| | | 1 | | // Copyright (c) Microsoft Corporation. All rights reserved. |
| | | 2 | | // Licensed under the MIT License. |
| | | 3 | | |
| | | 4 | | using System; |
| | | 5 | | using System.Threading; |
| | | 6 | | using System.Threading.Tasks; |
| | | 7 | | using Azure.Core; |
| | | 8 | | |
| | | 9 | | namespace Azure.Messaging.EventHubs.Authorization |
| | | 10 | | { |
| | | 11 | | /// <summary> |
| | | 12 | | /// Provides a credential based on a shared access signature for a given |
| | | 13 | | /// Event Hub instance. |
| | | 14 | | /// </summary> |
| | | 15 | | /// |
| | | 16 | | /// <seealso cref="SharedAccessSignature" /> |
| | | 17 | | /// <seealso cref="Azure.Core.TokenCredential" /> |
| | | 18 | | /// |
| | | 19 | | internal class SharedAccessSignatureCredential : TokenCredential |
| | | 20 | | { |
| | | 21 | | /// <summary>The buffer to apply when considering refreshing; signatures that expire less than this duration wil |
| | 0 | 22 | | private static readonly TimeSpan SignatureRefreshBuffer = TimeSpan.FromMinutes(10); |
| | | 23 | | |
| | | 24 | | /// <summary>The length of time extend signature validity, if a token was requested.</summary> |
| | 0 | 25 | | private static readonly TimeSpan SignatureExtensionDuration = TimeSpan.FromMinutes(30); |
| | | 26 | | |
| | | 27 | | /// <summary>Provides a target for synchronization to guard against concurrent token expirations.</summary> |
| | 0 | 28 | | private readonly object SignatureSyncRoot = new object(); |
| | | 29 | | |
| | | 30 | | /// <summary> |
| | | 31 | | /// The shared access signature that forms the basis of this security token. |
| | | 32 | | /// </summary> |
| | | 33 | | /// |
| | 0 | 34 | | private SharedAccessSignature SharedAccessSignature { get; set; } |
| | | 35 | | |
| | | 36 | | /// <summary> |
| | | 37 | | /// Initializes a new instance of the <see cref="SharedAccessSignatureCredential"/> class. |
| | | 38 | | /// </summary> |
| | | 39 | | /// |
| | | 40 | | /// <param name="signature">The shared access signature on which to base the token.</param> |
| | | 41 | | /// |
| | 0 | 42 | | public SharedAccessSignatureCredential(SharedAccessSignature signature) |
| | | 43 | | { |
| | 0 | 44 | | Argument.AssertNotNull(signature, nameof(signature)); |
| | 0 | 45 | | SharedAccessSignature = signature; |
| | 0 | 46 | | } |
| | | 47 | | |
| | | 48 | | /// <summary> |
| | | 49 | | /// Retrieves the token that represents the shared access signature credential, for |
| | | 50 | | /// use in authorization against an Event Hub. |
| | | 51 | | /// </summary> |
| | | 52 | | /// |
| | | 53 | | /// <param name="requestContext">The details of the authentication request.</param> |
| | | 54 | | /// <param name="cancellationToken">The token used to request cancellation of the operation.</param> |
| | | 55 | | /// |
| | | 56 | | /// <returns>The token representing the shared access signature for this credential.</returns> |
| | | 57 | | /// |
| | | 58 | | public override AccessToken GetToken(TokenRequestContext requestContext, |
| | | 59 | | CancellationToken cancellationToken) |
| | | 60 | | { |
| | 0 | 61 | | if (SharedAccessSignature.SignatureExpiration <= DateTimeOffset.UtcNow.Add(SignatureRefreshBuffer)) |
| | | 62 | | { |
| | 0 | 63 | | lock (SignatureSyncRoot) |
| | | 64 | | { |
| | 0 | 65 | | if (SharedAccessSignature.SignatureExpiration <= DateTimeOffset.UtcNow.Add(SignatureRefreshBuffer)) |
| | | 66 | | { |
| | 0 | 67 | | SharedAccessSignature = SharedAccessSignature.CloneWithNewExpiration(SignatureExtensionDuration) |
| | | 68 | | } |
| | 0 | 69 | | } |
| | | 70 | | } |
| | | 71 | | |
| | 0 | 72 | | return new AccessToken(SharedAccessSignature.Value, SharedAccessSignature.SignatureExpiration); |
| | | 73 | | } |
| | | 74 | | |
| | | 75 | | /// <summary> |
| | | 76 | | /// Retrieves the token that represents the shared access signature credential, for |
| | | 77 | | /// use in authorization against an Event Hub. |
| | | 78 | | /// </summary> |
| | | 79 | | /// |
| | | 80 | | /// <param name="requestContext">The details of the authentication request.</param> |
| | | 81 | | /// <param name="cancellationToken">The token used to request cancellation of the operation.</param> |
| | | 82 | | /// |
| | | 83 | | /// <returns>The token representing the shared access signature for this credential.</returns> |
| | | 84 | | /// |
| | | 85 | | public override ValueTask<AccessToken> GetTokenAsync(TokenRequestContext requestContext, |
| | 0 | 86 | | CancellationToken cancellationToken) => new ValueTask<Acces |
| | | 87 | | |
| | | 88 | | /// <summary> |
| | | 89 | | /// It creates a new shared signature using the key name and the key value passed as |
| | | 90 | | /// input allowing credentials rotation. A call will not extend the signature duration. |
| | | 91 | | /// </summary> |
| | | 92 | | /// |
| | | 93 | | /// <param name="keyName">The name of the shared access key that the signature should be based on.</param> |
| | | 94 | | /// <param name="keyValue">The value of the shared access key for the signature.</param> |
| | | 95 | | /// |
| | | 96 | | internal void UpdateSharedAccessKey(string keyName, string keyValue) |
| | | 97 | | { |
| | 0 | 98 | | lock (SignatureSyncRoot) |
| | | 99 | | { |
| | 0 | 100 | | SharedAccessSignature = new SharedAccessSignature(SharedAccessSignature.Resource, |
| | 0 | 101 | | keyName, |
| | 0 | 102 | | keyValue, |
| | 0 | 103 | | SharedAccessSignature.Value, |
| | 0 | 104 | | SharedAccessSignature.SignatureExpiration); |
| | 0 | 105 | | } |
| | 0 | 106 | | } |
| | | 107 | | } |
| | | 108 | | } |