public override byte[] ComputeUrlDecodedUtf8EncodedStringToSign()
{
string item;
string str = base.QueryParams["st"];
string item1 = base.QueryParams["se"];
string str1 = base.QueryParams["sp"];
string signedIdentifier = base.SignedIdentifier ?? string.Empty;
string item2 = base.QueryParams["sip"];
string str2 = base.QueryParams["spr"];
string item3 = base.QueryParams["sv"];
string tableName = this.TableName ?? string.Empty;
string startingPartitionKey = this.StartingPartitionKey ?? string.Empty;
string startingRowKey = this.StartingRowKey ?? string.Empty;
string endingPartitionKey = this.EndingPartitionKey ?? string.Empty;
string endingRowKey = this.EndingRowKey ?? string.Empty;
if (base.SignedExtraPermission.HasValue)
{
item = base.QueryParams["sep"];
}
else
{
item = null;
}
return(TableSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(str, item1, str1, signedIdentifier, item2, str2, item3, tableName, startingPartitionKey, startingRowKey, endingPartitionKey, endingRowKey, item, base.UriComponents));
}
public static AuthDataEntry SignedKeyAuthenticate(string stringToSign, string requestSignature, AuthenticationInformation authInfo)
{
AuthDataEntry authDataEntry;
NephosAssertionException.Assert(!string.IsNullOrEmpty(stringToSign));
NephosAssertionException.Assert(!string.IsNullOrEmpty(requestSignature));
NephosAssertionException.Assert(authInfo != null);
RequestContext requestContext = authInfo.RequestContext;
NephosUriComponents uriComponents = authInfo.UriComponents;
NameValueCollection queryParameters = requestContext.QueryParameters;
string item = queryParameters["st"];
string str = queryParameters["se"];
string item1 = queryParameters["sp"];
string str1 = queryParameters["si"];
string item2 = queryParameters["sip"];
string str2 = queryParameters["spr"];
string item3 = queryParameters["sv"];
string str3 = queryParameters["tn"];
string item4 = queryParameters["spk"];
string str4 = queryParameters["srk"];
string item5 = queryParameters["epk"];
string str5 = queryParameters["erk"];
string item6 = queryParameters["sep"];
byte[] sign = TableSignedAccessHelper.ComputeUrlDecodedUtf8EncodedStringToSign(item, str, item1, str1, item2, str2, item3, str3, item4, str4, item5, str5, item6, uriComponents);
authInfo.AuthKeyName = AuthenticationManagerHelper.ExtractKeyNameFromParamsWithConversion(queryParameters);
using (IEnumerator <AuthDataEntry> enumerator = SharedKeyAuthInfoHelper.GetSharedKeys(authInfo).GetEnumerator())
{
while (enumerator.MoveNext())
{
AuthDataEntry current = enumerator.Current;
byte[] numArray = SASUtilities.ComputeSignedKey(sign, current.AuthValue);
if (!SASUtilities.ComputeSignatureAndCompare((new UTF8Encoding()).GetBytes(stringToSign), numArray, requestSignature))
{
continue;
}
authDataEntry = current;
return(authDataEntry);
}
CultureInfo invariantCulture = CultureInfo.InvariantCulture;
object[] objArray = new object[] { requestSignature, stringToSign };
throw new AuthenticationFailureException(string.Format(invariantCulture, "The MAC signature found in the HTTP request '{0}' is not the same as any computed signature. Server used following string to sign: '{1}'.", objArray));
}
return(authDataEntry);
}
public static byte[] ComputeUrlDecodedUtf8EncodedStringToSign(string st, string se, string sp, string si, string sip, string spr, string sv, string tn, string spk, string srk, string epk, string erk, string sep, NephosUriComponents uriComponents)
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(sp ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(st ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(se ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(TableSignedAccessHelper.GetCanonicalizedResource(uriComponents, tn, sv));
stringBuilder.Append("\n");
stringBuilder.Append(si ?? string.Empty);
stringBuilder.Append("\n");
if (!VersioningHelper.IsPreApril15OrInvalidVersion(sv))
{
stringBuilder.Append(sip ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(spr ?? string.Empty);
