RubyGems - cloudfront-signer - Versions diffs - 1.0.0 → 2.0.0 - Mend

cloudfront-signer 1.0.0 → 2.0.0

Files changed (7) hide show

data/.rspec +3 -0
data/cloudfront-signer.gemspec +1 -1
data/lib/cloudfront-signer.rb +216 -176
data/lib/cloudfront-signer/version.rb +1 -1
data/spec/signer_spec.rb +61 -55
data/spec/spec_helper.rb +6 -6
metadata +12 -8

data/.rspec ADDED Viewed

@@ -0,0 +1,3 @@
+--colour
+--drb
+--format documentation

data/cloudfront-signer.gemspec CHANGED Viewed

@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
   s.email       = ["tony@58bits.com"]
   s.homepage    = "http://github.com/58bits/cloudfront-signer"
   s.summary     = %q{A gem to sign url and stream paths for Amazon CloudFront private content.}
-  s.description = %q{A fork of Dylan Vaughn's excellent signing gem - https://github.com/stlondemand/aws_cf_signer. The gem has been rewritten to use class methods and includes specific signing methods for both url and streaming paths, including html 'safe' escpaed versions of each.}
+  s.description = %q{A fork of Dylan Vaughn's signing gem - https://github.com/stlondemand/aws_cf_signer. The gem has been rewritten to use class methods and includes specific signing methods for both url and streaming paths, including html 'safe' escpaed versions of each.}
   s.rubyforge_project = "cloudfront-signer"

