Hello I try to create a SAS to a blob on azure storage in java. I write the following code:
public static String GSAS(String url, String signedstart, String signedexpiry) throws
Exception {
String accountName = "taelearninguat2";
String accountKey = "xxxx"; // Here I hide the passsword
String signedpermissions = "r";
signedstart = "2020-02-18T08:49Z";
signedexpiry = "2020-02-28T08:49Z";
String canonicalizedResource = "/blob/" + accountName + "/resource/8a5dcc036edbba6a016ede49fec30000.jpg";
String signedIP = "";
String signedProtocol = "";
String signedidentifier = "";
String signedversion = "2015-04-05";
String rscc = "";
String responsecontent = "file; attachment";
String rsce = "";
String rscl = "";
String rsct = "binary";
String stringToSign =
signedpermissions + "\n" +
signedstart + "\n" +
signedexpiry + "\n" +
canonicalizedResource + "\n" +
signedidentifier + "\n" +
signedIP + "\n" +
signedProtocol + "\n" +
signedversion + "\n" +
rscc + "\n" +
responsecontent + "\n" +
rsce + "\n" +
rscl + "\n" +
rsct;
String sig = computeHmac256(stringToSign,Base64.getDecoder().decode(accountKey));
StringBuffer param = new StringBuffer();
param.append("?")
.append("sv=").append(URLEncoder.encode(signedversion, "UTF-8")).append("&")
.append("sr=").append(URLEncoder.encode("b", "UTF-8")).append("&")
.append("sig=").append(URLEncoder.encode(sig, "UTF-8")).append("&")
.append("st=").append(URLEncoder.encode(signedstart, "UTF-8")).append("&")
.append("se=").append(URLEncoder.encode(signedexpiry, "UTF-8")).append("&")
.append("sp=").append(URLEncoder.encode(signedpermissions, "UTF-8")).append("&")
.append("rscd=").append(URLEncoder.encode(responsecontent, "UTF-8")).append("&")
.append("rsct=").append(URLEncoder.encode(rsct, "UTF-8"));
String sasURL = url + param.toString();
return sasURL;
}
static String computeHmac256(String stringToSign, byte[] accountKey) throws Exception {
try {
/*
We must get a new instance of the Mac calculator for each signature calculated because the instances are
not threadsafe and there is some suggestion online that they may not even be safe for reuse, so we use a
new one each time to be sure.
*/
Mac hmacSha256 = Mac.getInstance("HmacSHA256");
hmacSha256.init(new SecretKeySpec(accountKey, "HmacSHA256"));
byte[] utf8Bytes = stringToSign.getBytes("UTF-8");
return Base64.getEncoder().encodeToString(hmacSha256.doFinal(utf8Bytes));
} catch (Exception e) {
throw new Error(e);
}
}
Suppose I have a picture which url is : https://taelearninguat2.blob.core.chinacloudapi.cn/resource/8a5dcc036edbba6a016ede49fec30000.jpg
so the stringToSign is :
r
2020-02-18T08:49Z
2020-02-28T08:49Z
/blob/taelearninguat2/resource/8a5dcc036edbba6a016ede49fec30000.jpg
2015-04-05
file; attachment
binary
<AuthenticationErrorDetail>Signature did not match. String to sign used was r 2020-02-18T08:49Z 2020-02-28T08:49Z /blob/taelearninguat2/resource/8a5dcc036edbba6a016ede49fec30000.jpg 2015-04-05 file; attachment</AuthenticationErrorDetail>
new update: alter the time params: signedstart = 2019-11-27 signedexpiry = 2019-12-04 then result to be : Signature not valid in the specified time frame: Start [Wed, 27 Nov 2019 00:00:00 GMT] - Expiry [Wed, 04 Dec 2019 00:00:00 GMT] - Current [Thu, 20 Feb 2020 14:45:57 GMT]
but signedstart = 2020-02-19 signedexpiry = 2020-02-25 still signature not match
