public void Decode(string sasIdentifier) { ASCIIEncoding aSCIIEncoding = new ASCIIEncoding(); UnicodeEncoding unicodeEncoding = new UnicodeEncoding(); SASUtilities.ValidateACIIEncoding(sasIdentifier); NameValueCollection nameValueCollection = new NameValueCollection(); MetadataEncoding.Decode(aSCIIEncoding.GetBytes(sasIdentifier), nameValueCollection); string item = nameValueCollection[SASIdentifier.IdName]; string str = nameValueCollection[SASAccessPolicy.SignedStartName]; string item1 = nameValueCollection[SASAccessPolicy.SignedExpiryName]; string str1 = nameValueCollection[SASAccessPolicy.SignedPermissionName]; if (!string.IsNullOrEmpty(item)) { this.Id = unicodeEncoding.GetString(Convert.FromBase64String(item)); } if (!string.IsNullOrEmpty(str)) { this.AccessPolicy.SignedStart = new DateTime?(SASUtilities.ParseTime(str)); } if (!string.IsNullOrEmpty(item1)) { this.AccessPolicy.SignedExpiry = new DateTime?(SASUtilities.ParseTime(item1)); } if (!string.IsNullOrEmpty(str1)) { this.AccessPolicy.SignedPermission = new SASPermission?(SASUtilities.ParseSASPermission(str1)); } }
public byte[] Encode() { ASCIIEncoding aSCIIEncoding = new ASCIIEncoding(); UnicodeEncoding unicodeEncoding = new UnicodeEncoding(); NameValueCollection nameValueCollection = new NameValueCollection(); nameValueCollection[SASIdentifier.IdName] = Convert.ToBase64String(unicodeEncoding.GetBytes(this.Id)); if (this.AccessPolicy.SignedStart.HasValue) { string signedStartName = SASAccessPolicy.SignedStartName; DateTime?signedStart = this.AccessPolicy.SignedStart; nameValueCollection[signedStartName] = SASUtilities.EncodeTime(signedStart.Value); } if (this.AccessPolicy.SignedExpiry.HasValue) { string signedExpiryName = SASAccessPolicy.SignedExpiryName; DateTime?signedExpiry = this.AccessPolicy.SignedExpiry; nameValueCollection[signedExpiryName] = SASUtilities.EncodeTime(signedExpiry.Value); } if (this.AccessPolicy.SignedPermission.HasValue) { string signedPermissionName = SASAccessPolicy.SignedPermissionName; SASPermission?signedPermission = this.AccessPolicy.SignedPermission; nameValueCollection[signedPermissionName] = SASUtilities.EncodeSASPermission(signedPermission.Value); } return(MetadataEncoding.Encode(nameValueCollection)); }
public static AuthDataEntry SignedKeyAuthenticate(string stringToSign, string requestSignature, AuthenticationInformation authInfo) { AuthDataEntry authDataEntry; NephosAssertionException.Assert(!string.IsNullOrEmpty(stringToSign)); NephosAssertionException.Assert(!string.IsNullOrEmpty(requestSignature)); NephosAssertionException.Assert(authInfo != null); RequestContext requestContext = authInfo.RequestContext; NephosUriComponents uriComponents = authInfo.UriComponents; NameValueCollection queryParameters = requestContext.QueryParameters; string item = queryParameters["sv"]; byte[] sign = BlobSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(queryParameters, uriComponents); using (IEnumerator <AuthDataEntry> enumerator = SharedKeyAuthInfoHelper.GetSharedKeys(authInfo).GetEnumerator()) { while (enumerator.MoveNext()) { AuthDataEntry current = enumerator.Current; byte[] numArray = SASUtilities.ComputeSignedKey(sign, current.AuthValue); if (!SASUtilities.ComputeSignatureAndCompare((new UTF8Encoding()).GetBytes(stringToSign), numArray, requestSignature)) { continue; } authDataEntry = current; return(authDataEntry); } CultureInfo invariantCulture = CultureInfo.InvariantCulture; object[] objArray = new object[] { requestSignature, stringToSign }; throw new AuthenticationFailureException(string.Format(invariantCulture, "The MAC signature found in the HTTP request '{0}' is not the same as any computed signature. Server used following string to sign: '{1}'.", objArray)); } return(authDataEntry); }
