@azure/storage-file-datalake 12.26.0 → 12.27.0-beta.1

package/dist/commonjs/sas/DataLakeSASSignatureValues.js

@@ -0,0 +1,722 @@
+"use strict";
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateDataLakeSASQueryParameters = generateDataLakeSASQueryParameters;
+exports.generateDataLakeSASQueryParametersInternal = generateDataLakeSASQueryParametersInternal;
+const StorageSharedKeyCredential_js_1 = require("../credentials/StorageSharedKeyCredential.js");
+const UserDelegationKeyCredential_js_1 = require("../credentials/UserDelegationKeyCredential.js");
+const DataLakeSASPermissions_js_1 = require("./DataLakeSASPermissions.js");
+const FileSystemSASPermissions_js_1 = require("./FileSystemSASPermissions.js");
+const SasIPRange_js_1 = require("./SasIPRange.js");
+const SASQueryParameters_js_1 = require("./SASQueryParameters.js");
+const constants_js_1 = require("../utils/constants.js");
+const utils_common_js_1 = require("../utils/utils.common.js");
+const DirectorySASPermissions_js_1 = require("./DirectorySASPermissions.js");
+function generateDataLakeSASQueryParameters(dataLakeSASSignatureValues, sharedKeyCredentialOrUserDelegationKey, accountName) {
+    return generateDataLakeSASQueryParametersInternal(dataLakeSASSignatureValues, sharedKeyCredentialOrUserDelegationKey, accountName).sasQueryParameter;
+}
+function generateDataLakeSASQueryParametersInternal(dataLakeSASSignatureValues, sharedKeyCredentialOrUserDelegationKey, accountName) {
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    const sharedKeyCredential = sharedKeyCredentialOrUserDelegationKey instanceof StorageSharedKeyCredential_js_1.StorageSharedKeyCredential
+        ? sharedKeyCredentialOrUserDelegationKey
+        : undefined;
+    let userDelegationKeyCredential;
+    if (sharedKeyCredential === undefined && accountName !== undefined) {
+        userDelegationKeyCredential = new UserDelegationKeyCredential_js_1.UserDelegationKeyCredential(accountName, sharedKeyCredentialOrUserDelegationKey);
+    }
+    if (sharedKeyCredential === undefined && userDelegationKeyCredential === undefined) {
+        throw TypeError("Invalid sharedKeyCredential, userDelegationKey or accountName.");
+    }
+    // Version 2020-12-06 adds support for encryptionscope in SAS.
+    if (version >= "2020-12-06") {
+        if (sharedKeyCredential !== undefined) {
+            return generateBlobSASQueryParameters20201206(dataLakeSASSignatureValues, sharedKeyCredential);
+        }
+        else {
+            if (version >= "2025-07-05") {
+                return generateBlobSASQueryParametersUDK20250705(dataLakeSASSignatureValues, userDelegationKeyCredential);
+            }
+            else {
+                return generateBlobSASQueryParametersUDK20201206(dataLakeSASSignatureValues, userDelegationKeyCredential);
+            }
+        }
+    }
+    // Version 2018-11-09 adds support for the signed resource and signed blob snapshot time fields.
+    // https://learn.microsoft.com/en-us/rest/api/storageservices/constructing-a-service-sas#constructing-the-signature-string
+    if (version >= "2018-11-09") {
+        if (sharedKeyCredential !== undefined) {
+            return generateBlobSASQueryParameters20181109(dataLakeSASSignatureValues, sharedKeyCredential);
+        }
+        else {
+            // Version 2020-02-10 delegation SAS signature construction includes preauthorizedAgentObjectId, agentObjectId, correlationId.
+            if (version >= "2020-02-10") {
+                return generateBlobSASQueryParametersUDK20200210(dataLakeSASSignatureValues, userDelegationKeyCredential);
+            }
+            else {
+                return generateBlobSASQueryParametersUDK20181109(dataLakeSASSignatureValues, userDelegationKeyCredential);
+            }
+        }
+    }
+    if (version >= "2015-04-05") {
+        if (sharedKeyCredential !== undefined) {
+            return generateBlobSASQueryParameters20150405(dataLakeSASSignatureValues, sharedKeyCredential);
+        }
+        else {
+            throw new RangeError("'version' must be >= '2018-11-09' when generating user delegation SAS using user delegation key.");
+        }
+    }
+    throw new RangeError("'version' must be >= '2015-04-05'.");
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2015-04-05 AND BEFORE 2018-11-09.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn and identifier.
