예제 #1
0
        public override byte[] ComputeUrlDecodedUtf8EncodedStringToSign()
        {
            string item;
            string str                  = base.QueryParams["st"];
            string item1                = base.QueryParams["se"];
            string str1                 = base.QueryParams["sp"];
            string signedIdentifier     = base.SignedIdentifier ?? string.Empty;
            string item2                = base.QueryParams["sip"];
            string str2                 = base.QueryParams["spr"];
            string item3                = base.QueryParams["sv"];
            string tableName            = this.TableName ?? string.Empty;
            string startingPartitionKey = this.StartingPartitionKey ?? string.Empty;
            string startingRowKey       = this.StartingRowKey ?? string.Empty;
            string endingPartitionKey   = this.EndingPartitionKey ?? string.Empty;
            string endingRowKey         = this.EndingRowKey ?? string.Empty;

            if (base.SignedExtraPermission.HasValue)
            {
                item = base.QueryParams["sep"];
            }
            else
            {
                item = null;
            }
            return(TableSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(str, item1, str1, signedIdentifier, item2, str2, item3, tableName, startingPartitionKey, startingRowKey, endingPartitionKey, endingRowKey, item, base.UriComponents));
        }
예제 #2
0
        public static AuthDataEntry SignedKeyAuthenticate(string stringToSign, string requestSignature, AuthenticationInformation authInfo)
        {
            AuthDataEntry authDataEntry;

            NephosAssertionException.Assert(!string.IsNullOrEmpty(stringToSign));
            NephosAssertionException.Assert(!string.IsNullOrEmpty(requestSignature));
            NephosAssertionException.Assert(authInfo != null);
            RequestContext      requestContext  = authInfo.RequestContext;
            NephosUriComponents uriComponents   = authInfo.UriComponents;
            NameValueCollection queryParameters = requestContext.QueryParameters;
            string item  = queryParameters["st"];
            string str   = queryParameters["se"];
            string item1 = queryParameters["sp"];
            string str1  = queryParameters["si"];
            string item2 = queryParameters["sip"];
            string str2  = queryParameters["spr"];
            string item3 = queryParameters["sv"];
            string str3  = queryParameters["tn"];
            string item4 = queryParameters["spk"];
            string str4  = queryParameters["srk"];
            string item5 = queryParameters["epk"];
            string str5  = queryParameters["erk"];
            string item6 = queryParameters["sep"];

            byte[] sign = TableSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(item, str, item1, str1, item2, str2, item3, str3, item4, str4, item5, str5, item6, uriComponents);
            authInfo.AuthKeyName = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(queryParameters);
            using (IEnumerator <AuthDataEntry> enumerator = SharedKeyAuthInfoHelper.GetSharedKeys(authInfo).GetEnumerator())
            {
                while (enumerator.MoveNext())
                {
                    AuthDataEntry current  = enumerator.Current;
                    byte[]        numArray = SASUtilities.ComputeSignedKey(sign, current.AuthValue);
                    if (!SASUtilities.ComputeSignatureAndCompare((new UTF8Encoding()).GetBytes(stringToSign), numArray, requestSignature))
                    {
                        continue;
                    }
                    authDataEntry = current;
                    return(authDataEntry);
                }
                CultureInfo invariantCulture = CultureInfo.InvariantCulture;
                object[]    objArray         = new object[] { requestSignature, stringToSign };
                throw new AuthenticationFailureException(string.Format(invariantCulture, "The MAC signature found in the HTTP request '{0}' is not the same as any computed signature. Server used following string to sign: '{1}'.", objArray));
            }
            return(authDataEntry);
        }
예제 #3
0
        public static byte[] ComputeUrlDecodedUtf8EncodedStringToSign(string st, string se, string sp, string si, string sip, string spr, string sv, string tn, string spk, string srk, string epk, string erk, string sep, NephosUriComponents uriComponents)
        {
            StringBuilder stringBuilder = new StringBuilder();

            stringBuilder.Append(sp ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(st ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(se ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(TableSignedAccessHelper.GetCanonicalizedResource(uriComponents, tn, sv));
            stringBuilder.Append("\n");
            stringBuilder.Append(si ?? string.Empty);
            stringBuilder.Append("\n");
            if (!VersioningHelper.IsPreApril15OrInvalidVersion(sv))
            {
                stringBuilder.Append(sip ?? string.Empty);
                stringBuilder.Append("\n");
                stringBuilder.Append(spr ?? string.Empty);
                stringBuilder.Append("\n");
            }
            stringBuilder.Append(sv ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(spk ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(srk ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(epk ?? string.Empty);
            stringBuilder.Append("\n");
            stringBuilder.Append(erk ?? string.Empty);
            if (sep != null)
            {
                stringBuilder.Append("\n");
                stringBuilder.Append(sep);
            }
            return((new UTF8Encoding()).GetBytes(stringBuilder.ToString()));
        }
예제 #4
0
        private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context)
        {
            bool flag;
            bool flag1;
            SignedAccessHelper   accountSasHelper;
            IStorageAccount      operationStatus;
            ContainerAclSettings containerAclSetting;
            string              signedVersion   = null;
            Duration            startingNow     = Duration.StartingNow;
            NameValueCollection queryParameters = requestContext.QueryParameters;

            if (AuthenticationManager.IsInvalidAccess(requestContext))
            {
                throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access");
            }
            bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext);
            bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext);

            flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey"));
            bool flag4 = flag;

            flag1 = (flag2 ? false : !flag3);
            if ((!flag2 || flag4) && !flag1)
            {
                NephosAssertionException.Assert((flag3 ? true : flag4));
                bool flag5 = (flag3 ? false : flag4);
                TableSignedAccessHelper tableSignedAccessHelper = null;
                if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters))
                {
                    tableSignedAccessHelper = new TableSignedAccessHelper(requestContext, uriComponents);
                    accountSasHelper        = tableSignedAccessHelper;
                }
                else
                {
                    if (flag5)
                    {
                        throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS.");
                    }
                    accountSasHelper = new AccountSasHelper(requestContext, uriComponents);
                }
                accountSasHelper.ParseAccessPolicyFields(flag5);
                accountSasHelper.PerformSignedAccessAuthenticationFirstPhaseValidations();
                AccountIdentifier tableSignedAccessAccountIdentifier = null;
                if (!flag5)
                {
                    byte[] sign = accountSasHelper.ComputeUrlDecodedUtf8EncodedStringToSign();
                    if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName))
                    {
                        try
                        {
                            operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName);
                            if (requestContext != null)
                            {
                                operationStatus.OperationStatus = requestContext.OperationStatus;
                            }
                        }
                        catch (ArgumentOutOfRangeException argumentOutOfRangeException)
                        {
                            throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0]));
                        }
                        operationStatus.Timeout = startingNow.Remaining(timeout);
                        IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
                        yield return(asyncResult);

                        try
                        {
                            operationStatus.EndGetProperties(asyncResult);
                        }
                        catch (AccountNotFoundException accountNotFoundException1)
                        {
                            AccountNotFoundException accountNotFoundException = accountNotFoundException1;
                            CultureInfo invariantCulture = CultureInfo.InvariantCulture;
                            object[]    name             = new object[] { operationStatus.Name };
                            throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException);
                        }
                        catch (Exception exception1)
                        {
                            Exception exception            = exception1;
                            IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning;
                            object[] objArray = new object[] { operationStatus.Name, exception };
                            warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray);
                            throw;
                        }
                    }
                    else
                    {
                        operationStatus = storageAccount;
                    }
                    if (!accountSasHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3))
                    {
                        throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign)));
                    }
                    NephosAssertionException.Assert(accountSasHelper.KeyUsedForSigning != null, "Key used for signing cannot be null");
                    tableSignedAccessAccountIdentifier = accountSasHelper.CreateAccountIdentifier(operationStatus);
                    tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
                    if (storageAccount != operationStatus)
                    {
                        operationStatus.Dispose();
                    }
                }
                else
                {
                    IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
                    yield return(asyncResult1);

                    IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1);
                    tableSignedAccessAccountIdentifier = new TableSignedAccessAccountIdentifier(authenticationResult.AccountIdentifier, tableSignedAccessHelper.TableName, tableSignedAccessHelper.StartingPartitionKey, tableSignedAccessHelper.StartingRowKey, tableSignedAccessHelper.EndingPartitionKey, tableSignedAccessHelper.EndingRowKey);
                    tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
                }
                signedVersion = accountSasHelper.SignedVersion;
                if (accountSasHelper.IsRevocableAccess)
                {
                    using (ITableContainer tableContainer = this.storageManager.CreateTableContainerInstance(uriComponents.AccountName, tableSignedAccessHelper.TableName))
                    {
                        if (requestContext != null)
                        {
                            tableContainer.OperationStatus = requestContext.OperationStatus;
                        }
                        ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata;
                        tableContainer.Timeout = startingNow.Remaining(timeout);
                        IAsyncResult asyncResult2 = tableContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
                        yield return(asyncResult2);

                        try
                        {
                            tableContainer.EndGetProperties(asyncResult2);
                        }
                        catch (Exception exception3)
                        {
                            Exception exception2 = exception3;
                            if (exception2 is ContainerNotFoundException)
                            {
                                throw new AuthenticationFailureException("Error locating SAS identifier", exception2);
                            }
                            IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning;
                            object[] accountName = new object[] { uriComponents.AccountName, tableSignedAccessHelper.TableName, exception2 };
                            stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName);
                            throw;
                        }
                        try
                        {
                            containerAclSetting = new ContainerAclSettings(tableContainer.ServiceMetadata);
                        }
                        catch (MetadataFormatException metadataFormatException1)
                        {
                            MetadataFormatException metadataFormatException = metadataFormatException1;
                            throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", tableSignedAccessHelper.TableName), metadataFormatException);
                        }
                    }
                    try
                    {
                        accountSasHelper.ValidateAndDeriveEffectiveAccessPolicy(accountSasHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers));
                        accountSasHelper.PerformSignedAccessAuthenticationSecondPhaseValidations();
                        tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
                        context.ResultData = new AuthenticationResult(tableSignedAccessAccountIdentifier, signedVersion, true);
                    }
                    catch (FormatException formatException)
                    {
                        throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
                    }
                }
                else
                {
                    tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
                    context.ResultData = new AuthenticationResult(tableSignedAccessAccountIdentifier, signedVersion, true);
                }
            }
            else
            {
                IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
                yield return(asyncResult3);

                context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3);
            }
        }