public static SasResourceType ParseSasResourceType(string signedResourceType) { if (string.IsNullOrWhiteSpace(signedResourceType)) { throw new ArgumentException("signedResourceType"); } SasResourceType sasResourceType = SasResourceType.None; for (int i = 0; i < signedResourceType.Length; i++) { char chr = signedResourceType[i]; if (chr == 'c') { sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Container, i); } else if (chr == 'o') { sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Object, i); } else { if (chr != 's') { throw new FormatException(string.Concat("Unexpected character ", signedResourceType[i], " in signed resource type")); } sasResourceType = AccountSasHelper.ValidateAndAddResourceType(sasResourceType, SasResourceType.Service, i); } } return(sasResourceType); }
public override void ParseAccessPolicyFields(bool isDoubleSigned) { try { this.ValidateAndSetSASVersionToUse(base.QueryParams["sv"]); base.ParseAccessPolicyFields(false); string str = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(base.QueryParams); base.ValidateOptionalField(str, "sk"); if (str != null) { base.KeyName = str.Trim(); Logger <IRestProtocolHeadLogger> .Instance.Verbose.Log("Using secret key with KeyName '{0}' to authenticate SAS request.", new object[] { base.KeyName }); } string item = base.QueryParams["ss"]; base.ValidateMandatoryField(item, "ss"); this.SignedService = AccountSasHelper.ParseSasService(item); string item1 = base.QueryParams["srt"]; base.ValidateMandatoryField(item1, "srt"); this.SignedResourceType = AccountSasHelper.ParseSasResourceType(item1); string str1 = base.QueryParams["sig"]; base.ValidateMandatoryField(str1, "sig"); base.ValidateSignatureFormat(str1); base.Signature = str1; string item2 = base.QueryParams["sp"]; base.ValidateMandatoryField(item2, "sp"); base.SignedPermission = new SASPermission?(AccountSasHelper.ParsePermissionsForAccountSas(item2)); } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } }
public static SasService ParseSasService(string service) { if (string.IsNullOrEmpty(service)) { throw new ArgumentException(service); } SasService sasService = SasService.None; int num = 0; while (true) { if (num >= service.Length) { return(sasService); } char chr = service[num]; if (chr <= 'f') { if (chr == 'b') { sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Blob, num); } else if (chr == 'f') { sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.File, num); } else { break; } } else if (chr == 'q') { sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Queue, num); } else if (chr == 't') { sasService = AccountSasHelper.ValidateAndAddService(sasService, SasService.Table, num); } else { break; } num++; } throw new FormatException(string.Concat("Unexpected character ", service[num], " in service")); }
public static SASPermission ParsePermissionsForAccountSas(string permission) { if (string.IsNullOrEmpty(permission)) { throw new ArgumentException(permission); } SASPermission sASPermission = SASPermission.None; int num = 0; while (true) { if (num >= permission.Length) { return(sASPermission); } char chr = permission[num]; if (chr > 'l') { switch (chr) { case 'p': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Process, num); break; } case 'q': { throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission")); } case 'r': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Read, num); break; } default: { switch (chr) { case 'u': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Update, num); break; } case 'v': { throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission")); } case 'w': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Write, num); break; } default: { throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission")); } } break; } } } else { switch (chr) { case 'a': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Add, num); break; } case 'b': { throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission")); } case 'c': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Create, num); break; } case 'd': { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.Delete, num); break; } default: { if (chr == 'l') { sASPermission = AccountSasHelper.ValidateAndAddPermission(sASPermission, SASPermission.List, num); break; } else { throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission")); } } } } num++; } throw new FormatException(string.Concat("Unexpected character ", permission[num], " in permission")); }
