/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="headers">The optional header values to set for a file returned with this SAS.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="resourceType">Either "f" for files or "s" for shares.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param> /// <param name="ipAddressOrRange">The IP range for IPSAS.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSignature( SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string accessPolicyIdentifier, string resourceType, string signature, string accountKeyName, string sasVersion, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { CommonUtility.AssertNotNullOrEmpty("resourceType", resourceType); UriQueryBuilder builder = new UriQueryBuilder(); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedResource, resourceType); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, SharedAccessSignatureHelper.GetProtocolString(protocols)); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString()); if (policy != null) { SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, SharedAccessSignatureHelper.GetDateTimeOrNull(policy.SharedAccessStartTime)); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, SharedAccessSignatureHelper.GetDateTimeOrNull(policy.SharedAccessExpiryTime)); string permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions); if (!string.IsNullOrEmpty(permissions)) { SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions); } } if (headers != null) { SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.CacheControl, headers.CacheControl); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentType, headers.ContentType); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentEncoding, headers.ContentEncoding); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentLanguage, headers.ContentLanguage); SharedAccessSignatureHelper.AddEscapedIfNotNull(builder, Constants.QueryConstants.ContentDisposition, headers.ContentDisposition); } return(builder); }
/// <summary> /// Writes a collection of shared access policies to the specified stream in XML format. /// </summary> /// <param name="sharedAccessPolicies">A collection of shared access policies.</param> /// <param name="outputStream">An output stream.</param> public static void WriteSharedAccessIdentifiers(SharedAccessFilePolicies sharedAccessPolicies, Stream outputStream) { Request.WriteSharedAccessIdentifiers( sharedAccessPolicies, outputStream, (policy, writer) => { writer.WriteElementString( Constants.Start, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString( Constants.Expiry, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString( Constants.Permission, SharedAccessFilePolicy.PermissionsToString(policy.Permissions)); }); }
/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="headers">The optional header values to set for a file returned with this SAS.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param> /// <param name="ipAddressOrRange">The IP range for IPSAS.</param> /// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetHash( SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string accessPolicyIdentifier, string resourceName, string sasVersion, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange, byte[] keyValue) { CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName); CommonUtility.AssertNotNull("keyValue", keyValue); CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion); string permissions = null; DateTimeOffset?startTime = null; DateTimeOffset?expiryTime = null; if (policy != null) { permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } //// StringToSign = signedpermissions + "\n" + //// signedstart + "\n" + //// signedexpiry + "\n" + //// canonicalizedresource + "\n" + //// signedidentifier + "\n" + //// signedIP + "\n" + //// signedProtocol + "\n" + //// signedversion + "\n" + //// cachecontrol + "\n" + //// contentdisposition + "\n" + //// contentencoding + "\n" + //// contentlanguage + "\n" + //// contenttype //// //// HMAC-SHA256(UTF8.Encode(StringToSign)) //// string cacheControl = null; string contentDisposition = null; string contentEncoding = null; string contentLanguage = null; string contentType = null; if (headers != null) { cacheControl = headers.CacheControl; contentDisposition = headers.ContentDisposition; contentEncoding = headers.ContentEncoding; contentLanguage = headers.ContentLanguage; contentType = headers.ContentType; } string stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}", permissions, SharedAccessSignatureHelper.GetDateTimeOrEmpty(startTime), SharedAccessSignatureHelper.GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(), SharedAccessSignatureHelper.GetProtocolString(protocols), sasVersion, cacheControl, contentDisposition, contentEncoding, contentLanguage, contentType); Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign); return(CryptoUtility.ComputeHmac256(keyValue, stringToSign)); }
private static string GetHash( SharedAccessFilePolicy policy, SharedAccessFileHeaders headers, string accessPolicyIdentifier, string resourceName, string sasVersion, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange, byte[] keyValue) { string permissions = null; DateTimeOffset?startTime = null; DateTimeOffset?expiryTime = null; if (policy != null) { permissions = SharedAccessFilePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } string cacheControl = null; string contentDisposition = null; string contentEncoding = null; string contentLanguage = null; string contentType = null; if (headers != null) { cacheControl = headers.CacheControl; contentDisposition = headers.ContentDisposition; contentEncoding = headers.ContentEncoding; contentLanguage = headers.ContentLanguage; contentType = headers.ContentType; } string stringToSign = null; if (string.CompareOrdinal(sasVersion, "2015-04-05") >= 0) { stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}\n{11}\n{12}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, ipAddressOrRange == null ? string.Empty : ipAddressOrRange.ToString(), GetProtocolString(protocols), sasVersion, cacheControl, contentDisposition, contentEncoding, contentLanguage, contentType); } else { stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}\n{10}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, sasVersion, cacheControl, contentDisposition, contentEncoding, contentLanguage, contentType); } return(ComputeHmac256(keyValue, stringToSign)); }