new StorageCredentials(fileToken);
Uri fileSASUri = fileSAS.TransformUri(fileWithKey.Uri);
StorageUri fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri);
file = new CloudFile(fileSASUri);
byte[] target = new byte[4];
OperationContext opContext = new OperationContext();
IPAddress actualIP = null;
opContext.ResponseReceived += (sender, e) =>
{
Stream stream = e.Response.GetResponseStream();
stream.Seek(0, SeekOrigin.Begin);
using (StreamReader reader = new StreamReader(stream))
{
string text = reader.ReadToEnd();
XDocument xdocument = XDocument.Parse(text);
actualIP = IPAddress.Parse(xdocument.Descendants("SourceIP").First().Value);
}
};
bool exceptionThrown = false;
try
{
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, opContext);
}
catch (StorageException)
{
exceptionThrown = true;
Assert.IsNotNull(actualIP);
}
Assert.IsTrue(exceptionThrown);
ipAddressOrRange = generateFinalIPAddressOrRange(actualIP);
fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange);
fileSAS = new StorageCredentials(fileToken);
fileSASUri = fileSAS.TransformUri(fileWithKey.Uri);
fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri);
file = new CloudFile(fileSASUri);
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
Assert.IsTrue(file.StorageUri.PrimaryUri.Equals(fileWithKey.Uri));
Assert.IsNull(file.StorageUri.SecondaryUri);
file = new CloudFile(fileSASStorageUri, null);
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
Assert.IsTrue(file.StorageUri.Equals(fileWithKey.StorageUri));
}
finally
{
share.DeleteIfExists();
}
}
public void CloudFileDirectorySAS()
{
CloudFileDirectory dir = this.testShare.GetRootDirectoryReference().GetDirectoryReference("dirfile");
CloudFile file = dir.GetFileReference("dirfile");
dir.Create();
file.Create(512);
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = SharedAccessFilePermissions.Read | SharedAccessFilePermissions.List
};
string sasToken = file.GetSharedAccessSignature(policy);
CloudFileDirectory sasDir = new CloudFileDirectory(new Uri(dir.Uri.AbsoluteUri + sasToken));
TestHelper.ExpectedException(
() => sasDir.FetchAttributes(),
"Fetching attributes of a directory using a file SAS should fail",
HttpStatusCode.Forbidden);
sasToken = this.testShare.GetSharedAccessSignature(policy);
sasDir = new CloudFileDirectory(new Uri(dir.Uri.AbsoluteUri + sasToken));
sasDir.FetchAttributes();
}
/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a file returned with this SAS.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceType">Either "f" for files or "s" for shares.</param>
/// <param name="signature">The signature to use.</param>
/// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetSignature(
SharedAccessFilePolicy policy,
SharedAccessFileHeaders headers,
string accessPolicyIdentifier,
string resourceType,
string signature,
string accountKeyName,
string sasVersion,
SharedAccessProtocol? protocols,
IPAddressOrRange ipAddressOrRange)
{
CommonUtility.AssertNotNullOrEmpty("resourceType", resourceType);
UriQueryBuilder builder = new UriQueryBuilder();
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedResource, resourceType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName);
AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, GetProtocolString(protocols));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString());
if (policy != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));
string permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions);
if (!string.IsNullOrEmpty(permissions))
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
}
}
if (headers != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.CacheControl, headers.CacheControl);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentType, headers.ContentType);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentEncoding, headers.ContentEncoding);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentLanguage, headers.ContentLanguage);
AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentDisposition, headers.ContentDisposition);
}
return builder;
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <param name="groupPolicyIdentifier">A string identifying a stored access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string groupPolicyIdentifier)
{
return GetSharedAccessSignature(policy, headers, groupPolicyIdentifier, null, null);
}
public async Task CloudFileSASSharedProtocolsQueryParamAsync()
{
CloudFileShare share = GetRandomShareReference();
try
{
await share.CreateAsync();
