There is a REST service I call which doles out short-lived (around 20 minutes) SAS tokens for reading from an Azure event hub. I would like to avoid a solution where I have to tear down all of the listeners and recreate them every 20 minutes when the token expires. Does the library support an interface or callback method where my code can provide the tokens as the library needs them or when the token expires?
Asked
Active
Viewed 237 times
1 Answers
0
According to my research, the EventProcessorHost class uses the AMQP protocol, which is authenticated by sas key name and sas key.The concept of sas token can not be found in it.
You can follow the code here to receice events.
In addition,sas token can be found when you send messages to eventhub.You can generate sas token with HTTP protocol when the token expires.
You can refer to the snippet of java code below.
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Base64.Encoder;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class GetSasToken {
static String sasToken = "";
public static void main(String[] args) {
sasToken = GetSASToken(<resouce url>, <your sas_keyname>,
<your sas_key>);
try {
// your business logic
} catch (Exception e) {
e.printStackTrace();
sasToken = GetSASToken("jaygong.servicebus.windows.net/test", "RootManageSharedAccessKey",
"tASE61OxG4Ci00rfI0Q56NKNXGxvNL5tRSrBZkhTjgI=");
// retry your business logic
}
}
private static String GetSASToken(String resourceUri, String keyName, String key) {
long epoch = System.currentTimeMillis() / 1000L;
int time = 60 * 20;
String expiry = Long.toString(epoch + time);
String sasToken = null;
try {
String stringToSign = URLEncoder.encode(resourceUri, "UTF-8") + "\n" + expiry;
String signature = getHMAC256(key, stringToSign);
sasToken = "SharedAccessSignature sr=" + URLEncoder.encode(resourceUri, "UTF-8") + "&sig="
+ URLEncoder.encode(signature, "UTF-8") + "&se=" + expiry + "&skn=" + keyName;
System.out.println("sasToken : " + sasToken);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return sasToken;
}
public static String getHMAC256(String key, String input) {
Mac sha256_HMAC = null;
String hash = null;
try {
sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(key.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
Encoder encoder = Base64.getEncoder();
hash = new String(encoder.encode(sha256_HMAC.doFinal(input.getBytes("UTF-8"))));
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IllegalStateException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return hash;
}
}
You can also refer to the official document to generate the sas token.
Update Answer
If you are referring to SharedAccessKey of the Shared Access Policy, there are two ways to update this key.
First way, you can regenerate it directly on the portal.
Second way,you can regenerate it via REST API. Please refer to the document here.
Hope it helps you.
Jay Gong
- 23,163
- 2
- 27
- 32
-
Thanks for responding, but creating a new key isn't my problem. My problem is that when my existing key expires, I need a hook in the EventProcessorHost library to supply an updated key. So far I haven't been able to find a way to do that. – Peter Friend Sep 05 '17 at 22:05
-
The question is not about generating keys but on mechanisms for providing updated keys to the EventProcessorHost library at runtime, after the original key has expired. – Peter Friend Sep 06 '17 at 16:59
-
@PeterFriend Hi,Peter. I receive events using the registerEventProcessor method in EPH lib, and there is no expiration time for the key.Would you please update your post for more details about any exceptions you met? – Jay Gong Sep 07 '17 at 02:48