edgeworkers/New-EdgeWorkerAuthToken.ps1
|
function New-EdgeWorkerAuthToken { Param( [Parameter(Mandatory=$true)] [string] $Secret, [Parameter(Mandatory=$true,ParameterSetName='acl')] [string] $ACLPath, [Parameter(Mandatory=$true,ParameterSetName='url')] [string] $URLPath, [Parameter(Mandatory=$false)] [int] $Expiry = 15 ) $Delimiter = '~' $Token = '' $Start = [long] (Get-Date -Date ((Get-Date).ToUniversalTime()) -UFormat %s) $End = $Start + ($Expiry * 60) $Token += "st=$Start" $Token += $Delimiter $Token += "exp=$End" $HMACToken = $Token $HMACToken += $Delimiter if($ACLPath){ $Token += $Delimiter $Token += "acl=$ACLPath" $HMACToken = $Token } else{ $HMACToken = $Token $HMACToken += $Delimiter $EncodedURL = [System.Web.HttpUtility]::UrlEncode($URLPath) $HMACToken += "url=$EncodedURL" } # Generate HMAC $HMACSHA = New-Object System.Security.Cryptography.HMACSHA256 $HMACSHA.key = [byte[]] -split ($Secret -replace '..', '0x$& ') # Secret is presented as string, but we need to treat each pair of characters as Hex before getting their byte value $Hash = $HMACSHA.ComputeHash([Text.Encoding]::UTF8.GetBytes($HMACToken)) $Signature = ($Hash | foreach ToString x2) -join '' $Token += $Delimiter $Token += "hmac=$Signature" return $Token } |