CloudFile file;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
Permissions = SharedAccessFilePermissions.Read,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
};
CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile");
byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 };
byte[] target = new byte[4];
await fileWithKey.UploadFromByteArrayAsync(data, 0, 4);
foreach (SharedAccessProtocol? protocol in new SharedAccessProtocol?[] { null, SharedAccessProtocol.HttpsOrHttp, SharedAccessProtocol.HttpsOnly })
{
string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, protocol, null);
StorageCredentials fileSAS = new StorageCredentials(fileToken);
Uri fileSASUri = new Uri(fileWithKey.Uri + fileSAS.SASToken);
StorageUri fileSASStorageUri = new StorageUri(new Uri(fileWithKey.StorageUri.PrimaryUri + fileSAS.SASToken), new Uri(fileWithKey.StorageUri.SecondaryUri + fileSAS.SASToken));
int httpPort = fileSASUri.Port;
int securePort = 443;
if (!string.IsNullOrEmpty(TestBase.TargetTenantConfig.FileSecurePortOverride))
{
securePort = Int32.Parse(TestBase.TargetTenantConfig.FileSecurePortOverride);
}
var schemesAndPorts = new[] {
new { scheme = "HTTP", port = httpPort},
new { scheme = "HTTPS", port = securePort}
};
foreach (var item in schemesAndPorts)
{
fileSASUri = TransformSchemeAndPort(fileSASUri, item.scheme, item.port);
fileSASStorageUri = new StorageUri(TransformSchemeAndPort(fileSASStorageUri.PrimaryUri, item.scheme, item.port), TransformSchemeAndPort(fileSASStorageUri.SecondaryUri, item.scheme, item.port));
if (protocol.HasValue && protocol == SharedAccessProtocol.HttpsOnly && string.CompareOrdinal(item.scheme, "HTTP") == 0)
{
file = new CloudFile(fileSASUri);
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await file.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Access a file using SAS with a shared protocols that does not match",
HttpStatusCode.Unused,
"");
file = new CloudFile(fileSASStorageUri, null);
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await file.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Access a file using SAS with a shared protocols that does not match",
HttpStatusCode.Unused,
"");
}
else
{
file = new CloudFile(fileSASUri);
await file.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
file = new CloudFile(fileSASStorageUri, null);
await file.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
}
}
}
}
finally
{
share.DeleteIfExistsAsync().AsTask().Wait();
}
}
public async Task CloudFileDirectorySASAsync()
{
CloudFileDirectory dir = this.testShare.GetRootDirectoryReference().GetDirectoryReference("dirfile");
CloudFile file = dir.GetFileReference("dirfile");
await dir.CreateAsync();
await file.CreateAsync(512);
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = SharedAccessFilePermissions.Read | SharedAccessFilePermissions.List
};
string sasToken = file.GetSharedAccessSignature(policy);
CloudFileDirectory sasDir = new CloudFileDirectory(new Uri(dir.Uri.AbsoluteUri + sasToken));
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await sasDir.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Fetching attributes of a directory using a file SAS should fail",
HttpStatusCode.Forbidden,
"");
sasToken = this.testShare.GetSharedAccessSignature(policy);
sasDir = new CloudFileDirectory(new Uri(dir.Uri.AbsoluteUri + sasToken));
await sasDir.FetchAttributesAsync();
}
public async Task CloudFileShareSASCombinationsAsync()
{
for (int i = 1; i < 0x20; i++)
{
SharedAccessFilePermissions permissions = (SharedAccessFilePermissions)i;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = this.testShare.GetSharedAccessSignature(policy);
CloudFile testFile = this.testShare.GetRootDirectoryReference().GetFileReference("file" + i);
await TestAccess(sasToken, permissions, null, this.testShare, testFile);
}
}
private static async Task TestFileSAS(CloudFile testFile, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers)
{
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = testFile.GetSharedAccessSignature(policy, headers, null);
await TestAccess(sasToken, permissions, headers, null, testFile);
}
public void CloudFileSASIPAddressHelper(Func<IPAddressOrRange> generateInitialIPAddressOrRange, Func<IPAddress, IPAddressOrRange> generateFinalIPAddressOrRange)
{
CloudFileShare share = GetRandomShareReference();
try
{
share.Create();
CloudFile file;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
Permissions = SharedAccessFilePermissions.Read,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
};
CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile");
byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 };
fileWithKey.UploadFromByteArray(data, 0, 4);
// We need an IP address that will never be a valid source
IPAddressOrRange ipAddressOrRange = generateInitialIPAddressOrRange();
string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange);
StorageCredentials fileSAS = new StorageCredentials(fileToken);
Uri fileSASUri = fileSAS.TransformUri(fileWithKey.Uri);
StorageUri fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri);
file = new CloudFile(fileSASUri);
byte[] target = new byte[4];
OperationContext opContext = new OperationContext();
IPAddress actualIP = null;
opContext.ResponseReceived += (sender, e) =>
{
Stream stream = e.Response.GetResponseStream();
stream.Seek(0, SeekOrigin.Begin);
using (StreamReader reader = new StreamReader(stream))
{
string text = reader.ReadToEnd();
XDocument xdocument = XDocument.Parse(text);
actualIP = IPAddress.Parse(xdocument.Descendants("SourceIP").First().Value);
}
};
bool exceptionThrown = false;
try
{
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, opContext);
}
catch (StorageException)
{
exceptionThrown = true;
Assert.IsNotNull(actualIP);
}
Assert.IsTrue(exceptionThrown);
ipAddressOrRange = generateFinalIPAddressOrRange(actualIP);
fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, null, ipAddressOrRange);
fileSAS = new StorageCredentials(fileToken);
fileSASUri = fileSAS.TransformUri(fileWithKey.Uri);
fileSASStorageUri = fileSAS.TransformUri(fileWithKey.StorageUri);
file = new CloudFile(fileSASUri);
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
Assert.IsTrue(file.StorageUri.PrimaryUri.Equals(fileWithKey.Uri));
Assert.IsNull(file.StorageUri.SecondaryUri);
file = new CloudFile(fileSASStorageUri, null);
file.DownloadRangeToByteArray(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
Assert.IsTrue(file.StorageUri.Equals(fileWithKey.StorageUri));
}
finally
{
share.DeleteIfExists();
}
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="headers">The optional header values to set for a file returned with this SAS.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessFilePolicy policy,
SharedAccessFileHeaders headers,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol? protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset? startTime = null;
DateTimeOffset? expiryTime = null;
if (policy != null)
{
permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion + "\n" +
//// cachecontrol + "\n" +
//// contentdisposition + "\n" +
//// contentencoding + "\n" +
//// contentlanguage + "\n" +
//// contenttype
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
string cacheControl = null;
string contentDisposition = null;
string contentEncoding = null;
string contentLanguage = null;
string contentType = null;
if (headers != null)
{
cacheControl = headers.CacheControl;
contentDisposition = headers.ContentDisposition;
contentEncoding = headers.ContentEncoding;
contentLanguage = headers.ContentLanguage;
contentType = headers.ContentType;
}
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
GetProtocolString(protocols),
sasVersion,
cacheControl,
contentDisposition,
contentEncoding,
contentLanguage,
contentType);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return CryptoUtility.ComputeHmac256(keyValue, stringToSign);
}
public override void ExecuteCmdlet()
{
if (String.IsNullOrEmpty(ShareName)) return;
CloudFileShare fileShare = null;
CloudFile file = null;
if (null != this.File)
{
file = this.File;
fileShare = this.File.Share;
}
else
{
string[] path = NamingUtil.ValidatePath(this.Path, true);
fileShare = Channel.GetShareReference(this.ShareName);
file = fileShare.GetRootDirectoryReference().GetFileReferenceByPath(path);
}
SharedAccessFilePolicy accessPolicy = new SharedAccessFilePolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateShareAccessPolicy(
Channel,
fileShare.Name,
accessPolicyIdentifier,
!string.IsNullOrEmpty(this.Permission),
this.StartTime.HasValue,
this.ExpiryTime.HasValue);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken = file.GetSharedAccessSignature(accessPolicy, null, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
if (FullUri)
{
string fullUri = SasTokenHelper.GetFullUriWithSASToken(file.Uri.AbsoluteUri.ToString(), sasToken);
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy)
{
throw new System.NotImplementedException();
}
public void CloudFileShareUpdateSASToken()
{
// Create a policy with read/write access and get SAS.
