1# ------------------------------------------------------------------------- 2# Copyright (c) Microsoft Corporation. All rights reserved. 3# Licensed under the MIT License. See License.txt in the project root for 4# license information. 5# -------------------------------------------------------------------------- 6 7from ..common.sharedaccesssignature import ( 8 SharedAccessSignature, 9 _SharedAccessHelper, 10 _QueryStringConstants, 11 _sign_string, 12) 13from ..common._common_conversion import ( 14 _to_str, 15) 16from ._constants import X_MS_VERSION 17 18 19class FileSharedAccessSignature(SharedAccessSignature): 20 ''' 21 Provides a factory for creating file and share access 22 signature tokens with a common account name and account key. Users can either 23 use the factory or can construct the appropriate service and use the 24 generate_*_shared_access_signature method directly. 25 ''' 26 27 def __init__(self, account_name, account_key): 28 ''' 29 :param str account_name: 30 The storage account name used to generate the shared access signatures. 31 :param str account_key: 32 The access key to generate the shares access signatures. 33 ''' 34 super(FileSharedAccessSignature, self).__init__(account_name, account_key, x_ms_version=X_MS_VERSION) 35 36 def generate_file(self, share_name, directory_name=None, file_name=None, 37 permission=None, expiry=None, start=None, id=None, 38 ip=None, protocol=None, cache_control=None, 39 content_disposition=None, content_encoding=None, 40 content_language=None, content_type=None): 41 ''' 42 Generates a shared access signature for the file. 43 Use the returned signature with the sas_token parameter of FileService. 44 45 :param str share_name: 46 Name of share. 47 :param str directory_name: 48 Name of directory. SAS tokens cannot be created for directories, so 49 this parameter should only be present if file_name is provided. 50 :param str file_name: 51 Name of file. 52 :param FilePermissions permission: 53 The permissions associated with the shared access signature. The 54 user is restricted to operations allowed by the permissions. 55 Permissions must be ordered read, create, write, delete, list. 56 Required unless an id is given referencing a stored access policy 57 which contains this field. This field must be omitted if it has been 58 specified in an associated stored access policy. 59 :param expiry: 60 The time at which the shared access signature becomes invalid. 61 Required unless an id is given referencing a stored access policy 62 which contains this field. This field must be omitted if it has 63 been specified in an associated stored access policy. Azure will always 64 convert values to UTC. If a date is passed in without timezone info, it 65 is assumed to be UTC. 66 :type expiry: datetime or str 67 :param start: 68 The time at which the shared access signature becomes valid. If 69 omitted, start time for this call is assumed to be the time when the 70 storage service receives the request. Azure will always convert values 71 to UTC. If a date is passed in without timezone info, it is assumed to 72 be UTC. 73 :type start: datetime or str 74 :param str id: 75 A unique value up to 64 characters in length that correlates to a 76 stored access policy. To create a stored access policy, use 77 set_file_service_properties. 78 :param str ip: 79 Specifies an IP address or a range of IP addresses from which to accept requests. 80 If the IP address from which the request originates does not match the IP address 81 or address range specified on the SAS token, the request is not authenticated. 82 For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS 83 restricts the request to those IP addresses. 84 :param str protocol: 85 Specifies the protocol permitted for a request made. The default value 86 is https,http. See :class:`~azure.storage.common.models.Protocol` for possible values. 87 :param str cache_control: 88 Response header value for Cache-Control when resource is accessed 89 using this shared access signature. 90 :param str content_disposition: 91 Response header value for Content-Disposition when resource is accessed 92 using this shared access signature. 93 :param str content_encoding: 94 Response header value for Content-Encoding when resource is accessed 95 using this shared access signature. 96 :param str content_language: 97 Response header value for Content-Language when resource is accessed 98 using this shared access signature. 99 :param str content_type: 100 Response header value for Content-Type when resource is accessed 101 using this shared access signature. 102 ''' 103 resource_path = share_name 104 if directory_name is not None: 105 resource_path += '/' + _to_str(directory_name) 106 resource_path += '/' + _to_str(file_name) 107 108 sas = _FileSharedAccessHelper() 109 sas.add_base(permission, expiry, start, ip, protocol, self.x_ms_version) 110 sas.add_id(id) 111 sas.add_resource('f') 112 sas.add_override_response_headers(cache_control, content_disposition, 113 content_encoding, content_language, 114 content_type) 115 sas.add_resource_signature(self.account_name, self.account_key, resource_path) 116 117 return sas.get_token() 118 119 def generate_share(self, share_name, permission=None, expiry=None, 120 start=None, id=None, ip=None, protocol=None, 121 cache_control=None, content_disposition=None, 122 content_encoding=None, content_language=None, 123 content_type=None): 124 ''' 125 Generates a shared access signature for the share. 