/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="signature">The signature to use.</param>
/// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetSignature(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string signature,
string accountKeyName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange)
{
CommonUtility.AssertNotNull("signature", signature);
UriQueryBuilder builder = new UriQueryBuilder();
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion);
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier);
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName);
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, SharedAccessSignatureHelper.GetProtocolString(protocols));
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString());
if (policy != null)
{
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, SharedAccessSignatureHelper.GetDateTimeOrNull(policy.SharedAccessStartTime));
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, SharedAccessSignatureHelper.GetDateTimeOrNull(policy.SharedAccessExpiryTime));
string permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
if (!string.IsNullOrEmpty(permissions))
{
SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
}
}
return(builder);
}
/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="signature">The signature to use.</param>
/// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format. Value must be <c>2012-02-12</c> or later.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetSignature(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string signature,
string accountKeyName,
string sasVersion)
{
CommonUtility.AssertNotNull("signature", signature);
UriQueryBuilder builder = new UriQueryBuilder();
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier);
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName);
AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature);
if (policy != null)
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime));
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime));
string permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
if (!string.IsNullOrEmpty(permissions))
{
AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions);
}
}
return(builder);
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param>
/// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param>
/// <param name="ipAddressOrRange">The IP range for IPSAS.</param>
/// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetHash(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
SharedAccessProtocol?protocols,
IPAddressOrRange ipAddressOrRange,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedIP + "\n" +
//// signedProtocol + "\n" +
//// signedversion
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
////
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(),
GetProtocolString(protocols),
sasVersion);
Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the complete query builder for creating the Shared Access Signature query.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="signature">The signature to use.</param>
/// <param name="accountKeyName">The name of the key used to create the signature, or null if the key is implicit.</param>
/// <returns>The finished query builder.</returns>
internal static UriQueryBuilder GetSharedAccessSignatureImpl(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string signature,
string accountKeyName)
{
CommonUtils.AssertNotNull("signature", signature);
if (policy == null)
{
return(GetSharedAccessSignatureImpl(
null /* permissions*/,
null /* policy.SharedAccessStartTime*/,
null /* policy.SharedAccessExpiryTime*/,
null /* startPartitionKey (table only) */,
null /* startRowKey (table only) */,
null /* endPartitionKey (table only) */,
null /* endRowKey (table only) */,
accessPolicyIdentifier,
null /* resourceType (blob only) */,
null /* tableName (table only) */,
signature,
accountKeyName));
}
string permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
if (string.IsNullOrEmpty(permissions))
{
permissions = null;
}
return(GetSharedAccessSignatureImpl(
permissions,
policy.SharedAccessStartTime,
policy.SharedAccessExpiryTime,
null /* startPartitionKey (table only) */,
null /* startRowKey (table only) */,
null /* endPartitionKey (table only) */,
null /* endRowKey (table only) */,
accessPolicyIdentifier,
null /* resourceType (blob only) */,
null /* tableName (table only) */,
signature,
accountKeyName));
}
/// <summary>
/// Writes a collection of shared access policies to the specified stream in XML format.
/// </summary>
/// <param name="sharedAccessPolicies">A collection of shared access policies.</param>
/// <param name="outputStream">An output stream.</param>
public static void WriteSharedAccessIdentifiers(SharedAccessQueuePolicies sharedAccessPolicies, Stream outputStream)
{
Request.WriteSharedAccessIdentifiers(
sharedAccessPolicies,
outputStream,
(policy, writer) =>
{
writer.WriteElementString(
Constants.Start,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
writer.WriteElementString(
Constants.Expiry,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
writer.WriteElementString(
Constants.Permission,
SharedAccessQueuePolicy.PermissionsToString(policy.Permissions));
});
}
internal static string GetHash(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string resourceName,
string sasVersion,
byte[] keyValue)
{
CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName);
CommonUtility.AssertNotNull("keyValue", keyValue);
CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion);
string permissions = null;
DateTimeOffset?startTime = null;
DateTimeOffset?expiryTime = null;
if (policy != null)
{
permissions = SharedAccessQueuePolicy.PermissionsToString(policy.Permissions);
startTime = policy.SharedAccessStartTime;
expiryTime = policy.SharedAccessExpiryTime;
}
//// StringToSign = signedpermissions + "\n" +
//// signedstart + "\n" +
//// signedexpiry + "\n" +
//// canonicalizedresource + "\n" +
//// signedidentifier + "\n" +
//// signedversion
////
//// HMAC-SHA256(UTF8.Encode(StringToSign))
string stringToSign = string.Format(
CultureInfo.InvariantCulture,
"{0}\n{1}\n{2}\n{3}\n{4}\n{5}",
permissions,
GetDateTimeOrEmpty(startTime),
GetDateTimeOrEmpty(expiryTime),
resourceName,
accessPolicyIdentifier,
sasVersion);
return(CryptoUtility.ComputeHmac256(keyValue, stringToSign));
}
/// <summary>
/// Get the signature hash embedded inside the Shared Access Signature.
/// </summary>
/// <param name="policy">The shared access policy to hash.</param>
/// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param>
/// <param name="resourceName">The canonical resource string, unescaped.</param>
/// <param name="credentials">Credentials to be used for signing.</param>
/// <returns>The signed hash.</returns>
internal static string GetSharedAccessSignatureHashImpl(
SharedAccessQueuePolicy policy,
string accessPolicyIdentifier,
string resourceName,
StorageCredentials credentials)
{
if (policy == null)
{
return(GetSharedAccessSignatureHashImpl(
null /*SharedAccessQueuePolicy.Permissions */,
null /*policy.SharedAccessStartTime*/,
null /*policy.SharedAccessExpiryTime*/,
null /* startPartitionKey (table only) */,
null /* startRowKey (table only) */,
null /* endPartitionKey (table only) */,
null /* endRowKey (table only) */,
false /* not using table SAS */,
accessPolicyIdentifier,
resourceName,
credentials));
}
else
{
return(GetSharedAccessSignatureHashImpl(
SharedAccessQueuePolicy.PermissionsToString(policy.Permissions),
policy.SharedAccessStartTime,
policy.SharedAccessExpiryTime,
null /* startPartitionKey (table only) */,
null /* startRowKey (table only) */,
null /* endPartitionKey (table only) */,
null /* endRowKey (table only) */,
false /* not using table SAS */,
accessPolicyIdentifier,
resourceName,
credentials));
}
}