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write,
};
string sasToken = this.testShare.GetSharedAccessSignature(policy);
//Thread.Sleep(35000);
CloudFile testFile = this.testShare.GetRootDirectoryReference().GetFileReference("file");
UploadText(testFile, "file", Encoding.UTF8);
TestAccess(sasToken, SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write, null, this.testShare, testFile);
StorageCredentials creds = new StorageCredentials(sasToken);
// Change the policy to only read and update SAS.
SharedAccessFilePolicy policy2 = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = SharedAccessFilePermissions.Read
};
string sasToken2 = this.testShare.GetSharedAccessSignature(policy2);
creds.UpdateSASToken(sasToken2);
// Extra check to make sure that we have actually updated the SAS token.
CloudFileShare share = new CloudFileShare(this.testShare.Uri, creds);
CloudFile testFile2 = share.GetRootDirectoryReference().GetFileReference("file2");
TestHelper.ExpectedException(
() => UploadText(testFile2, "file", Encoding.UTF8),
"Writing to a file while SAS does not allow for writing",
HttpStatusCode.NotFound);
CloudFile testFile3 = this.testShare.GetRootDirectoryReference().GetFileReference("file3");
testFile3.Create(0);
TestAccess(sasToken2, SharedAccessFilePermissions.Read, null, this.testShare, testFile);
}
private static void TestFileSAS(CloudFile testFile, SharedAccessFilePermissions permissions, SharedAccessFileHeaders headers)
{
UploadText(testFile, "file", Encoding.UTF8);
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = testFile.GetSharedAccessSignature(policy, headers, null);
TestAccess(sasToken, permissions, headers, null, testFile);
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier)
{
throw new System.NotImplementedException();
}
public void CloudFileShareSASCombinations()
{
for (int i = 1; i < 16; i++)
{
SharedAccessFilePermissions permissions = (SharedAccessFilePermissions)i;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = this.testShare.GetSharedAccessSignature(policy);
CloudFile testFile = this.testShare.GetRootDirectoryReference().GetFileReference("file" + i);
UploadText(testFile, "file", Encoding.UTF8);
FileSASTests.TestAccess(sasToken, permissions, null, this.testShare, testFile);
}
}
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange)
{
throw new System.NotImplementedException();
}
public void CloudFileSharePermissionsFromStringAsync()
{
SharedAccessFilePolicy policy = new SharedAccessFilePolicy();
policy.SharedAccessStartTime = DateTime.UtcNow;
policy.SharedAccessExpiryTime = DateTime.UtcNow.AddMinutes(30);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString("rwdl");
Assert.AreEqual(SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write | SharedAccessFilePermissions.Delete | SharedAccessFilePermissions.List, policy.Permissions);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString("rwl");
Assert.AreEqual(SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write | SharedAccessFilePermissions.List, policy.Permissions);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString("rw");
Assert.AreEqual(SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write, policy.Permissions);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString("rd");
Assert.AreEqual(SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Delete, policy.Permissions);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString("wl");
Assert.AreEqual(SharedAccessFilePermissions.Write | SharedAccessFilePermissions.List, policy.Permissions);
policy.Permissions = SharedAccessFilePolicy.PermissionsFromString("w");
Assert.AreEqual(SharedAccessFilePermissions.Write, policy.Permissions);
}
/// <summary>
/// Returns a shared access signature for the share.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="groupPolicyIdentifier">A share-level access policy.</param>
/// <param name="protocols">The allowed protocols (https only, or http and https). Null if you don't want to restrict protocol.</param>
/// <param name="ipAddressOrRange">The allowed IP address or IP address range. Null if you don't want to restrict based on IP address.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
