/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="DataLakeSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public DataLakeSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
EnsureState();
var startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
var expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, FileSystemName ?? String.Empty, Path ?? String.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version,
Resource,
null, // snapshot
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
var signature = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign);
var p = new DataLakeSasQueryParameters(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (ExpiresOn == default)
{
throw Errors.SasMissingData(nameof(ExpiresOn));
}
if (string.IsNullOrEmpty(Permissions))
{
throw Errors.SasMissingData(nameof(Permissions));
}
if (string.IsNullOrEmpty(Version))
{
Version = SasQueryParameters.DefaultSasVersion;
}
var startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
var expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, QueueName ?? string.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version);
var signature = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign);
var p = SasQueryParametersInternals.Create(
version: Version,
services: default,
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="DataLakeSasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public DataLakeSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
EnsureState();
string startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
string expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// See http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
string stringToSign;
// TODO https://github.com/Azure/azure-sdk-for-net/issues/23369
if (SasQueryParametersInternals.DefaultSasVersionInternal == "2020-12-06")
{
stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, FileSystemName ?? string.Empty, Path ?? string.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version,
Resource,
null, // snapshot
null, // encryption scope
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
}
else
{
stringToSign = string.Join("\n",
Permissions,
startTime,
expiryTime,
GetCanonicalName(sharedKeyCredential.AccountName, FileSystemName ?? string.Empty, Path ?? string.Empty),
Identifier,
IPRange.ToString(),
SasExtensions.ToProtocolString(Protocol),
Version,
Resource,
null, // snapshot
CacheControl,
ContentDisposition,
ContentEncoding,
ContentLanguage,
ContentType);
}
string signature = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign);
DataLakeSasQueryParameters p = new DataLakeSasQueryParameters(
version: Version,
services: default,
/// <summary>
/// Sets the permissions for the SAS using a raw permissions string.
/// </summary>
/// <param name="rawPermissions">
/// Raw permissions string for the SAS.
/// </param>
/// <param name="normalize">
/// If the permissions should be validated and correctly ordered.
/// </param>
public void SetPermissions(
string rawPermissions,
bool normalize = default)
{
if (normalize)
{
rawPermissions = SasExtensions.ValidateAndSanitizeRawPermissions(
permissions: rawPermissions,
validPermissionsInOrder: s_validPermissionsInOrder);
}
SetPermissions(rawPermissions);
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (ExpiresOn == default || string.IsNullOrEmpty(Permissions) || ResourceTypes == default || Services == default)
{
throw Errors.AccountSasMissingData();
}
Version = SasQueryParametersInternals.DefaultSasVersionInternal;
string startTime = SasExtensions.FormatTimesForSasSigning(StartsOn);
string expiryTime = SasExtensions.FormatTimesForSasSigning(ExpiresOn);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
string stringToSign = string.Join("\n",
sharedKeyCredential.AccountName,
Permissions,
Services.ToPermissionsString(),
ResourceTypes.ToPermissionsString(),
startTime,
expiryTime,
IPRange.ToString(),
Protocol.ToProtocolString(),
Version,
EncryptionScope,
string.Empty); // That's right, the account SAS requires a terminating extra newline
string signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
SasQueryParameters p = SasQueryParametersInternals.Create(
Version,
Services,
ResourceTypes,
Protocol,
StartsOn,
ExpiresOn,
IPRange,
identifier: null,
resource: null,
Permissions,
signature,
encryptionScope: EncryptionScope);
return(p);
}
/// <summary>
/// Creates a new instance of the <see cref="SasQueryParameters"/> type
/// based on the supplied query parameters <paramref name="values"/>.
/// All SAS-related query parameters will be removed from
/// <paramref name="values"/>.
/// </summary>
/// <param name="values">URI query parameters</param>
/// <param name="includeBlobParameters">
/// Optional flag indicating whether to process blob-specific query
/// parameters. The default value is false.
