protected internal override IEnumerable <IAsyncResult> AuthorizePublicAccess(AsyncIteratorContext <AuthorizationResult> context, AuthorizationResult authorizationResult, IStorageManager storageManager, string resourceAccount, string resourceContainer, string resourceIdentifier, IAccountIdentifier requestor, PermissionLevel permission, Duration d, TimeSpan timeout) { using (IBlobContainer blobContainer = storageManager.CreateBlobContainerInstance(resourceAccount, resourceContainer)) { blobContainer.Timeout = d.Remaining(timeout); IAsyncResult asyncResult = blobContainer.BeginGetProperties(ContainerPropertyNames.ServiceMetadata, null, context.GetResumeCallback(), context.GetResumeState("NephosAuthorizationManager.AuthorizeRequestImpl")); yield return(asyncResult); try { blobContainer.EndGetProperties(asyncResult); } catch (ContainerNotFoundException containerNotFoundException) { throw new ContainerUnauthorizedException(resourceAccount, resourceContainer, resourceIdentifier, requestor, permission, containerNotFoundException); } catch (ServerBusyException serverBusyException) { Logger <IRestProtocolHeadLogger> .Instance.ErrorDebug.Log("Got ServerBusy while trying to get container Acl settings during Authorization so not continuing"); throw; } catch (TimeoutException timeoutException) { Logger <IRestProtocolHeadLogger> .Instance.ErrorDebug.Log("Request timed out while trying to get container Acl settings during Authorization so not continuing"); throw; } catch (StorageManagerException storageManagerException1) { StorageManagerException storageManagerException = storageManagerException1; IStringDataEventStream verboseDebug = Logger <IRestProtocolHeadLogger> .Instance.VerboseDebug; verboseDebug.Log("Got and swallowed exception when accessing acl setting for authorization: {0}", new object[] { storageManagerException }); authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure; authorizationResult.Authorized = false; context.ResultData = authorizationResult; goto Label0; } string str = (new ContainerAclSettings(blobContainer.ServiceMetadata)).PublicAccessLevel; if (!string.IsNullOrEmpty(str)) { if (string.IsNullOrEmpty(resourceIdentifier)) { if (Comparison.StringEqualsIgnoreCase(str, "container") || Comparison.StringEqualsIgnoreCase(str, bool.TrueString)) { authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable; authorizationResult.Authorized = true; context.ResultData = authorizationResult; goto Label0; } } else if (Comparison.StringEqualsIgnoreCase(str, "blob") || Comparison.StringEqualsIgnoreCase(str, "container") || Comparison.StringEqualsIgnoreCase(str, bool.TrueString)) { authorizationResult.FailureReason = AuthorizationFailureReason.NotApplicable; authorizationResult.Authorized = true; context.ResultData = authorizationResult; goto Label0; } authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure; authorizationResult.Authorized = false; context.ResultData = authorizationResult; } else { authorizationResult.FailureReason = AuthorizationFailureReason.AccessPermissionFailure; authorizationResult.Authorized = false; context.ResultData = authorizationResult; } } Label0: yield break; }
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context) { bool flag; SignedAccessHelper blobSignedAccessHelper; IStorageAccount operationStatus; ContainerAclSettings containerAclSetting; Duration startingNow = Duration.StartingNow; NameValueCollection queryParameters = requestContext.QueryParameters; if (AuthenticationManager.IsInvalidAccess(requestContext)) { throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access"); } bool flag1 = AuthenticationManager.IsAuthenticatedAccess(requestContext); bool flag2 = AuthenticationManager.IsSignatureAccess(requestContext); flag = (!flag1 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey")); bool flag3 = flag; bool flag4 = (flag1 ? false : !flag2); bool flag5 = string.IsNullOrEmpty(requestContext.RequestHeaderRestVersion); if (this.DenyUnversionedAuthenticatedAccess && flag5 && flag1) { throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "Unversioned authenticated access is not allowed.", new object[0])); } if ((!flag1 || flag3) && !flag4) { NephosAssertionException.Assert((flag2 ? true : flag3)); bool flag6 = (flag2 ? false : flag3); if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters)) { blobSignedAccessHelper = new BlobSignedAccessHelper(requestContext, uriComponents); } else { if (flag6) { throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS."); } blobSignedAccessHelper = new AccountSasHelper(requestContext, uriComponents); } blobSignedAccessHelper.ParseAccessPolicyFields(flag6); blobSignedAccessHelper.PerformSignedAccessAuthenticationFirstPhaseValidations(); AccountIdentifier signedAccessAccountIdentifier = null; if (!flag6) { byte[] sign = blobSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(); if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName)) { try { operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName); if (requestContext != null) { operationStatus.OperationStatus = requestContext.OperationStatus; } } catch (ArgumentOutOfRangeException argumentOutOfRangeException) { throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0])); } operationStatus.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl")); yield return(asyncResult); try { operationStatus.EndGetProperties(asyncResult); } catch (AccountNotFoundException accountNotFoundException1) { AccountNotFoundException accountNotFoundException = accountNotFoundException1; CultureInfo invariantCulture = CultureInfo.InvariantCulture; object[] name = new object[] { operationStatus.Name }; throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException); } catch (Exception exception1) { Exception exception = exception1; IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] objArray = new object[] { operationStatus.Name, exception }; warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray); throw; } } else { operationStatus = storageAccount; } if (!blobSignedAccessHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3)) { throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign))); } NephosAssertionException.Assert(blobSignedAccessHelper.KeyUsedForSigning != null, "Key used for signing cannot be null"); signedAccessAccountIdentifier = blobSignedAccessHelper.CreateAccountIdentifier(operationStatus); if (storageAccount != operationStatus) { operationStatus.Dispose(); } } else { IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl")); yield return(asyncResult1); IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1); signedAccessAccountIdentifier = new SignedAccessAccountIdentifier(authenticationResult.AccountIdentifier); } if (blobSignedAccessHelper.IsRevocableAccess) { using (IBlobContainer blobContainer = this.storageManager.CreateBlobContainerInstance(uriComponents.AccountName, uriComponents.ContainerName)) { ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata; if (requestContext != null) { blobContainer.OperationStatus = requestContext.OperationStatus; } blobContainer.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult2 = blobContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl")); yield return(asyncResult2); try { blobContainer.EndGetProperties(asyncResult2); } catch (Exception exception3) { Exception exception2 = exception3; if (exception2 is ContainerNotFoundException) { throw new AuthenticationFailureException("Error locating SAS identifier", exception2); } IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] accountName = new object[] { uriComponents.AccountName, uriComponents.ContainerName, exception2 }; stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName); throw; } try { containerAclSetting = new ContainerAclSettings(blobContainer.ServiceMetadata); } catch (MetadataFormatException metadataFormatException1) { MetadataFormatException metadataFormatException = metadataFormatException1; throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", uriComponents.ContainerName), metadataFormatException); } } try { blobSignedAccessHelper.ValidateAndDeriveEffectiveAccessPolicy(blobSignedAccessHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers)); blobSignedAccessHelper.PerformSignedAccessAuthenticationSecondPhaseValidations(); signedAccessAccountIdentifier.Initialize(blobSignedAccessHelper); context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, blobSignedAccessHelper.SignedVersion, true); } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } } else { signedAccessAccountIdentifier.Initialize(blobSignedAccessHelper); context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, blobSignedAccessHelper.SignedVersion, true); } } else { IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEBlobAuthenticationManager.AuthenticateImpl")); yield return(asyncResult3); context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3); } }