/// <remarks>The query string returned includes the leading question mark.</remarks>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier, SharedAccessProtocol? protocols, IPAddressOrRange ipAddressOrRange)
{
if (!this.ServiceClient.Credentials.IsSharedKey)
{
string errorMessage = string.Format(CultureInfo.CurrentCulture, SR.CannotCreateSASWithoutAccountKey);
throw new InvalidOperationException(errorMessage);
}
string resourceName = this.GetSharedAccessCanonicalName();
StorageAccountKey accountKey = this.ServiceClient.Credentials.Key;
string signature = SharedAccessSignatureHelper.GetHash(policy, null /* headers */, groupPolicyIdentifier, resourceName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange, accountKey.KeyValue);
string accountKeyName = accountKey.KeyName;
UriQueryBuilder builder = SharedAccessSignatureHelper.GetSignature(policy, null /* headers */, groupPolicyIdentifier, "s", signature, accountKeyName, Constants.HeaderConstants.TargetStorageVersion, protocols, ipAddressOrRange);
return builder.ToString();
}
public void SetupAccessPolicyTest()
{
DateTime? start = DateTime.Now;
DateTime? end = start.Value.AddHours(1.0);
SharedAccessBlobPolicy blobAccessPolicy = new SharedAccessBlobPolicy();
AccessPolicyHelper.SetupAccessPolicy(blobAccessPolicy, start, end, "a");
Assert.AreEqual(blobAccessPolicy.SharedAccessStartTime.Value.UtcDateTime.ToString(), start.Value.ToUniversalTime().ToString());
Assert.AreEqual(blobAccessPolicy.SharedAccessExpiryTime.Value.UtcDateTime.ToString(), end.Value.ToUniversalTime().ToString());
Assert.AreEqual(blobAccessPolicy.Permissions, SharedAccessBlobPermissions.Add);
SharedAccessTablePolicy tableAccessPolicy = new SharedAccessTablePolicy();
AccessPolicyHelper.SetupAccessPolicy(tableAccessPolicy, null, end, "d", true);
Assert.AreEqual(tableAccessPolicy.SharedAccessStartTime, null);
Assert.AreEqual(tableAccessPolicy.SharedAccessExpiryTime.Value.UtcDateTime.ToString(), end.Value.ToUniversalTime().ToString());
Assert.AreEqual(tableAccessPolicy.Permissions, SharedAccessTablePermissions.Delete);
SharedAccessQueuePolicy queueAccessPolicy = new SharedAccessQueuePolicy();
AccessPolicyHelper.SetupAccessPolicy(queueAccessPolicy, start, null, "", noExpiryTime: true);
Assert.AreEqual(queueAccessPolicy.SharedAccessStartTime.Value.UtcDateTime.ToString(), start.Value.ToUniversalTime().ToString());
Assert.AreEqual(queueAccessPolicy.SharedAccessExpiryTime, null);
Assert.AreEqual(queueAccessPolicy.Permissions, SharedAccessQueuePermissions.None);
SharedAccessFilePolicy fileAccessPolicy = new SharedAccessFilePolicy();
AccessPolicyHelper.SetupAccessPolicy(fileAccessPolicy, null, null, "dl", true, true);
Assert.AreEqual(fileAccessPolicy.SharedAccessStartTime, null);
Assert.AreEqual(fileAccessPolicy.SharedAccessExpiryTime, null);
Assert.AreEqual(fileAccessPolicy.Permissions, SharedAccessFilePermissions.List| SharedAccessFilePermissions.Delete);
}
public async Task CloudFileSASSharedProtocolsQueryParamAsync()
{
CloudFileShare share = GetRandomShareReference();
try
{
await share.CreateAsync();
CloudFile file;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
Permissions = SharedAccessFilePermissions.Read,
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
};
CloudFile fileWithKey = share.GetRootDirectoryReference().GetFileReference("filefile");
byte[] data = new byte[] { 0x1, 0x2, 0x3, 0x4 };
byte[] target = new byte[4];
await fileWithKey.UploadFromByteArrayAsync(data, 0, 4);
foreach (SharedAccessProtocol?protocol in new SharedAccessProtocol?[] { null, SharedAccessProtocol.HttpsOrHttp, SharedAccessProtocol.HttpsOnly })
{
string fileToken = fileWithKey.GetSharedAccessSignature(policy, null, null, protocol, null);
StorageCredentials fileSAS = new StorageCredentials(fileToken);
Uri fileSASUri = new Uri(fileWithKey.Uri + fileSAS.SASToken);
StorageUri fileSASStorageUri = new StorageUri(new Uri(fileWithKey.StorageUri.PrimaryUri + fileSAS.SASToken), new Uri(fileWithKey.StorageUri.SecondaryUri + fileSAS.SASToken));
int securePort = 443;
int httpPort = (fileSASUri.Port == securePort) ? 80 : fileSASUri.Port;
