public async Task Sign_Validations()
{
var signer = UrlSigner.FromBlobSigner(new FakeBlobSigner());
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, null));
await Assert.ThrowsAsync <ArgumentNullException>(() => signer.SignAsync(null, null));
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, Options.FromDuration(TimeSpan.Zero)));
await Assert.ThrowsAsync <ArgumentNullException>(() => signer.SignAsync(null, Options.FromDuration(TimeSpan.Zero)));
Assert.Throws <ArgumentNullException>(() => signer.Sign(RequestTemplate.FromBucket("bucket"), null));
await Assert.ThrowsAsync <ArgumentNullException>(() => signer.SignAsync(RequestTemplate.FromBucket("bucket"), null));
// Bucket names cannot be null or contain uppercase letters (among other rules).
// Make sure we verify the presence and format of the bucket name in all overloads.
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, "objectName", TimeSpan.FromDays(1)));
await Assert.ThrowsAsync <ArgumentNullException>(() => signer.SignAsync(null, "objectName", TimeSpan.FromDays(1)));
Assert.Throws <ArgumentException>(() => signer.Sign("BUCKETNAME", "objectName", TimeSpan.FromDays(1)));
await Assert.ThrowsAsync <ArgumentException>(() => signer.SignAsync("BUCKETNAME", "objectName", TimeSpan.FromDays(1)));
// Make sure exceptions are not thrown for things which may be null or uppercase.
signer.Sign("bucketname", null, TimeSpan.FromDays(1), null, null);
await signer.SignAsync("bucketname", null, TimeSpan.FromDays(1), null, null);
}
public void Sign_Validations()
{
var signer = UrlSigner.FromBlobSigner(new FakeBlobSigner());
// Bucket names cannot be null or contain uppercase letters (among other rules).
// Make sure we verify the presence and format of the bucket name in all overloads.
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, "objectName", TimeSpan.FromDays(1), new HttpRequestMessage()));
Assert.Throws <ArgumentException>(() => signer.Sign("BUCKETNAME", "objectName", TimeSpan.FromDays(1), new HttpRequestMessage()));
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, "objectName", DateTimeOffset.UtcNow, new HttpRequestMessage()));
Assert.Throws <ArgumentException>(() => signer.Sign("BUCKETNAME", "objectName", DateTimeOffset.UtcNow, new HttpRequestMessage()));
var emptyHeaders = new Dictionary <string, IEnumerable <string> >();
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, "objectName", TimeSpan.FromDays(1), HttpMethod.Get, emptyHeaders, emptyHeaders));
Assert.Throws <ArgumentException>(() => signer.Sign("BUCKETNAME", "objectName", TimeSpan.FromDays(1), HttpMethod.Get, emptyHeaders, emptyHeaders));
Assert.Throws <ArgumentNullException>(() => signer.Sign(null, "objectName", DateTimeOffset.UtcNow, HttpMethod.Get, emptyHeaders, emptyHeaders));
Assert.Throws <ArgumentException>(() => signer.Sign("BUCKETNAME", "objectName", DateTimeOffset.UtcNow, HttpMethod.Get, emptyHeaders, emptyHeaders));
#pragma warning disable CS0618 // Type or member is obsolete
// Make sure exceptions are not thrown for things which may be null or uppercase.
signer.Sign("bucketname", null, TimeSpan.FromDays(1), null);
signer.Sign("bucketname", null, null, null, null, null);
signer.Sign("bucketname", "OBJECTNAME", null, null, null, null);
// Our UrlSigner is entirely synchronous - it's fine to just wait
signer.SignAsync("bucketname", null, TimeSpan.FromDays(1), request: null).Wait();
signer.SignAsync("bucketname", null, null, null, null, null).Wait();
signer.SignAsync("bucketname", "OBJECTNAME", null, null, null, null).Wait();
#pragma warning restore CS0618 // Type or member is obsolete
}
public async Task SignedUrlWithIamServiceBlobSigner()
{
_fixture.SkipIf(Platform.Instance().Type == PlatformType.Unknown);
var bucketName = _fixture.BucketName;
var objectName = _fixture.HelloStorageObjectName;
var credential = (await GoogleCredential.GetApplicationDefaultAsync()).UnderlyingCredential as ServiceAccountCredential;
var httpClient = new HttpClient();
// Sample: IamServiceBlobSignerUsage
// First obtain the email address of the default service account for this instance from the metadata server.
