in sdk/storage/storage-file-datalake/src/sas/DataLakeSASSignatureValues.ts [846:959]
function generateBlobSASQueryParameters20201206(
dataLakeSASSignatureValues: DataLakeSASSignatureValues,
sharedKeyCredential: StorageSharedKeyCredential,
): { sasQueryParameter: SASQueryParameters; stringToSign: string } {
if (
!dataLakeSASSignatureValues.identifier &&
!(dataLakeSASSignatureValues.permissions && dataLakeSASSignatureValues.expiresOn)
) {
throw new RangeError(
"Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.",
);
}
const version = dataLakeSASSignatureValues.version
? dataLakeSASSignatureValues.version
: SERVICE_VERSION;
dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(
dataLakeSASSignatureValues,
version,
);
let resource: string = "c";
if (dataLakeSASSignatureValues.pathName) {
if (dataLakeSASSignatureValues.isDirectory) {
resource = "d";
} else {
resource = "b";
if (dataLakeSASSignatureValues.snapshotTime) {
resource = "bs";
}
}
}
// Calling parse and toString guarantees the proper ordering and throws on invalid characters.
let verifiedPermissions: string | undefined;
if (dataLakeSASSignatureValues.permissions) {
if (dataLakeSASSignatureValues.pathName) {
if (dataLakeSASSignatureValues.isDirectory) {
verifiedPermissions = DirectorySASPermissions.parse(
dataLakeSASSignatureValues.permissions.toString(),
).toString();
} else {
verifiedPermissions = DataLakeSASPermissions.parse(
dataLakeSASSignatureValues.permissions.toString(),
).toString();
}
} else {
verifiedPermissions = FileSystemSASPermissions.parse(
dataLakeSASSignatureValues.permissions.toString(),
).toString();
}
}
// Signature is generated on the un-url-encoded values.
const stringToSign = [
verifiedPermissions ? verifiedPermissions : "",
dataLakeSASSignatureValues.startsOn
? truncatedISO8061Date(dataLakeSASSignatureValues.startsOn, false)
: "",
dataLakeSASSignatureValues.expiresOn
? truncatedISO8061Date(dataLakeSASSignatureValues.expiresOn, false)
: "",
getCanonicalName(
sharedKeyCredential.accountName,
dataLakeSASSignatureValues.fileSystemName,
dataLakeSASSignatureValues.pathName,
),
dataLakeSASSignatureValues.identifier,
dataLakeSASSignatureValues.ipRange ? ipRangeToString(dataLakeSASSignatureValues.ipRange) : "",
dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
version,
resource,
dataLakeSASSignatureValues.snapshotTime,
dataLakeSASSignatureValues.encryptionScope ? dataLakeSASSignatureValues.encryptionScope : "",
dataLakeSASSignatureValues.cacheControl ? dataLakeSASSignatureValues.cacheControl : "",
dataLakeSASSignatureValues.contentDisposition
? dataLakeSASSignatureValues.contentDisposition
: "",
dataLakeSASSignatureValues.contentEncoding ? dataLakeSASSignatureValues.contentEncoding : "",
dataLakeSASSignatureValues.contentLanguage ? dataLakeSASSignatureValues.contentLanguage : "",
dataLakeSASSignatureValues.contentType ? dataLakeSASSignatureValues.contentType : "",
].join("\n");
const signature = sharedKeyCredential.computeHMACSHA256(stringToSign);
return {
sasQueryParameter: new SASQueryParameters(
version,
signature,
verifiedPermissions,
undefined,
undefined,
dataLakeSASSignatureValues.protocol,
dataLakeSASSignatureValues.startsOn,
dataLakeSASSignatureValues.expiresOn,
dataLakeSASSignatureValues.ipRange,
dataLakeSASSignatureValues.identifier,
resource,
dataLakeSASSignatureValues.cacheControl,
dataLakeSASSignatureValues.contentDisposition,
dataLakeSASSignatureValues.contentEncoding,
dataLakeSASSignatureValues.contentLanguage,
dataLakeSASSignatureValues.contentType,
undefined,
dataLakeSASSignatureValues.directoryDepth,
undefined,
undefined,
undefined,
dataLakeSASSignatureValues.encryptionScope,
),
stringToSign: stringToSign,
};
}