/// </param>
internal SasQueryParameters(
UriQueryParamsCollection values,
bool includeBlobParameters = false)
{
// make copy, otherwise we'll get an exception when we remove
IEnumerable <KeyValuePair <string, string> > kvps = values.ToArray();
foreach (KeyValuePair <string, string> kv in kvps)
{
// these are already decoded
var isSasKey = true;
switch (kv.Key.ToUpperInvariant())
{
case Constants.Sas.Parameters.VersionUpper:
_version = kv.Value;
break;
case Constants.Sas.Parameters.ServicesUpper:
_services = SasExtensions.ParseAccountServices(kv.Value);
break;
case Constants.Sas.Parameters.ResourceTypesUpper:
_resourceTypes = SasExtensions.ParseResourceTypes(kv.Value);
break;
case Constants.Sas.Parameters.ProtocolUpper:
_protocol = SasExtensions.ParseProtocol(kv.Value);
break;
case Constants.Sas.Parameters.StartTimeUpper:
_startTime = DateTimeOffset.ParseExact(kv.Value, Constants.SasTimeFormat, CultureInfo.InvariantCulture);
break;
case Constants.Sas.Parameters.ExpiryTimeUpper:
_expiryTime = DateTimeOffset.ParseExact(kv.Value, Constants.SasTimeFormat, CultureInfo.InvariantCulture);
break;
case Constants.Sas.Parameters.IPRangeUpper:
_ipRange = SasIPRange.Parse(kv.Value);
break;
case Constants.Sas.Parameters.IdentifierUpper:
_identifier = kv.Value;
break;
case Constants.Sas.Parameters.ResourceUpper:
_resource = kv.Value;
break;
case Constants.Sas.Parameters.PermissionsUpper:
_permissions = kv.Value;
break;
case Constants.Sas.Parameters.SignatureUpper:
_signature = kv.Value;
break;
case Constants.Sas.Parameters.CacheControlUpper:
_cacheControl = kv.Value;
break;
case Constants.Sas.Parameters.ContentDispositionUpper:
_contentDisposition = kv.Value;
break;
case Constants.Sas.Parameters.ContentEncodingUpper:
_contentEncoding = kv.Value;
break;
case Constants.Sas.Parameters.ContentLanguageUpper:
_contentLanguage = kv.Value;
break;
case Constants.Sas.Parameters.ContentTypeUpper:
_contentType = kv.Value;
break;
// Optionally include Blob parameters
case Constants.Sas.Parameters.KeyObjectIdUpper:
if (includeBlobParameters)
{
_keyObjectId = kv.Value;
}
else
{
isSasKey = false;
}
break;
case Constants.Sas.Parameters.KeyTenantIdUpper:
if (includeBlobParameters)
{
_keyTenantId = kv.Value;
}
else
{
isSasKey = false;
}
break;
case Constants.Sas.Parameters.KeyStartUpper:
if (includeBlobParameters)
{
_keyStart = DateTimeOffset.ParseExact(kv.Value, Constants.SasTimeFormat, CultureInfo.InvariantCulture);
}
else
{
isSasKey = false;
}
break;
case Constants.Sas.Parameters.KeyExpiryUpper:
if (includeBlobParameters)
{
_keyExpiry = DateTimeOffset.ParseExact(kv.Value, Constants.SasTimeFormat, CultureInfo.InvariantCulture);
}
else
{
isSasKey = false;
}
break;
case Constants.Sas.Parameters.KeyServiceUpper:
if (includeBlobParameters)
{
_keyService = kv.Value;
}
else
{
isSasKey = false;
}
break;
case Constants.Sas.Parameters.KeyVersionUpper:
if (includeBlobParameters)
{
_keyVersion = kv.Value;
}
else
{
isSasKey = false;
}
break;
// We didn't recognize the query parameter
default:
isSasKey = false;
break;
}
// Remove the query parameter if it's part of the SAS
if (isSasKey)
{
values.Remove(kv.Key);
}
}
}
/// <summary>
/// Sets the permissions for the SAS using a raw permissions string.
