com.microsoft.azure.storage.StorageCredentialsAccountAndKey Java Examples

/**
 * Computes a signature for the specified string using the HMAC-SHA256 algorithm.
 * 
 * @param value
 *            The UTF-8-encoded string to sign.
 * 
 * @return A <code>String</code> that contains the HMAC-SHA256-encoded signature.
 * 
 * @throws InvalidKeyException
 *             If the key is not a valid Base64-encoded string.
 */
public static synchronized String computeHmac256(final StorageCredentials creds, final String value) throws InvalidKeyException {
    if (creds.getClass().equals(StorageCredentialsAccountAndKey.class)) {
        byte[] utf8Bytes = null;
        try {
            utf8Bytes = value.getBytes(Constants.UTF8_CHARSET);
        }
        catch (final UnsupportedEncodingException e) {
            throw new IllegalArgumentException(e);
        }
        return Base64.encode(((StorageCredentialsAccountAndKey) creds).getHmac256().doFinal(utf8Bytes));
    }
    else {
        return null;
    }
}
 

/**
 * Signs a request using the specified operation context under the Shared Key authentication scheme.
 * 
 * @param request
 *            An <code>HttpURLConnection</code> object that represents the request to sign.
 * @param contentLength
 *            The length of the content written to the output stream. If unknown, specify -1.
 * @param opContext
 *            An {@link OperationContext} object that represents the context for the current operation. This object
 *            is used to track requests to the storage service, and to provide additional runtime information about
 *            the operation.
 * 
 * @throws InvalidKeyException
 *             If the given key is invalid.
 * @throws StorageException
 *             If a storage service error occurred.
 */
public static void signBlobQueueAndFileRequest(final StorageCredentials creds,
        final java.net.HttpURLConnection request, final long contentLength, OperationContext opContext)
        throws InvalidKeyException, StorageException {
    
    if (creds.getClass().equals(StorageCredentialsAccountAndKey.class)) {
        opContext = opContext == null ? new OperationContext() : opContext;
        request.setRequestProperty(Constants.HeaderConstants.DATE, Utility.getGMTTime());
        final Canonicalizer canonicalizer = CanonicalizerFactory.getBlobQueueFileCanonicalizer(request);

        final String stringToSign = canonicalizer.canonicalize(request, creds.getAccountName(), contentLength);

        final String computedBase64Signature = StorageCredentialsHelper.computeHmac256(creds, stringToSign);

        Logger.debug(opContext, LogConstants.SIGNING, stringToSign);

        request.setRequestProperty(Constants.HeaderConstants.AUTHORIZATION,
                String.format("%s %s:%s", "SharedKey", creds.getAccountName(), computedBase64Signature));
    }
}
 

/**
 * Signs a request using the specified operation context under the Shared Key authentication scheme.
 * 
 * @param request
 *            An <code>HttpURLConnection</code> object that represents the request to sign.
 * @param contentLength
 *            The length of the content written to the output stream. If unknown, specify -1.
 * @param opContext
 *            An {@link OperationContext} object that represents the context for the current operation. This object
 *            is used to track requests to the storage service, and to provide additional runtime information about
 *            the operation.
 * 
 * @throws InvalidKeyException
 *             If the given key is invalid.
 * @throws StorageException
 *             If a storage service error occurred.
 */
public static void signTableRequest(final StorageCredentials creds, final java.net.HttpURLConnection request,
        final long contentLength, OperationContext opContext) throws InvalidKeyException, StorageException {
    if (creds.getClass().equals(StorageCredentialsAccountAndKey.class)) {
        opContext = opContext == null ? new OperationContext() : opContext;
        request.setRequestProperty(Constants.HeaderConstants.DATE, Utility.getGMTTime());

        final Canonicalizer canonicalizer = CanonicalizerFactory.getTableCanonicalizer(request);

        final String stringToSign = canonicalizer.canonicalize(request, creds.getAccountName(), contentLength);

        final String computedBase64Signature = StorageCredentialsHelper.computeHmac256(creds, stringToSign);
        
        Logger.debug(opContext, LogConstants.SIGNING, stringToSign);

        request.setRequestProperty(Constants.HeaderConstants.AUTHORIZATION,
                String.format("%s %s:%s", "SharedKey", creds.getAccountName(), computedBase64Signature));
    }
}
 

private StorageCredentialsAccountAndKey provideStorageCredentialsAccountAndKey(final Provider<CoreV1Api> coreV1ApiProvider,
                                                                               final AbstractOperationRequest operationrequest) throws AzureModuleException {
    if (isRunningInKubernetes()) {
        return resolveCredentialsFromK8S(coreV1ApiProvider, operationrequest);
    } else {
        return resolveCredentialsFromEnvProperties();
    }
}
 

private StorageCredentialsAccountAndKey resolveCredentialsFromK8S(final Provider<CoreV1Api> coreV1ApiProvider,
                                                                  final AbstractOperationRequest operationrequest) {
    try {
        final String namespace = operationrequest.resolveKubernetesNamespace();
        final SecretReader secretReader = new SecretReader(coreV1ApiProvider);

        return secretReader.readIntoObject(namespace,
                                           operationrequest.resolveSecretName(),
                                           secret -> {
                                               final Map<String, byte[]> data = secret.getData();

                                               final byte[] azureStorageAccount = data.get("azurestorageaccount");
                                               final byte[] azureStorageKey = data.get("azurestoragekey");

                                               if (azureStorageAccount == null) {
                                                   throw new AzureModuleException(format("Secret %s does not contain any entry with key 'azurestorageaccount'",
                                                                                         secret.getMetadata().getName()));
                                               }

