/*any other code is error*/ static int buildRequestHttpHeadersHandle(HTTPAPIEX_HANDLE_DATA *handleData, BUFFER_HANDLE requestContent, HTTP_HEADERS_HANDLE originalRequestHttpHeadersHandle, bool* isOriginalRequestHttpHeadersHandle, HTTP_HEADERS_HANDLE* toBeUsedRequestHttpHeadersHandle) { int result; if (originalRequestHttpHeadersHandle != NULL) { *toBeUsedRequestHttpHeadersHandle = originalRequestHttpHeadersHandle; *isOriginalRequestHttpHeadersHandle = true; } else { /*Codes_SRS_HTTPAPIEX_02_009: [If parameter requestHttpHeadersHandle is NULL then HTTPAPIEX_ExecuteRequest shall allocate a temporary internal instance of HTTPHEADERS, shall add to that instance the following headers Host:{hostname} - as it was indicated by the call to HTTPAPIEX_Create API call Content-Length:the size of the requestContent parameter, and use this instance to all the subsequent calls to HTTPAPI_ExecuteRequest as parameter httpHeadersHandle.] */ *isOriginalRequestHttpHeadersHandle = false; *toBeUsedRequestHttpHeadersHandle = HTTPHeaders_Alloc(); } if (*toBeUsedRequestHttpHeadersHandle == NULL) { result = __LINE__; LogError("unable to HTTPHeaders_Alloc\r\n"); } else { char temp[22]; (void)size_tToString(temp, 22, BUFFER_length(requestContent)); /*cannot fail, MAX_uint64 has 19 digits*/ /*Codes_SRS_HTTPAPIEX_02_011: [If parameter requestHttpHeadersHandle is not NULL then HTTPAPIEX_ExecuteRequest shall create or update the following headers of the request: Host:{hostname} Content-Length:the size of the requestContent parameter, and shall use the so constructed HTTPHEADERS object to all calls to HTTPAPI_ExecuteRequest as parameter httpHeadersHandle.] */ /*Codes_SRS_HTTPAPIEX_02_009: [If parameter requestHttpHeadersHandle is NULL then HTTPAPIEX_ExecuteRequest shall allocate a temporary internal instance of HTTPHEADERS, shall add to that instance the following headers Host:{hostname} - as it was indicated by the call to HTTPAPIEX_Create API call Content-Length:the size of the requestContent parameter, and use this instance to all the subsequent calls to HTTPAPI_ExecuteRequest as parameter httpHeadersHandle.] */ if (!( (HTTPHeaders_ReplaceHeaderNameValuePair(*toBeUsedRequestHttpHeadersHandle, "Host", STRING_c_str(handleData->hostName)) == HTTP_HEADERS_OK) && (HTTPHeaders_ReplaceHeaderNameValuePair(*toBeUsedRequestHttpHeadersHandle, "Content-Length", temp) == HTTP_HEADERS_OK) )) { if (! *isOriginalRequestHttpHeadersHandle) { HTTPHeaders_Free(*toBeUsedRequestHttpHeadersHandle); } *toBeUsedRequestHttpHeadersHandle = NULL; result = __LINE__; } else { result = 0; } } return result; }
char* prov_auth_construct_sas_token(PROV_AUTH_HANDLE handle, const char* token_scope, const char* key_name, size_t expiry_time) { char* result; char expire_token[64] = { 0 }; if (handle == NULL || token_scope == NULL || key_name == NULL) { LogError("Invalid handle parameter handle: %p, token_scope: %p, key_name: %p", handle, token_scope, key_name); result = NULL; } else if (handle->sec_type == PROV_AUTH_TYPE_X509) { LogError("Invalid type for operation"); result = NULL; } else if (size_tToString(expire_token, sizeof(expire_token), expiry_time) != 0) { result = NULL; LogError("Failure creating expire token"); } else { size_t len = strlen(token_scope) + strlen(expire_token) + 3; char* payload = malloc(len + 1); if (payload == NULL) { result = NULL; LogError("Failure allocating payload for sas token."); } else { unsigned char* data_value; size_t data_len; (void)sprintf(payload, "%s\n%s", token_scope, expire_token); /* Codes_SRS_SECURE_ENCLAVE_CLIENT_07_031: [ prov_auth_get_certificate shall import the specified cert into the client using hsm_client_get_cert secure enclave function. ] */ if (sign_sas_data(handle, payload, &data_value, &data_len) == 0) { STRING_HANDLE urlEncodedSignature; STRING_HANDLE base64Signature; STRING_HANDLE sas_token_handle; if ((base64Signature = Azure_Base64_Encode_Bytes(data_value, data_len)) == NULL) { result = NULL; LogError("Failure constructing base64 encoding."); } else if ((urlEncodedSignature = URL_Encode(base64Signature)) == NULL) { result = NULL; LogError("Failure constructing url Signature."); STRING_delete(base64Signature); } else { sas_token_handle = STRING_construct_sprintf("SharedAccessSignature sr=%s&sig=%s&se=%s&skn=%s", token_scope, STRING_c_str(urlEncodedSignature), expire_token, key_name); if (sas_token_handle == NULL) { result = NULL; LogError("Failure constructing url Signature."); } else { const char* temp_sas_token = STRING_c_str(sas_token_handle); if (mallocAndStrcpy_s(&result, temp_sas_token) != 0) { LogError("Failure allocating and copying string."); result = NULL; } STRING_delete(sas_token_handle); } STRING_delete(base64Signature); STRING_delete(urlEncodedSignature); } free(data_value); } else { result = NULL; LogError("Failure generate sas token."); } free(payload); } } return result; }