public static List <SASIdentifier> DecodeSASIdentifiers(string sasIdentifiersValue) { ASCIIEncoding aSCIIEncoding = new ASCIIEncoding(); if (sasIdentifiersValue == null) { throw new ArgumentNullException("sasIdentifiersValue"); } SASUtilities.ValidateACIIEncoding(sasIdentifiersValue); sasIdentifiersValue = aSCIIEncoding.GetString(Convert.FromBase64String(sasIdentifiersValue)); List <SASIdentifier> sASIdentifiers = new List <SASIdentifier>(); using (StringReader stringReader = new StringReader(sasIdentifiersValue)) { string str = null; while (true) { string str1 = stringReader.ReadLine(); str = str1; if (str1 == null) { break; } str = str.Trim(); if (str.Length != 0) { string str2 = aSCIIEncoding.GetString(Convert.FromBase64String(str)); SASIdentifier sASIdentifier = new SASIdentifier(); sASIdentifier.Decode(str2); sASIdentifiers.Add(sASIdentifier); } } } return(sASIdentifiers); }
public virtual void ParseAccessPolicyFields(bool isDoubleSigned) { string item = this.QueryParams["st"]; this.ValidateOptionalField(item, "st"); if (item != null) { this.SignedStart = new DateTime?(SASUtilities.ParseTime(item)); } string str = this.QueryParams["se"]; if (!this.IsRevocableAccess) { this.ValidateMandatoryField(str, "se"); this.SignedExpiry = new DateTime?(SASUtilities.ParseTime(str)); } else { this.ValidateOptionalField(str, "se"); if (str != null) { this.SignedExpiry = new DateTime?(SASUtilities.ParseTime(str)); } } if (!VersioningHelper.IsPreApril15OrInvalidVersion(this.SignedVersion)) { string item1 = this.QueryParams["sip"]; this.ValidateOptionalField(item1, "sip"); if (item1 != null) { try { this.SignedIP = SASUtilities.ParseSip(item1); } catch (ArgumentOutOfRangeException argumentOutOfRangeException) { throw new FormatException("Invalid sip format", argumentOutOfRangeException); } } string str1 = this.QueryParams["spr"]; this.ValidateOptionalField(str1, "spr"); if (str1 != null) { this.SignedProtocol = SASUtilities.ParseSignedProtocol(str1); } } string item2 = this.QueryParams["sep"]; this.ValidateOptionalField(item2, "sep"); if (item2 != null) { this.SignedExtraPermission = SASUtilities.ParseExtraPermission(item2); } }
public override void ParseAccessPolicyFields(bool isDoubleSigned) { try { if (isDoubleSigned) { string str = base.ExtractSignedAuthorization(base.RequestContext); base.ValidateMandatoryField(str, "SignedKey"); base.ValidateSignedAuthorizationFormat(str); } else { string item = base.QueryParams["sig"]; base.ValidateMandatoryField(item, "sig"); base.ValidateSignatureFormat(item); base.Signature = item; } string item1 = base.QueryParams["si"]; base.ValidateOptionalField(item1, "si"); base.SignedIdentifier = item1; string str1 = base.QueryParams["sv"]; base.ValidateMandatoryField(str1, "sv"); this.ValidateSASVersion(str1); base.ParseAccessPolicyFields(isDoubleSigned); string item2 = base.QueryParams["sp"]; if (!base.IsRevocableAccess) { base.ValidateMandatoryField(item2, "sp"); SASUtilities.ValidatePermissionOrdering(item2, SASPermission.Queue); base.SignedPermission = new SASPermission?(SASUtilities.ParseSASPermission(item2)); } else { base.ValidateOptionalField(item2, "sp"); if (item2 != null) { SASUtilities.ValidatePermissionOrdering(item2, SASPermission.Queue); base.SignedPermission = new SASPermission?(SASUtilities.ParseSASPermission(item2)); } } string str2 = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(base.QueryParams); base.ValidateOptionalField(str2, "sk"); if (str2 != null) { base.KeyName = str2.Trim(); Logger <IRestProtocolHeadLogger> .Instance.Verbose.Log("Using secret key with KeyName '{0}' to authenticate SAS request.", new object[] { base.KeyName }); } } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } }
public SASAccessPolicy(string signedStart, string signedExpiry, string signedPermission) { if (!string.IsNullOrEmpty(signedStart)) { this.SignedStart = new DateTime?(SASUtilities.ParseTime(signedStart)); } if (!string.IsNullOrEmpty(signedExpiry)) { this.SignedExpiry = new DateTime?(SASUtilities.ParseTime(signedExpiry)); } if (!string.IsNullOrEmpty(signedPermission)) { this.SignedPermission = new SASPermission?(SASUtilities.ParseSASPermission(signedPermission)); } }
