/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param> /// <param name="startRowKey">The start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param> /// <param name="endRowKey">The end row key, or <c>null</c>.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="keyValue">The key value retrieved as an atomic operation used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetHash( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string resourceName, string sasVersion, byte[] keyValue) { CommonUtility.AssertNotNullOrEmpty("resourceName", resourceName); CommonUtility.AssertNotNull("keyValue", keyValue); CommonUtility.AssertNotNullOrEmpty("sasVersion", sasVersion); string permissions = null; DateTimeOffset?startTime = null; DateTimeOffset?expiryTime = null; if (policy != null) { permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); startTime = policy.SharedAccessStartTime; expiryTime = policy.SharedAccessExpiryTime; } //// StringToSign = signedpermissions + "\n" + //// signedstart + "\n" + //// signedexpiry + "\n" + //// canonicalizedresource + "\n" + //// signedidentifier + "\n" + //// signedversion + "\n" + //// startpk + "\n" + //// startrk + "\n" + //// endpk + "\n" + //// endrk //// //// HMAC-SHA256(UTF8.Encode(StringToSign)) string stringToSign = string.Format( CultureInfo.InvariantCulture, "{0}\n{1}\n{2}\n{3}\n{4}\n{5}\n{6}\n{7}\n{8}\n{9}", permissions, GetDateTimeOrEmpty(startTime), GetDateTimeOrEmpty(expiryTime), resourceName, accessPolicyIdentifier, sasVersion, startPartitionKey, startRowKey, endPartitionKey, endRowKey); Logger.LogVerbose(null /* operationContext */, SR.TraceStringToSign, stringToSign); return(CryptoUtility.ComputeHmac256(keyValue, stringToSign)); }
private static void WriteSharedAccessIdentifiers(SharedAccessTablePolicies sharedAccessPolicies, Stream outputStream) { WriteSharedAccessIdentifiers(sharedAccessPolicies, outputStream, delegate(SharedAccessTablePolicy policy, XmlWriter writer) { writer.WriteElementString("Start", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString("Expiry", SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString("Permission", SharedAccessTablePolicy.PermissionsToString(policy.Permissions)); }); }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="tableName">The name of the table associated with this shared access signature.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or null if the key is implicit.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSharedAccessSignatureImpl( SharedAccessTablePolicy policy, string tableName, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string signature, string accountKeyName) { CommonUtils.AssertNotNull("signature", signature); if (policy == null) { return(GetSharedAccessSignatureImpl( null /* policy.Permissions */, null /* policy.SharedAccessStartTime */, null /* policy.SharedAccessExpiryTime */, startPartitionKey, startRowKey, endPartitionKey, endRowKey, accessPolicyIdentifier, null /* resourceType (blob only) */, tableName, signature, accountKeyName)); } string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); if (string.IsNullOrEmpty(permissions)) { permissions = null; } return(GetSharedAccessSignatureImpl( permissions, policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, startPartitionKey, startRowKey, endPartitionKey, endRowKey, accessPolicyIdentifier, null /* resourceType (blob only) */, tableName, signature, accountKeyName)); }
/// <summary> /// Writes a collection of shared access policies to the specified stream in XML format. /// </summary> /// <param name="sharedAccessPolicies">A collection of shared access policies.</param> /// <param name="outputStream">An output stream.</param> public static void WriteSharedAccessIdentifiers(SharedAccessTablePolicies sharedAccessPolicies, Stream outputStream) { Request.WriteSharedAccessIdentifiers( sharedAccessPolicies, outputStream, (policy, writer) => { writer.WriteElementString( Constants.Start, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime)); writer.WriteElementString( Constants.Expiry, SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime)); writer.WriteElementString( Constants.Permission, SharedAccessTablePolicy.PermissionsToString(policy.Permissions)); }); }
/// <summary> /// Get the complete query builder for creating the Shared Access Signature query. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="tableName">The name of the table associated with this shared access signature.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or <c>null</c>.</param> /// <param name="startRowKey">The start row key, or <c>null</c>.</param> /// <param name="endPartitionKey">The end partition key, or <c>null</c>.</param> /// <param name="endRowKey">The end row key, or <c>null</c>.</param> /// <param name="signature">The signature to use.</param> /// <param name="accountKeyName">The name of the key used to create the signature, or <c>null</c> if the key is implicit.</param> /// <param name="sasVersion">A string indicating the desired SAS version to use, in storage service version format.</param> /// <param name="protocols">The HTTP/HTTPS protocols for Account SAS.</param> /// <param name="ipAddressOrRange">The IP range for IPSAS.</param> /// <returns>The finished query builder.</returns> internal static UriQueryBuilder GetSignature( SharedAccessTablePolicy policy, string tableName, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string signature, string accountKeyName, string sasVersion, SharedAccessProtocol?protocols, IPAddressOrRange ipAddressOrRange) { CommonUtility.AssertNotNull("signature", signature); UriQueryBuilder builder = new UriQueryBuilder(); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedVersion, sasVersion); AddEscapedIfNotNull(builder, Constants.QueryConstants.SasTableName, tableName); AddEscapedIfNotNull(builder, Constants.QueryConstants.StartPartitionKey, startPartitionKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.StartRowKey, startRowKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.EndPartitionKey, endPartitionKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.EndRowKey, endRowKey); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIdentifier, accessPolicyIdentifier); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedKey, accountKeyName); AddEscapedIfNotNull(builder, Constants.QueryConstants.Signature, signature); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedProtocols, GetProtocolString(protocols)); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedIP, ipAddressOrRange == null ? null : ipAddressOrRange.ToString()); if (policy != null) { AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedStart, GetDateTimeOrNull(policy.SharedAccessStartTime)); AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedExpiry, GetDateTimeOrNull(policy.SharedAccessExpiryTime)); string permissions = SharedAccessTablePolicy.PermissionsToString(policy.Permissions); if (!string.IsNullOrEmpty(permissions)) { AddEscapedIfNotNull(builder, Constants.QueryConstants.SignedPermissions, permissions); } } return(builder); }
/// <summary> /// Get the signature hash embedded inside the Shared Access Signature. /// </summary> /// <param name="policy">The shared access policy to hash.</param> /// <param name="accessPolicyIdentifier">An optional identifier for the policy.</param> /// <param name="startPartitionKey">The start partition key, or null.</param> /// <param name="startRowKey">The start row key, or null.</param> /// <param name="endPartitionKey">The end partition key, or null.</param> /// <param name="endRowKey">The end row key, or null.</param> /// <param name="resourceName">The canonical resource string, unescaped.</param> /// <param name="credentials">Credentials to be used for signing.</param> /// <returns>The signed hash.</returns> internal static string GetSharedAccessSignatureHashImpl( SharedAccessTablePolicy policy, string accessPolicyIdentifier, string startPartitionKey, string startRowKey, string endPartitionKey, string endRowKey, string resourceName, StorageCredentials credentials) { if (policy == null) { return(GetSharedAccessSignatureHashImpl( null /* policy.Permissions */, null /* policy.SharedAccessStartTime */, null /* policy.SharedAccessExpiryTime */, startPartitionKey, startRowKey, endPartitionKey, endRowKey, true /* using table SAS */, accessPolicyIdentifier, resourceName, credentials)); } return(GetSharedAccessSignatureHashImpl( SharedAccessTablePolicy.PermissionsToString(policy.Permissions), policy.SharedAccessStartTime, policy.SharedAccessExpiryTime, startPartitionKey, startRowKey, endPartitionKey, endRowKey, true /* using table SAS */, accessPolicyIdentifier, resourceName, credentials)); }