static void Main(string[] args) { string bucket = "examplebucket-1253653367"; // 您的 bucket string region = "ap-guangzhou"; // bucket 所在区域 string allowPrefix = "exampleobject"; // 这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用) string[] allowActions = new string[] { // 允许的操作范围,这里以上传操作为例 "name/cos:PutObject", "name/cos:PostObject", "name/cos:InitiateMultipartUpload", "name/cos:ListMultipartUploads", "name/cos:ListParts", "name/cos:UploadPart", "name/cos:CompleteMultipartUpload" }; string secretId = Environment.GetEnvironmentVariable("COS_KEY"); // 云 API 密钥 Id string secretKey = Environment.GetEnvironmentVariable("COS_SECRET"); // 云 API 密钥 Key Dictionary <string, object> values = new Dictionary <string, object>(); values.Add("bucket", bucket); values.Add("region", region); values.Add("allowPrefix", allowPrefix); values.Add("allowActions", allowActions); values.Add("durationSeconds", 1800); values.Add("secretId", secretId); values.Add("secretKey", secretKey); string credential = STSClient.genCredential(values); Console.WriteLine(credential); }
public void TestSTSClient() { Dictionary <string, object> credential = STSClient.genCredential(values); TestContext.Progress.WriteLine(JsonConvert.SerializeObject(credential)); Assert.NotNull(credential); }
public void TestSTSClient() { string credential = STSClient.genCredential(values); TestContext.Progress.WriteLine(credential); Assert.NotNull(credential); }
public SsoAdminClient( Uri ssoSdkUri, Uri stsUri, X509CertificateValidator serverCertificateValidator) { var ssoUri = ssoSdkUri.ToString(); _hostName = ssoSdkUri.Host; _certificateVAlidator = serverCertificateValidator; _ssoAdminClient = new SsoPortTypeClient(GetBinding(), new EndpointAddress(new Uri(ssoUri))); _ssoAdminClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior()); var serverAuthentication = GetServerAuthentication(serverCertificateValidator); if (serverAuthentication != null) { _ssoAdminClient .ChannelFactory .Credentials .ServiceCertificate .SslCertificateAuthentication = serverAuthentication; } // Create STS Client for authorized operations _stsClient = new STSClient(stsUri, serverCertificateValidator); }
public Dictionary <string, object> GetDownloadToken(List <string> allowPrefix) { string bucket = _tencentCosManagement.Bucket; string region = _tencentCosManagement.Region; string[] allowActions = new string[] { "name/cos:HeadObject", "name/cos:GetObject" }; string secretId = _tencentCosManagement.SecretId; string secretKey = _tencentCosManagement.SecretKey; Dictionary <string, object> values = new Dictionary <string, object>(); values.Add("bucket", bucket); values.Add("region", region); values.Add("allowPrefixes", allowPrefix.ToArray()); values.Add("allowActions", allowActions); values.Add("durationSeconds", _downloadDuration); values.Add("secretId", secretId); values.Add("secretKey", secretKey); values.Add("Domain", "sts.tencentcloudapi.com"); Dictionary <string, object> credential = STSClient.genCredential(values); return(credential); }
public Dictionary <string, object> GetUploadToken(EntityFile file) { string bucket = _tencentCosManagement.Bucket; string region = _tencentCosManagement.Region; string allowPrefix = file.StorageName; string[] allowActions = new string[] { "name/cos:PutObject", "name/cos:PostObject", "name/cos:InitiateMultipartUpload", "name/cos:ListMultipartUploads", "name/cos:ListParts", "name/cos:UploadPart", "name/cos:CompleteMultipartUpload" }; string secretId = _tencentCosManagement.SecretId; string secretKey = _tencentCosManagement.SecretKey; Dictionary <string, object> values = new Dictionary <string, object>(); values.Add("bucket", bucket); values.Add("region", region); values.Add("allowPrefix", allowPrefix); values.Add("allowActions", allowActions); values.Add("durationSeconds", _uploadDuration); values.Add("secretId", secretId); values.Add("secretKey", secretKey); values.Add("Domain", "sts.tencentcloudapi.com"); Dictionary <string, object> credential = STSClient.genCredential(values); return(credential); }