public static SASExtraPermission?ParseExtraPermission(string extraPermission) { SASExtraPermission?nullable = null; if (string.IsNullOrEmpty(extraPermission)) { return(nullable); } for (int i = 0; i < extraPermission.Length; i++) { if (extraPermission[i] != 'b') { throw new FormatException(string.Concat("Unexpected character ", extraPermission[i], " in extra permission")); } nullable = SASUtilities.ValidateAndAddExtraPermission(nullable, SASExtraPermission.BypassAccountNetworkAcls, i); } return(nullable); }
public override void ParseAccessPolicyFields(bool isDoubleSigned) { try { if (isDoubleSigned) { string str = base.ExtractSignedAuthorization(base.RequestContext); base.ValidateMandatoryField(str, "SignedKey"); base.ValidateSignedAuthorizationFormat(str); } else { string item = base.QueryParams["sig"]; base.ValidateMandatoryField(item, "sig"); base.ValidateSignatureFormat(item); base.Signature = item; } string item1 = base.QueryParams["si"]; base.ValidateOptionalField(item1, "si"); base.SignedIdentifier = item1; string str1 = base.QueryParams["tn"]; base.ValidateMandatoryField(str1, "tn"); this.TableName = str1.ToLower(); string item2 = base.QueryParams["spk"]; this.StartingPartitionKey = item2; string str2 = base.QueryParams["srk"]; if (item2 == null && str2 != null) { throw new AuthenticationFailureException(string.Format("{0} is required when {1} is provided.", "srk", "spk")); } this.StartingRowKey = str2; string item3 = base.QueryParams["epk"]; this.EndingPartitionKey = item3; string str3 = base.QueryParams["erk"]; if (item3 == null && str3 != null) { throw new AuthenticationFailureException(string.Format("{0} is required when {1} is provided.", "erk", "epk")); } this.EndingRowKey = str3; string item4 = base.QueryParams["sv"]; base.ValidateMandatoryField(item4, "sv"); this.ValidateSASVersion(item4); base.ParseAccessPolicyFields(isDoubleSigned); string str4 = base.QueryParams["sp"]; if (!base.IsRevocableAccess) { base.ValidateMandatoryField(str4, "sp"); SASUtilities.ValidatePermissionOrdering(str4, SASPermission.Table); base.SignedPermission = new SASPermission?(SASUtilities.ParseSASPermission(str4)); } else { base.ValidateOptionalField(str4, "sp"); if (str4 != null) { SASUtilities.ValidatePermissionOrdering(str4, SASPermission.Table); base.SignedPermission = new SASPermission?(SASUtilities.ParseSASPermission(str4)); } } string str5 = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(base.QueryParams); base.ValidateOptionalField(str5, "sk"); if (str5 != null) { base.KeyName = str5.Trim(); Logger <IRestProtocolHeadLogger> .Instance.Verbose.Log("Using secret key with KeyName '{0}' to authenticate SAS request.", new object[] { base.KeyName }); } } catch (FormatException formatException) { throw new AuthenticationFailureException("Signature fields not well formed.", formatException); } }
public bool ComputeSignatureAndCompare(byte[] stringToSign, SecretKeyListV3 keys) { bool flag; NephosAssertionException.Assert(stringToSign != null); NephosAssertionException.Assert(keys != null); if (keys.Count == 0) { throw new ArgumentException("Invalid number of keys"); } bool flag1 = string.IsNullOrEmpty(this.KeyName); List <SecretKeyV3> .Enumerator enumerator = keys.GetEnumerator(); try { while (enumerator.MoveNext()) { SecretKeyV3 current = enumerator.Current; if ((!flag1 || !current.IsDefault()) && !string.Equals(current.Name, this.KeyName) || !SASUtilities.ComputeSignatureAndCompare(stringToSign, current.Value, this.Signature)) { continue; } this.KeyUsedForSigning = current; flag = true; return(flag); } return(false); } finally { ((IDisposable)enumerator).Dispose(); } return(flag); }
