cloud_front_signing 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 533dc16e38e6e6070fcc4ce38371ce6621e6cf0b
+  data.tar.gz: 86f74303db860f93ce74fd17f4d8fbb19204e835
+SHA512:
+  metadata.gz: 767dcaa5ff05c1a01b485226f71d6c3fd753d38fe1b13d469bcb0c329ab881151d13138e044f69e0ef9f8509d2f7be61c24d19b2ccfc0106f981e4cfa0de186b
+  data.tar.gz: e90308082eb4fe4cb5ef705a30c87fcf3383b5f5586e67ad0f1882c77996f88339ad5188fad21c6f8bf0391069b5e377f7f928877ae8cbbd1dce75777c042ac5

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.ruby-version

@@ -0,0 +1 @@
+2.2.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in cloud_front_signing.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Ronny Haryanto
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+# CloudFrontSigning
+
+Sign [AWS CloudFront] URLs.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'cloud_front_signing'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install cloud_front_signing
+
+## Usage
+
+```
+# Replace these for your specific AWS account/CloudFront configuration
+private_key_string = IO.read("path/to/pk-123456789012.pem")
+key_pair_id = "123456789012"
+
+signer = CloudFrontSigning::Signer.new(private_key_string, key_pair_id)
+
+unsigned_url = "https://distribution-id.cloudfront.net/private.zip"
+options = {ending: 1.hour.from_now} # or, e.g. `Time.now + 3600` if you don't have activesupport
+signed_url = signer.sign(unsigned_url, options)
+```
+
+Valid options:
+
+- `ending`: required, the signed URL will only be accessible until this time, a `Time` object or a `String` parseable by `Time.parse`
+- `resource`: the base URL including your query strings, if any, but excluding the CloudFront Policy, Signature, and Key-Pair-Id parameters, uses unsigned_url by default
+- `starting`: the signed URL will only be accessible after this time, a `Time` object or a `String` parseable by `Time.parse`
+- `ip_range`: the signed URL will only be accessible by IP addresses in this range, a CIDR string, e.g. `10.1.2.3/32`, `10.2.3.0/24`, and so on.
+
+Specifying `starting` and/or `ip_range` will cause the signed URL to include a [custom policy] which is longer.
+
+## Credits
+
+Code adapted from https://github.com/dylanvaughn/aws_cf_signer by Dylan Vaughn.
+
+Parts of signing code taken from a question on Stack Overflow asked by Ben Wiseley, and answered by Blaz Lipuscek and Manual M:
+
+http://stackoverflow.com/questions/2632457/create-signed-urls-for-cloudfront-with-ruby
+http://stackoverflow.com/users/315829/ben-wiseley
+http://stackoverflow.com/users/267804/blaz-lipuscek
+http://stackoverflow.com/users/327914/manuel-m
+
+## References
+
+[AWS documentation on private content and signed URLs]
+
+[AWS CloudFront]: http://aws.amazon.com/cloudfront/
+[custom policy]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html
+[AWS documentation on private content and signed URLs]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls-overview.html
+
+## License
+
+MIT. See LICENSE.txt.
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/cloud_front_signing/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/cloud_front_signing.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cloud_front_signing/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "cloud_front_signing"
+  spec.version       = CloudFrontSigning::VERSION
+  spec.authors       = ["Ronny Haryanto"]
+  spec.email         = ["ronny@haryan.to"]
+  spec.summary       = %q{Generate AWS CloudFront signed URLs.}
+  spec.description   = %q{Generate AWS CloudFront signed URLs.}
+  spec.homepage      = "https://github.com/ronny/cloud_front_signing"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "pry", "~> 0.10.1"
+  spec.add_development_dependency "rspec", "~> 3.1.0"
+
+  spec.add_dependency "addressable", '~> 2.3.6'
+  spec.add_dependency "yajl-ruby", '~> 1.2.1'
+end

data/lib/cloud_front_signing/policy.rb

@@ -0,0 +1,76 @@
+require 'time'
+require 'yajl'
+
+module CloudFrontSigning
+  class Policy
+    attr_reader :options
+
+    def initialize(options)
+      @options = options
+    end
+
+    def canned?
+      options.keys == [:ending] || options.keys.sort == [:ending, :resource]
+    end
+
+    def object
+      @object ||= {
+        "Statement" => [
+          {
+            "Resource" => resource,
+            "Condition" => conditions,
+          }
+        ]
+      }
+    end
+
+    def to_s
+      Yajl.dump(object, pretty: false, indent: '')
+    end
+
+    private
+
+    def conditions
+      @conditions ||= begin
+        result = {
+          "DateLessThan" => {"AWS:EpochTime" => ending},
+        }
+
+        if options[:starting]
+          result["DateGreaterThan"] = {"AWS:EpochTime" => starting}
+        end
+
+        # CIDR notation, e.g. 127.1.2.0/24
+        if options[:ip_range]
+          result["IpAddress"] = {"AWS:SourceIp" => options[:ip_range]}
+        end
+
+        result
+      end
+    end
+
+    def starting
+      @starting ||= epoch_time(options[:starting])
+    end
+
+    def ending
+      @ending ||= begin
+        raise ArgumentError, 'missing :ending option' unless options[:ending]
+        epoch_time(options[:ending])
+      end
+    end
+
+    def resource
+      @resource ||= options[:resource] or raise ArgumentError, 'missing :resource option'
+    end
+
+    def epoch_time(timelike)
+      case timelike
+      when String then Time.parse(timelike).to_i
+      when Time   then timelike.to_i
+      else raise ArgumentError.new("Invalid argument #{timelike} - String or Time required - #{timelike.class} passed.")
+      end
+    end
+  end
+end
+