HttpRequestMessage serviceAccountRequest = new HttpRequestMessage
{
// Note: you could use 169.254.169.254 as the address to avoid a DNS lookup.
RequestUri = new Uri("http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/email"),
Headers = { { "Metadata-Flavor", "Google" } }
};
HttpResponseMessage serviceAccountResponse = await httpClient.SendAsync(serviceAccountRequest).ConfigureAwait(false);
serviceAccountResponse.EnsureSuccessStatusCode();
string serviceAccountId = await serviceAccountResponse.Content.ReadAsStringAsync();
// Create an IAM service client object using the default application credentials.
GoogleCredential iamCredential = await GoogleCredential.GetApplicationDefaultAsync();
iamCredential = iamCredential.CreateScoped(IamService.Scope.CloudPlatform);
IamService iamService = new IamService(new BaseClientService.Initializer
{
HttpClientInitializer = iamCredential
});
// Create a request template that will be used to create the signed URL.
UrlSigner.RequestTemplate requestTemplate = UrlSigner.RequestTemplate
.FromBucket(bucketName)
.WithObjectName(objectName)
.WithHttpMethod(HttpMethod.Get);
// Create options specifying for how long the signer URL will be valid.
UrlSigner.Options options = UrlSigner.Options.FromDuration(TimeSpan.FromHours(1));
// Create a URL signer that will use the IAM service for signing. This signer is thread-safe,
// and would typically occur as a dependency, e.g. in an ASP.NET Core controller, where the
// same instance can be reused for each request.
IamServiceBlobSigner blobSigner = new IamServiceBlobSigner(iamService, serviceAccountId);
UrlSigner urlSigner = UrlSigner.FromBlobSigner(blobSigner);
// Use the URL signer to sign a request for the test object for the next hour.
string url = await urlSigner.SignAsync(requestTemplate, options);
// Prove we can fetch the content of the test object with a simple unauthenticated GET request.
HttpResponseMessage response = await httpClient.GetAsync(url);
string content = await response.Content.ReadAsStringAsync();
// End sample
Assert.Equal(_fixture.HelloWorldContent, content);
}
public async Task BlobSignerAsync()
{
var signer = UrlSigner.FromBlobSigner(new FakeBlobSigner());
var bucketName = "bucket-name";
var objectName = "object-name";
var expiration = new DateTime(1970, 1, 1, 0, 0, 30, DateTimeKind.Utc);
var url = await signer.SignAsync(bucketName, objectName, expiration);
Assert.Equal("https://storage.googleapis.com/bucket-name/object-name?GoogleAccessId=FakeId&Expires=30&Signature=BBB%3D", url);
}
public void BlobSignerSync()
{
var signer = UrlSigner.FromBlobSigner(new FakeBlobSigner()).WithSigningVersion(SigningVersion.V2);
var bucketName = "bucket-name";
var objectName = "object-name";
var expiration = new DateTime(1970, 1, 1, 0, 0, 30, DateTimeKind.Utc);
var url = signer.Sign(bucketName, objectName, expiration);
Assert.Equal("https://storage.googleapis.com/bucket-name/object-name?GoogleAccessId=FakeId&Expires=30&Signature=AAA%3D", url);
}
public void BlobSignerSync()
{
var signer = UrlSigner.FromBlobSigner(new FakeBlobSigner());
var baseRequestTemplate = RequestTemplate.FromBucket("bucket-name").WithObjectName("object-name");
var options = Options
.FromExpiration(new DateTime(1970, 1, 1, 0, 0, 30, DateTimeKind.Utc))
.WithSigningVersion(SigningVersion.V2);
var url = signer.Sign(baseRequestTemplate, options);
Assert.Equal("https://storage.googleapis.com/bucket-name/object-name?GoogleAccessId=FakeId&Expires=30&Signature=AAA%3D", url);
}