+ *
+ * WARNING: When identifier is not provided, permissions and expiresOn are required.
+ * You MUST assign value to identifier or expiresOn & permissions manually if you initial with
+ * this constructor.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param sharedKeyCredential -
+ */
+function generateBlobSASQueryParameters20150405(dataLakeSASSignatureValues, sharedKeyCredential) {
+    if (!dataLakeSASSignatureValues.identifier &&
+        !(dataLakeSASSignatureValues.permissions && dataLakeSASSignatureValues.expiresOn)) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for DataLake SAS generation when 'identifier' is not provided.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        resource = "b";
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(sharedKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        dataLakeSASSignatureValues.identifier,
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        dataLakeSASSignatureValues.cacheControl ? dataLakeSASSignatureValues.cacheControl : "",
+        dataLakeSASSignatureValues.contentDisposition
+            ? dataLakeSASSignatureValues.contentDisposition
+            : "",
+        dataLakeSASSignatureValues.contentEncoding ? dataLakeSASSignatureValues.contentEncoding : "",
+        dataLakeSASSignatureValues.contentLanguage ? dataLakeSASSignatureValues.contentLanguage : "",
+        dataLakeSASSignatureValues.contentType ? dataLakeSASSignatureValues.contentType : "",
+    ].join("\n");
+    const signature = sharedKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType),
+        stringToSign: stringToSign,
+    };
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2018-11-09.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn and identifier.
+ *
+ * WARNING: When identifier is not provided, permissions and expiresOn are required.
+ * You MUST assign value to identifier or expiresOn & permissions manually if you initial with
+ * this constructor.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param sharedKeyCredential -
+ */
+function generateBlobSASQueryParameters20181109(dataLakeSASSignatureValues, sharedKeyCredential) {
+    if (!dataLakeSASSignatureValues.identifier &&
+        !(dataLakeSASSignatureValues.permissions && dataLakeSASSignatureValues.expiresOn)) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        if (dataLakeSASSignatureValues.isDirectory) {
+            resource = "d";
+        }
+        else {
+            resource = "b";
+            if (dataLakeSASSignatureValues.snapshotTime) {
+                resource = "bs";
+            }
+        }
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            if (dataLakeSASSignatureValues.isDirectory) {
+                verifiedPermissions = DirectorySASPermissions_js_1.DirectorySASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+            else {
+                verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(sharedKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        dataLakeSASSignatureValues.identifier,
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        resource,
+        dataLakeSASSignatureValues.snapshotTime,
+        dataLakeSASSignatureValues.cacheControl ? dataLakeSASSignatureValues.cacheControl : "",
+        dataLakeSASSignatureValues.contentDisposition
+            ? dataLakeSASSignatureValues.contentDisposition
+            : "",
+        dataLakeSASSignatureValues.contentEncoding ? dataLakeSASSignatureValues.contentEncoding : "",
+        dataLakeSASSignatureValues.contentLanguage ? dataLakeSASSignatureValues.contentLanguage : "",
+        dataLakeSASSignatureValues.contentType ? dataLakeSASSignatureValues.contentType : "",
+    ].join("\n");
+    const signature = sharedKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType, undefined, dataLakeSASSignatureValues.directoryDepth),
+        stringToSign: stringToSign,
+    };
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2018-11-09.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn.
