Пример #1
0
        public static SasResourceType ParseSasResourceType(string signedResourceType)
        {
            if (string.IsNullOrWhiteSpace(signedResourceType))
            {
                throw new ArgumentException("signedResourceType");
            }
            SasResourceType sasResourceType = SasResourceType.None;

            for (int i = 0; i < signedResourceType.Length; i++)
            {
                char chr = signedResourceType[i];
                if (chr == 'c')
                {
                    sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Container, i);
                }
                else if (chr == 'o')
                {
                    sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Object, i);
                }
                else
                {
                    if (chr != 's')
                    {
                        throw new FormatException(string.Concat("Unexpected character ", signedResourceType[i], " in signed resource type"));
                    }
                    sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Service, i);
                }
            }
            return(sasResourceType);
        }
Пример #2
0
 public override void ParseAccessPolicyFields(bool isDoubleSigned)
 {
     try
     {
         this.ValidateAndSetSASVersionToUse(base.QueryParams["sv"]);
         base.ParseAccessPolicyFields(false);
         string str = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(base.QueryParams);
         base.ValidateOptionalField(str, "sk");
         if (str != null)
         {
             base.KeyName = str.Trim();
             Logger <IRestProtocolHeadLogger> .Instance.Verbose.Log("Using secret key with KeyName '{0}' to authenticate SAS request.", new object[] { base.KeyName });
         }
         string item = base.QueryParams["ss"];
         base.ValidateMandatoryField(item, "ss");
         this.SignedService = AccountSasHelper.ParseSasService(item);
         string item1 = base.QueryParams["srt"];
         base.ValidateMandatoryField(item1, "srt");
         this.SignedResourceType = AccountSasHelper.ParseSasResourceType(item1);
         string str1 = base.QueryParams["sig"];
         base.ValidateMandatoryField(str1, "sig");
         base.ValidateSignatureFormat(str1);
         base.Signature = str1;
         string item2 = base.QueryParams["sp"];
         base.ValidateMandatoryField(item2, "sp");
         base.SignedPermission = new SASPermission?(AccountSasHelper.ParsePermissionsForAccountSas(item2));
     }
     catch (FormatException formatException)
     {
         throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
     }
 }
Пример #3
0
        public static SasService ParseSasService(string service)
        {
            if (string.IsNullOrEmpty(service))
            {
                throw new ArgumentException(service);
            }
            SasService sasService = SasService.None;
            int        num        = 0;

            while (true)
            {
                if (num >= service.Length)
                {
                    return(sasService);
                }
                char chr = service[num];
                if (chr <= 'f')
                {
                    if (chr == 'b')
                    {
                        sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Blob, num);
                    }
                    else if (chr == 'f')
                    {
                        sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.File, num);
                    }
                    else
                    {
                        break;
                    }
                }
                else if (chr == 'q')
                {
                    sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Queue, num);
                }
                else if (chr == 't')
                {
                    sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Table, num);
                }
                else
                {
                    break;
                }
                num++;
            }
            throw new FormatException(string.Concat("Unexpected character ", service[num], " in service"));
        }
Пример #4
0
        public static SASPermission ParsePermissionsForAccountSas(string permission)
        {
            if (string.IsNullOrEmpty(permission))
            {
                throw new ArgumentException(permission);
            }
            SASPermission sASPermission = SASPermission.None;
            int           num           = 0;

            while (true)
            {
                if (num >= permission.Length)
                {
                    return(sASPermission);
                }
                char chr = permission[num];
                if (chr > 'l')
                {
                    switch (chr)
                    {
                    case 'p':
                    {
                        sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Process, num);
                        break;
                    }

                    case 'q':
                    {
                        throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
                    }

                    case 'r':
                    {
                        sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Read, num);
                        break;
                    }

                    default:
                    {
                        switch (chr)
                        {
                        case 'u':
                        {
                            sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Update, num);
                            break;
                        }

                        case 'v':
                        {
                            throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
                        }

                        case 'w':
                        {
                            sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Write, num);
                            break;
                        }

                        default:
                        {
                            throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
                        }
                        }
                        break;
                    }
                    }
                }
                else
                {
                    switch (chr)
                    {
                    case 'a':
                    {
                        sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Add, num);
                        break;
                    }

                    case 'b':
                    {
                        throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
                    }

                    case 'c':
                    {
                        sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Create, num);
                        break;
                    }

                    case 'd':
                    {
                        sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Delete, num);
                        break;
                    }

                    default:
                    {
                        if (chr == 'l')
                        {
                            sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.List, num);
                            break;
                        }
                        else
                        {
                            throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
                        }
                    }
                    }
                }
                num++;
            }
            throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission"));
        }
Пример #5
0
        private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context)
        {
            bool flag;
            bool flag1;
            SignedAccessHelper   queueSignedAccessHelper;
            IStorageAccount      operationStatus;
            ContainerAclSettings containerAclSetting;
            string              signedVersion   = null;
            Duration            startingNow     = Duration.StartingNow;
            NameValueCollection queryParameters = requestContext.QueryParameters;