                                               if (azureStorageKey == null) {
                                                   throw new AzureModuleException(format("Secret %s does not contain any entry with key 'azurestoragekey'",
                                                                                         secret.getMetadata().getName()));
                                               }

                                               return new StorageCredentialsAccountAndKey(
                                                   new String(azureStorageAccount),
                                                   new String(azureStorageKey)
                                               );
                                           });
    } catch (final Exception ex) {
        throw new AzureModuleException("Unable to resolve Azure credentials for backup / restores from Kubernetes ", ex);
    }
}
 

/**
 * Connect to Azure storage using account key credentials.
 */
private void connectUsingConnectionStringCredentials(
    final String accountName, final String containerName,
    final String accountKey) throws InvalidKeyException, StorageException,
    IOException, URISyntaxException {
  // If the account name is "acc.blob.core.windows.net", then the
  // rawAccountName is just "acc"
  String rawAccountName = accountName.split("\\.")[0];
  StorageCredentials credentials = new StorageCredentialsAccountAndKey(
      rawAccountName, accountKey);
  connectUsingCredentials(accountName, credentials, containerName);
}
 

private void assertStorageCredentialsDetailsAccountNameAndAccountKey(AzureStorageCredentialsDetails storageCredentialsDetails) {
    assertEquals(ACCOUNT_NAME_VALUE, storageCredentialsDetails.getStorageAccountName());
    assertTrue(storageCredentialsDetails.getStorageCredentials() instanceof StorageCredentialsAccountAndKey);
    StorageCredentialsAccountAndKey storageCredentials = (StorageCredentialsAccountAndKey) storageCredentialsDetails.getStorageCredentials();
    assertEquals(ACCOUNT_NAME_VALUE, storageCredentials.getAccountName());
    assertEquals(ACCOUNT_KEY_VALUE, storageCredentials.exportBase64EncodedKey());
}
 

/**
 * Connect to Azure storage using account key credentials.
 */
private void connectUsingConnectionStringCredentials(
    final String accountName, final String containerName,
    final String accountKey) throws InvalidKeyException, StorageException,
    IOException, URISyntaxException {
  // If the account name is "acc.blob.core.windows.net", then the
  // rawAccountName is just "acc"
  String rawAccountName = accountName.split("\\.")[0];
  StorageCredentials credentials = new StorageCredentialsAccountAndKey(
      rawAccountName, accountKey);
  connectUsingCredentials(accountName, credentials, containerName);
}
 

@JsonCreator
public AzureTableConfiguration(@JsonProperty("accountName") String accountName,
                               @JsonProperty("accountKey") String accountKey,
                               @JsonProperty("timeout")Duration timeout,
                               @JsonProperty("retryInterval") Duration retryInterval,
                               @JsonProperty("retryAttempts") int retryAttempts) {
    this.retryInterval = checkNotNull(retryInterval, "retryInterval cannot be null");
    this.retryAttempts = retryAttempts;
    this.timeout = checkNotNull(timeout, "timeout cannot be null");
    this.storageCredentialsAccountAndKey =
            new StorageCredentialsAccountAndKey(
                    checkNotNull(accountName, "accountName cannot be null"),
                    checkNotNull(accountKey, "accountKey cannot be null"));
}
 

public AzureResourceFactory(AzureConfig config) throws InvalidKeyException, URISyntaxException {
    StorageCredentials credentials = new StorageCredentialsAccountAndKey(config.getAccountName(), config.getAccountKey());
Preconditions.checkArgument(credentials != null, "Invalid account credentials");
this.blobClient = new CloudStorageAccount(credentials, config.isHttps()).createCloudBlobClient();
 }
 

private StorageCredentials getStorageCredentials(String account, String key) {
    return key != null ? new StorageCredentialsAccountAndKey(account, key) : null;
}
 

protected CloudStorageAccount getStorageAccount() throws Exception {
    StorageCredentials storageCredentials = new StorageCredentialsAccountAndKey(getAccountName(), getAccountKey());
    return new CloudStorageAccount(storageCredentials, true);
}
 

@JsonIgnore
public StorageCredentialsAccountAndKey getStorageCredentialsAccountAndKey() {
    return storageCredentialsAccountAndKey;
}
 

public BlobContainerProvider(AzureStorageFileSystem parent, String connection, String account, String key) throws IOException {
  this(parent, account, connection, new StorageCredentialsAccountAndKey(account, key), false);
}
 

private StorageCredentialsAccountAndKey resolveCredentialsFromEnvProperties() {
    return new StorageCredentialsAccountAndKey(System.getenv("AZURE_STORAGE_ACCOUNT"), System.getenv("AZURE_STORAGE_KEY"));
}
 

/**
 * @throws InvalidKeyException 
 * @throws URISyntaxException 
 * 
 */
public AzureResourceFactory(String credentialsString, Boolean isHttps) throws InvalidKeyException, URISyntaxException {
	StorageCredentials storageCredentials = StorageCredentialsAccountAndKey.tryParseCredentials(credentialsString);
   CloudStorageAccount csa = new CloudStorageAccount(storageCredentials, isHttps);
   this.blobClient = csa.createCloudBlobClient();
}
 

/**
 *  RESERVED, for internal use only. Gets a value indicating whether a
 *  request can be signed under the Shared Key authentication scheme using
 *  the specified credentials.

 *  @return <Code>true</Code> if a request can be signed with these
 *  credentials; otherwise, <Code>false</Code>
 */
public static boolean canCredentialsSignRequest(final StorageCredentials creds) {
    return creds.getClass().equals(StorageCredentialsAccountAndKey.class);
}