using Azure.Core; using Azure.Storage.Blobs; using Azure.Storage.Blobs.Models; using System; using System.ComponentModel; using System.Runtime.CompilerServices; using System.Security.Cryptography; using System.Text; namespace Azure.Storage.Sas { public class BlobSasBuilder { [EditorBrowsable(EditorBrowsableState.Never)] public string Version { get; set; } public SasProtocol Protocol { get; set; } public DateTimeOffset StartsOn { get; set; } public DateTimeOffset ExpiresOn { get; set; } public string Permissions { get; set; } public SasIPRange IPRange { get; set; } public string Identifier { get; set; } public string BlobContainerName { get; set; } public string BlobName { get; set; } public string Snapshot { get; set; } public string BlobVersionId { get; set; } public string Resource { get; set; } public string CacheControl { get; set; } public string ContentDisposition { get; set; } public string ContentEncoding { get; set; } public string ContentLanguage { get; set; } public string ContentType { get; set; } public string PreauthorizedAgentObjectId { get; set; } public string CorrelationId { get; set; } public string EncryptionScope { get; set; } [EditorBrowsable(EditorBrowsableState.Never)] public BlobSasBuilder() { } public BlobSasBuilder(BlobSasPermissions permissions, DateTimeOffset expiresOn) { ExpiresOn = expiresOn; SetPermissions(permissions); } public BlobSasBuilder(BlobContainerSasPermissions permissions, DateTimeOffset expiresOn) { ExpiresOn = expiresOn; SetPermissions(permissions); } public void SetPermissions(BlobSasPermissions permissions) { Permissions = permissions.ToPermissionsString(); } public void SetPermissions(BlobAccountSasPermissions permissions) { Permissions = permissions.ToPermissionsString(); } public void SetPermissions(BlobContainerSasPermissions permissions) { Permissions = permissions.ToPermissionsString(); } public void SetPermissions(SnapshotSasPermissions permissions) { Permissions = permissions.ToPermissionsString(); } public void SetPermissions(BlobVersionSasPermissions permissions) { Permissions = permissions.ToPermissionsString(); } public void SetPermissions(string rawPermissions, bool normalize = false) { if (normalize) rawPermissions = SasExtensions.ValidateAndSanitizeRawPermissions(rawPermissions, Constants.Sas.ValidPermissionsInOrder); SetPermissions(rawPermissions); } public void SetPermissions(string rawPermissions) { Permissions = rawPermissions; } [CallerShouldAudit("https://aka.ms/azsdk/callershouldaudit/storage-blobs")] public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential) { string stringToSign; return ToSasQueryParameters(sharedKeyCredential, out stringToSign); } [CallerShouldAudit("https://aka.ms/azsdk/callershouldaudit/storage-blobs")] public BlobSasQueryParameters ToSasQueryParameters(StorageSharedKeyCredential sharedKeyCredential, out string stringToSign) { StorageSharedKeyCredential obj = sharedKeyCredential; if (obj == null) throw Errors.ArgumentNull("sharedKeyCredential"); sharedKeyCredential = obj; EnsureState(); stringToSign = ToStringToSign(sharedKeyCredential); string text = StorageSharedKeyCredentialInternals.ComputeSasSignature(sharedKeyCredential, stringToSign); string version = Version; SasProtocol protocol = Protocol; DateTimeOffset startsOn = StartsOn; DateTimeOffset expiresOn = ExpiresOn; SasIPRange iPRange = IPRange; string identifier = Identifier; string resource = Resource; string permissions = Permissions; string signature = text; string cacheControl = CacheControl; string contentDisposition = ContentDisposition; string contentEncoding = ContentEncoding; string