static void Main(string[] args)
{
string bucket = "examplebucket-1253653367"; // 您的 bucket
string region = "ap-guangzhou"; // bucket 所在区域
string allowPrefix = "exampleobject"; // 这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
string[] allowActions = new string[] { // 允许的操作范围,这里以上传操作为例
"name/cos:PutObject",
"name/cos:PostObject",
"name/cos:InitiateMultipartUpload",
"name/cos:ListMultipartUploads",
"name/cos:ListParts",
"name/cos:UploadPart",
"name/cos:CompleteMultipartUpload"
};
string secretId = Environment.GetEnvironmentVariable("COS_KEY"); // 云 API 密钥 Id
string secretKey = Environment.GetEnvironmentVariable("COS_SECRET"); // 云 API 密钥 Key
Dictionary <string, object> values = new Dictionary <string, object>();
values.Add("bucket", bucket);
values.Add("region", region);
values.Add("allowPrefix", allowPrefix);
values.Add("allowActions", allowActions);
values.Add("durationSeconds", 1800);
values.Add("secretId", secretId);
values.Add("secretKey", secretKey);
string credential = STSClient.genCredential(values);
Console.WriteLine(credential);
}
public void TestSTSClient()
{
Dictionary <string, object> credential = STSClient.genCredential(values);
TestContext.Progress.WriteLine(JsonConvert.SerializeObject(credential));
Assert.NotNull(credential);
}
public void TestSTSClient()
{
string credential = STSClient.genCredential(values);
TestContext.Progress.WriteLine(credential);
Assert.NotNull(credential);
}
public SsoAdminClient(
Uri ssoSdkUri,
Uri stsUri,
X509CertificateValidator serverCertificateValidator)
{
var ssoUri = ssoSdkUri.ToString();
_hostName = ssoSdkUri.Host;
_certificateVAlidator = serverCertificateValidator;
_ssoAdminClient = new SsoPortTypeClient(GetBinding(), new EndpointAddress(new Uri(ssoUri)));
_ssoAdminClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior());
var serverAuthentication = GetServerAuthentication(serverCertificateValidator);
if (serverAuthentication != null)
{
_ssoAdminClient
.ChannelFactory
.Credentials
.ServiceCertificate
.SslCertificateAuthentication = serverAuthentication;
}
// Create STS Client for authorized operations
_stsClient = new STSClient(stsUri, serverCertificateValidator);
}
public Dictionary <string, object> GetDownloadToken(List <string> allowPrefix)
{
string bucket = _tencentCosManagement.Bucket;
string region = _tencentCosManagement.Region;
string[] allowActions = new string[] {
"name/cos:HeadObject",
"name/cos:GetObject"
};
string secretId = _tencentCosManagement.SecretId;
string secretKey = _tencentCosManagement.SecretKey;
Dictionary <string, object> values = new Dictionary <string, object>();
values.Add("bucket", bucket);
values.Add("region", region);
values.Add("allowPrefixes", allowPrefix.ToArray());
values.Add("allowActions", allowActions);
values.Add("durationSeconds", _downloadDuration);
values.Add("secretId", secretId);
values.Add("secretKey", secretKey);
values.Add("Domain", "sts.tencentcloudapi.com");
Dictionary <string, object> credential = STSClient.genCredential(values);
return(credential);
}
public Dictionary <string, object> GetUploadToken(EntityFile file)
{
string bucket = _tencentCosManagement.Bucket;
string region = _tencentCosManagement.Region;
string allowPrefix = file.StorageName;
string[] allowActions = new string[] {
"name/cos:PutObject",
"name/cos:PostObject",
"name/cos:InitiateMultipartUpload",
"name/cos:ListMultipartUploads",
"name/cos:ListParts",
"name/cos:UploadPart",
"name/cos:CompleteMultipartUpload"
};
string secretId = _tencentCosManagement.SecretId;
string secretKey = _tencentCosManagement.SecretKey;
Dictionary <string, object> values = new Dictionary <string, object>();
values.Add("bucket", bucket);
