JAVA Storage SDK is throwing exception on SAS URI datetime parsing

[homezcx]

Which service(blob, file, queue, table) does this issue concern?

Blob

Which version of the SDK was used?

<dependency>
  <groupId>com.azure</groupId>
  <artifactId>azure-storage-blob</artifactId>
  <version>12.14.4</version>
</dependency>

What problem was encountered?

We have one SAS token generated by az cli, example: [https://dummy.blob.core.windows.net/dummy?se=2023-04-23&sp=rwl&sv=2021-04-10&sr=c&.......].

When it's applied in the below code, exceptions will be thrown on parsing the expiry date:
new BlobContainerClientBuilder().endpoint(storageUri).retryOptions(new RequestRetryOptions()).buildClient()

Invalid Date String: 2023-04-23.; Exception trace: java.lang.IllegalArgumentException: Invalid Date String: 2023-04-23. at com.azure.storage.common.Utility.parseDate(Utility.java:209) at com.azure.storage.common.sas.CommonSasQueryParameters.getQueryParameter(CommonSasQueryParameters.java:168) at com.azure.storage.common.sas.CommonSasQueryParameters.<init>(CommonSasQueryParameters.java:87) at com.azure.storage.blob.BlobUrlParts.parse(BlobUrlParts.java:393) at com.azure.storage.blob.BlobContainerClientBuilder.endpoint(BlobContainerClientBuilder.java:159)

Have you found a mitigation/solution?

The SAS token has to include a full date string on the expiry date like the below in order to let it work through:
se=2022-04-28T09:54:08Z

[brendonjwong]

I have run into the same issue when using a connection string that includes a SAS token with dates without the time components, e.g. BlobEndpoint=https://foo.blob.core.windows.net/;SharedAccessSignature=sv=2021-06-08&ss=b&srt=co&sp=rwdlaciyx&se=2024-12-01&st=2022-12-01&spr=https&sig=<redacted>.

However, I found that if I pass that SAS to the sasToken method, I'm able to build the client and read/write blobs successfully.

new BlobContainerClientBuilder()
    .endpoint("https://foo.blob.core.windows.net/")
    .sasToken("sv=2021-06-08&ss=b&srt=co&sp=rwdlaciyx&se=2024-12-01&st=2022-12-01&spr=https&sig=<redacted>")
    .containerName("bar")
    .buildClient();

So even within this SDK, the behavior of how SAS tokens are handled is inconsistent.

[JonathanGiles]

@brendonjwong Can you confirm what version of the storage blob library you are using?

[brendonjwong]

@JonathanGiles we're using 12.22.2

[JonathanGiles]

It would be good to refile this issue over in the https://github.com/Azure/azure-sdk-for-java repo - this repo is for the much older library (which you are not using).

[brendonjwong]

Oops, sorry about that! I got my wires crossed because we were using this repo until recently, which is when we found this bug in the new SDK. Will do 👍🏼

[brendonjwong]

Ah I will just add my details to Azure/azure-sdk-for-java#35545, looks like it's describing the same issue