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context) { bool flag; bool flag1; SignedAccessHelper queueSignedAccessHelper; IStorageAccount operationStatus; ContainerAclSettings containerAclSetting; string signedVersion = null; Duration startingNow = Duration.StartingNow; NameValueCollection queryParameters = requestContext.QueryParameters; if (AuthenticationManager.IsInvalidAccess(requestContext)) { throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access"); } bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext); bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext); flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey")); bool flag4 = flag; flag1 = (flag2 ? false : !flag3); if ((!flag2 || flag4) && !flag1) { NephosAssertionException.Assert((flag3 ? true : flag4)); bool flag5 = (flag3 ? false : flag4); if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters)) { queueSignedAccessHelper = new QueueSignedAccessHelper(requestContext, uriComponents, flag5); } else { if (flag5) { throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS."); } queueSignedAccessHelper = new AccountSasHelper(requestContext, uriComponents); } queueSignedAccessHelper.ParseAccessPolicyFields(flag5); queueSignedAccessHelper.PerformSignedAccessAuthenticationFirstPhaseValidations(); AccountIdentifier signedAccessAccountIdentifier = null; if (!flag5) { byte[] sign = queueSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(); if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName)) { try { operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName); if (requestContext != null) { operationStatus.OperationStatus = requestContext.OperationStatus; } } catch (ArgumentOutOfRangeException argumentOutOfRangeException) { throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0])); } operationStatus.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult); try { operationStatus.EndGetProperties(asyncResult); } catch (AccountNotFoundException accountNotFoundException1) { AccountNotFoundException accountNotFoundException = accountNotFoundException1; CultureInfo invariantCulture = CultureInfo.InvariantCulture; object[] name = new object[] { operationStatus.Name }; throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException); } catch (Exception exception1) { Exception exception = exception1; IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] objArray = new object[] { operationStatus.Name, exception }; warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray); throw; } } else { operationStatus = storageAccount; } if (!queueSignedAccessHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3)) { throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign))); } NephosAssertionException.Assert(queueSignedAccessHelper.KeyUsedForSigning != null, "Key used for signing cannot be null"); signedAccessAccountIdentifier = queueSignedAccessHelper.CreateAccountIdentifier(operationStatus); if (storageAccount != operationStatus) { operationStatus.Dispose(); } } else { IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult1); IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1); signedAccessAccountIdentifier = new SignedAccessAccountIdentifier(authenticationResult.AccountIdentifier); } signedVersion = queueSignedAccessHelper.SignedVersion; if (queueSignedAccessHelper.IsRevocableAccess) { using (IQueueContainer queueContainer = this.storageManager.CreateQueueContainerInstance(uriComponents.AccountName, uriComponents.ContainerName)) { if (requestContext != null) { queueContainer.OperationStatus = requestContext.OperationStatus; } ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata; queueContainer.Timeout = startingNow.Remaining(timeout); IAsyncResult asyncResult2 = queueContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult2); try { queueContainer.EndGetProperties(asyncResult2); } catch (Exception exception3) { Exception exception2 = exception3; if (exception2 is ContainerNotFoundException) { throw new AuthenticationFailureException("Error locating SAS identifier", exception2); } IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning; object[] accountName = new object[] { uriComponents.AccountName, uriComponents.ContainerName, exception2 }; stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName); throw; } try { containerAclSetting = new ContainerAclSettings(queueContainer.ServiceMetadata); } catch (MetadataFormatException metadataFormatException1) { MetadataFormatException metadataFormatException = metadataFormatException1; throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", uriComponents.ContainerName), metadataFormatException); } } try { queueSignedAccessHelper.ValidateAndDeriveEffectiveAccessPolicy(queueSignedAccessHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers)); queueSignedAccessHelper.PerformSignedAccessAuthenticationSecondPhaseValidations(); signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper); context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true); } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } } else { signedAccessAccountIdentifier.Initialize(queueSignedAccessHelper); context.ResultData = new AuthenticationResult(signedAccessAccountIdentifier, signedVersion, true); } } else { IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFEQueueAuthenticationManager.AuthenticateImpl")); yield return(asyncResult3); context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3); } }