/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param> /// <param name="ipAddressOrRange">The IP range for IPSAS.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSignature( SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string signature, string accountKeyName, string sasVersion, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { CommonUtility.AssertNotNull("signature", signature); UriQueryBuilder builder = new UriQueryBuilder(); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, SharedAccessSignatureHelper.GetProtocolString(protocols)); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString()); if (policy != null) { SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, SharedAccessSignatureHelper.GetDateTimeOrNull(policy.SharedAccessStartTime)); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, SharedAccessSignatureHelper.GetDateTimeOrNull(policy.SharedAccessExpiryTime)); string permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions); if (!string.IsNullOrEmpty(permissions)) { SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions); } } return(builder); }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format. Value must be <c>2012-02-12</c> or later.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSignature( SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string signature, string accountKeyName, string sasVersion) { CommonUtility.AssertNotNull("signature", signature); UriQueryBuilder builder = new UriQueryBuilder(); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName); AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature); if (policy != null) { AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime)); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime)); string permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions); if (!string.IsNullOrEmpty(permissions)) { AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions); } } return(builder); }
/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param> /// <param name="ipAddressOrRange">The IP range for IPSAS.</param> /// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetHash( SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string resourceName, string sasVersion, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange, byte[] keyValue) { CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName); CommonUtility.AssertNotNull("keyValue", keyValue); CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion); string permissions = null; DateTimeOffset?startTime = null; DateTimeOffset?expiryTime = null; if (policy != null) { permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } //// StringToSign = signedpermissions + "\n" + //// signedstart + "\n" + //// signedexpiry + "\n" + //// canonicalizedresource + "\n" + //// signedidentifier + "\n" + //// signedIP + "\n" + //// signedProtocol + "\n" + //// signedversion //// //// HMAC-SHA256(UTF8.Encode(StringToSign)) //// string stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(), GetProtocolString(protocols), sasVersion); Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign); return(CryptoUtility.ComputeHmac256(keyValue, stringToSign)); }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or null if the key is implicit.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSharedAccessSignatureImpl( SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string signature, string accountKeyName) { CommonUtils.AssertNotNull("signature", signature); if (policy == null) { return(GetSharedAccessSignatureImpl( null /* permissions*/, null /* policy.SharedAccessStartTime*/, null /* policy.SharedAccessExpiryTime*/, null /* startPartitionKey (table only) */, null /* startRowKey (table only) */, null /* endPartitionKey (table only) */, null /* endRowKey (table only) */, accessPolicyIdentifier, null /* resourceType (blob only) */, null /* tableName (table only) */, signature, accountKeyName)); } string permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions); if (string.IsNullOrEmpty(permissions)) { permissions = null; } return(GetSharedAccessSignatureImpl( permissions, policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, null /* startPartitionKey (table only) */, null /* startRowKey (table only) */, null /* endPartitionKey (table only) */, null /* endRowKey (table only) */, accessPolicyIdentifier, null /* resourceType (blob only) */, null /* tableName (table only) */, signature, accountKeyName)); }
/// <summary> /// Writes a collection of shared access policies to the specified stream in XML format. /// </summary> /// <param name="sharedAccessPolicies">A collection of shared access policies.</param> /// <param name="outputStream">An output stream.</param> public static void WriteSharedAccessIdentifiers(SharedAccessQueuePolicies sharedAccessPolicies, Stream outputStream) { Request.WriteSharedAccessIdentifiers( sharedAccessPolicies, outputStream, (policy, writer) => { writer.WriteElementString( Constants.Start, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString( Constants.Expiry, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString( Constants.Permission, SharedAccessQueuePolicy.PermissionsToString(policy.Permissions)); }); }
internal static string GetHash( SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string resourceName, string sasVersion, byte[] keyValue) { CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName); CommonUtility.AssertNotNull("keyValue", keyValue); CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion); string permissions = null; DateTimeOffset?startTime = null; DateTimeOffset?expiryTime = null; if (policy != null) { permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } //// StringToSign = signedpermissions + "\n" + //// signedstart + "\n" + //// signedexpiry + "\n" + //// canonicalizedresource + "\n" + //// signedidentifier + "\n" + //// signedversion //// //// HMAC-SHA256(UTF8.Encode(StringToSign)) string stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, sasVersion); return(CryptoUtility.ComputeHmac256(keyValue, stringToSign)); }
/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="credentials">Credentials to be used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetSharedAccessSignatureHashImpl( SharedAccessQueuePolicy policy, string accessPolicyIdentifier, string resourceName, StorageCredentials credentials) { if (policy == null) { return(GetSharedAccessSignatureHashImpl( null /*SharedAccessQueuePolicy.Permissions */, null /*policy.SharedAccessStartTime*/, null /*policy.SharedAccessExpiryTime*/, null /* startPartitionKey (table only) */, null /* startRowKey (table only) */, null /* endPartitionKey (table only) */, null /* endRowKey (table only) */, false /* not using table SAS */, accessPolicyIdentifier, resourceName, credentials)); } else { return(GetSharedAccessSignatureHashImpl( SharedAccessQueuePolicy.PermissionsToString(policy.Permissions), policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, null /* startPartitionKey (table only) */, null /* startRowKey (table only) */, null /* endPartitionKey (table only) */, null /* endRowKey (table only) */, false /* not using table SAS */, accessPolicyIdentifier, resourceName, credentials)); } }