protected IEnumerator <IAsyncResult> GetTableAclImpl(IAccountIdentifier identifier, string account, string tableName, TimeSpan timeout, RequestContext requestContext, AsyncIteratorContext <ContainerAclSettings> context) { Duration startingNow = Duration.StartingNow; if (identifier == null) { throw new ArgumentNullException("identifier"); } if (string.IsNullOrEmpty(account)) { throw new ArgumentException("account", "Cannot be null or empty"); } if (string.IsNullOrEmpty(tableName)) { throw new ArgumentException("tableName", "Cannot be null or empty"); } if (timeout <= TimeSpan.Zero) { throw new TimeoutException("Timed out in GetTableAcl"); } if (identifier is TableSignedAccessAccountIdentifier || identifier is AccountSasAccessIdentifier) { throw new NephosUnauthorizedAccessException("Signed access not supported for this request", AuthorizationFailureReason.InvalidOperationSAS); } IAsyncResult asyncResult = this.authorizationManager.BeginCheckAccess(identifier, account, tableName, null, PermissionLevel.ReadAcl, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("TableManager.GetTableAclImpl")); yield return(asyncResult); this.authorizationManager.EndCheckAccess(asyncResult); string str = account; string str1 = tableName; using (IStorageAccount storageAccount = this.storageManager.CreateAccountInstance(str)) { using (ITableContainer tableContainer = storageAccount.CreateTableContainerInstance(str1)) { ContainerPropertyNames containerPropertyName = ContainerPropertyNames.LastModificationTime | ContainerPropertyNames.ServiceMetadata; tableContainer.Timeout = startingNow.Remaining(timeout); asyncResult = tableContainer.BeginGetProperties(containerPropertyName, null, CacheRefreshOptions.SkipAllCache, context.GetResumeCallback(), context.GetResumeState("TableManager.GetTableAclImpl")); yield return(asyncResult); tableContainer.EndGetProperties(asyncResult); try { context.ResultData = new ContainerAclSettings(tableContainer.ServiceMetadata); } catch (MetadataFormatException metadataFormatException1) { MetadataFormatException metadataFormatException = metadataFormatException1; throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for {0}", RealServiceManager.GetResourceString(account, tableName)), metadataFormatException); } } } }
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context) { bool flag; bool flag1; SignedAccessHelper accountSasHelper; IStorageAccount operationStatus; ContainerAclSettings containerAclSetting; string signedVersion = null; Duration startingNow = Duration.StartingNow; NameValueCollection queryParameters = requestContext.QueryParameters; if (AuthenticationManager.IsInvalidAccess(requestContext)) { throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access"); } bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext); bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext); flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey")); bool flag4 = flag; flag1 = (flag2 ? false : !flag3); if ((!flag2 || flag4) && !flag1) { NephosAssertionException.Assert((flag3 ? true : flag4)); bool flag5 = (flag3 ? false : flag4); TableSignedAccessHelper tableSignedAccessHelper = null; if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters)) { tableSignedAccessHelper = new TableSignedAccessHelper(requestContext, uriComponents); accountSasHelper = tableSignedAccessHelper; } else { if (flag5) { throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS."); } accountSasHelper = new AccountSasHelper(requestContext, uriComponents); } accountSasHelper.ParseAccessPolicyFields(flag5); accountSasHelper.PerformSignedAccessAuthenticationFirstPhaseValidations(); AccountIdentifier tableSignedAccessAccountIdentifier = null; if (!flag5) { byte[] sign = accountSasHelper.ComputeUrlDecodedUtf8EncodedStringToSign(); if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName)) { try { operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName); if (requestContext != null) { operationStatus.OperationStatus = requestContext.OperationStatus; } } catch (ArgumentOutOfRangeException argumentOutOfRangeException) { throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0])); } operationStatus.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl")); yield return(asyncResult); try { operationStatus.EndGetProperties(asyncResult); } catch (AccountNotFoundException accountNotFoundException1) { AccountNotFoundException accountNotFoundException = accountNotFoundException1; CultureInfo invariantCulture = CultureInfo.InvariantCulture; object[] name = new object[] { operationStatus.Name }; throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException); } catch (Exception exception1) { Exception exception = exception1; IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] objArray = new object[] { operationStatus.Name, exception }; warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray); throw; } } else { operationStatus = storageAccount; } if (!accountSasHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3)) { throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign))); } NephosAssertionException.Assert(accountSasHelper.KeyUsedForSigning != null, "Key used for signing cannot be null"); tableSignedAccessAccountIdentifier = accountSasHelper.CreateAccountIdentifier(operationStatus); tableSignedAccessAccountIdentifier.Initialize(accountSasHelper); if (storageAccount != operationStatus) { operationStatus.Dispose(); } } else { IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl")); yield return(asyncResult1); IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1); tableSignedAccessAccountIdentifier = new TableSignedAccessAccountIdentifier(authenticationResult.AccountIdentifier, tableSignedAccessHelper.TableName, tableSignedAccessHelper.StartingPartitionKey, tableSignedAccessHelper.StartingRowKey, tableSignedAccessHelper.EndingPartitionKey, tableSignedAccessHelper.EndingRowKey); tableSignedAccessAccountIdentifier.Initialize(accountSasHelper); } signedVersion = accountSasHelper.SignedVersion; if (accountSasHelper.IsRevocableAccess) { using (ITableContainer tableContainer = this.storageManager.CreateTableContainerInstance(uriComponents.AccountName, tableSignedAccessHelper.TableName)) { if (requestContext != null) { tableContainer.OperationStatus = requestContext.OperationStatus; } ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata; tableContainer.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult2 = tableContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl")); yield return(asyncResult2); try { tableContainer.EndGetProperties(asyncResult2); } catch (Exception exception3) { Exception exception2 = exception3; if (exception2 is ContainerNotFoundException) { throw new AuthenticationFailureException("Error locating SAS identifier", exception2); } IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] accountName = new object[] { uriComponents.AccountName, tableSignedAccessHelper.TableName, exception2 }; stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName); throw; } try { containerAclSetting = new ContainerAclSettings(tableContainer.ServiceMetadata); } catch (MetadataFormatException metadataFormatException1) { MetadataFormatException metadataFormatException = metadataFormatException1; throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", tableSignedAccessHelper.TableName), metadataFormatException); } } try { accountSasHelper.ValidateAndDeriveEffectiveAccessPolicy(accountSasHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers)); accountSasHelper.PerformSignedAccessAuthenticationSecondPhaseValidations(); tableSignedAccessAccountIdentifier.Initialize(accountSasHelper); context.ResultData = new AuthenticationResult(tableSignedAccessAccountIdentifier, signedVersion, true); } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } } else { tableSignedAccessAccountIdentifier.Initialize(accountSasHelper); context.ResultData = new AuthenticationResult(tableSignedAccessAccountIdentifier, signedVersion, true); } } else { IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl")); yield return(asyncResult3); context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3); } }