values.Add("region", region);
values.Add("allowPrefix", allowPrefix);
values.Add("allowActions", allowActions);
values.Add("durationSeconds", _uploadDuration);
values.Add("secretId", secretId);
values.Add("secretKey", secretKey);
values.Add("Domain", "sts.tencentcloudapi.com");
Dictionary <string, object> credential = STSClient.genCredential(values);
return(credential);
}
public void Setup()
{
_stsClient = new STSClient(new Uri(STS_ENDPOINT),
new AcceptAllX509CertificateValidator());
_testsSigningCertificate = new X509Certificate2(
@"C:\git-repos\SsoAdminClientLib\TestCertificate\ssoSigning.pfx",
"ca$hc0w");
}
public void TestPolicy()
{
string policy = STSClient.getPolicy(
(string)values["region"], (string)values["bucket"],
(string)values["allowPrefix"], (string[])values["allowActions"]);
TestContext.Progress.WriteLine(policy);
Assert.NotNull(policy);
}
private STSClient GetStsClient()
{
if (_stsClient == null)
{
_stsClient = new STSClient(
new Uri(_stsSettings.StsServiceEndpoint),
null);
}
return(_stsClient);
}
static void Main(string[] args)
{
string bucket = "examplebucket-1253653367"; // 您的 bucket
string region = "ap-guangzhou"; // bucket 所在区域
string allowPrefix = "exampleobject"; // 这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用)
string[] allowActions = new string[] { // 允许的操作范围,这里以上传操作为例
"name/cos:PutObject",
"name/cos:PostObject",
"name/cos:InitiateMultipartUpload",
"name/cos:ListMultipartUploads",
"name/cos:ListParts",
"name/cos:UploadPart",
"name/cos:CompleteMultipartUpload"
};
// Demo 这里是从环境变量读取,如果是直接硬编码在代码中,请参考:
// string secretId = "AKIDXXXXXXXXX";
string secretId = Environment.GetEnvironmentVariable("COS_KEY"); // 云 API 密钥 Id
string secretKey = Environment.GetEnvironmentVariable("COS_SECRET"); // 云 API 密钥 Key
Dictionary <string, object> values = new Dictionary <string, object>();
values.Add("bucket", bucket);
values.Add("region", region);
values.Add("allowPrefix", allowPrefix);
// 也可以通过 allowPrefixes 指定路径前缀的集合
// values.Add("allowPrefixes", new string[] {
// "path/to/dir1/*",
// "path/to/dir2/*",
// });
values.Add("allowActions", allowActions);
values.Add("durationSeconds", 1800);
values.Add("secretId", secretId);
values.Add("secretKey", secretKey);
// 设置域名
// values.Add("Domain", "sts.tencentcloudapi.com");
// Credentials = {
// "Token": "4oztDXOAAI3c6qUE5TkNuVzSP1tUQz15f3f946eb08f9411d3d61505cc4bc74cczCZLchkvRmmrqzE09ELVw35gzYlBXsQp03PBpL79ubLvoAMWbBgSMmI6eApmhqv7NFeDdKJlikVe0fNCU2NNUe7cHrgttfTIK87ZnC86kww-HysFgIGeBNWpwo4ih0lV0z9a2WiTIjPoeDBwPU4YeeAVQAGPnRgHALoL2FtxNsutFzDjuryRZDK7Am4Cs9YxpZHhG7_F_II6363liKNsHTk8ONRZrNxKiOqvFvyhsJ-oTTUg0I0FT4_xo0lq5zR9yyySXHbE7z-2im4rgnK3sBagN47zkgltJyefJmaPUdDgGmvaQBO6TqxiiszOsayS7CxCZK1yi90H2KS3xRUYTLf94aVaZlufrIwntXIXZaHOKHmwuZuXl7HnHoXbfg_YENoLP6JAkDCw0GOFEGNOrkCuxRtcdJ08hysrwBw1hmYawDHkbyxYkirY-Djg7PswiC4_juBvG0iwjzVwE0W_rhxIa7YtamLnZJxQk9dyzbbl0F4DTYwS101Hq9wC7jtifkXFjBFTGRnfPe85K-hEnJLaEy7eYfulIPI9QiIUxi4BLPbzjD9j3qJ4Wdt5oqk9XcF9y5Ii2uQx1eymNl7qCA",
// "TmpSecretId": "xxxxxxxxxxxx",
// "TmpSecretKey": "PZ/WWfPZFYqahPSs8URUVMc8IyJH+T24zdn8V1cZaMs="
// }
// ExpiredTime = 1597916602
// Expiration = 2020/8/20 上午9:43:22
// RequestId = 2b731be1-ebe8-4638-8a72-906bc564a55a
// StartTime = 1597914802
Dictionary <string, object> credential = STSClient.genCredential(values);
foreach (KeyValuePair <string, object> kvp in credential)
{
Console.WriteLine("{0} = {1}", kvp.Key, kvp.Value);
}
}
public void TestSTSClientMultiPrefix()
{
values.Remove("allowPrefix");
values.Add("allowPrefixes", new string[] {
"exampleobject",
"exampleobject2"
});
Dictionary <string, object> credential = STSClient.genCredential(values);