/// </summary>
/// <param name="rawPermissions">Raw permissions string for the SAS.</param>
public void SetPermissions(string rawPermissions)
{
Permissions = SasExtensions.ValidateAndSanitizeRawPermissions(
permissions: rawPermissions,
validPermissionsInOrder: s_validPermissionsInOrder);
}
/// <summary>
/// Creates a new instance of the <see cref="SasQueryParameters"/> type
/// based on the supplied query parameters <paramref name="values"/>.
/// All SAS-related query parameters will be removed from
/// <paramref name="values"/>.
/// </summary>
/// <param name="values">URI query parameters</param>
protected SasQueryParameters(IDictionary <string, string> values)
{
// make copy, otherwise we'll get an exception when we remove
IEnumerable <KeyValuePair <string, string> > kvps = values.ToArray();
foreach (KeyValuePair <string, string> kv in kvps)
{
// these are already decoded
var isSasKey = true;
switch (kv.Key.ToUpperInvariant())
{
case Constants.Sas.Parameters.VersionUpper:
_version = kv.Value;
break;
case Constants.Sas.Parameters.ServicesUpper:
_services = SasExtensions.ParseAccountServices(kv.Value);
break;
case Constants.Sas.Parameters.ResourceTypesUpper:
_resourceTypes = SasExtensions.ParseResourceTypes(kv.Value);
break;
case Constants.Sas.Parameters.ProtocolUpper:
_protocol = SasExtensions.ParseProtocol(kv.Value);
break;
case Constants.Sas.Parameters.StartTimeUpper:
_startTime = DateTimeOffset.ParseExact(kv.Value, Constants.SasTimeFormat, CultureInfo.InvariantCulture);
break;
case Constants.Sas.Parameters.ExpiryTimeUpper:
_expiryTime = DateTimeOffset.ParseExact(kv.Value, Constants.SasTimeFormat, CultureInfo.InvariantCulture);
break;
case Constants.Sas.Parameters.IPRangeUpper:
_ipRange = SasIPRange.Parse(kv.Value);
break;
case Constants.Sas.Parameters.IdentifierUpper:
_identifier = kv.Value;
break;
case Constants.Sas.Parameters.ResourceUpper:
_resource = kv.Value;
break;
case Constants.Sas.Parameters.PermissionsUpper:
_permissions = kv.Value;
break;
case Constants.Sas.Parameters.SignatureUpper:
_signature = kv.Value;
break;
case Constants.Sas.Parameters.CacheControlUpper:
_cacheControl = kv.Value;
break;
case Constants.Sas.Parameters.ContentDispositionUpper:
_contentDisposition = kv.Value;
break;
case Constants.Sas.Parameters.ContentEncodingUpper:
_contentEncoding = kv.Value;
break;
case Constants.Sas.Parameters.ContentLanguageUpper:
_contentLanguage = kv.Value;
break;
case Constants.Sas.Parameters.ContentTypeUpper:
_contentType = kv.Value;
break;
case Constants.Sas.Parameters.PreauthorizedAgentObjectIdUpper:
_preauthorizedAgentObjectId = kv.Value;
break;
case Constants.Sas.Parameters.AgentObjectIdUpper:
_agentObjectId = kv.Value;
break;
case Constants.Sas.Parameters.CorrelationIdUpper:
_correlationId = kv.Value;
break;
case Constants.Sas.Parameters.DirectoryDepthUpper:
_directoryDepth = Convert.ToInt32(kv.Value, Constants.Base16);
break;
// We didn't recognize the query parameter
default:
isSasKey = false;
break;
}
// Remove the query parameter if it's part of the SAS
if (isSasKey)
{
values.Remove(kv.Key);
}
}
}
