public static SasResourceType ParseSasResourceType(string signedResourceType)
{
if (string.IsNullOrWhiteSpace(signedResourceType))
{
throw new ArgumentException("signedResourceType");
}
SasResourceType sasResourceType = SasResourceType.None;
for (int i = 0; i < signedResourceType.Length; i++)
{
char chr = signedResourceType[i];
if (chr == 'c')
{
sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Container, i);
}
else if (chr == 'o')
{
sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Object, i);
}
else
{
if (chr != 's')
{
throw new FormatException(string.Concat("Unexpected character ", signedResourceType[i], " in signed resource type"));
}
sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Service, i);
}
}
return(sasResourceType);
}
public override void ParseAccessPolicyFields(bool isDoubleSigned)
{
try
{
this.ValidateAndSetSASVersionToUse(base.QueryParams["sv"]);
base.ParseAccessPolicyFields(false);
string str = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(base.QueryParams);
base.ValidateOptionalField(str, "sk");
if (str != null)
{
base.KeyName = str.Trim();
Logger <IRestProtocolHeadLogger> .Instance.Verbose.Log("Using secret key with KeyName '{0}' to authenticate SAS request.", new object[] { base.KeyName });
}
string item = base.QueryParams["ss"];
base.ValidateMandatoryField(item, "ss");
this.SignedService = AccountSasHelper.ParseSasService(item);
string item1 = base.QueryParams["srt"];
base.ValidateMandatoryField(item1, "srt");
this.SignedResourceType = AccountSasHelper.ParseSasResourceType(item1);
string str1 = base.QueryParams["sig"];
base.ValidateMandatoryField(str1, "sig");
base.ValidateSignatureFormat(str1);
base.Signature = str1;
string item2 = base.QueryParams["sp"];
base.ValidateMandatoryField(item2, "sp");
base.SignedPermission = new SASPermission?(AccountSasHelper.ParsePermissionsForAccountSas(item2));
}
catch (FormatException formatException)
{
throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
}
}
public static SasService ParseSasService(string service)
{
if (string.IsNullOrEmpty(service))
{
throw new ArgumentException(service);
}
SasService sasService = SasService.None;
int num = 0;
while (true)
{
if (num >= service.Length)
{
return(sasService);
}
char chr = service[num];
if (chr <= 'f')
{
if (chr == 'b')
{
sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Blob, num);
}
else if (chr == 'f')
{
sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.File, num);
}
else
{
break;
}
}
else if (chr == 'q')
{
sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Queue, num);
}
else if (chr == 't')
{
sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Table, num);
}
else
{
break;
}
num++;
}
throw new FormatException(string.Concat("Unexpected character ", service[num], " in service"));
}
public static SASPermission ParsePermissionsForAccountSas(string permission)
{
if (string.IsNullOrEmpty(permission))
{
throw new ArgumentException(permission);
}
SASPermission sASPermission = SASPermission.None;
int num = 0;
while (true)
{
if (num >= permission.Length)
{
return(sASPermission);
}
char chr = permission[num];
if (chr > 'l')
{
switch (chr)
{
case 'p':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Process, num);
break;
}
case 'q':
{
throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
}
case 'r':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Read, num);
break;
}
default:
{
switch (chr)
{
case 'u':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Update, num);
break;
}
case 'v':
{
throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
}
case 'w':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Write, num);
break;
}
default:
{
throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
}
}
break;
}
}
}
else
{
switch (chr)
{
case 'a':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Add, num);
break;
}
case 'b':
{
throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
}
case 'c':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Create, num);
break;
}
case 'd':
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Delete, num);
break;
}
default:
{
if (chr == 'l')
{
sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.List, num);
break;
}
else
{
throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
}
}
}
}
num++;
}
throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
}
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context)
{
bool flag;
bool flag1;
SignedAccessHelper queueSignedAccessHelper;
IStorageAccount operationStatus;
ContainerAclSettings containerAclSetting;
string signedVersion = null;
Duration startingNow = Duration.StartingNow;
NameValueCollection queryParameters = requestContext.QueryParameters;
if (AuthenticationManager.IsInvalidAccess(requestContext))
{
throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access");
}
bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext);
bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext);
flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey"));
bool flag4 = flag;
flag1 = (flag2 ? false : !flag3);
if ((!flag2 || flag4) && !flag1)
{
NephosAssertionException.Assert((flag3 ? true : flag4));
bool flag5 = (flag3 ? false : flag4);
if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters))
{
queueSignedAccessHelper = new QueueSignedAccessHelper(requestContext, uriComponents, flag5);
}
else
{
if (flag5)
{
throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS.");
}
queueSignedAccessHelper = new AccountSasHelper(requestContext, uriComponents);
}
queueSignedAccessHelper.ParseAccessPolicyFields(flag5);
queueSignedAccessHelper.PerformSignedAccessAuthenticationFirstPhaseValidations();
AccountIdentifier signedAccessAccountIdentifier = null;
if (!flag5)
{
byte[] sign = queueSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign();
if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName))
{
try
{
operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName);
if (requestContext != null)
{
operationStatus.OperationStatus = requestContext.OperationStatus;
}
}
catch (ArgumentOutOfRangeException argumentOutOfRangeException)
{
throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0]));
}
operationStatus.Timeout = startingNow.Remaining(timeout);
IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult);
try
{
operationStatus.EndGetProperties(asyncResult);
}
catch (AccountNotFoundException accountNotFoundException1)
{
AccountNotFoundException accountNotFoundException = accountNotFoundException1;
CultureInfo invariantCulture = CultureInfo.InvariantCulture;
object[] name = new object[] { operationStatus.Name };
throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException);
}
catch (Exception exception1)
{
Exception exception = exception1;
IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning;
object[] objArray = new object[] { operationStatus.Name, exception };
warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray);
throw;
}
}
else
{
operationStatus = storageAccount;
}
if (!queueSignedAccessHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3))
{
throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign)));
}
NephosAssertionException.Assert(queueSignedAccessHelper.KeyUsedForSigning != null, "Key used for signing cannot be null");
signedAccessAccountIdentifier = queueSignedAccessHelper.CreateAccountIdentifier(operationStatus);
if (storageAccount != operationStatus)
{
operationStatus.Dispose();
}
}
else
{
IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult1);
IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1);
signedAccessAccountIdentifier = new SignedAccessAccountIdentifier(authenticationResult.AccountIdentifier);
}
signedVersion = queueSignedAccessHelper.SignedVersion;
if (queueSignedAccessHelper.IsRevocableAccess)
{
using (IQueueContainer queueContainer = this.storageManager.CreateQueueContainerInstance(uriComponents.AccountName, uriComponents.ContainerName))
{
if (requestContext != null)
{
queueContainer.OperationStatus = requestContext.OperationStatus;
}
ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata;
queueContainer.Timeout = startingNow.Remaining(timeout);
IAsyncResult asyncResult2 = queueContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult2);
try
{
queueContainer.EndGetProperties(asyncResult2);
}
catch (Exception exception3)
{
Exception exception2 = exception3;
if (exception2 is ContainerNotFoundException)
{
throw new AuthenticationFailureException("Error locating SAS identifier", exception2);
}
IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning;
object[] accountName = new object[] { uriComponents.AccountName, uriComponents.ContainerName, exception2 };
stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName);
throw;
}
try
{
containerAclSetting = new ContainerAclSettings(queueContainer.ServiceMetadata);
}
catch (MetadataFormatException metadataFormatException1)
{
MetadataFormatException metadataFormatException = metadataFormatException1;
throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", uriComponents.ContainerName), metadataFormatException);
}
}
try
{
queueSignedAccessHelper.ValidateAndDeriveEffectiveAccessPolicy(queueSignedAccessHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers));
queueSignedAccessHelper.PerformSignedAccessAuthenticationSecondPhaseValidations();
signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper);
context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true);
}
catch (FormatException formatException)
{
throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
}
}
else
{
signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper);
context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true);
}
}
else
{
IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult3);
context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3);
}
}