TestContext.Progress.WriteLine(JsonConvert.SerializeObject(credential));
Assert.NotNull(credential);
}
public LookupServiceClient(string hostname, X509CertificateValidator serverCertificateValidator)
{
var lsUri = $"https://{hostname}/lookupservice/sdk";
_lsClient = new LsPortTypeClient(GetBinding(), new EndpointAddress(new Uri(lsUri)));
_lsClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior());
var serverAuthentication = GetServerAuthentication(serverCertificateValidator);
if (serverAuthentication != null)
{
_lsClient
.ChannelFactory
.Credentials
.ServiceCertificate
.SslCertificateAuthentication = serverAuthentication;
}
// Create STS Client for authorized operations
_stsClient = new STSClient(GetStsEndpointUri(), serverCertificateValidator);
}
/// <summary>
///
/// </summary>
/// <param name="bucket"></param>
/// <param name="allowPrefixs"></param>
/// <param name="allowActions"></param>
/// <param name="keepTime"></param>
/// <returns></returns>
public dynamic GetTempToken(string bucket, string[] allowPrefixs = null, string[] allowActions = null, int keepTime = 1800)
{
// 默认运行客户端上传到云存储服务器
allowActions = allowActions ?? new string[]
{
"name/cos:PutObject",
"name/cos:PostObject",
"name/cos:InitiateMultipartUpload",
"name/cos:ListMultipartUploads",
"name/cos:ListParts",
"name/cos:UploadPart",
"name/cos:CompleteMultipartUpload"
};
allowPrefixs = allowPrefixs ?? new string[] { "*" };
Dictionary <string, object> dire = new Dictionary <string, object>();
dire.Add("bucket", bucket);
dire.Add("region", this.region);
dire.Add("allowPrefix", allowPrefixs[0]);
dire.Add("allowPrefixs", allowPrefixs);
dire.Add("allowActions", allowActions);
dire.Add("durationSeconds", keepTime);
dire.Add("secretId", this.secretId);
dire.Add("secretKey", this.secretKey);
dire.Add("Domain", "sts.tencentcloudapi.com");
var credential = STSClient.genCredential(dire);
return(credential);
//throw new NotImplementedException();
}
private TempCredentialResult GenTempCredential(Dictionary <string, object> values)
{
try
{
Dictionary <string, object> credential = STSClient.genCredential(values);
TempCredentialResult output = new TempCredentialResult
{
Bucket = values["bucket"].ToString(),
Region = values["region"].ToString()
};
IList <string> errs = new List <string>();
foreach (KeyValuePair <string, object> kvp in credential)
{
switch (kvp.Key)
{
case "Credentials":
output.Credential = JsonExtensions.Deserialize <TempCredential>(kvp.Value.ToString());
break;
case "ExpiredTime":
if (long.TryParse(kvp.Value.ToString(), out long et))
{
output.ExpiredTime = et;
}
else
{
errs.Add("ExpiredTime");
errs.Add("kvp.Value.ToString()");
// logger.LogError($"ExpiredTime:{kvp.Value}");
}
output.Expiration = new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero).AddSeconds(output.ExpiredTime);
break;
case "StartTime":
if (long.TryParse(kvp.Value.ToString(), out long st))
{
output.StartTime = st;
}
else
{
errs.Add("StartTime");
errs.Add("kvp.Value.ToString()");
}
break;
case "RequestId": output.RequestId = kvp.Value.ToString(); break;
//case "Expiration": output.Expiration = JsonConvert.DeserializeObject<DateTimeOffset>(kvp.Value.ToString()); break;
}
}
return(output);
}
catch (Exception ex)
{
string[] p = new string[] {
"bucket", values["bucket"].ToString(),
"region", values["region"].ToString(),
"allowPrefix", values["allowPrefix"].ToString(),
"allowActions", string.Join(",", values["allowActions"] as string[]),
"ex", ex.Message
};
throw new WFwException(Results.OperationResultType.TencentCloudSdkStsErr, "", p);
}
}
public STSService(STSClient stsClient, ILogger logger, IMMSetting immSetting)
{
m_STSClient = stsClient;
m_Logger = logger;
m_IMMSetting = immSetting;
}
