(C) Create an Azure Service SAS

Shows how to generate an Azure Service SAS.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkAuthAzureSAS.h>
#include <C_CkDateTime.h>
#include <C_CkFileAccess.h>

void ChilkatSample(void)
    {
    HCkAuthAzureSAS authSas;
    HCkDateTime dt;
    const char *sasToken;
    HCkFileAccess fac;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // ----------------------------------------------------------------------------------------------
    // Create a Shared Access Signature (SAS) token for an Azure Service (Blob, Queue, Table, or File)
    // -----------------------------------------------------------------------------------------------

    // See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
    // for details.

    authSas = CkAuthAzureSAS_Create();
    CkAuthAzureSAS_putAccessKey(authSas,"AZURE_ACCESS_KEY");

    // Specify the format of the string to sign.
    // Each comma character in the following string represents a LF ("\n") character.
    // The names specified in the StringToSign are replaced with the values specified
    // in the subsequent calls to SetTokenParam and SetNonTokenParam,.

    // Note: The trailing comma in the StringToSign is intentional and important. This indicates that the 
    // string to sign will end with a "\n".

    // Also note: The names in the StringToSign are case sensitive.  The names
    // specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
    // match a name listed in StringToSign. 

    // Version 2018-11-09 and later
    // 
    // Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields. 
    // These must be included in the string-to-sign. To construct the string-to-sign for Blob service resources, use the following format:
    // 
    // StringToSign = signedpermissions + "\n" +  
    //                signedstart + "\n" +  
    //                signedexpiry + "\n" +  
    //                canonicalizedresource + "\n" +  
    //                signedidentifier + "\n" +  
    //                signedIP + "\n" +  
    //                signedProtocol + "\n" +  
    //                signedversion + "\n" +  
    //                signedResource + "\n"
    //                signedSnapshotTime + "\n" +
    //                rscc + "\n" +  
    //                rscd + "\n" +  
    //                rsce + "\n" +  
    //                rscl + "\n" +  
    //                rsct  
    // 

    CkAuthAzureSAS_putStringToSign(authSas,"signedpermissions,signedstart,signedexpiry,canonicalizedresource,signedidentifier,signedIP,signedProtocol,signedversion,signedResource,signedSnapshotTime,rscc,rscd,rsce,rscl,rsct");

    CkAuthAzureSAS_SetTokenParam(authSas,"signedpermissions","sp","rw");

    dt = CkDateTime_Create();
    CkDateTime_SetFromCurrentSystemTime(dt);
    CkAuthAzureSAS_SetTokenParam(authSas,"signedstart","st",CkDateTime_getAsIso8601(dt,"YYYY-MM-DDThh:mmTZD",FALSE));

    // This SAS token will be valid for 30 days.
    CkDateTime_AddDays(dt,30);
    CkAuthAzureSAS_SetTokenParam(authSas,"signedexpiry","se",CkDateTime_getAsIso8601(dt,"YYYY-MM-DDThh:mmTZD",FALSE));

    // The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version
    // 2021-08-06 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blobs container. Table names must be
    // lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
    // For example:
    // URL = https://chilkat.blob.core.windows.net/mycontainer/starfish.jpg
    // canonicalizedresource = "/blob/chilkat/mycontainer/starfish.jpg"  
    // IMPORTANT: See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas for all details..
    CkAuthAzureSAS_SetNonTokenParam(authSas,"canonicalizedresource","/blob/chilkat/mycontainer/starfish.jpg");

    CkAuthAzureSAS_SetTokenParam(authSas,"signedProtocol","spr","https");

    //  Specifiy values and query param names for each field.
    //  If a field is not specified, then an empty string will be used for its value.
    CkAuthAzureSAS_SetTokenParam(authSas,"signedversion","sv","2018-11-09");

    // Indicate that we are creating a service SAS that is limited to the blob resource.
    // (Specify b if the shared resource is a blob. This grants access to the content and metadata of the blob.
    //  Specify c if the shared resource is a container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. )
    CkAuthAzureSAS_SetTokenParam(authSas,"signedResource","sr","b");

    // Note that we did not call SetTokenParam for "signedIP", "signedSnapshotTime", "rscc", and others.  For any omitted fields
    // the value will default to the empty string.

    // Generate the SAS token.
    sasToken = CkAuthAzureSAS_generateToken(authSas);
    if (CkAuthAzureSAS_getLastMethodSuccess(authSas) != TRUE) {
        printf("%s\n",CkAuthAzureSAS_lastErrorText(authSas));
        CkAuthAzureSAS_Dispose(authSas);
        CkDateTime_Dispose(dt);
        return;
    }

    printf("SAS token: %s\n",sasToken);

    // Save the SAS Service token to a file.
    // We can then use this pre-generated token for future Azure Storage Account operations.
    fac = CkFileAccess_Create();
    CkFileAccess_WriteEntireTextFile(fac,"qa_data/tokens/azureStorageServiceSas.txt",sasToken,"utf-8",FALSE);


    CkAuthAzureSAS_Dispose(authSas);
    CkDateTime_Dispose(dt);
    CkFileAccess_Dispose(fac);

    }