stringBuilder.Append("\n");
}
stringBuilder.Append(sv ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(spk ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(srk ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(epk ?? string.Empty);
stringBuilder.Append("\n");
stringBuilder.Append(erk ?? string.Empty);
if (sep != null)
{
stringBuilder.Append("\n");
stringBuilder.Append(sep);
}
return((new UTF8Encoding()).GetBytes(stringBuilder.ToString()));
}
private IEnumerator <IAsyncResult> AuthenticateImpl(IStorageAccount storageAccount, RequestContext requestContext, NephosUriComponents uriComponents, AuthenticationManager.GetStringToSignCallback getStringToSignCallback, TimeSpan timeout, AsyncIteratorContext <IAuthenticationResult> context)
{
bool flag;
bool flag1;
SignedAccessHelper accountSasHelper;
IStorageAccount operationStatus;
ContainerAclSettings containerAclSetting;
string signedVersion = null;
Duration startingNow = Duration.StartingNow;
NameValueCollection queryParameters = requestContext.QueryParameters;
if (AuthenticationManager.IsInvalidAccess(requestContext))
{
throw new InvalidAuthenticationInfoException("Ambiguous authentication scheme credentials providedRequest contains authentication credentials for signed access and authenticated access");
}
bool flag2 = AuthenticationManager.IsAuthenticatedAccess(requestContext);
bool flag3 = AuthenticationManager.IsSignatureAccess(requestContext);
flag = (!flag2 ? false : AuthenticationManager.IsAuthenticatedAccess(requestContext, "SignedKey"));
bool flag4 = flag;
flag1 = (flag2 ? false : !flag3);
if ((!flag2 || flag4) && !flag1)
{
NephosAssertionException.Assert((flag3 ? true : flag4));
bool flag5 = (flag3 ? false : flag4);
TableSignedAccessHelper tableSignedAccessHelper = null;
if (!AuthenticationManager.IsAccountSasAccess(requestContext.QueryParameters))
{
tableSignedAccessHelper = new TableSignedAccessHelper(requestContext, uriComponents);
accountSasHelper = tableSignedAccessHelper;
}
else
{
if (flag5)
{
throw new AuthenticationFailureException("SignedKey is not supported with account-level SAS.");
}
accountSasHelper = new AccountSasHelper(requestContext, uriComponents);
}
accountSasHelper.ParseAccessPolicyFields(flag5);
accountSasHelper.PerformSignedAccessAuthenticationFirstPhaseValidations();
AccountIdentifier tableSignedAccessAccountIdentifier = null;
if (!flag5)
{
byte[] sign = accountSasHelper.ComputeUrlDecodedUtf8EncodedStringToSign();
if (storageAccount == null || !string.Equals(storageAccount.Name, uriComponents.AccountName))
{
try
{
operationStatus = this.storageManager.CreateAccountInstance(uriComponents.AccountName);
if (requestContext != null)
{
operationStatus.OperationStatus = requestContext.OperationStatus;
}
}
catch (ArgumentOutOfRangeException argumentOutOfRangeException)
{
throw new AuthenticationFailureException(string.Format(CultureInfo.InvariantCulture, "The account name is invalid.", new object[0]));
}
operationStatus.Timeout = startingNow.Remaining(timeout);
IAsyncResult asyncResult = operationStatus.BeginGetProperties(AccountPropertyNames.All, null, context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult);
try
{
operationStatus.EndGetProperties(asyncResult);
}
catch (AccountNotFoundException accountNotFoundException1)
{
AccountNotFoundException accountNotFoundException = accountNotFoundException1;
CultureInfo invariantCulture = CultureInfo.InvariantCulture;
object[] name = new object[] { operationStatus.Name };
throw new AuthenticationFailureException(string.Format(invariantCulture, "Cannot find the claimed account when trying to GetProperties for the account {0}.", name), accountNotFoundException);
}
catch (Exception exception1)
{
Exception exception = exception1;
IStringDataEventStream warning = Logger <IRestProtocolHeadLogger> .Instance.Warning;
object[] objArray = new object[] { operationStatus.Name, exception };
warning.Log("Rethrow exception when trying to GetProperties for the account {0}: {1}", objArray);