public static string GenerateBlobSasUrl(string accountName, string containerName, string blobName, string blobSnapshot, IStorageAccount storageAccount, string requestUrlBase, bool includeWritePermission) { if (string.IsNullOrEmpty(accountName) || string.IsNullOrEmpty(containerName) || string.IsNullOrEmpty(blobName) || string.IsNullOrEmpty(requestUrlBase)) { IStringDataEventStream error = Logger <IRestProtocolHeadLogger> .Instance.Error; object[] objArray = new object[] { accountName, containerName, blobName, requestUrlBase }; error.Log("Source blob account, container, blob name or requestUrl should not be empty. sourceUnversionedAccountName: {0} sourceUnversionedContainerName: {1} sourceBlobName: {2} requestUrlBase: {3}", objArray); return(string.Empty); } NameValueCollection nameValueCollection = new NameValueCollection(); if (!includeWritePermission) { nameValueCollection.Add("sp", "r"); } else { nameValueCollection.Add("sp", "rw"); } nameValueCollection.Add("se", SASUtilities.EncodeTime(DateTime.MaxValue)); nameValueCollection.Add("sv", "2016-02-19"); nameValueCollection.Add("sr", "b"); byte[] sign = BlobSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(nameValueCollection, new NephosUriComponents(accountName, containerName, HttpUtility.UrlDecode(blobName))); string str = (new UTF8Encoding()).GetString(sign); str = str.Replace('\n', '.'); SecretKeyV3 secretKeyV3 = null; if (secretKeyV3 == null) { Logger <IRestProtocolHeadLogger> .Instance.Error.Log("GenerateBlobSasUrl: could not find a system key for the account"); return(string.Empty); } string str1 = BlobSignedAccessHelper.ComputeHMACSHA256(secretKeyV3.Value, sign); if (string.IsNullOrEmpty(str1)) { Logger <IRestProtocolHeadLogger> .Instance.Error.Log("GenerateBlobSasUrl: could not get HMACSHA256"); return(string.Empty); } nameValueCollection.Add("sig", str1); if (!string.IsNullOrEmpty(blobSnapshot)) { nameValueCollection.Add("snapshot", blobSnapshot); } UriBuilder uriBuilder = new UriBuilder(requestUrlBase); StringBuilder stringBuilder = new StringBuilder(); string[] allKeys = nameValueCollection.AllKeys; for (int i = 0; i < (int)allKeys.Length; i++) { string str2 = allKeys[i]; stringBuilder.Append(HttpUtilities.PathEncode(str2)); stringBuilder.Append("="); stringBuilder.Append(HttpUtilities.PathEncode(nameValueCollection[str2])); stringBuilder.Append("&"); } if (stringBuilder.Length > 0) { stringBuilder.Remove(stringBuilder.Length - 1, 1); } uriBuilder.Query = stringBuilder.ToString(); return(uriBuilder.ToString()); }
public static byte[] ComputeUrlDecodedUtf8EncodedStringToSign(NameValueCollection queryParams, NephosUriComponents uriComponents) { string item = queryParams["st"]; string str = queryParams["se"]; string item1 = queryParams["sp"]; string str1 = queryParams["sr"]; string item2 = queryParams["si"]; string str2 = queryParams["sip"]; string item3 = queryParams["spr"]; string str3 = queryParams["sv"]; StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append(item1 ?? string.Empty); stringBuilder.Append("\n"); stringBuilder.Append(item ?? string.Empty); stringBuilder.Append("\n"); stringBuilder.Append(str ?? string.Empty); stringBuilder.Append("\n"); stringBuilder.Append(BlobSignedAccessHelper.GetCanonicalizedResource(uriComponents, SASUtilities.ParseSasAccessLevel(str1), str3)); stringBuilder.Append("\n"); stringBuilder.Append(item2 ?? string.Empty); if (str3 != null) { if (VersioningHelper.CompareVersions(str3, "2015-04-05") >= 0) { stringBuilder.Append("\n"); stringBuilder.Append(str2 ?? string.Empty); stringBuilder.Append("\n"); stringBuilder.Append(item3 ?? string.Empty); } stringBuilder.Append("\n"); stringBuilder.Append(queryParams["sv"]); if (VersioningHelper.CompareVersions(str3, "2014-02-14") >= 0) { stringBuilder.Append("\n"); if (queryParams["rscc"] != null) { stringBuilder.Append(queryParams["rscc"]); } stringBuilder.Append("\n"); if (queryParams["rscd"] != null) { stringBuilder.Append(queryParams["rscd"]); } stringBuilder.Append("\n"); if (queryParams["rsce"] != null) { stringBuilder.Append(queryParams["rsce"]); } stringBuilder.Append("\n"); if (queryParams["rscl"] != null) { stringBuilder.Append(queryParams["rscl"]); } stringBuilder.Append("\n"); if (queryParams["rsct"] != null) { stringBuilder.Append(queryParams["rsct"]); } } } if (queryParams["sep"] != null) { stringBuilder.Append("\n"); stringBuilder.Append(queryParams["sep"]); } return((new UTF8Encoding()).GetBytes(stringBuilder.ToString())); }