示例#1
0
        internal static void ApplyCustomerProvidedKey(StorageRequestMessage request, BlobCustomerProvidedKey customerProvidedKey, bool isSource)
        {
            if ((null == customerProvidedKey))
            {
                return;
            }

            if (isSource)
            {
                request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeySource, customerProvidedKey.Key);
                request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeyHashSource, customerProvidedKey.KeySHA256);
                request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeyAlgorithmSource, customerProvidedKey.EncryptionAlgorithm);
            }
            else
            {
                request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKey, customerProvidedKey.Key);
                request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionKeyHash, customerProvidedKey.KeySHA256);
                request.Headers.Add(Constants.HeaderConstants.ClientProvidedEncyptionAlgorithm, customerProvidedKey.EncryptionAlgorithm);
            }
        }
示例#2
0
        internal static void ValidateCPKHeaders(HttpResponseMessage response, BlobRequestOptions options, bool upload)
        {
            if (options?.CustomerProvidedKey == null)
            {
                return;
            }

            BlobCustomerProvidedKey key = options.CustomerProvidedKey;

            // Get ms-encryption-key-sha256 header from the response
            string encryptionKeySHA256Hash = HttpResponseParsers.GetHeader(response, Constants.HeaderConstants.ClientProvidedEncyptionKeyHash);

            if (!string.Equals(key.KeySHA256, encryptionKeySHA256Hash, StringComparison.OrdinalIgnoreCase))
            {
                throw new StorageException(SR.ClientProvidedKeyBadHash);
            }

            // If this is an upload
            if (upload)
            {
                // Get ms-request-server-encrypted header from the response
                string serverRequestEncrypted = HttpResponseParsers.GetHeader(response, Constants.HeaderConstants.ServerRequestEncrypted);

                // If header != "true"
                if (!string.Equals(Constants.HeaderConstants.TrueHeader, serverRequestEncrypted, StringComparison.OrdinalIgnoreCase))
                {
                    throw new StorageException(SR.ClientProvidedKeyEncryptionFailure);
                }
            }
            else
            {
                // Get ms-server-encrypted header
                string serviceEncrypted = HttpResponseParsers.GetHeader(response, Constants.HeaderConstants.ServerEncrypted);

                // If header != "true"
                if (!string.Equals(Constants.HeaderConstants.TrueHeader, serviceEncrypted, StringComparison.OrdinalIgnoreCase))
                {
                    throw new StorageException(SR.ClientProvidedKeyEncryptionFailure);
                }
            }
        }