static HTTP_HEADERS_HANDLE construct_http_headers(const PROV_SERVICE_CLIENT* prov_client, const char* etag, HTTP_CLIENT_REQUEST_TYPE request) { HTTP_HEADERS_HANDLE result; if ((result = HTTPHeaders_Alloc()) == NULL) { LogError("failure sending request"); } else { size_t secSinceEpoch = (size_t)(difftime(get_time(NULL), EPOCH_TIME_T_VALUE) + 0); size_t expiryTime = secSinceEpoch + SAS_TOKEN_DEFAULT_LIFETIME; STRING_HANDLE sas_token = SASToken_CreateString(prov_client->access_key, prov_client->provisioning_service_uri, prov_client->key_name, expiryTime); if (sas_token == NULL) { HTTPHeaders_Free(result); result = NULL; } else { if ((HTTPHeaders_AddHeaderNameValuePair(result, HEADER_KEY_USER_AGENT, HEADER_VALUE_USER_AGENT) != HTTP_HEADERS_OK) || (HTTPHeaders_AddHeaderNameValuePair(result, HEADER_KEY_ACCEPT, HEADER_VALUE_ACCEPT) != HTTP_HEADERS_OK) || ((request != HTTP_CLIENT_REQUEST_DELETE) && (HTTPHeaders_AddHeaderNameValuePair(result, HEADER_KEY_CONTENT_TYPE, HEADER_VALUE_CONTENT_TYPE) != HTTP_HEADERS_OK)) || (HTTPHeaders_AddHeaderNameValuePair(result, HEADER_KEY_AUTHORIZATION, STRING_c_str(sas_token)) != HTTP_HEADERS_OK) || ((etag != NULL) && (HTTPHeaders_AddHeaderNameValuePair(result, HEADER_KEY_IF_MATCH, etag) != HTTP_HEADERS_OK))) { LogError("failure adding header value"); HTTPHeaders_Free(result); result = NULL; } STRING_delete(sas_token); } } return result; }
static void show_sastoken_example() { STRING_HANDLE sas_token = SASToken_CreateString("key", "scope", "name", 987654321); if (sas_token == NULL) { LogError("Failed to create SAS Token.\n"); } else { STRING_delete(sas_token); } }
char* IoTHubClient_Auth_Get_SasToken(IOTHUB_AUTHORIZATION_HANDLE handle, const char* scope, size_t expiry_time_relative_seconds, const char* key_name) { char* result; (void)expiry_time_relative_seconds; /* Codes_SRS_IoTHub_Authorization_07_009: [ if handle or scope are NULL, IoTHubClient_Auth_Get_SasToken shall return NULL. ] */ if (handle == NULL) { LogError("Invalid Parameter handle: %p", handle); result = NULL; } else { if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_DEVICE_AUTH) { #ifdef USE_PROV_MODULE DEVICE_AUTH_CREDENTIAL_INFO dev_auth_cred; size_t sec_since_epoch; if (get_seconds_since_epoch(&sec_since_epoch) != 0) { LogError("failure getting seconds from epoch"); result = NULL; } else { memset(&dev_auth_cred, 0, sizeof(DEVICE_AUTH_CREDENTIAL_INFO)); size_t expiry_time = sec_since_epoch + handle->token_expiry_time_sec; dev_auth_cred.sas_info.expiry_seconds = expiry_time; dev_auth_cred.sas_info.token_scope = scope; dev_auth_cred.sas_info.key_name = key_name; dev_auth_cred.dev_auth_type = AUTH_TYPE_SAS; CREDENTIAL_RESULT* cred_result = iothub_device_auth_generate_credentials(handle->device_auth_handle, &dev_auth_cred); if (cred_result == NULL) { LogError("failure getting credentials from device auth module"); result = NULL; } else { if (mallocAndStrcpy_s(&result, cred_result->auth_cred_result.sas_result.sas_token) != 0) { LogError("failure allocating Sas Token"); result = NULL; } free(cred_result); } } #else LogError("Failed HSM module is not supported"); result = NULL; #endif } else if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_SAS_TOKEN) { /* Codes_SRS_IoTHub_Authorization_07_021: [If the device_sas_token is NOT NULL IoTHubClient_Auth_Get_SasToken shall return a copy of the device_sas_token. ] */ if (handle->device_sas_token != NULL) { if (mallocAndStrcpy_s(&result, handle->device_sas_token) != 0) { LogError("failure allocating sas token"); result = NULL; } } else { LogError("failure device sas token is NULL"); result = NULL; } } else if (handle->cred_type == IOTHUB_CREDENTIAL_TYPE_DEVICE_KEY) { /* Codes_SRS_IoTHub_Authorization_07_009: [ if handle or scope are NULL, IoTHubClient_Auth_Get_SasToken shall return NULL. ] */ if (scope == NULL) { LogError("Invalid Parameter scope: %p", scope); result = NULL; } else { STRING_HANDLE sas_token; size_t sec_since_epoch; /* Codes_SRS_IoTHub_Authorization_07_010: [ IoTHubClient_Auth_Get_SasToken` shall construct the expiration time using the handle->token_expiry_time_sec added to epoch time. ] */ if (get_seconds_since_epoch(&sec_since_epoch) != 0) { /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */ LogError("failure getting seconds from epoch"); result = NULL; } else { /* Codes_SRS_IoTHub_Authorization_07_011: [ IoTHubClient_Auth_Get_ConnString shall call SASToken_CreateString to construct the sas token. ] */ size_t expiry_time = sec_since_epoch + handle->token_expiry_time_sec; if ( (sas_token = SASToken_CreateString(handle->device_key, scope, key_name, expiry_time)) == NULL) { /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */ LogError("Failed creating sas_token"); result = NULL; } else { /* Codes_SRS_IoTHub_Authorization_07_012: [ On success IoTHubClient_Auth_Get_ConnString shall allocate and return the sas token in a char*. ] */ if (mallocAndStrcpy_s(&result, STRING_c_str(sas_token) ) != 0) { /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */ LogError("Failed copying result"); result = NULL; } STRING_delete(sas_token); } } } } else { LogError("Failed getting sas token invalid credential type"); result = NULL; } } return result; }
char* IoTHubClient_Auth_Get_SasToken(IOTHUB_AUTHORIZATION_HANDLE handle, const char* scope, size_t expire_time) { char* result; /* Codes_SRS_IoTHub_Authorization_07_009: [ if handle or scope are NULL, IoTHubClient_Auth_Get_SasToken shall return NULL. ] */ if (handle == NULL) { LogError("Invalid Parameter handle: %p", handle); result = NULL; } else { /* Codes_SRS_IoTHub_Authorization_07_021: [If the device_sas_token is NOT NULL IoTHubClient_Auth_Get_SasToken shall return a copy of the device_sas_token. ] */ if (handle->device_sas_token != NULL) { if (mallocAndStrcpy_s(&result, handle->device_sas_token) != 0) { LogError("failure allocating sas token", scope); result = NULL; } } /* Codes_SRS_IoTHub_Authorization_07_009: [ if handle or scope are NULL, IoTHubClient_Auth_Get_SasToken shall return NULL. ] */ else if (scope == NULL) { LogError("Invalid Parameter scope: %p", scope); result = NULL; } else { const char* key_name = ""; STRING_HANDLE sas_token; size_t sec_since_epoch; /* Codes_SRS_IoTHub_Authorization_07_010: [ IoTHubClient_Auth_Get_ConnString shall construct the expiration time using the expire_time. ] */ if (get_seconds_since_epoch(&sec_since_epoch) != 0) { /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */ LogError("failure getting seconds from epoch"); result = NULL; } else { /* Codes_SRS_IoTHub_Authorization_07_011: [ IoTHubClient_Auth_Get_ConnString shall call SASToken_CreateString to construct the sas token. ] */ size_t expiry_time = sec_since_epoch+expire_time; if ( (sas_token = SASToken_CreateString(handle->device_key, scope, key_name, expiry_time)) == NULL) { /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */ LogError("Failed creating sas_token"); result = NULL; } else { /* Codes_SRS_IoTHub_Authorization_07_012: [ On success IoTHubClient_Auth_Get_ConnString shall allocate and return the sas token in a char*. ] */ if (mallocAndStrcpy_s(&result, STRING_c_str(sas_token) ) != 0) { /* Codes_SRS_IoTHub_Authorization_07_020: [ If any error is encountered IoTHubClient_Auth_Get_ConnString shall return NULL. ] */ LogError("Failed copying result"); result = NULL; } STRING_delete(sas_token); } } } } return result; }