if (!string.IsNullOrEmpty(TestBase.TargetTenantConfig.FileSecurePortOverride))
{
securePort = Int32.Parse(TestBase.TargetTenantConfig.FileSecurePortOverride);
}
var schemesAndPorts = new[] {
new { scheme = "HTTP", port = httpPort },
new { scheme = "HTTPS", port = securePort }
};
foreach (var item in schemesAndPorts)
{
fileSASUri = TransformSchemeAndPort(fileSASUri, item.scheme, item.port);
fileSASStorageUri = new StorageUri(TransformSchemeAndPort(fileSASStorageUri.PrimaryUri, item.scheme, item.port), TransformSchemeAndPort(fileSASStorageUri.SecondaryUri, item.scheme, item.port));
if (protocol.HasValue && protocol == SharedAccessProtocol.HttpsOnly && string.CompareOrdinal(item.scheme, "HTTP") == 0)
{
file = new CloudFile(fileSASUri);
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await file.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Access a file using SAS with a shared protocols that does not match",
HttpStatusCode.Unused,
"");
file = new CloudFile(fileSASStorageUri, null);
context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async() => await file.FetchAttributesAsync(null /* accessCondition */, null /* options */, context),
context,
"Access a file using SAS with a shared protocols that does not match",
HttpStatusCode.Unused,
"");
}
else
{
file = new CloudFile(fileSASUri);
await file.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
file = new CloudFile(fileSASStorageUri, null);
await file.DownloadRangeToByteArrayAsync(target, 0, 0, 4, null, null, null);
for (int i = 0; i < 4; i++)
{
Assert.AreEqual(data[i], target[i]);
}
}
}
}
}
finally
{
share.DeleteIfExistsAsync().Wait();
}
}
/// <summary>
/// Returns a shared access signature for the file.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="headers">A <see cref="SharedAccessFileHeaders"/> object specifying optional header values to set for a file accessed with this SAS.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, SharedAccessFileHeaders headers)
{
return this.GetSharedAccessSignature(policy, headers, null /* groupPolicyIdentifier */);
}
/// <summary>
/// Returns a shared access signature for the share.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
/// <remarks>The query string returned includes the leading question mark.</remarks>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy)
{
return(this.GetSharedAccessSignature(policy, null /* groupPolicyIdentifier */));
}
/// <summary>
/// Update the access policy
/// </summary>
/// <param name="policy">Access policy object</param>
/// <param name="shouldSetExpiryTime">Should set the default expiry time</param>
private void SetupAccessPolicy(SharedAccessFilePolicy policy, bool shouldSetExpiryTime)
{
DateTimeOffset? accessStartTime;
DateTimeOffset? accessEndTime;
SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime,
out accessStartTime, out accessEndTime, shouldSetExpiryTime);
policy.SharedAccessStartTime = accessStartTime;
policy.SharedAccessExpiryTime = accessEndTime;
SetupAccessPolicyPermission(policy, Permission);
}
/// <summary>
/// Returns a shared access signature for the share.
/// </summary>
/// <param name="policy">A <see cref="SharedAccessFilePolicy"/> object specifying the access policy for the shared access signature.</param>
/// <param name="groupPolicyIdentifier">A share-level access policy.</param>
/// <returns>A shared access signature, as a URI query string.</returns>
/// <remarks>The query string returned includes the leading question mark.</remarks>
public string GetSharedAccessSignature(SharedAccessFilePolicy policy, string groupPolicyIdentifier)
{
return(this.GetSharedAccessSignature(policy, groupPolicyIdentifier, null, null));
}
private static async Task CloudFileCopyAsync(bool sourceIsSas, bool destinationIsSas)
{
CloudFileShare share = GetRandomShareReference();
try
{
await share.CreateAsync();
// Create Source on server
CloudFile source = share.GetRootDirectoryReference().GetFileReference("source");
string data = "String data";
await UploadTextAsync(source, data, Encoding.UTF8);
source.Metadata["Test"] = "value";
await source.SetMetadataAsync();
// Create Destination on server
CloudFile destination = share.GetRootDirectoryReference().GetFileReference("destination");
