(PureBasic) Create an Azure Service SAS

Shows how to generate an Azure Service SAS.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkFileAccess.pb"
IncludeFile "CkAuthAzureSAS.pb"
IncludeFile "CkDateTime.pb"

Procedure ChilkatExample()

    ; This requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    ; ----------------------------------------------------------------------------------------------
    ; Create a Shared Access Signature (SAS) token for an Azure Service (Blob, Queue, Table, or File)
    ; -----------------------------------------------------------------------------------------------

    ; See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
    ; for details.

    authSas.i = CkAuthAzureSAS::ckCreate()
    If authSas.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkAuthAzureSAS::setCkAccessKey(authSas, "AZURE_ACCESS_KEY")

    ; Specify the format of the string to sign.
    ; Each comma character in the following string represents a LF ("\n") character.
    ; The names specified in the StringToSign are replaced with the values specified
    ; in the subsequent calls to SetTokenParam and SetNonTokenParam,.

    ; Note: The trailing comma in the StringToSign is intentional and important. This indicates that the 
    ; string to sign will end with a "\n".

    ; Also note: The names in the StringToSign are case sensitive.  The names
    ; specified in the 1st argument in the calls to SetNonTokenParam and SetTokenParam should
    ; match a name listed in StringToSign. 

    ; Version 2018-11-09 and later
    ; 
    ; Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields. 
    ; These must be included in the string-to-sign. To construct the string-to-sign for Blob service resources, use the following format:
    ; 
    ; StringToSign = signedpermissions + "\n" +  
    ;                signedstart + "\n" +  
    ;                signedexpiry + "\n" +  
    ;                canonicalizedresource + "\n" +  
    ;                signedidentifier + "\n" +  
    ;                signedIP + "\n" +  
    ;                signedProtocol + "\n" +  
    ;                signedversion + "\n" +  
    ;                signedResource + "\n"
    ;                signedSnapshotTime + "\n" +
    ;                rscc + "\n" +  
    ;                rscd + "\n" +  
    ;                rsce + "\n" +  
    ;                rscl + "\n" +  
    ;                rsct  
    ; 

    CkAuthAzureSAS::setCkStringToSign(authSas, "signedpermissions,signedstart,signedexpiry,canonicalizedresource,signedidentifier,signedIP,signedProtocol,signedversion,signedResource,signedSnapshotTime,rscc,rscd,rsce,rscl,rsct")

    CkAuthAzureSAS::ckSetTokenParam(authSas,"signedpermissions","sp","rw")

    dt.i = CkDateTime::ckCreate()
    If dt.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkDateTime::ckSetFromCurrentSystemTime(dt)
    CkAuthAzureSAS::ckSetTokenParam(authSas,"signedstart","st",CkDateTime::ckGetAsIso8601(dt,"YYYY-MM-DDThh:mmTZD",0))

    ; This SAS token will be valid for 30 days.
    CkDateTime::ckAddDays(dt,30)
    CkAuthAzureSAS::ckSetTokenParam(authSas,"signedexpiry","se",CkDateTime::ckGetAsIso8601(dt,"YYYY-MM-DDThh:mmTZD",0))

    ; The canonicalizedresouce portion of the string is a canonical path to the signed resource. It must include the service name (blob, table, queue or file) for version
    ; 2021-08-06 or later, the storage account name, and the resource name, and must be URL-decoded. Names of blobs must include the blobs container. Table names must be
    ; lower-case. The following examples show how to construct the canonicalizedresource portion of the string, depending on the type of resource.
    ; For example:
    ; URL = https://chilkat.blob.core.windows.net/mycontainer/starfish.jpg
    ; canonicalizedresource = "/blob/chilkat/mycontainer/starfish.jpg"  
    ; IMPORTANT: See https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas for all details..
    CkAuthAzureSAS::ckSetNonTokenParam(authSas,"canonicalizedresource","/blob/chilkat/mycontainer/starfish.jpg")

    CkAuthAzureSAS::ckSetTokenParam(authSas,"signedProtocol","spr","https")

    ;  Specifiy values and query param names for each field.
    ;  If a field is not specified, then an empty string will be used for its value.
    CkAuthAzureSAS::ckSetTokenParam(authSas,"signedversion","sv","2018-11-09")

    ; Indicate that we are creating a service SAS that is limited to the blob resource.
    ; (Specify b if the shared resource is a blob. This grants access to the content and metadata of the blob.
    ;  Specify c if the shared resource is a container. This grants access to the content and metadata of any blob in the container, and to the list of blobs in the container. )
    CkAuthAzureSAS::ckSetTokenParam(authSas,"signedResource","sr","b")

    ; Note that we did not call SetTokenParam for "signedIP", "signedSnapshotTime", "rscc", and others.  For any omitted fields
    ; the value will default to the empty string.

    ; Generate the SAS token.
    sasToken.s = CkAuthAzureSAS::ckGenerateToken(authSas)
    If CkAuthAzureSAS::ckLastMethodSuccess(authSas) <> 1
        Debug CkAuthAzureSAS::ckLastErrorText(authSas)
        CkAuthAzureSAS::ckDispose(authSas)
        CkDateTime::ckDispose(dt)
        ProcedureReturn
    EndIf

    Debug "SAS token: " + sasToken

    ; Save the SAS Service token to a file.
    ; We can then use this pre-generated token for future Azure Storage Account operations.
    fac.i = CkFileAccess::ckCreate()
    If fac.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkFileAccess::ckWriteEntireTextFile(fac,"qa_data/tokens/azureStorageServiceSas.txt",sasToken,"utf-8",0)


    CkAuthAzureSAS::ckDispose(authSas)
    CkDateTime::ckDispose(dt)
    CkFileAccess::ckDispose(fac)


    ProcedureReturn
EndProcedure