/// <summary>
/// Initializes a new instance of the <see cref="AccountSasBuilder"/>
/// class to create a Blob Container Service Sas.
/// </summary>
/// <param name="permissions">
/// The time at which the shared access signature becomes invalid.
/// This field must be omitted if it has been specified in an
/// associated stored access policy.
/// </param>
/// <param name="expiresOn">
/// The time at which the shared access signature becomes invalid.
/// This field must be omitted if it has been specified in an
/// associated stored access policy.
/// </param>
/// <param name="services">
/// Specifies the services accessible from an account level shared access
/// signature.
/// </param>
/// <param name="resourceTypes">
/// Specifies the resource types accessible from an account level shared
/// access signature.
/// </param>
public AccountSasBuilder(
AccountSasPermissions permissions,
DateTimeOffset expiresOn,
AccountSasServices services,
AccountSasResourceTypes resourceTypes)
{
ExpiresOn = expiresOn;
SetPermissions(permissions);
Services = services;
ResourceTypes = resourceTypes;
}
/// <summary>
/// Use an account's <see cref="StorageSharedKeyCredential"/> to sign this
/// shared access signature values to produce the proper SAS query
/// parameters for authenticating requests.
/// </summary>
/// <param name="sharedKeyCredential">
/// The storage account's <see cref="StorageSharedKeyCredential"/>.
/// </param>
/// <returns>
/// The <see cref="SasQueryParameters"/> used for authenticating
/// requests.
/// </returns>
public SasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential)
{
// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
sharedKeyCredential = sharedKeyCredential ?? throw Errors.ArgumentNull(nameof(sharedKeyCredential));
if (this.ExpiryTime == default || String.IsNullOrEmpty(this.Permissions) || String.IsNullOrEmpty(this.ResourceTypes) || String.IsNullOrEmpty(this.Services))
{
throw Errors.AccountSasMissingData();
}
if (String.IsNullOrEmpty(this.Version))
{
this.Version = SasQueryParameters.DefaultSasVersion;
}
// Make sure the permission characters are in the correct order
this.Permissions = AccountSasPermissions.Parse(this.Permissions).ToString();
var startTime = SasQueryParameters.FormatTimesForSasSigning(this.StartTime);
var expiryTime = SasQueryParameters.FormatTimesForSasSigning(this.ExpiryTime);
// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
var stringToSign = String.Join("\n",
sharedKeyCredential.AccountName,
this.Permissions,
this.Services,
this.ResourceTypes,
startTime,
expiryTime,
this.IPRange.ToString(),
this.Protocol.ToString(),
this.Version,
""); // That's right, the account SAS requires a terminating extra newline
var signature = sharedKeyCredential.ComputeHMACSHA256(stringToSign);
var p = new SasQueryParameters(
this.Version,
this.Services,
this.ResourceTypes,
this.Protocol,
this.StartTime,
this.ExpiryTime,
this.IPRange,
null, // Identifier
null, // Resource
this.Permissions,
signature);
return(p);
}
/// <summary>
/// Sets the permissions for an account SAS.
/// </summary>
/// <param name="permissions">
/// <see cref="AccountSasPermissions"/> containing the allowed permissions.
/// </param>
public void SetPermissions(AccountSasPermissions permissions)
{
Permissions = permissions.ToPermissionsString();
}