public override ValueTask <(string token, string payload)> GetUserAuthorizationAsync(
string resourceAddress,
string resourceType,
string requestVerb,
INameValueCollection headers,
AuthorizationTokenType tokenType)
{
// this is masterkey authZ
headers[HttpConstants.HttpHeaders.XDate] = DateTime.UtcNow.ToString("r", CultureInfo.InvariantCulture);
string authorizationToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(
requestVerb,
resourceAddress,
resourceType,
headers,
this.authKeyHashFunction,
out AuthorizationHelper.ArrayOwner arrayOwner);
using (arrayOwner)
{
string payload = null;
if (arrayOwner.Buffer.Count > 0)
{
payload = Encoding.UTF8.GetString(arrayOwner.Buffer.Array, arrayOwner.Buffer.Offset, (int)arrayOwner.Buffer.Count);
}
return(new ValueTask <(string token, string payload)>((authorizationToken, payload)));
}
}
private async Task <AccountProperties> GetDatabaseAccountAsync(Uri serviceEndpoint)
{
INameValueCollection headers = new DictionaryNameValueCollection(StringComparer.Ordinal);
string authorizationToken = string.Empty;
if (this.hasAuthKeyResourceToken)
{
authorizationToken = HttpUtility.UrlEncode(this.authKeyResourceToken);
}
else
{
// Retrieve the document service properties.
string xDate = DateTime.UtcNow.ToString("r", CultureInfo.InvariantCulture);
headers.Set(HttpConstants.HttpHeaders.XDate, xDate);
authorizationToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(
HttpConstants.HttpMethods.Get,
serviceEndpoint,
headers,
this.authKeyHashFunction);
}
headers.Set(HttpConstants.HttpHeaders.Authorization, authorizationToken);
using (HttpResponseMessage responseMessage = await this.httpClient.GetAsync(serviceEndpoint, headers))
{
using (DocumentServiceResponse documentServiceResponse = await ClientExtensions.ParseResponseAsync(responseMessage))
{
return(CosmosResource.FromStream <AccountProperties>(documentServiceResponse));
}
}
}
private async Task <AccountProperties> GetDatabaseAccountAsync(Uri serviceEndpoint)
{
INameValueCollection headers = new DictionaryNameValueCollection(StringComparer.Ordinal);
string authorizationToken = string.Empty;
if (this.hasAuthKeyResourceToken)
{
authorizationToken = HttpUtility.UrlEncode(this.authKeyResourceToken);
}
else
{
// Retrieve the document service properties.
string xDate = DateTime.UtcNow.ToString("r", CultureInfo.InvariantCulture);
headers.Set(HttpConstants.HttpHeaders.XDate, xDate);
authorizationToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(
HttpConstants.HttpMethods.Get,
serviceEndpoint,
headers,
this.authKeyHashFunction);
}
headers.Set(HttpConstants.HttpHeaders.Authorization, authorizationToken);
using (HttpResponseMessage responseMessage = await this.httpClient.GetAsync(
uri: serviceEndpoint,
additionalHeaders: headers,
resourceType: ResourceType.DatabaseAccount,
diagnosticsContext: null,
cancellationToken: default))
public static string GenerateKeyAuthorizationSignature(string verb,
string resourceId,
string resourceType,
INameValueCollection headers,
IComputeHash stringHMACSHA256Helper)
{
string payload;
return(AuthorizationHelper.GenerateKeyAuthorizationSignature(verb,
resourceId,
resourceType,
headers,
stringHMACSHA256Helper,
out payload));
}
public static string GenerateKeyAuthorizationSignature(string verb,
string resourceId,
string resourceType,
INameValueCollection headers,
string key,
bool bUseUtcNowForMissingXDate = false)
{
string payload;
return(AuthorizationHelper.GenerateKeyAuthorizationSignature(verb,
resourceId,
resourceType,
headers,
key,
out payload,
bUseUtcNowForMissingXDate));
}
private async Task <CosmosAccountSettings> GetDatabaseAccountAsync(Uri serviceEndpoint)
{
HttpClient httpClient = this.messageHandler == null ? new HttpClient() : new HttpClient(this.messageHandler);
httpClient.DefaultRequestHeaders.Add(HttpConstants.HttpHeaders.Version,
HttpConstants.Versions.CurrentVersion);
// Send client version.
httpClient.AddUserAgentHeader(this.connectionPolicy.UserAgentContainer);
httpClient.AddApiTypeHeader(this.apiType);
string authorizationToken = string.Empty;
if (this.hasAuthKeyResourceToken)
{
authorizationToken = HttpUtility.UrlEncode(this.authKeyResourceToken);
}
else
{
// Retrieve the document service properties.