            if (AuthenticationManager.IsInvalidAccess(requestContext))
            {
                throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access");
            }
            bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext);
            bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext);

            flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey"));
            bool flag4 = flag;

            flag1 = (flag2 ? false : !flag3);
            if ((!flag2 || flag4) && !flag1)
            {
                NephosAssertionException.Assert((flag3 ? true : flag4));
                bool flag5 = (flag3 ? false : flag4);
                if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters))
                {
                    queueSignedAccessHelper = new QueueSignedAccessHelper(requestContext, uriComponents, flag5);
                }
                else
                {
                    if (flag5)
                    {
                        throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS.");
                    }
                    queueSignedAccessHelper = new AccountSasHelper(requestContext, uriComponents);
                }
                queueSignedAccessHelper.ParseAccessPolicyFields(flag5);
                queueSignedAccessHelper.PerformSignedAccessAuthenticationFirstPhaseValidations();
                AccountIdentifier signedAccessAccountIdentifier = null;
                if (!flag5)
                {
                    byte[] sign = queueSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign();
                    if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName))
                    {
                        try
                        {
                            operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName);
                            if (requestContext != null)
                            {
                                operationStatus.OperationStatus = requestContext.OperationStatus;
                            }
                        }
                        catch (ArgumentOutOfRangeException argumentOutOfRangeException)
                        {
                            throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0]));
                        }
                        operationStatus.Timeout = startingNow.Remaining(timeout);
                        IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
                        yield return(asyncResult);

                        try
                        {
                            operationStatus.EndGetProperties(asyncResult);
                        }
                        catch (AccountNotFoundException accountNotFoundException1)
                        {
                            AccountNotFoundException accountNotFoundException = accountNotFoundException1;
                            CultureInfo invariantCulture = CultureInfo.InvariantCulture;
                            object[]    name             = new object[] { operationStatus.Name };
                            throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException);
                        }
                        catch (Exception exception1)
                        {
                            Exception exception            = exception1;
                            IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning;
                            object[] objArray = new object[] { operationStatus.Name, exception };
                            warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray);
                            throw;
                        }
                    }
                    else
                    {
                        operationStatus = storageAccount;
                    }
                    if (!queueSignedAccessHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3))
                    {
                        throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign)));
                    }
                    NephosAssertionException.Assert(queueSignedAccessHelper.KeyUsedForSigning != null, "Key used for signing cannot be null");
                    signedAccessAccountIdentifier = queueSignedAccessHelper.CreateAccountIdentifier(operationStatus);
                    if (storageAccount != operationStatus)
                    {
                        operationStatus.Dispose();
                    }
                }
                else
                {
                    IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
                    yield return(asyncResult1);

                    IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1);
                    signedAccessAccountIdentifier = new SignedAccessAccountIdentifier(authenticationResult.AccountIdentifier);
                }
                signedVersion = queueSignedAccessHelper.SignedVersion;
                if (queueSignedAccessHelper.IsRevocableAccess)
                {
                    using (IQueueContainer queueContainer = this.storageManager.CreateQueueContainerInstance(uriComponents.AccountName, uriComponents.ContainerName))
                    {
                        if (requestContext != null)
                        {
                            queueContainer.OperationStatus = requestContext.OperationStatus;
                        }
                        ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata;
                        queueContainer.Timeout = startingNow.Remaining(timeout);
                        IAsyncResult asyncResult2 = queueContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
                        yield return(asyncResult2);

                        try
                        {
                            queueContainer.EndGetProperties(asyncResult2);
                        }
                        catch (Exception exception3)
                        {
                            Exception exception2 = exception3;
                            if (exception2 is ContainerNotFoundException)
                            {
                                throw new AuthenticationFailureException("Error locating SAS identifier", exception2);
                            }
                            IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning;
                            object[] accountName = new object[] { uriComponents.AccountName, uriComponents.ContainerName, exception2 };
                            stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName);
                            throw;
                        }
                        try
                        {
                            containerAclSetting = new ContainerAclSettings(queueContainer.ServiceMetadata);
                        }
                        catch (MetadataFormatException metadataFormatException1)
                        {
                            MetadataFormatException metadataFormatException = metadataFormatException1;
                            throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", uriComponents.ContainerName), metadataFormatException);
                        }
                    }
                    try
                    {
                        queueSignedAccessHelper.ValidateAndDeriveEffectiveAccessPolicy(queueSignedAccessHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers));
                        queueSignedAccessHelper.PerformSignedAccessAuthenticationSecondPhaseValidations();
                        signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper);
                        context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true);
                    }
                    catch (FormatException formatException)
                    {
                        throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
                    }
                }
                else
                {
                    signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper);
                    context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true);
                }
            }
            else
            {
                IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl"));
                yield return(asyncResult3);

                context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3);
            }
        }