await destination.CreateAsync(1);
CloudFile copySource = source;
CloudFile copyDestination = destination;
if (sourceIsSas)
{
// Source SAS must have read permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Read;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = source.GetSharedAccessSignature(policy);
// Get source
StorageCredentials credentials = new StorageCredentials(sasToken);
copySource = new CloudFile(credentials.TransformUri(source.Uri));
}
if (destinationIsSas)
{
Assert.IsTrue(sourceIsSas);
// Destination SAS must have write permissions
SharedAccessFilePermissions permissions = SharedAccessFilePermissions.Write;
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = permissions,
};
string sasToken = destination.GetSharedAccessSignature(policy);
// Get destination
StorageCredentials credentials = new StorageCredentials(sasToken);
copyDestination = new CloudFile(credentials.TransformUri(destination.Uri));
}
// Start copy and wait for completion
string copyId = await copyDestination.StartCopyAsync(TestHelper.Defiddler(copySource));
await WaitForCopyAsync(destination);
// Check original file references for equality
Assert.AreEqual(CopyStatus.Success, destination.CopyState.Status);
Assert.AreEqual(source.Uri.AbsolutePath, destination.CopyState.Source.AbsolutePath);
Assert.AreEqual(data.Length, destination.CopyState.TotalBytes);
Assert.AreEqual(data.Length, destination.CopyState.BytesCopied);
Assert.AreEqual(copyId, destination.CopyState.CopyId);
Assert.IsTrue(destination.CopyState.CompletionTime > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
if (!destinationIsSas)
{
// Abort Copy is not supported for SAS destination
OperationContext context = new OperationContext();
await TestHelper.ExpectedExceptionAsync(
async () => await copyDestination.AbortCopyAsync(copyId, null, null, context),
context,
"Aborting a copy operation after completion should fail",
HttpStatusCode.Conflict,
"NoPendingCopyOperation");
}
await source.FetchAttributesAsync();
Assert.IsNotNull(destination.Properties.ETag);
Assert.AreNotEqual(source.Properties.ETag, destination.Properties.ETag);
Assert.IsTrue(destination.Properties.LastModified > DateTimeOffset.UtcNow.Subtract(TimeSpan.FromMinutes(1)));
string copyData = await DownloadTextAsync(destination, Encoding.UTF8);
Assert.AreEqual(data, copyData, "Data inside copy of file not equal.");
await destination.FetchAttributesAsync();
FileProperties prop1 = destination.Properties;
FileProperties prop2 = source.Properties;
Assert.AreEqual(prop1.CacheControl, prop2.CacheControl);
Assert.AreEqual(prop1.ContentEncoding, prop2.ContentEncoding);
Assert.AreEqual(prop1.ContentLanguage, prop2.ContentLanguage);
Assert.AreEqual(prop1.ContentMD5, prop2.ContentMD5);
Assert.AreEqual(prop1.ContentType, prop2.ContentType);
Assert.AreEqual("value", destination.Metadata["Test"], false, "Copied metadata not same");
await destination.DeleteAsync();
await source.DeleteAsync();
}
finally
{
share.DeleteIfExistsAsync().AsTask().Wait();
}
}
public void CloudFileInvalidSas()
{
// Sas token creds.
string token = "?sp=abcde&sig=1";
StorageCredentials creds = new StorageCredentials(token);
Assert.IsTrue(creds.IsSAS);
// Client with shared key access.
CloudFileClient fileClient = GenerateCloudFileClient();
CloudFileShare share = fileClient.GetShareReference(GetRandomShareName());
try
{
share.Create();
SharedAccessFilePolicy policy = new SharedAccessFilePolicy()
{
SharedAccessStartTime = DateTimeOffset.UtcNow.AddMinutes(-5),
SharedAccessExpiryTime = DateTimeOffset.UtcNow.AddMinutes(30),
Permissions = SharedAccessFilePermissions.Read | SharedAccessFilePermissions.Write,
};
string sasToken = share.GetSharedAccessSignature(policy);
string fileUri = share.Uri.AbsoluteUri + "/file1" + sasToken;
TestHelper.ExpectedException<ArgumentException>(
() => new CloudFile(new Uri(fileUri), share.ServiceClient.Credentials),
"Try to use SAS creds in Uri on a shared key client");
CloudFile file = share.GetRootDirectoryReference().GetFileReference("file1");
file.UploadFromStream(new MemoryStream(GetRandomBuffer(10)));
}
finally
{
share.DeleteIfExists();
}
}