126 Use the returned signature with the sas_token parameter of FileService. 127 128 :param str share_name: 129 Name of share. 130 :param SharePermissions permission: 131 The permissions associated with the shared access signature. The 132 user is restricted to operations allowed by the permissions. 133 Permissions must be ordered read, create, write, delete, list. 134 Required unless an id is given referencing a stored access policy 135 which contains this field. This field must be omitted if it has been 136 specified in an associated stored access policy. 137 :param expiry: 138 The time at which the shared access signature becomes invalid. 139 Required unless an id is given referencing a stored access policy 140 which contains this field. This field must be omitted if it has 141 been specified in an associated stored access policy. Azure will always 142 convert values to UTC. If a date is passed in without timezone info, it 143 is assumed to be UTC. 144 :type expiry: datetime or str 145 :param start: 146 The time at which the shared access signature becomes valid. If 147 omitted, start time for this call is assumed to be the time when the 148 storage service receives the request. Azure will always convert values 149 to UTC. If a date is passed in without timezone info, it is assumed to 150 be UTC. 151 :type start: datetime or str 152 :param str id: 153 A unique value up to 64 characters in length that correlates to a 154 stored access policy. To create a stored access policy, use 155 set_file_service_properties. 156 :param str ip: 157 Specifies an IP address or a range of IP addresses from which to accept requests. 158 If the IP address from which the request originates does not match the IP address 159 or address range specified on the SAS token, the request is not authenticated. 160 For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS 161 restricts the request to those IP addresses. 162 :param str protocol: 163 Specifies the protocol permitted for a request made. The default value 164 is https,http. See :class:`~azure.storage.common.models.Protocol` for possible values. 165 :param str cache_control: 166 Response header value for Cache-Control when resource is accessed 167 using this shared access signature. 168 :param str content_disposition: 169 Response header value for Content-Disposition when resource is accessed 170 using this shared access signature. 171 :param str content_encoding: 172 Response header value for Content-Encoding when resource is accessed 173 using this shared access signature. 174 :param str content_language: 175 Response header value for Content-Language when resource is accessed 176 using this shared access signature. 177 :param str content_type: 178 Response header value for Content-Type when resource is accessed 179 using this shared access signature. 180 ''' 181 sas = _FileSharedAccessHelper() 182 sas.add_base(permission, expiry, start, ip, protocol, self.x_ms_version) 183 sas.add_id(id) 184 sas.add_resource('s') 185 sas.add_override_response_headers(cache_control, content_disposition, 186 content_encoding, content_language, 187 content_type) 188 sas.add_resource_signature(self.account_name, self.account_key, share_name) 189 190 return sas.get_token() 191 192 193class _FileSharedAccessHelper(_SharedAccessHelper): 194 def __init__(self): 195 super(_FileSharedAccessHelper, self).__init__() 196 197 def add_resource_signature(self, account_name, account_key, path): 198 def get_value_to_append(query): 199 return_value = self.query_dict.get(query) or '' 200 return return_value + '\n' 201 202 if path[0] != '/': 203 path = '/' + path 204 205 canonicalized_resource = '/file/' + account_name + path + '\n' 206 207 # Form the string to sign from shared_access_policy and canonicalized 208 # resource. The order of values is important. 209 string_to_sign = \ 210 (get_value_to_append(_QueryStringConstants.SIGNED_PERMISSION) + 211 get_value_to_append(_QueryStringConstants.SIGNED_START) + 212 get_value_to_append(_QueryStringConstants.SIGNED_EXPIRY) + 213 canonicalized_resource + 214 get_value_to_append(_QueryStringConstants.SIGNED_IDENTIFIER) + 215 get_value_to_append(_QueryStringConstants.SIGNED_IP) + 216 get_value_to_append(_QueryStringConstants.SIGNED_PROTOCOL) + 217 get_value_to_append(_QueryStringConstants.SIGNED_VERSION) + 218 get_value_to_append(_QueryStringConstants.SIGNED_CACHE_CONTROL) + 219 get_value_to_append(_QueryStringConstants.SIGNED_CONTENT_DISPOSITION) + 220 get_value_to_append(_QueryStringConstants.SIGNED_CONTENT_ENCODING) + 221 get_value_to_append(_QueryStringConstants.SIGNED_CONTENT_LANGUAGE) + 222 get_value_to_append(_QueryStringConstants.SIGNED_CONTENT_TYPE)) 223 224 # remove the trailing newline 225 if string_to_sign[-1] == '\n': 226 string_to_sign = string_to_sign[:-1] 227 228 self._add_query(_QueryStringConstants.SIGNED_SIGNATURE, 229 _sign_string(account_key, string_to_sign)) 230