public void Setup() { _stsClient = new STSClient(new Uri(STS_ENDPOINT), new AcceptAllX509CertificateValidator()); _testsSigningCertificate = new X509Certificate2( @"C:\git-repos\SsoAdminClientLib\TestCertificate\ssoSigning.pfx", "ca$hc0w"); }
public void TestPolicy() { string policy = STSClient.getPolicy( (string)values["region"], (string)values["bucket"], (string)values["allowPrefix"], (string[])values["allowActions"]); TestContext.Progress.WriteLine(policy); Assert.NotNull(policy); }
private STSClient GetStsClient() { if (_stsClient == null) { _stsClient = new STSClient( new Uri(_stsSettings.StsServiceEndpoint), null); } return(_stsClient); }
static void Main(string[] args) { string bucket = "examplebucket-1253653367"; // 您的 bucket string region = "ap-guangzhou"; // bucket 所在区域 string allowPrefix = "exampleobject"; // 这里改成允许的路径前缀,可以根据自己网站的用户登录态判断允许上传的具体路径,例子: a.jpg 或者 a/* 或者 * (使用通配符*存在重大安全风险, 请谨慎评估使用) string[] allowActions = new string[] { // 允许的操作范围,这里以上传操作为例 "name/cos:PutObject", "name/cos:PostObject", "name/cos:InitiateMultipartUpload", "name/cos:ListMultipartUploads", "name/cos:ListParts", "name/cos:UploadPart", "name/cos:CompleteMultipartUpload" }; // Demo 这里是从环境变量读取,如果是直接硬编码在代码中,请参考: // string secretId = "AKIDXXXXXXXXX"; string secretId = Environment.GetEnvironmentVariable("COS_KEY"); // 云 API 密钥 Id string secretKey = Environment.GetEnvironmentVariable("COS_SECRET"); // 云 API 密钥 Key Dictionary <string, object> values = new Dictionary <string, object>(); values.Add("bucket", bucket); values.Add("region", region); values.Add("allowPrefix", allowPrefix); // 也可以通过 allowPrefixes 指定路径前缀的集合 // values.Add("allowPrefixes", new string[] { // "path/to/dir1/*", // "path/to/dir2/*", // }); values.Add("allowActions", allowActions); values.Add("durationSeconds", 1800); values.Add("secretId", secretId); values.Add("secretKey", secretKey); // 设置域名 // values.Add("Domain", "sts.tencentcloudapi.com"); // Credentials = { // "Token": "4oztDXOAAI3c6qUE5TkNuVzSP1tUQz15f3f946eb08f9411d3d61505cc4bc74cczCZLchkvRmmrqzE09ELVw35gzYlBXsQp03PBpL79ubLvoAMWbBgSMmI6eApmhqv7NFeDdKJlikVe0fNCU2NNUe7cHrgttfTIK87ZnC86kww-HysFgIGeBNWpwo4ih0lV0z9a2WiTIjPoeDBwPU4YeeAVQAGPnRgHALoL2FtxNsutFzDjuryRZDK7Am4Cs9YxpZHhG7_F_II6363liKNsHTk8ONRZrNxKiOqvFvyhsJ-oTTUg0I0FT4_xo0lq5zR9yyySXHbE7z-2im4rgnK3sBagN47zkgltJyefJmaPUdDgGmvaQBO6TqxiiszOsayS7CxCZK1yi90H2KS3xRUYTLf94aVaZlufrIwntXIXZaHOKHmwuZuXl7HnHoXbfg_YENoLP6JAkDCw0GOFEGNOrkCuxRtcdJ08hysrwBw1hmYawDHkbyxYkirY-Djg7PswiC4_juBvG0iwjzVwE0W_rhxIa7YtamLnZJxQk9dyzbbl0F4DTYwS101Hq9wC7jtifkXFjBFTGRnfPe85K-hEnJLaEy7eYfulIPI9QiIUxi4BLPbzjD9j3qJ4Wdt5oqk9XcF9y5Ii2uQx1eymNl7qCA", // "TmpSecretId": "xxxxxxxxxxxx", // "TmpSecretKey": "PZ/WWfPZFYqahPSs8URUVMc8IyJH+T24zdn8V1cZaMs=" // } // ExpiredTime = 1597916602 // Expiration = 2020/8/20 上午9:43:22 // RequestId = 2b731be1-ebe8-4638-8a72-906bc564a55a // StartTime = 1597914802 Dictionary <string, object> credential = STSClient.genCredential(values); foreach (KeyValuePair <string, object> kvp in credential) { Console.WriteLine("{0} = {1}", kvp.Key, kvp.Value); } }
public void TestSTSClientMultiPrefix() { values.Remove("allowPrefix"); values.Add("allowPrefixes", new string[] { "exampleobject", "exampleobject2" }); Dictionary <string, object> credential = STSClient.genCredential(values); TestContext.Progress.WriteLine(JsonConvert.SerializeObject(credential)); Assert.NotNull(credential); }