STRING_HANDLE SASToken_Create(STRING_HANDLE key, STRING_HANDLE scope, STRING_HANDLE keyName, size_t expiry) { STRING_HANDLE result = NULL; char tokenExpirationTime[32] = { 0 }; /*Codes_SRS_SASTOKEN_06_001: [If key is NULL then SASToken_Create shall return NULL.]*/ /*Codes_SRS_SASTOKEN_06_003: [If scope is NULL then SASToken_Create shall return NULL.]*/ /*Codes_SRS_SASTOKEN_06_007: [If keyName is NULL then SASToken_Create shall return NULL.]*/ if ((key == NULL) || (scope == NULL) || (keyName == NULL)) { LogError("Invalid Parameter to SASToken_Create. handle key: %p, handle scope: %p, handle keyName: %p\r\n", key, scope, keyName); } else { BUFFER_HANDLE decodedKey; /*Codes_SRS_SASTOKEN_06_029: [The key parameter is decoded from base64.]*/ if ((decodedKey = Base64_Decoder(STRING_c_str(key))) == NULL) { /*Codes_SRS_SASTOKEN_06_030: [If there is an error in the decoding then SASToken_Create shall return NULL.]*/ LogError("Unable to decode the key for generating the SAS.\r\n"); } else { /*Codes_SRS_SASTOKEN_06_026: [If the conversion to string form fails for any reason then SASToken_Create shall return NULL.]*/ if (size_tToString(tokenExpirationTime, sizeof(tokenExpirationTime), expiry) != 0) { LogError("For some reason converting seconds to a string failed. No SAS can be generated.\r\n"); } else { STRING_HANDLE toBeHashed = NULL; BUFFER_HANDLE hash = NULL; if (((hash = BUFFER_new()) == NULL) || ((toBeHashed = STRING_new()) == NULL) || ((result = STRING_new()) == NULL)) { LogError("Unable to allocate memory to prepare SAS token.\r\n") } else { /*Codes_SRS_SASTOKEN_06_009: [The scope is the basis for creating a STRING_HANDLE.]*/ /*Codes_SRS_SASTOKEN_06_010: [A "\n" is appended to that string.]*/ /*Codes_SRS_SASTOKEN_06_011: [tokenExpirationTime is appended to that string.]*/ if ((STRING_concat_with_STRING(toBeHashed, scope) != 0) || (STRING_concat(toBeHashed, "\n") != 0) || (STRING_concat(toBeHashed, tokenExpirationTime) != 0)) { LogError("Unable to build the input to the HMAC to prepare SAS token.\r\n"); STRING_delete(result); result = NULL; } else { STRING_HANDLE base64Signature = NULL; STRING_HANDLE urlEncodedSignature = NULL; /*Codes_SRS_SASTOKEN_06_013: [If an error is returned from the HMAC256 function then NULL is returned from SASToken_Create.]*/ /*Codes_SRS_SASTOKEN_06_012: [An HMAC256 hash is calculated using the decodedKey, over toBeHashed.]*/ /*Codes_SRS_SASTOKEN_06_014: [If there are any errors from the following operations then NULL shall be returned.]*/ /*Codes_SRS_SASTOKEN_06_015: [The hash is base 64 encoded.]*/ /*Codes_SRS_SASTOKEN_06_028: [base64Signature shall be url encoded.]*/ /*Codes_SRS_SASTOKEN_06_016: [The string "SharedAccessSignature sr=" is the first part of the result of SASToken_Create.]*/ /*Codes_SRS_SASTOKEN_06_017: [The scope parameter is appended to result.]*/ /*Codes_SRS_SASTOKEN_06_018: [The string "&sig=" is appended to result.]*/ /*Codes_SRS_SASTOKEN_06_019: [The string urlEncodedSignature shall be appended to result.]*/ /*Codes_SRS_SASTOKEN_06_020: [The string "&se=" shall be appended to result.]*/ /*Codes_SRS_SASTOKEN_06_021: [tokenExpirationTime is appended to result.]*/ /*Codes_SRS_SASTOKEN_06_022: [The string "&skn=" is appended to result.]*/ /*Codes_SRS_SASTOKEN_06_023: [The argument keyName is appended to result.]*/ if ((HMACSHA256_ComputeHash(BUFFER_u_char(decodedKey), BUFFER_length(decodedKey), (const unsigned char*)STRING_c_str(toBeHashed), STRING_length(toBeHashed), hash) != HMACSHA256_OK) || ((base64Signature = Base64_Encode(hash)) == NULL) || ((urlEncodedSignature = URL_Encode(base64Signature)) == NULL) || (STRING_copy(result, "SharedAccessSignature sr=") != 0) || (STRING_concat_with_STRING(result, scope) != 0) || (STRING_concat(result, "&sig=") != 0) || (STRING_concat_with_STRING(result, urlEncodedSignature) != 0) || (STRING_concat(result, "&se=") != 0) || (STRING_concat(result, tokenExpirationTime) != 0) || (STRING_concat(result, "&skn=") != 0) || (STRING_concat_with_STRING(result, keyName) != 0)) { LogError("Unable to build the SAS token.\r\n"); STRING_delete(result); result = NULL; } else { /* everything OK */ } STRING_delete(base64Signature); STRING_delete(urlEncodedSignature); } } STRING_delete(toBeHashed); BUFFER_delete(hash); } BUFFER_delete(decodedKey); } } return result; }