+ *
+ * WARNING: identifier will be ignored, permissions and expiresOn are required.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param userDelegationKeyCredential -
+ */
+function generateBlobSASQueryParametersUDK20181109(dataLakeSASSignatureValues, userDelegationKeyCredential) {
+    if (!dataLakeSASSignatureValues.permissions || !dataLakeSASSignatureValues.expiresOn) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        if (dataLakeSASSignatureValues.isDirectory) {
+            resource = "d";
+        }
+        else {
+            resource = "b";
+            if (dataLakeSASSignatureValues.snapshotTime) {
+                resource = "bs";
+            }
+        }
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            if (dataLakeSASSignatureValues.isDirectory) {
+                verifiedPermissions = DirectorySASPermissions_js_1.DirectorySASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+            else {
+                verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(userDelegationKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        userDelegationKeyCredential.userDelegationKey.signedObjectId,
+        userDelegationKeyCredential.userDelegationKey.signedTenantId,
+        userDelegationKeyCredential.userDelegationKey.signedStartsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedStartsOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedExpiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedExpiresOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedService,
+        userDelegationKeyCredential.userDelegationKey.signedVersion,
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        resource,
+        dataLakeSASSignatureValues.snapshotTime,
+        dataLakeSASSignatureValues.cacheControl,
+        dataLakeSASSignatureValues.contentDisposition,
+        dataLakeSASSignatureValues.contentEncoding,
+        dataLakeSASSignatureValues.contentLanguage,
+        dataLakeSASSignatureValues.contentType,
+    ].join("\n");
+    const signature = userDelegationKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType, userDelegationKeyCredential.userDelegationKey, dataLakeSASSignatureValues.directoryDepth, dataLakeSASSignatureValues.preauthorizedAgentObjectId, dataLakeSASSignatureValues.agentObjectId, dataLakeSASSignatureValues.correlationId),
+        stringToSign: stringToSign,
+    };
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2020-02-10.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn.
+ *
+ * WARNING: identifier will be ignored, permissions and expiresOn are required.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param userDelegationKeyCredential -
+ */
+function generateBlobSASQueryParametersUDK20200210(dataLakeSASSignatureValues, userDelegationKeyCredential) {
+    if (!dataLakeSASSignatureValues.permissions || !dataLakeSASSignatureValues.expiresOn) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        if (dataLakeSASSignatureValues.isDirectory) {
+            resource = "d";
+        }
+        else {
+            resource = "b";
+            if (dataLakeSASSignatureValues.snapshotTime) {
+                resource = "bs";
+            }
+        }
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            if (dataLakeSASSignatureValues.isDirectory) {
+                verifiedPermissions = DirectorySASPermissions_js_1.DirectorySASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+            else {
+                verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(userDelegationKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        userDelegationKeyCredential.userDelegationKey.signedObjectId,
+        userDelegationKeyCredential.userDelegationKey.signedTenantId,
+        userDelegationKeyCredential.userDelegationKey.signedStartsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedStartsOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedExpiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedExpiresOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedService,
+        userDelegationKeyCredential.userDelegationKey.signedVersion,
+        dataLakeSASSignatureValues.preauthorizedAgentObjectId,
+        dataLakeSASSignatureValues.agentObjectId,
+        dataLakeSASSignatureValues.correlationId,
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        resource,
+        dataLakeSASSignatureValues.snapshotTime,
+        dataLakeSASSignatureValues.cacheControl,
+        dataLakeSASSignatureValues.contentDisposition,
+        dataLakeSASSignatureValues.contentEncoding,
+        dataLakeSASSignatureValues.contentLanguage,
+        dataLakeSASSignatureValues.contentType,
+    ].join("\n");
+    const signature = userDelegationKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType, userDelegationKeyCredential.userDelegationKey, dataLakeSASSignatureValues.directoryDepth, dataLakeSASSignatureValues.preauthorizedAgentObjectId, dataLakeSASSignatureValues.agentObjectId, dataLakeSASSignatureValues.correlationId),
+        stringToSign: stringToSign,
+    };
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2020-12-06.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn and identifier.
+ *
+ * WARNING: When identifier is not provided, permissions and expiresOn are required.
+ * You MUST assign value to identifier or expiresOn & permissions manually if you initial with
+ * this constructor.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param sharedKeyCredential -
+ */
+function generateBlobSASQueryParameters20201206(dataLakeSASSignatureValues, sharedKeyCredential) {
+    if (!dataLakeSASSignatureValues.identifier &&
+        !(dataLakeSASSignatureValues.permissions && dataLakeSASSignatureValues.expiresOn)) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when 'identifier' is not provided.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        if (dataLakeSASSignatureValues.isDirectory) {
+            resource = "d";
+        }
+        else {
+            resource = "b";
+            if (dataLakeSASSignatureValues.snapshotTime) {
+                resource = "bs";
+            }
+        }
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            if (dataLakeSASSignatureValues.isDirectory) {
+                verifiedPermissions = DirectorySASPermissions_js_1.DirectorySASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+            else {
+                verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(sharedKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        dataLakeSASSignatureValues.identifier,
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        resource,
+        dataLakeSASSignatureValues.snapshotTime,
+        dataLakeSASSignatureValues.encryptionScope ? dataLakeSASSignatureValues.encryptionScope : "",
+        dataLakeSASSignatureValues.cacheControl ? dataLakeSASSignatureValues.cacheControl : "",
+        dataLakeSASSignatureValues.contentDisposition
+            ? dataLakeSASSignatureValues.contentDisposition
+            : "",
+        dataLakeSASSignatureValues.contentEncoding ? dataLakeSASSignatureValues.contentEncoding : "",
+        dataLakeSASSignatureValues.contentLanguage ? dataLakeSASSignatureValues.contentLanguage : "",
+        dataLakeSASSignatureValues.contentType ? dataLakeSASSignatureValues.contentType : "",
+    ].join("\n");
+    const signature = sharedKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType, undefined, dataLakeSASSignatureValues.directoryDepth, undefined, undefined, undefined, dataLakeSASSignatureValues.encryptionScope),
+        stringToSign: stringToSign,
+    };
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2020-12-06.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn.
+ *
+ * WARNING: identifier will be ignored, permissions and expiresOn are required.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param userDelegationKeyCredential -
+ */
+function generateBlobSASQueryParametersUDK20201206(dataLakeSASSignatureValues, userDelegationKeyCredential) {
+    if (!dataLakeSASSignatureValues.permissions || !dataLakeSASSignatureValues.expiresOn) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        if (dataLakeSASSignatureValues.isDirectory) {
+            resource = "d";
+        }
+        else {
+            resource = "b";
+            if (dataLakeSASSignatureValues.snapshotTime) {
+                resource = "bs";
+            }
+        }
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            if (dataLakeSASSignatureValues.isDirectory) {
+                verifiedPermissions = DirectorySASPermissions_js_1.DirectorySASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+            else {
+                verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(userDelegationKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        userDelegationKeyCredential.userDelegationKey.signedObjectId,
+        userDelegationKeyCredential.userDelegationKey.signedTenantId,
+        userDelegationKeyCredential.userDelegationKey.signedStartsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedStartsOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedExpiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedExpiresOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedService,
+        userDelegationKeyCredential.userDelegationKey.signedVersion,
+        dataLakeSASSignatureValues.preauthorizedAgentObjectId,
+        dataLakeSASSignatureValues.agentObjectId,
+        dataLakeSASSignatureValues.correlationId,
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        resource,
+        dataLakeSASSignatureValues.snapshotTime,
+        dataLakeSASSignatureValues.encryptionScope,
+        dataLakeSASSignatureValues.cacheControl,
+        dataLakeSASSignatureValues.contentDisposition,
+        dataLakeSASSignatureValues.contentEncoding,
+        dataLakeSASSignatureValues.contentLanguage,
+        dataLakeSASSignatureValues.contentType,
+    ].join("\n");
+    const signature = userDelegationKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType, userDelegationKeyCredential.userDelegationKey, dataLakeSASSignatureValues.directoryDepth, dataLakeSASSignatureValues.preauthorizedAgentObjectId, dataLakeSASSignatureValues.agentObjectId, dataLakeSASSignatureValues.correlationId, dataLakeSASSignatureValues.encryptionScope),
+        stringToSign: stringToSign,
+    };
+}
+/**
+ * ONLY AVAILABLE IN NODE.JS RUNTIME.
+ * IMPLEMENTATION FOR API VERSION FROM 2025-07-05.
+ *
+ * Creates an instance of SASQueryParameters.
+ *
+ * Only accepts required settings needed to create a SAS. For optional settings please
+ * set corresponding properties directly, such as permissions, startsOn.
+ *
+ * WARNING: identifier will be ignored, permissions and expiresOn are required.
