[Storage] Fixed create container SAS token fail from an access policy without expireTime, and set expireTime (#16271)

* [Storage] Fixed create contaienr SAS token fail from an access policy without expireTime, and set SAS token expireTime [#16266]

* Update per review comments

Author: blueww

src/Storage/Storage.Management/ChangeLog.md

@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed creating container SAS token failed from an access policy without expire time, and set SAS token expire time [#16266]
+    -  `New-AzStorageContainerSASToken` 
 * Removed parameter -Name from Get-AzRmStorageShare ShareResourceIdParameterSet
     - `Get-AzRmStorageShare`
 * Supported create or migrate container to enable immutable Storage with versioning.

src/Storage/Storage/Blob/Cmdlet/SetAzureStorageContainerStoredAccessPolicy.cs

@@ -119,7 +119,7 @@ internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement local
             }
             if (noExpiryTime)
             {
-                signedIdentifier.AccessPolicy.PolicyExpiresOn = DateTimeOffset.MinValue;
+                signedIdentifier.AccessPolicy.PolicyExpiresOn = null;
             }
             else if (ExpiryTime != null)
             {

src/Storage/Storage/Common/SasTokenHelper.cs

@@ -328,7 +328,7 @@ public static BlobSasBuilder SetBlobSasBuilder(string containerName,
 
                 if (StartTime != null)
                 {
-                    if (signedIdentifier.AccessPolicy.StartsOn != DateTimeOffset.MinValue)
+                    if (signedIdentifier.AccessPolicy.StartsOn != DateTimeOffset.MinValue && signedIdentifier.AccessPolicy.StartsOn != null)
                     {
                         throw new InvalidOperationException(Resources.SignedStartTimeMustBeOmitted);
                     }
@@ -340,7 +340,7 @@ public static BlobSasBuilder SetBlobSasBuilder(string containerName,
 
                 if (ExpiryTime != null)
                 {
-                    if (signedIdentifier.AccessPolicy.PolicyExpiresOn != DateTimeOffset.MinValue)
+                    if (signedIdentifier.AccessPolicy.PolicyExpiresOn != DateTimeOffset.MinValue && signedIdentifier.AccessPolicy.PolicyExpiresOn != null)
                     {
                         throw new ArgumentException(Resources.SignedExpiryTimeMustBeOmitted);
                     }
@@ -349,9 +349,9 @@ public static BlobSasBuilder SetBlobSasBuilder(string containerName,
                         sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime();
                     }
                 }
-                else if (signedIdentifier.AccessPolicy.PolicyExpiresOn == DateTimeOffset.MinValue)
+                else if (signedIdentifier.AccessPolicy.PolicyExpiresOn == DateTimeOffset.MinValue && signedIdentifier.AccessPolicy.PolicyExpiresOn != null)
                 {
-                    if (sasBuilder.StartsOn != DateTimeOffset.MinValue)
+                    if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null)
                     {
                         sasBuilder.ExpiresOn = sasBuilder.StartsOn.ToUniversalTime().AddHours(1);
                     }
@@ -480,7 +480,7 @@ public static string GetBlobSharedAccessSignature(AzureStorageContext context, B
                 Util.ValidateUserDelegationKeyStartEndTime(sasBuilder.StartsOn, sasBuilder.ExpiresOn);
 
                 userDelegationKey = oauthService.GetUserDelegationKey(
-                    startsOn: sasBuilder.StartsOn == DateTimeOffset.MinValue ? DateTimeOffset.UtcNow : sasBuilder.StartsOn.ToUniversalTime(),
+                    startsOn: sasBuilder.StartsOn == DateTimeOffset.MinValue || sasBuilder.StartsOn == null ? DateTimeOffset.UtcNow : sasBuilder.StartsOn.ToUniversalTime(),
                     expiresOn: sasBuilder.ExpiresOn.ToUniversalTime(),
                     cancellationToken: cancelToken);
 
@@ -518,7 +518,7 @@ public static AccountSasBuilder SetAccountSasBuilder(SharedAccessAccountServices
             }
             else
             {
-                if (sasBuilder.StartsOn != DateTimeOffset.MinValue)
+                if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null)
                 {
                     sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime();
                 }

src/Storage/Storage/Common/StorageExtensions.cs

@@ -287,7 +287,7 @@ private static string GetBlobSasToken(BlobBaseClient blob, AzureStorageContext c
                 Util.ValidateUserDelegationKeyStartEndTime(sasBuilder.StartsOn, sasBuilder.ExpiresOn);
 
                 userDelegationKey = oauthService.GetUserDelegationKey(
-                    startsOn: sasBuilder.StartsOn == DateTimeOffset.MinValue ? DateTimeOffset.UtcNow : sasBuilder.StartsOn.ToUniversalTime(),
+                    startsOn: sasBuilder.StartsOn == DateTimeOffset.MinValue || sasBuilder.StartsOn == null? DateTimeOffset.UtcNow : sasBuilder.StartsOn.ToUniversalTime(),
                     expiresOn: sasBuilder.ExpiresOn.ToUniversalTime());
 
                 sasToken = sasBuilder.ToSasQueryParameters(userDelegationKey, context.StorageAccountName).ToString();

src/Storage/Storage/Common/Util.cs

@@ -515,7 +515,7 @@ public static void ValidateUserDelegationKeyStartEndTime(DateTimeOffset userDele
             {
                 throw new ArgumentException(string.Format("Expiry time {0} is earlier than now.", userDelegationKeyEndTime.ToString()));
             }
-            else if (userDelegationKeyStartTime >= userDelegationKeyEndTime)
+            else if (userDelegationKeyStartTime != null && userDelegationKeyStartTime >= userDelegationKeyEndTime)
             {
                 throw new ArgumentException(string.Format("Start time {0} is later than expiry time {1}.", userDelegationKeyStartTime.ToString(), userDelegationKeyEndTime.ToString()));
             }