/
eventhubSharedKeyCredential.ts
119 lines (107 loc) · 3.66 KB
/
eventhubSharedKeyCredential.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT license.
import { parseEventHubConnectionString } from "./util/connectionStringUtils";
import { AccessToken } from "@azure/core-auth";
import { Buffer } from "buffer";
import isBuffer from "is-buffer";
import jssha from "jssha";
/**
* Defines the SharedKeyCredential .
*/
export class SharedKeyCredential {
/**
* The name of the EventHub/ServiceBus key.
*/
keyName: string;
/**
* The secret value associated with the above EventHub/ServiceBus key.
*/
key: string;
/**
* Initializes a new instance of SharedKeyCredential
* @param keyName - The name of the EventHub/ServiceBus key.
* @param key - The secret value associated with the above EventHub/ServiceBus key
*/
constructor(keyName: string, key: string) {
this.keyName = keyName;
this.key = key;
}
/**
* Gets the sas token for the specified audience
* @param audience - The audience for which the token is desired.
*/
getToken(audience: string): AccessToken {
return this._createToken(Math.floor(Date.now() / 1000) + 3600, audience);
}
/**
* Creates the sas token based on the provided information
* @param expiry - The time period in unix time after which the token will expire.
* @param audience - The audience for which the token is desired.
* @param hashInput - The input to be provided to hmac to create the hash.
*/
protected _createToken(
expiry: number,
audience: string,
hashInput?: string | Buffer
): AccessToken {
audience = encodeURIComponent(audience);
const keyName = encodeURIComponent(this.keyName);
const stringToSign = audience + "\n" + expiry;
hashInput = hashInput || this.key;
let shaObj: any;
if (isBuffer(hashInput)) {
shaObj = new jssha("SHA-256", "ARRAYBUFFER");
shaObj.setHMACKey(hashInput, "ARRAYBUFFER");
shaObj.update(Buffer.from(stringToSign));
} else {
shaObj = new jssha("SHA-256", "TEXT");
shaObj.setHMACKey(hashInput, "TEXT");
shaObj.update(stringToSign);
}
const sig = encodeURIComponent(shaObj.getHMAC("B64"));
return {
token: `SharedAccessSignature sr=${audience}&sig=${sig}&se=${expiry}&skn=${keyName}`,
expiresOnTimestamp: expiry
};
}
/**
* Creates a token provider from the EventHub/ServiceBus connection string;
* @param connectionString - The EventHub/ServiceBus connection string
*/
static fromConnectionString(connectionString: string): SharedKeyCredential {
const parsed = parseEventHubConnectionString(connectionString);
if (parsed.sharedAccessSignature == null) {
return new SharedKeyCredential(parsed.sharedAccessKeyName!, parsed.sharedAccessKey!);
} else {
return new SharedAccessSignatureCredential(parsed.sharedAccessSignature);
}
}
}
/**
* A credential that takes a SharedAccessSignature:
* `SharedAccessSignature sr=<resource>&sig=<signature>&se=<expiry>&skn=<keyname>`
*
* @internal
*/
export class SharedAccessSignatureCredential extends SharedKeyCredential {
private _accessToken: AccessToken;
/**
* @param sharedAccessSignature - A shared access signature of the form
* `SharedAccessSignature sr=<resource>&sig=<signature>&se=<expiry>&skn=<keyname>`
*/
constructor(sharedAccessSignature: string) {
super("", "");
this._accessToken = {
token: sharedAccessSignature,
expiresOnTimestamp: 0
};
}
/**
* Retrieve a valid token for authenticaton.
*
* @param _audience - Not applicable in SharedAccessSignatureCredential as the token is not re-generated at every invocation of the method
*/
getToken(_audience: string): AccessToken {
return this._accessToken;
}
}