string xDate = DateTime.UtcNow.ToString("r", CultureInfo.InvariantCulture);
httpClient.DefaultRequestHeaders.Add(HttpConstants.HttpHeaders.XDate, xDate);
INameValueCollection headersCollection = new StringKeyValueCollection();
headersCollection.Add(HttpConstants.HttpHeaders.XDate, xDate);
authorizationToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(
HttpConstants.HttpMethods.Get,
serviceEndpoint,
headersCollection,
this.authKeyHashFunction);
}
httpClient.DefaultRequestHeaders.Add(HttpConstants.HttpHeaders.Authorization, authorizationToken);
using (HttpResponseMessage responseMessage = await httpClient.GetHttpAsync(
serviceEndpoint))
{
using (DocumentServiceResponse documentServiceResponse = await ClientExtensions.ParseResponseAsync(responseMessage))
{
CosmosAccountSettings databaseAccount = documentServiceResponse.GetInternalResource <CosmosAccountSettings>(CosmosAccountSettings.CreateNewInstance);
return(databaseAccount);
}
}
}
public override ValueTask AddAuthorizationHeaderAsync(
INameValueCollection headersCollection,
Uri requestAddress,
string verb,
AuthorizationTokenType tokenType)
{
string dateTime = DateTime.UtcNow.ToString("r", CultureInfo.InvariantCulture);
headersCollection[HttpConstants.HttpHeaders.XDate] = dateTime;
string token = AuthorizationHelper.GenerateKeyAuthorizationSignature(
verb,
requestAddress,
headersCollection,
this.authKeyHashFunction);
headersCollection.Add(HttpConstants.HttpHeaders.Authorization, token);
return(default);
// This API is a helper method to create auth header based on client request.
// Uri is split into resourceType/resourceId -
// For feed/post/put requests, resourceId = parentId,
// For point get requests, resourceId = last segment in URI
public static string GenerateKeyAuthorizationSignature(string verb,
Uri uri,
INameValueCollection headers,
IComputeHash stringHMACSHA256Helper,
string clientVersion = "")
{
if (string.IsNullOrEmpty(verb))
{
throw new ArgumentException(RMResources.StringArgumentNullOrEmpty, nameof(verb));
}
if (uri == null)
{
throw new ArgumentNullException(nameof(uri));
}
if (stringHMACSHA256Helper == null)
{
throw new ArgumentNullException(nameof(stringHMACSHA256Helper));
}
if (headers == null)
{
throw new ArgumentNullException(nameof(headers));
}
string resourceType = string.Empty;
string resourceIdValue = string.Empty;
bool isNameBased = false;
AuthorizationHelper.GetResourceTypeAndIdOrFullName(uri, out isNameBased, out resourceType, out resourceIdValue, clientVersion);
string authToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(verb,
resourceIdValue,
resourceType,
headers,
stringHMACSHA256Helper,
out ArrayOwner arrayOwner);
using (arrayOwner)
{
return(authToken);
}
}
// This API is a helper method to create auth header based on client request.
// Uri is split into resourceType/resourceId -
// For feed/post/put requests, resourceId = parentId,
// For point get requests, resourceId = last segment in URI
public static string GenerateKeyAuthorizationSignature(string verb,
Uri uri,
INameValueCollection headers,
IComputeHash stringHMACSHA256Helper,
string clientVersion = "")
{
if (string.IsNullOrEmpty(verb))
{
throw new ArgumentException(RMResources.StringArgumentNullOrEmpty, "verb");
}
if (uri == null)
{
throw new ArgumentNullException("uri");
}
if (stringHMACSHA256Helper == null)
{
throw new ArgumentNullException("stringHMACSHA256Helper");
}
if (headers == null)
{
throw new ArgumentNullException("headers");
}
string resourceType = string.Empty;
string resourceIdValue = string.Empty;
bool isNameBased = false;
AuthorizationHelper.GetResourceTypeAndIdOrFullName(uri, out isNameBased, out resourceType, out resourceIdValue, clientVersion);
string payload;
return(AuthorizationHelper.GenerateKeyAuthorizationSignature(verb,
resourceIdValue,
resourceType,
headers,
stringHMACSHA256Helper,
out payload));
}
public static bool CheckPayloadUsingKey(string inputToken,
string verb,
string resourceId,
string resourceType,
INameValueCollection headers,
string key)
{
string payload;
string requestBasedToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(
verb,
resourceId,
resourceType,
headers,
key,
out payload);
requestBasedToken = HttpUtility.UrlDecode(requestBasedToken);
requestBasedToken = requestBasedToken.Substring(requestBasedToken.IndexOf("sig=", StringComparison.OrdinalIgnoreCase) + 4);
return(inputToken.Equals(requestBasedToken, StringComparison.OrdinalIgnoreCase));
}
public override ValueTask <string> GetUserAuthorizationTokenAsync(
string resourceAddress,
string resourceType,
string requestVerb,
INameValueCollection headers,
AuthorizationTokenType tokenType,
ITrace trace)
{
// this is masterkey authZ
headers[HttpConstants.HttpHeaders.XDate] = DateTime.UtcNow.ToString("r", CultureInfo.InvariantCulture);
string authorizationToken = AuthorizationHelper.GenerateKeyAuthorizationSignature(
requestVerb,
resourceAddress,
resourceType,
headers,
this.authKeyHashFunction,
out AuthorizationHelper.ArrayOwner arrayOwner);
using (arrayOwner)
{
return(new ValueTask <string>(authorizationToken));
}
}
