Azure Storage Authentication (JavaScript)

1
votes

I've been looking at MSDN docs, articles, and stack overflow and I'm not sure what the problem is.

https://www.kaizenspark.com/blog/topic/mirthconnect

I've been using this article to try to connect to Azure queue storage using Mirth Connect.

Azure authorization is done as such:

importPackage(javax.crypto);
importPackage(javax.crypto.spec);
importPackage(org.apache.commons.codec.binary);

// Change the variables below to your actual account details
// Remember the queue name must be lower case or it will fail

var account = "devstoreaccount1";
var key = "Access key";
var path = "devstoreaccount1/myqueuename/messages";
// No changes below this line
var apiVersion = "2011-08-18";
var contentLength = String(tmp).length;
var gmtDateString = new Date().toGMTString();

var stringToSign =
    "POST\n" +      /*HTTP Verb*/
    "\n" +          /*Content-Encoding*/
    "\n" +          /*Content-Language*/
    contentLength + "\n" +          /*Content-Length*/
    "\n" +          /*Content-MD5*/
    "text/xml; charset=UTF-8\n" +  /*Content-Type*/
    "\n" +          /*Date*/
    "\n" +          /*If-Modified-Since */
    "\n" +          /*If-Match*/
    "\n" +          /*If-None-Match*/
    "\n" +          /*If-Unmodified-Since*/
    "\n" +          /*Range*/
    /* CanonicalizedHeaders */
    "x-ms-date:" + gmtDateString + "\n" +
    "x-ms-version:" + apiVersion + "\n" +
    /* CanonicalizedResource */
    "/" + account + "/" + path;


var mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(Base64.decodeBase64(key), mac.getAlgorithm()));
mac.update(java.lang.String(stringToSign).getBytes("UTF-8"));
var hmac = Base64.encodeBase64String(mac.doFinal());
connectorMap.put('Authorization', 'SharedKey ' + account + ':' + hmac);
connectorMap.put('x-ms-date', gmtDateString);
connectorMap.put('x-ms-version', apiVersion);
connectorMap.put('path', path);

I've changed nothing other than input my own account name, key, and path. According to docs here: https://msdn.microsoft.com/en-us/library/azure/dd179428.aspx# , the stringToSign seems correct.

However, I get this error:

ERROR MESSAGE: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:'id' Time:2016-10-19T17:24:51.6491513Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'key' is not the same as any computed signature. Server used following string to sign: 'POST 88 text/xml; charset=UTF-8 x-ms-date:Wed, 19 Oct 2016 17:24:50 GMT x-ms-version:2011-08-18 /accountname/queuename'.</AuthenticationErrorDetail></Error>

I changed the request id to 'key' and account name, and queue name just for privacy but otherwise the error message is as it was displayed to me. Any assistance would be much appreciated!

1
javascriptazureauthenticationazure-storagemirth
Can you tell what operation are you trying to do? It looks like you're trying to add message to the queue but wanted to be sure. Also, please confirm that you're trying to do this with storage emulator and not cloud storage account.Gaurav Mantri

1 Answers

0
votes

According your error message:

Server used following string to sign: 'POST 88 text/xml; charset=UTF-8 x-ms-date:Wed, 19 Oct 2016 17:24:50 GMT x-ms-version:2011-08-18 /accountname/queuename'

It seems your SDK get something wrong during generating the signature. The CanonicalizedResource should be like /<accountname>/<queuename>/messages, which now is lacking /messages in your signature.

Please refer the following pure node.js code for Put Message:

var crypto = require('crypto');
var request = require('request');
var key = "<key>";
var strTime = (new Date()).toGMTString();
var apiVersion = "2011-08-18";
var account = "<accountname>";
var path = "myqueue/messages";
var body = "<QueueMessage>"+
            "<MessageText>PHNhbXBsZT5zYW1wbGUgbWVzc2FnZTwvc2FtcGxlPg==</MessageText>"+
            "</QueueMessage>";
var strToSign =
    "POST\n" +      /*HTTP Verb*/
    "\n" +          /*Content-Encoding*/
    "\n" +          /*Content-Language*/
    body.length + "\n" +          /*Content-Length*/
    "\n" +          /*Content-MD5*/
    "\n" +  /*Content-Type*/
    "\n" +          /*Date*/
    "\n" +          /*If-Modified-Since */
    "\n" +          /*If-Match*/
    "\n" +          /*If-None-Match*/
    "\n" +          /*If-Unmodified-Since*/
    "\n" +          /*Range*/
    /* CanonicalizedHeaders */
    "x-ms-date:" + strTime + "\n" +
    "x-ms-version:" + apiVersion + "\n" +
    /* CanonicalizedResource */
    "/" + account + "/" + path;
var sharedKey = crypto.createHmac('sha256',new Buffer(key,'base64')).update(strToSign, 'utf-8').digest('base64');
var auth = "SharedKey "+account+":"+sharedKey;
var options = {
  method: 'POST',
  url: 'https://'+account+'.queue.core.windows.net/'+path,
  headers: {
    'Authorization':auth,
    'x-ms-date':strTime,
    'x-ms-version':apiVersion
  },
  body: body
};
request(options, function callback(error, response, body) {
  if (!error && response.statusCode == 200) {
    var info = JSON.parse(body);
    console.log(info);
  }else{
    // console.log(response)
    console.log(body)
  }
});