throw;
}
}
else
{
operationStatus = storageAccount;
}
if (!accountSasHelper.ComputeSignatureAndCompare(sign, operationStatus.SecretKeysV3))
{
throw new AuthenticationFailureException(string.Concat("Signature did not match. String to sign used was ", (new UTF8Encoding()).GetString(sign)));
}
NephosAssertionException.Assert(accountSasHelper.KeyUsedForSigning != null, "Key used for signing cannot be null");
tableSignedAccessAccountIdentifier = accountSasHelper.CreateAccountIdentifier(operationStatus);
tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
if (storageAccount != operationStatus)
{
operationStatus.Dispose();
}
}
else
{
IAsyncResult asyncResult1 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult1);
IAuthenticationResult authenticationResult = this.nephosAuthenticationManager.EndAuthenticate(asyncResult1);
tableSignedAccessAccountIdentifier = new TableSignedAccessAccountIdentifier(authenticationResult.AccountIdentifier, tableSignedAccessHelper.TableName, tableSignedAccessHelper.StartingPartitionKey, tableSignedAccessHelper.StartingRowKey, tableSignedAccessHelper.EndingPartitionKey, tableSignedAccessHelper.EndingRowKey);
tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
}
signedVersion = accountSasHelper.SignedVersion;
if (accountSasHelper.IsRevocableAccess)
{
using (ITableContainer tableContainer = this.storageManager.CreateTableContainerInstance(uriComponents.AccountName, tableSignedAccessHelper.TableName))
{
if (requestContext != null)
{
tableContainer.OperationStatus = requestContext.OperationStatus;
}
ContainerPropertyNames containerPropertyName = ContainerPropertyNames.ServiceMetadata;
tableContainer.Timeout = startingNow.Remaining(timeout);
IAsyncResult asyncResult2 = tableContainer.BeginGetProperties(containerPropertyName, null, context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult2);
try
{
tableContainer.EndGetProperties(asyncResult2);
}
catch (Exception exception3)
{
Exception exception2 = exception3;
if (exception2 is ContainerNotFoundException)
{
throw new AuthenticationFailureException("Error locating SAS identifier", exception2);
}
IStringDataEventStream stringDataEventStream = Logger <IRestProtocolHeadLogger> .Instance.Warning;
object[] accountName = new object[] { uriComponents.AccountName, tableSignedAccessHelper.TableName, exception2 };
stringDataEventStream.Log("Rethrow exception when trying to fetch SAS identifier account {0} container {1} : {2}", accountName);
throw;
}
try
{
containerAclSetting = new ContainerAclSettings(tableContainer.ServiceMetadata);
}
catch (MetadataFormatException metadataFormatException1)
{
MetadataFormatException metadataFormatException = metadataFormatException1;
throw new NephosStorageDataCorruptionException(string.Format("Error decoding Acl setting for container {0}", tableSignedAccessHelper.TableName), metadataFormatException);
}
}
try
{
accountSasHelper.ValidateAndDeriveEffectiveAccessPolicy(accountSasHelper.LocateSasIdentifier(containerAclSetting.SASIdentifiers));
accountSasHelper.PerformSignedAccessAuthenticationSecondPhaseValidations();
tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
context.ResultData = new AuthenticationResult(tableSignedAccessAccountIdentifier, signedVersion, true);
}
catch (FormatException formatException)
{
throw new AuthenticationFailureException("Signature fields not well formed.", formatException);
}
}
else
{
tableSignedAccessAccountIdentifier.Initialize(accountSasHelper);
context.ResultData = new AuthenticationResult(tableSignedAccessAccountIdentifier, signedVersion, true);
}
}
else
{
IAsyncResult asyncResult3 = this.nephosAuthenticationManager.BeginAuthenticate(storageAccount, requestContext, uriComponents, getStringToSignCallback, startingNow.Remaining(timeout), context.GetResumeCallback(), context.GetResumeState("XFETableAuthenticationManager.AuthenticateImpl"));
yield return(asyncResult3);
context.ResultData = this.nephosAuthenticationManager.EndAuthenticate(asyncResult3);
}
}