contentLanguage = ContentLanguage; string contentType = ContentType; string encryptionScope = EncryptionScope; return new BlobSasQueryParameters(version, null, null, protocol, startsOn, expiresOn, iPRange, identifier, resource, permissions, signature, null, null, default(DateTimeOffset), default(DateTimeOffset), null, null, cacheControl, contentDisposition, contentEncoding, contentLanguage, contentType, null, null, null, encryptionScope); } private string ToStringToSign(StorageSharedKeyCredential sharedKeyCredential) { string text = SasExtensions.FormatTimesForSasSigning(StartsOn); string text2 = SasExtensions.FormatTimesForSasSigning(ExpiresOn); string[] obj = new string[16] { Permissions, text, text2, GetCanonicalName(sharedKeyCredential.get_AccountName(), BlobContainerName ?? string.Empty, BlobName ?? string.Empty), Identifier, null, null, null, null, null, null, null, null, null, null, null }; SasIPRange iPRange = IPRange; obj[5] = ((object)iPRange).ToString(); obj[6] = Protocol.ToProtocolString(); obj[7] = Version; obj[8] = Resource; obj[9] = (Snapshot ?? BlobVersionId); obj[10] = EncryptionScope; obj[11] = CacheControl; obj[12] = ContentDisposition; obj[13] = ContentEncoding; obj[14] = ContentLanguage; obj[15] = ContentType; return string.Join("\n", obj); } [CallerShouldAudit("https://aka.ms/azsdk/callershouldaudit/storage-blobs")] public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName) { string stringToSign; return ToSasQueryParameters(userDelegationKey, accountName, out stringToSign); } [CallerShouldAudit("https://aka.ms/azsdk/callershouldaudit/storage-blobs")] public BlobSasQueryParameters ToSasQueryParameters(UserDelegationKey userDelegationKey, string accountName, out string stringToSign) { UserDelegationKey userDelegationKey2 = userDelegationKey; if (userDelegationKey2 == null) throw Errors.ArgumentNull("userDelegationKey"); userDelegationKey = userDelegationKey2; EnsureState(); stringToSign = ToStringToSign(userDelegationKey, accountName); string signature = ComputeHMACSHA256(userDelegationKey.Value, stringToSign); string version = Version; SasProtocol protocol = Protocol; DateTimeOffset startsOn = StartsOn; DateTimeOffset expiresOn = ExpiresOn; SasIPRange iPRange = IPRange; string resource = Resource; string permissions = Permissions; string signedObjectId = userDelegationKey.SignedObjectId; string signedTenantId = userDelegationKey.SignedTenantId; DateTimeOffset signedStartsOn = userDelegationKey.SignedStartsOn; DateTimeOffset signedExpiresOn = userDelegationKey.SignedExpiresOn; string signedService = userDelegationKey.SignedService; string signedVersion = userDelegationKey.SignedVersion; return new BlobSasQueryParameters(version, null, null, protocol, startsOn, expiresOn, iPRange, null, resource, permissions, signature, signedObjectId, signedTenantId, signedStartsOn, signedExpiresOn, signedService, signedVersion, CacheControl, ContentDisposition, ContentEncoding, ContentLanguage, ContentType, PreauthorizedAgentObjectId, null, CorrelationId, EncryptionScope); } private string ToStringToSign(UserDelegationKey userDelegationKey, string accountName) { string text = SasExtensions.FormatTimesForSasSigning(StartsOn); string text2 = SasExtensions.FormatTimesForSasSigning(ExpiresOn); string text3 = SasExtensions.FormatTimesForSasSigning(userDelegationKey.SignedStartsOn); string text4 = SasExtensions.FormatTimesForSasSigning(userDelegationKey.SignedExpiresOn); string[] obj = new string[24] { Permissions, text, text2, GetCanonicalName(accountName, BlobContainerName ?? string.Empty, BlobName ?? string.Empty), userDelegationKey.SignedObjectId, userDelegationKey.SignedTenantId, text3, text4, userDelegationKey.SignedService, userDelegationKey.SignedVersion, PreauthorizedAgentObjectId, null, CorrelationId, null, null, null, null, null, null, null, null, null, null, null }; SasIPRange iPRange = IPRange; obj[13] = ((object)iPRange).ToString(); obj[14] = Protocol.ToProtocolString(); obj[15] = Version; obj[16] = Resource; obj[17] = (Snapshot ?? BlobVersionId); obj[18] = EncryptionScope; obj[19] = CacheControl; obj[20] = ContentDisposition; obj[21] = ContentEncoding; obj[22] = ContentLanguage; obj[23] = ContentType; return string.Join("\n", obj); } private static string GetCanonicalName(string account, string containerName, string blobName) { if (string.IsNullOrEmpty(blobName)) return "/blob/" + account + "/" + containerName; DefaultInterpolatedStringHandler defaultInterpolatedStringHandler = new DefaultInterpolatedStringHandler(8, 3); defaultInterpolatedStringHandler.AppendLiteral("/blob/"); defaultInterpolatedStringHandler.AppendFormatted(account); defaultInterpolatedStringHandler.AppendLiteral("/"); defaultInterpolatedStringHandler.AppendFormatted(containerName); defaultInterpolatedStringHandler.AppendLiteral("/"); defaultInterpolatedStringHandler.AppendFormatted(blobName.Replace("\\", "/")); return defaultInterpolatedStringHandler.ToStringAndClear(); } private static string ComputeHMACSHA256(string userDelegationKeyValue, string message) { return Convert.ToBase64String(new HMACSHA256(Convert.FromBase64String(userDelegationKeyValue)).ComputeHash(Encoding.UTF8.GetBytes(message))); } private void EnsureState() { if (Identifier == null) { if (ExpiresOn == default(DateTimeOffset)) throw Errors.SasMissingData("ExpiresOn"); if (string.IsNullOrEmpty(Permissions)) throw Errors.SasMissingData("Permissions"); } if (string.IsNullOrEmpty(BlobName)) Resource = "c"; else if (string.IsNullOrEmpty(Snapshot) && string.IsNullOrEmpty(BlobVersionId)) { Resource = "b"; } else if (string.IsNullOrEmpty(BlobVersionId)) { Resource = "bs"; } else { Resource = "bv"; } Version = SasQueryParametersInternals.DefaultSasVersionInternal; } [EditorBrowsable(EditorBrowsableState.Never)] public override string ToString() { return base.ToString(); } [EditorBrowsable(EditorBrowsableState.Never)] public override bool Equals(object obj) { return base.Equals(obj); } [EditorBrowsable(EditorBrowsableState.Never)] public override int GetHashCode() { return base.GetHashCode(); } internal static BlobSasBuilder DeepCopy(BlobSasBuilder originalBlobSasBuilder) { return new BlobSasBuilder { Version = originalBlobSasBuilder.Version, Protocol = originalBlobSasBuilder.Protocol, StartsOn = originalBlobSasBuilder.StartsOn, ExpiresOn = originalBlobSasBuilder.ExpiresOn, Permissions = originalBlobSasBuilder.Permissions, IPRange = originalBlobSasBuilder.IPRange, Identifier = originalBlobSasBuilder.Identifier, BlobContainerName = originalBlobSasBuilder.BlobContainerName, BlobName = originalBlobSasBuilder.BlobName, Snapshot = originalBlobSasBuilder.Snapshot, BlobVersionId = originalBlobSasBuilder.BlobVersionId, Resource = originalBlobSasBuilder.Resource, CacheControl = originalBlobSasBuilder.CacheControl, ContentDisposition = originalBlobSasBuilder.ContentDisposition, ContentEncoding = originalBlobSasBuilder.ContentEncoding, ContentLanguage = originalBlobSasBuilder.ContentLanguage, ContentType = originalBlobSasBuilder.ContentType, PreauthorizedAgentObjectId = originalBlobSasBuilder.PreauthorizedAgentObjectId, CorrelationId = originalBlobSasBuilder.CorrelationId, EncryptionScope = originalBlobSasBuilder.EncryptionScope }; } } }