Created
June 16, 2017 10:23
-
-
Save snobu/be27d3dc18d13f8f7ab0b5853341a94e to your computer and use it in GitHub Desktop.
event-hubs-sas
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM https://community.hortonworks.com/articles/69823/creating-shared-access-signature-sas-for-posting-d.html | |
| Short Description: | |
| Step by step instructions for creating a SAS token to authorize HTTP clients for Microsoft's Azure Event Hubs | |
| Article | |
| First ... if you need background Azure Event Hubs go here: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-overview | |
| Second, its handy to know why you need a SAS token and what you can do once you have one. See: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-authentication-and-security-model-overview | |
| We will use an example configuration for and Event Hub service. The corresponding data for your service can be found on the details page of the share access policy you want to use. More information on this topic can be found here | |
| https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-shared-access-signature-authentication | |
| From the shared access policy "hub-nifi"'s detail page we can get all the information we need to create our token from the connection string-primary key field | |
| Endpoint=sb://nifi-eventhub.servicebus.windows.net/; | |
| SharedAccessKeyName=hub-user; | |
| SharedAccessKey=2hmLYbJk2q5uZ2Yfyl0XSezXbxD+afO9ysh0Vsv4Xq8=;EntityPath=hub1 | |
| A SAS token is simply the hash of a string consisting of two substrings, the endpoint URL and the date the token should expire. The expiration date should be in Unix epoch format. The format for the string is <resourceURI> + \n + <expiry> | |
| For our example the URL is https://eventhub-nifi.servicebus.windows.net/hub-nifi and for we arbitrarily used Thu Dec 08 2016 06:26:40 UTC-0600 which is 1481200000 in Unix epic. | |
| The string to hash is then | |
| http://nifi-eventhub.servicebus.windows.net/hub1\n1481868000 | |
| Before hashing this string we must URL Encode it, which would result in | |
| http%3A%2F%2Fnifi-eventhub.servicebus.windows.net%2Fhub1\n1481868000 | |
| Hash the URL encoded string using the shared access key and openssl. The format of the openssl command is: | |
| echo -n -e 'value' | openssl sha256 -binary -hmac 'key' | openssl base64 | |
| using our example values | |
| echo -e -n 'http%3A%2F%2Fnifi-eventhub.servicebus.windows.net%2Fhub1\n1481868000' | openssl dgst -sha256 -binary -hmac '2hmLYbJk2q5uZ2Yfyl0XSezXbxD+afO9ysh0Vsv4Xq8=' | openssl base64 | |
| The output should be similar to | |
| ZYxl4SEwnNMa/gir+aYgkb5rZv/6vUCqh1+NZgIGI4s= | |
| To make a HTTP request to an Event Hubs endpoint a "Authorization" property must be added to the headers of the request. IMPORTANT URL encode the hash before using it in the token | |
| The value of the authorization property is formatted as | |
| Authorization: SharedAccessSignature sr={URI}&sig={HMAC_SHA256_SIGNATURE}&se={EXPIRATION_TIME}&skn={KEY_NAME} | |
| Using our example values the property are | |
| Authorization: SharedAccessSignature sig=ZYxl4SEwnNMa%2Fgir%2BaYgkb5rZv%2F6vUCqh1%2BNZgIGI4s%3D&se=1481868000&skn=hub-user&sr=http%3A%2F%2Fnifi-eventhub.servicebus.windows.net%2Fhub1 | |
| use curl to confirm the token we have generated works | |
| curl -v -H 'Authorization: SharedAccessSignature sig=ZYxl4SEwnNMa%2Fgir%2BaYgkb5rZv%2F6vUCqh1%2BNZgIGI4s%3D&se=1481868000&skn=hub-user&sr=http%3A%2F%2Fnifi-eventhub.servicebus.windows.net%2Fhub1' --data 'hello world!' https://nifi-eventhub.servicebus.windows.net/hub1/messages?timeout=60\≈i-version=2014-01 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment