in sdk/storage/storage-blob/src/sas/AccountSASSignatureValues.ts [99:221]
export function generateAccountSASQueryParametersInternal(
accountSASSignatureValues: AccountSASSignatureValues,
sharedKeyCredential: StorageSharedKeyCredential,
): { sasQueryParameters: SASQueryParameters; stringToSign: string } {
const version = accountSASSignatureValues.version
? accountSASSignatureValues.version
: SERVICE_VERSION;
if (
accountSASSignatureValues.permissions &&
accountSASSignatureValues.permissions.setImmutabilityPolicy &&
version < "2020-08-04"
) {
throw RangeError("'version' must be >= '2020-08-04' when provided 'i' permission.");
}
if (
accountSASSignatureValues.permissions &&
accountSASSignatureValues.permissions.deleteVersion &&
version < "2019-10-10"
) {
throw RangeError("'version' must be >= '2019-10-10' when provided 'x' permission.");
}
if (
accountSASSignatureValues.permissions &&
accountSASSignatureValues.permissions.permanentDelete &&
version < "2019-10-10"
) {
throw RangeError("'version' must be >= '2019-10-10' when provided 'y' permission.");
}
if (
accountSASSignatureValues.permissions &&
accountSASSignatureValues.permissions.tag &&
version < "2019-12-12"
) {
throw RangeError("'version' must be >= '2019-12-12' when provided 't' permission.");
}
if (
accountSASSignatureValues.permissions &&
accountSASSignatureValues.permissions.filter &&
version < "2019-12-12"
) {
throw RangeError("'version' must be >= '2019-12-12' when provided 'f' permission.");
}
if (accountSASSignatureValues.encryptionScope && version < "2020-12-06") {
throw RangeError("'version' must be >= '2020-12-06' when provided 'encryptionScope' in SAS.");
}
const parsedPermissions = AccountSASPermissions.parse(
accountSASSignatureValues.permissions.toString(),
);
const parsedServices = AccountSASServices.parse(accountSASSignatureValues.services).toString();
const parsedResourceTypes = AccountSASResourceTypes.parse(
accountSASSignatureValues.resourceTypes,
).toString();
let stringToSign: string;
if (version >= "2020-12-06") {
stringToSign = [
sharedKeyCredential.accountName,
parsedPermissions,
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.startsOn
? truncatedISO8061Date(accountSASSignatureValues.startsOn, false)
: "",
truncatedISO8061Date(accountSASSignatureValues.expiresOn, false),
accountSASSignatureValues.ipRange ? ipRangeToString(accountSASSignatureValues.ipRange) : "",
accountSASSignatureValues.protocol ? accountSASSignatureValues.protocol : "",
version,
accountSASSignatureValues.encryptionScope ? accountSASSignatureValues.encryptionScope : "",
"", // Account SAS requires an additional newline character
].join("\n");
} else {
stringToSign = [
sharedKeyCredential.accountName,
parsedPermissions,
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.startsOn
? truncatedISO8061Date(accountSASSignatureValues.startsOn, false)
: "",
truncatedISO8061Date(accountSASSignatureValues.expiresOn, false),
accountSASSignatureValues.ipRange ? ipRangeToString(accountSASSignatureValues.ipRange) : "",
accountSASSignatureValues.protocol ? accountSASSignatureValues.protocol : "",
version,
"", // Account SAS requires an additional newline character
].join("\n");
}
const signature: string = sharedKeyCredential.computeHMACSHA256(stringToSign);
return {
sasQueryParameters: new SASQueryParameters(
version,
signature,
parsedPermissions.toString(),
parsedServices,
parsedResourceTypes,
accountSASSignatureValues.protocol,
accountSASSignatureValues.startsOn,
accountSASSignatureValues.expiresOn,
accountSASSignatureValues.ipRange,
undefined,
undefined,
undefined,
undefined,
undefined,
undefined,
undefined,
undefined,
undefined,
undefined,
accountSASSignatureValues.encryptionScope,
),
stringToSign: stringToSign,
};
}