[Storage] Fix parser logic when downloading a managed disk using SAS and bearer token (#24113)

yifanz7 · web-flow · commit f237327a2772 · 2024-02-06T17:51:16.000+08:00
* Fix parser logic when downloading a managed disk

* Fix parser logic of downloading managed disk

* Update changelog

* update debug log and parsing logic
diff --git a/src/Storage/Storage.Management/ChangeLog.md b/src/Storage/Storage.Management/ChangeLog.md
@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed parser logic when downloading blob from managed disk account with Sas Uri and bearer token on Linux and MacOS
+    - `Get-AzStorageBlobContent`
 
 ## Version 6.1.1
 * Removed some code branches referencing Microsoft.Azure.Storage.Blob
diff --git a/src/Storage/Storage/Blob/Cmdlet/GetAzureStorageBlobContent.cs b/src/Storage/Storage/Blob/Cmdlet/GetAzureStorageBlobContent.cs
@@ -375,7 +375,7 @@ internal void GetBlobContent(string blobUri, string fileName)
                 }
                 catch (global::Azure.RequestFailedException e) when (e.Status == 401) // need diskRP bearer token
                 {
-                    string audience = Util.GetAudienceFrom401ExceptionMessage(e.Message);
+                    string audience = GetAudienceFrom401ExceptionMessage(e);
                     if (audience != null)
                     {
                         WriteDebugLog(string.Format("Need bearer token with audience {0} to access the blob, so will generate bearer token and resend the request.", audience));
@@ -433,6 +433,39 @@ internal string GetFullReceiveFilePath(string fileName, string blobName, DateTim
             return filePath;
         }
 
+        /// <summary>
+        /// When request doesn't container a proper bearer token, server will return 401 error include the audience of the required bearer token.
+        /// This function will get the audience of bearer token from SDK exception message.
+        /// If server not return audience, will output null.
+        /// </summary>
+        private string GetAudienceFrom401ExceptionMessage(global::Azure.RequestFailedException exception)
+        {
+            string authenticateHeaderName = "WWW-Authenticate";
+            string audience = null;
+            foreach (var header in exception.GetRawResponse().Headers)
+            {
+                string headerName = header.Name;
+                if (headerName.StartsWith(authenticateHeaderName))
+                {
+                    string headerValue = header.Value;
+                    WriteDebugLog(string.Format("Found header name: {0}, value: {1}", headerName, headerValue));
+                    string audienceName = "resource_id=";
+                    try
+                    {
+                        string authText = headerValue.Split(new string[] { audienceName }, StringSplitOptions.None)[1];
+                        audience = authText.Split(new string[] { " " }, StringSplitOptions.None)[0];
+                        WriteDebugLog(string.Format("Found audience: {0}", audience));
+                        return audience;
+                    }
+                    catch
+                    {
+                        WriteDebugLog(string.Format("Failed to parse the header. The parsing result has length of {0}", audience.Length));
+                    }
+                }
+            }
+            return null;
+        }
+
         /// <summary>
         /// Create blob client and storage service management channel if need to.
         /// </summary>
diff --git a/src/Storage/Storage/Common/Util.cs b/src/Storage/Storage/Common/Util.cs
@@ -722,32 +722,6 @@ public static string GetSASStringWithoutQuestionMark(string sas)
             return sas;
         }
 
-        /// <summary>
-        /// When request doesn't container a proper bearer token, server will return 401 error include the audience of the required bearer token.
-        /// This function will get the audience of bearer token from SDK exception message.
-        /// If server not return audience, will output null.
-        /// </summary>
-        public static string GetAudienceFrom401ExceptionMessage(string exceptionMessage)
-        {
-            string authenticateHeaderName = "WWW-Authenticate";
-            string audienceName = "resource_id=";
-            string[] exceptionMessageTexts = exceptionMessage.Split(new string[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries);
-            foreach (string messageText in exceptionMessageTexts)
-            {
-                if (messageText.StartsWith(authenticateHeaderName))
-                {
-                    string[] authTexts = messageText.Split(new string[] { " " }, StringSplitOptions.RemoveEmptyEntries);
-                    foreach (string authText in authTexts)
-                    {
-                        if (authText.StartsWith(audienceName))
-                        {
-                            return authText.Substring(audienceName.Length);
-                        }
-                    }
-                }
-            }
-            return null;
-        }
 
         public static ShareServiceClient GetTrack2FileServiceClient(AzureStorageContext context, ShareClientOptions options = null)
         {