+ *
+ * @param dataLakeSASSignatureValues -
+ * @param userDelegationKeyCredential -
+ */
+function generateBlobSASQueryParametersUDK20250705(dataLakeSASSignatureValues, userDelegationKeyCredential) {
+    if (!dataLakeSASSignatureValues.permissions || !dataLakeSASSignatureValues.expiresOn) {
+        throw new RangeError("Must provide 'permissions' and 'expiresOn' for Blob SAS generation when generating user delegation SAS.");
+    }
+    const version = dataLakeSASSignatureValues.version
+        ? dataLakeSASSignatureValues.version
+        : constants_js_1.SERVICE_VERSION;
+    dataLakeSASSignatureValues = SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version);
+    let resource = "c";
+    if (dataLakeSASSignatureValues.pathName) {
+        if (dataLakeSASSignatureValues.isDirectory) {
+            resource = "d";
+        }
+        else {
+            resource = "b";
+            if (dataLakeSASSignatureValues.snapshotTime) {
+                resource = "bs";
+            }
+        }
+    }
+    // Calling parse and toString guarantees the proper ordering and throws on invalid characters.
+    let verifiedPermissions;
+    if (dataLakeSASSignatureValues.permissions) {
+        if (dataLakeSASSignatureValues.pathName) {
+            if (dataLakeSASSignatureValues.isDirectory) {
+                verifiedPermissions = DirectorySASPermissions_js_1.DirectorySASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+            else {
+                verifiedPermissions = DataLakeSASPermissions_js_1.DataLakeSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+            }
+        }
+        else {
+            verifiedPermissions = FileSystemSASPermissions_js_1.FileSystemSASPermissions.parse(dataLakeSASSignatureValues.permissions.toString()).toString();
+        }
+    }
+    // Signature is generated on the un-url-encoded values.
+    const stringToSign = [
+        verifiedPermissions ? verifiedPermissions : "",
+        dataLakeSASSignatureValues.startsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.startsOn, false)
+            : "",
+        dataLakeSASSignatureValues.expiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(dataLakeSASSignatureValues.expiresOn, false)
+            : "",
+        getCanonicalName(userDelegationKeyCredential.accountName, dataLakeSASSignatureValues.fileSystemName, dataLakeSASSignatureValues.pathName),
+        userDelegationKeyCredential.userDelegationKey.signedObjectId,
+        userDelegationKeyCredential.userDelegationKey.signedTenantId,
+        userDelegationKeyCredential.userDelegationKey.signedStartsOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedStartsOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedExpiresOn
+            ? (0, utils_common_js_1.truncatedISO8061Date)(userDelegationKeyCredential.userDelegationKey.signedExpiresOn, false)
+            : "",
+        userDelegationKeyCredential.userDelegationKey.signedService,
+        userDelegationKeyCredential.userDelegationKey.signedVersion,
+        dataLakeSASSignatureValues.preauthorizedAgentObjectId,
+        dataLakeSASSignatureValues.agentObjectId,
+        dataLakeSASSignatureValues.correlationId,
+        undefined, // SignedKeyDelegatedUserTenantId, will be added in a future release.
+        undefined, // SignedDelegatedUserObjectId, will be added in future release.