public LookupServiceClient(string hostname, X509CertificateValidator serverCertificateValidator) { var lsUri = $"https://{hostname}/lookupservice/sdk"; _lsClient = new LsPortTypeClient(GetBinding(), new EndpointAddress(new Uri(lsUri))); _lsClient.ChannelFactory.Endpoint.EndpointBehaviors.Add(new WsTrustBehavior()); var serverAuthentication = GetServerAuthentication(serverCertificateValidator); if (serverAuthentication != null) { _lsClient .ChannelFactory .Credentials .ServiceCertificate .SslCertificateAuthentication = serverAuthentication; } // Create STS Client for authorized operations _stsClient = new STSClient(GetStsEndpointUri(), serverCertificateValidator); }
/// <summary> /// /// </summary> /// <param name="bucket"></param> /// <param name="allowPrefixs"></param> /// <param name="allowActions"></param> /// <param name="keepTime"></param> /// <returns></returns> public dynamic GetTempToken(string bucket, string[] allowPrefixs = null, string[] allowActions = null, int keepTime = 1800) { // 默认运行客户端上传到云存储服务器 allowActions = allowActions ?? new string[] { "name/cos:PutObject", "name/cos:PostObject", "name/cos:InitiateMultipartUpload", "name/cos:ListMultipartUploads", "name/cos:ListParts", "name/cos:UploadPart", "name/cos:CompleteMultipartUpload" }; allowPrefixs = allowPrefixs ?? new string[] { "*" }; Dictionary <string, object> dire = new Dictionary <string, object>(); dire.Add("bucket", bucket); dire.Add("region", this.region); dire.Add("allowPrefix", allowPrefixs[0]); dire.Add("allowPrefixs", allowPrefixs); dire.Add("allowActions", allowActions); dire.Add("durationSeconds", keepTime); dire.Add("secretId", this.secretId); dire.Add("secretKey", this.secretKey); dire.Add("Domain", "sts.tencentcloudapi.com"); var credential = STSClient.genCredential(dire); return(credential); //throw new NotImplementedException(); }
private TempCredentialResult GenTempCredential(Dictionary <string, object> values) { try { Dictionary <string, object> credential = STSClient.genCredential(values); TempCredentialResult output = new TempCredentialResult { Bucket = values["bucket"].ToString(), Region = values["region"].ToString() }; IList <string> errs = new List <string>(); foreach (KeyValuePair <string, object> kvp in credential) { switch (kvp.Key) { case "Credentials": output.Credential = JsonExtensions.Deserialize <TempCredential>(kvp.Value.ToString()); break; case "ExpiredTime": if (long.TryParse(kvp.Value.ToString(), out long et)) { output.ExpiredTime = et; } else { errs.Add("ExpiredTime"); errs.Add("kvp.Value.ToString()"); // logger.LogError($"ExpiredTime:{kvp.Value}"); } output.Expiration = new DateTimeOffset(1970, 1, 1, 0, 0, 0, TimeSpan.Zero).AddSeconds(output.ExpiredTime); break; case "StartTime": if (long.TryParse(kvp.Value.ToString(), out long st)) { output.StartTime = st; } else { errs.Add("StartTime"); errs.Add("kvp.Value.ToString()"); } break; case "RequestId": output.RequestId = kvp.Value.ToString(); break; //case "Expiration": output.Expiration = JsonConvert.DeserializeObject<DateTimeOffset>(kvp.Value.ToString()); break; } } return(output); } catch (Exception ex) { string[] p = new string[] { "bucket", values["bucket"].ToString(), "region", values["region"].ToString(), "allowPrefix", values["allowPrefix"].ToString(), "allowActions", string.Join(",", values["allowActions"] as string[]), "ex", ex.Message }; throw new WFwException(Results.OperationResultType.TencentCloudSdkStsErr, "", p); } }
public STSService(STSClient stsClient, ILogger logger, IMMSetting immSetting) { m_STSClient = stsClient; m_Logger = logger; m_IMMSetting = immSetting; }