internal static void ApplyCustomerProvidedKey(StorageRequestMessage request, BlobCustomerProvidedKey customerProvidedKey, bool isSource) { if ((null == customerProvidedKey)) { return; } if (isSource) { request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeySource, customerProvidedKey.Key); request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeyHashSource, customerProvidedKey.KeySHA256); request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeyAlgorithmSource, customerProvidedKey.EncryptionAlgorithm); } else { request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKey, customerProvidedKey.Key); request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeyHash, customerProvidedKey.KeySHA256); request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionAlgorithm, customerProvidedKey.EncryptionAlgorithm); } }
internal static void ValidateCPKHeaders(HttpResponseMessage response, BlobRequestOptions options, bool upload) { if (options?.CustomerProvidedKey == null) { return; } BlobCustomerProvidedKey key = options.CustomerProvidedKey; // Get ms-encryption-key-sha256 header from the response string encryptionKeySHA256Hash = HttpResponseParsers.GetHeader(response, Constants.HeaderConstants.ClientProvidedEncyptionKeyHash); if (!string.Equals(key.KeySHA256, encryptionKeySHA256Hash, StringComparison.OrdinalIgnoreCase)) { throw new StorageException(SR.ClientProvidedKeyBadHash); } // If this is an upload if (upload) { // Get ms-request-server-encrypted header from the response string serverRequestEncrypted = HttpResponseParsers.GetHeader(response, Constants.HeaderConstants.ServerRequestEncrypted); // If header != "true" if (!string.Equals(Constants.HeaderConstants.TrueHeader, serverRequestEncrypted, StringComparison.OrdinalIgnoreCase)) { throw new StorageException(SR.ClientProvidedKeyEncryptionFailure); } } else { // Get ms-server-encrypted header string serviceEncrypted = HttpResponseParsers.GetHeader(response, Constants.HeaderConstants.ServerEncrypted); // If header != "true" if (!string.Equals(Constants.HeaderConstants.TrueHeader, serviceEncrypted, StringComparison.OrdinalIgnoreCase)) { throw new StorageException(SR.ClientProvidedKeyEncryptionFailure); } } }