+        dataLakeSASSignatureValues.ipRange ? (0, SasIPRange_js_1.ipRangeToString)(dataLakeSASSignatureValues.ipRange) : "",
+        dataLakeSASSignatureValues.protocol ? dataLakeSASSignatureValues.protocol : "",
+        version,
+        resource,
+        dataLakeSASSignatureValues.snapshotTime,
+        dataLakeSASSignatureValues.encryptionScope,
+        dataLakeSASSignatureValues.cacheControl,
+        dataLakeSASSignatureValues.contentDisposition,
+        dataLakeSASSignatureValues.contentEncoding,
+        dataLakeSASSignatureValues.contentLanguage,
+        dataLakeSASSignatureValues.contentType,
+    ].join("\n");
+    const signature = userDelegationKeyCredential.computeHMACSHA256(stringToSign);
+    return {
+        sasQueryParameter: new SASQueryParameters_js_1.SASQueryParameters(version, signature, verifiedPermissions, undefined, undefined, dataLakeSASSignatureValues.protocol, dataLakeSASSignatureValues.startsOn, dataLakeSASSignatureValues.expiresOn, dataLakeSASSignatureValues.ipRange, dataLakeSASSignatureValues.identifier, resource, dataLakeSASSignatureValues.cacheControl, dataLakeSASSignatureValues.contentDisposition, dataLakeSASSignatureValues.contentEncoding, dataLakeSASSignatureValues.contentLanguage, dataLakeSASSignatureValues.contentType, userDelegationKeyCredential.userDelegationKey, dataLakeSASSignatureValues.directoryDepth, dataLakeSASSignatureValues.preauthorizedAgentObjectId, dataLakeSASSignatureValues.agentObjectId, dataLakeSASSignatureValues.correlationId, dataLakeSASSignatureValues.encryptionScope),
+        stringToSign: stringToSign,
+    };
+}
+function getCanonicalName(accountName, containerName, blobName) {
+    // FileSystem: "/blob/account/fileSystemName"
+    // File:       "/blob/account/fileSystemName/fileName"
+    const elements = [`/blob/${accountName}/${containerName}`];
+    if (blobName) {
+        elements.push(`/${blobName}`);
+    }
+    return elements.join("");
+}
+function SASSignatureValuesSanityCheckAndAutofill(dataLakeSASSignatureValues, version) {
+    var _a;
+    if (version < "2020-02-10" &&
+        (dataLakeSASSignatureValues.isDirectory || dataLakeSASSignatureValues.directoryDepth)) {
+        throw RangeError("'version' must be >= '2020-02-10' to support directory SAS.");
+    }
+    if (dataLakeSASSignatureValues.isDirectory && dataLakeSASSignatureValues.pathName === undefined) {
+        throw RangeError("Must provide 'pathName' when 'isDirectory' is true.");
+    }
+    if (dataLakeSASSignatureValues.directoryDepth !== undefined &&
+        (!Number.isInteger(dataLakeSASSignatureValues.directoryDepth) ||
+            dataLakeSASSignatureValues.directoryDepth < 0)) {
+        throw RangeError("'directoryDepth' must be a non-negative interger.");
+    }
+    if (dataLakeSASSignatureValues.isDirectory &&
+        dataLakeSASSignatureValues.directoryDepth === undefined) {
+        // calculate directoryDepth from pathName
+        if (dataLakeSASSignatureValues.pathName === "/") {
+            dataLakeSASSignatureValues.directoryDepth = 0;
+        }
+        else {
+            dataLakeSASSignatureValues.directoryDepth = (_a = dataLakeSASSignatureValues.pathName) === null || _a === void 0 ? void 0 : _a.split("/").filter((x) => x !== "").length;
+        }
+    }
+    if (version < "2020-02-10" &&
+        dataLakeSASSignatureValues.permissions &&
+        (dataLakeSASSignatureValues.permissions.move ||
+            dataLakeSASSignatureValues.permissions.execute ||
+            dataLakeSASSignatureValues.permissions.manageOwnership ||
+            dataLakeSASSignatureValues.permissions.manageAccessControl)) {
+        throw RangeError("'version' must be >= '2020-02-10' when providing m, e, o or p permission.");
+    }
+    if (version < "2020-02-10" &&
+        (dataLakeSASSignatureValues.preauthorizedAgentObjectId ||
+            dataLakeSASSignatureValues.agentObjectId ||
+            dataLakeSASSignatureValues.correlationId)) {
+        throw RangeError("'version' must be >= '2020-02-10' when providing 'preauthorizedAgentObjectId', 'agentObjectId' or 'correlationId'.");
+    }
+    if (dataLakeSASSignatureValues.preauthorizedAgentObjectId &&
+        dataLakeSASSignatureValues.agentObjectId) {
+        throw RangeError("'preauthorizedAgentObjectId' or 'agentObjectId' shouldn't be specified at the same time.");
+    }
+    if (dataLakeSASSignatureValues.snapshotTime && version < "2018-11-09") {
+        throw RangeError("'version' must be >= '2018-11-09' when provided 'snapshotTime'.");
+    }
+    if (dataLakeSASSignatureValues.pathName === undefined &&
+        dataLakeSASSignatureValues.snapshotTime) {
+        throw RangeError("Must provide 'blobName' when provided 'snapshotTime'.");
+    }
+    return dataLakeSASSignatureValues;
+}
+//# sourceMappingURL=DataLakeSASSignatureValues.js.map