data/lib/cloud_front_signing/signed_url.rb

@@ -0,0 +1,73 @@
+require 'pp'
+require 'addressable/uri'
+
+require 'cloud_front_signing/url_safe_encoded_param'
+require 'cloud_front_signing/policy'
+
+module CloudFrontSigning
+  POLICY_OPTION_KEYS = [:starting, :ending, :resource, :ip_range].freeze
+
+  class SignedUrl
+    attr_reader :unsigned_url, :options
+
+    def initialize(unsigned_url, options)
+      @unsigned_url = unsigned_url
+      @options = options
+    end
+
+    def to_s
+      uri.to_s
+    end
+
+    private
+
+    def uri
+      @uri ||= Addressable::URI.parse(unsigned_url).tap do |u|
+        params = {
+          'Signature'     => signature,
+          'Key-Pair-Id'   => key_pair_id,
+        }
+        unless policy.canned?
+          # shorter URL if canned (no need to include the encoded policy)
+          params['Policy'] = encoded_policy
+        end
+        u.query_values = (u.query_values || {}).merge(params)
+      end
+    end
+
+    def encoded_policy
+      @encoded_policy ||= UrlSafeEncodedParam.new(policy.to_s).to_s
+    end
+
+    def policy
+      @policy ||= Policy.new(policy_options)
+    end
+
+    def signed_policy
+      @signed_policy ||= key.sign(OpenSSL::Digest::SHA1.new, policy.to_s)
+    end
+
+    def signature
+      @signature ||= UrlSafeEncodedParam.new(signed_policy).to_s
+    end
+
+    def key_pair_id
+      options[:key_pair_id]
+    end
+
+    def key
+      options[:key]
+    end
+
+    def policy_options
+      @policy_options ||= begin
+        initial = {resource: unsigned_url}
+        options.reduce(initial) do |hash, (k, v)|
+          hash[k] = v if POLICY_OPTION_KEYS.include?(k)
+          hash
+        end
+      end
+    end
+  end
+end
+

data/lib/cloud_front_signing/signer.rb

@@ -0,0 +1,29 @@
+require 'openssl'
+
+require "cloud_front_signing/signed_url"
+
+module CloudFrontSigning
+  class Signer
+    attr_reader :private_key_string, :key_pair_id
+
+    def initialize(private_key_string, key_pair_id)
+      @private_key_string = private_key_string
+      @key_pair_id = key_pair_id
+    end
+
+    def sign(unsigned_url, options = {})
+      url_options = options.merge(
+        key_pair_id: key_pair_id,
+        key: key,
+      )
+      SignedUrl.new(unsigned_url, url_options).to_s
+    end
+
+    private
+
+    def key
+      @key ||= OpenSSL::PKey::RSA.new(private_key_string)
+    end
+  end
+end
+

data/lib/cloud_front_signing/url_safe_encoded_param.rb

@@ -0,0 +1,25 @@
+require 'base64'
+
+module CloudFrontSigning
+  class UrlSafeEncodedParam
+    def self.url_safe(s)
+      s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/[\n ]/,'')
+    end
+
+    attr_reader :input
+
+    def initialize(input)
+      @input = input
+    end
+
+    def to_s
+      encoded
+    end
+
+    private
+
+    def encoded
+      @encoded ||= self.class.url_safe(Base64.encode64(input))
+    end
+  end
+end

data/lib/cloud_front_signing/version.rb

@@ -0,0 +1,3 @@
+module CloudFrontSigning
+  VERSION = "0.0.1"
+end

data/lib/cloud_front_signing.rb

@@ -0,0 +1,5 @@
+require "cloud_front_signing/version"
+require "cloud_front_signing/signer"
+
+module CloudFrontSigning
+end

data/script/console

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'bundler'
+Bundler.require(:default, :development)
+
+require 'cloud_front_signing'
+require 'pry'
+
+binding.pry

metadata

@@ -0,0 +1,142 @@
+--- !ruby/object:Gem::Specification
+name: cloud_front_signing
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Ronny Haryanto
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: addressable
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.6
+- !ruby/object:Gem::Dependency
+  name: yajl-ruby
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+description: Generate AWS CloudFront signed URLs.
+email:
+- ronny@haryan.to
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-version"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- cloud_front_signing.gemspec
+- lib/cloud_front_signing.rb
+- lib/cloud_front_signing/policy.rb
+- lib/cloud_front_signing/signed_url.rb
+- lib/cloud_front_signing/signer.rb
+- lib/cloud_front_signing/url_safe_encoded_param.rb
+- lib/cloud_front_signing/version.rb
+- script/console
+homepage: https://github.com/ronny/cloud_front_signing
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Generate AWS CloudFront signed URLs.
+test_files: []