data/lib/cloudfront-signer.rb CHANGED Viewed

@@ -6,183 +6,223 @@ require 'base64'
 require "cloudfront-signer/version"
 module AWS
-    module CF
-        class Signer
-            # Public non-inheritable class accessors
-            #----------------------------------------------------------------------------
-            class << self
-                attr_accessor :key_pair_id
-                def key_path
-                    @key_path
-                end
-                def key_path=(path)
-                    raise ArgumentError.new("The signing key could not be found at #{path}") unless File.exists?(path)
-                    @key_path = path
-                    @key = OpenSSL::PKey::RSA.new(File.readlines(path).join(""))
-                end
-                def default_expires
-                    @default_expires ||= 3600
-                end
-                def default_expires=(value)
-                    raise ArgumentError.new("The default expires value must be an integer") unless value.is_a?(Integer)
-                    @default_expires = value
-                end
-                private
-                # Private key
-                #----------------------------------------------------------------------------
-                def private_key
-                    @key
-                end
-            end
-            #----------------------------------------------------------------------------
-            def self.is_configured?
-                if self.key_path && self.key_pair_id && private_key
-                    return true
-                else
-                    return false
-                end
-            end
-            # Configure the signing class.
-            #----------------------------------------------------------------------------
-            def self.configure!(key_path, options = {})
-                raise ArgumentError.new("You must supply the path to a PEM format private RSA key.") if key_path.nil?
-                self.key_path = key_path
-                @key_pair_id = options[:key_pair_id] || extract_key_pair_id(key_path)
-                unless @key_pair_id
-                    raise ArgumentError.new("The Cloudfront signing key id could not be inferred from #{key_path}. Please supply the key pair id as a configuration arguemet.")
-                end
-                @default_expires = options[:default_expires] ? options[:default_expires] : 3600
-            end
-            # Signing methods
-            #----------------------------------------------------------------------------
-            # Sign a url - encoding any spaces in the url before signing. CloudFront
-            # stipulates that signed URLs must not contain spaces (as opposed to stream
-            # paths/filenames which CAN contain spaces).
-            #----------------------------------------------------------------------------
-            def self.sign_url(subject, policy_options = {})
-                self.sign(subject, {:remove_spaces => true}, policy_options)
-            end
-            # Sign a url (as above) and HTML encode the result.
-            #----------------------------------------------------------------------------
-            def self.sign_url_safe(subject, policy_options = {})
-                self.sign(subject, {:remove_spaces => true, :html_escape => true}, policy_options)
-            end
-            # Sign a stream path part or filename (spaces are allowed in stream paths
-            # and so are not removed).
-            #----------------------------------------------------------------------------
-            def self.sign_path(subject, policy_options ={})
-                self.sign(subject, {:remove_spaces => false}, policy_options)
-            end
-            # Sign a stream path or filename and HTML encode the result.
-            #----------------------------------------------------------------------------
-            def self.sign_path_safe(subject, policy_options ={})
-                self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options)
-            end
-            # Sign a subject url or stream resource name with optional configuration and
-            # policy options
-            #----------------------------------------------------------------------------
-            def self.sign(subject, configuration_options = {}, policy_options = {})
-                raise "Configure using AWS::CF.Signer.configure! before signing." unless self.is_configured?
-                # If the url or stream path already has a query string parameter - append to that.
-                separator = subject =~ /\?/ ? '&' : '?'
-                if configuration_options[:remove_spaces]
-                    subject.gsub!(/\s/, "%20")
-                end
-                if policy_options[:policy_file]
-                    policy = IO.read(policy_options[:policy_file])
-                    result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
-                else
-                    if policy_options.keys.size <= 1
-                        # Canned Policy - shorter URL
-                        expires_at = epoch_time(policy_options[:expires] || Time.now + self.default_expires)
-                        policy = %({"Statement":[{"Resource":"#{subject}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
-                        result = "#{subject}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
-                    else
-                        # Custom Policy
-                        resource = policy_options[:resource] || subject
-                        policy = generate_custom_policy(resource, policy_options)
-                        result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
-                    end
-                end
-                if configuration_options[:html_escape]
-                    return html_encode(result)
-                else
-                    return result
-                end
-            end
-            # Private helper methods
-            #----------------------------------------------------------------------------
-            private
-            #----------------------------------------------------------------------------
-            def self.generate_custom_policy(resource, options)
-                conditions = ["\"DateLessThan\":{\"AWS:EpochTime\":#{epoch_time(options[:expires])}}"]
-                conditions << "\"DateGreaterThan\":{\"AWS:EpochTime\":#{epoch_time(options[:starting])}}" if options[:starting]
-                conditions << "\"IpAddress\":{\"AWS:SourceIp\":\"#{options[:ip_range]}\"" if options[:ip_range]
+  module CF
+    class Signer
+      # Public non-inheritable class accessors
+      class << self
+        # Public: Provides a configuration option to set the key_pair_id if it has not
+        # been inferred from the key_path
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.key_pair_id = "XXYYZZ"
+        #   end
+        #
+        # Returns a String value indicating the current setting
+        attr_accessor :key_pair_id
+        # Public: Provides a configuration option that sets the key_path
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.key_path = "/path/to/your/keyfile.pem"
+        #   end
+        #
+        # Returns nothing.
+        def key_path=(path)
+          raise ArgumentError.new("The signing key could not be found at #{path}") unless File.exists?(path)
+          @key_path = path
+          @key = OpenSSL::PKey::RSA.new(File.readlines(path).join(""))
+        end
+        # Public: Provides an accessor to the key_path
+        #
+        # Returns a String value indicating the current setting
+        def key_path
+          @key_path
+        end
+        # Public: Provides a configuration option that sets the default_expires in milliseconds
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.default_expires = 3600
+        #   end
+        #
+        # Returns nothing.
+        def default_expires=(value)
+          @default_expires = value
+        end
+        # Public: Provides an accessor to the default_expires value
+        #
+        # Returns an Integer value indicating the current setting
+        def default_expires
+          @default_expires ||= 3600
+        end
+        private
+        # Private: Provides an accessor to the RSA key value
+        #
+        # Returns an RSA key pair.
+        def private_key
+          @key
+        end
+      end
+      # Public: Provides a simple way to configure the signing class.
+      #
+      # Yields self.
+      #
+      # Examples
+      #
+      #   AWS::CF::Signer.configure do |config|
+      #     config.key_path = "/path/to/yourkeyfile.pem"
+      #     config.key_pair_id  = "XXYYZZ"
+      #     config.default_expires = 3600
+      #   end
+      #
+      # Returns nothing.
+      def self.configure
+        yield self if block_given?
+        raise ArgumentError.new("You must supply the path to a PEM format RSA key pair.") unless self.key_path
+        unless @key_pair_id
+          @key_pair_id = extract_key_pair_id(self.key_path)
+          raise ArgumentError.new("The Cloudfront signing key id could not be inferred from #{self.key_path}. Please supply the key pair id as a configuration argument.") unless @key_pair_id
+        end
+      end
+      # Public: Provides a configuration check method which tests to see
+      # that the key_path, key_pair_id and private key values have all been set.
+      #
+      # Returns a Boolean value indicating that settings are present.
+      def self.is_configured?
+        (self.key_path.nil? || self.key_pair_id.nil? || private_key.nil?) ? false : true
+      end
+      # Public: Sign a url - encoding any spaces in the url before signing. CloudFront
+      # stipulates that signed URLs must not contain spaces (as opposed to stream
+      # paths/filenames which CAN contain spaces).
+      #
+      # Returns a String
+      def self.sign_url(subject, policy_options = {})
+        self.sign(subject, {:remove_spaces => true}, policy_options)
+      end
+      # Public: Sign a url (as above) and HTML encode the result.
+      #
+      # Returns a String
+      def self.sign_url_safe(subject, policy_options = {})
+        self.sign(subject, {:remove_spaces => true, :html_escape => true}, policy_options)
+      end
+      # Public: Sign a stream path part or filename (spaces are allowed in stream paths
+      # and so are not removed).
+      #
+      # Returns a String
+      def self.sign_path(subject, policy_options ={})
+        self.sign(subject, {:remove_spaces => false}, policy_options)
+      end
+      # Public: Sign a stream path or filename and HTML encode the result.
+      #
+      # Returns a String
+      def self.sign_path_safe(subject, policy_options ={})
+        self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options)
+      end
+      # Public: Sign a subject url or stream resource name with optional configuration and
+      # policy options
+      #
+      # Returns a String
+      def self.sign(subject, configuration_options = {}, policy_options = {})
+        raise "Configure using AWS::CF.Signer.configure! before signing." unless self.is_configured?
+        # If the url or stream path already has a query string parameter - append to that.
+        separator = subject =~ /\?/ ? '&' : '?'
+        if configuration_options[:remove_spaces]
+          subject.gsub!(/\s/, "%20")
+        end
+        if policy_options[:policy_file]
+          policy = IO.read(policy_options[:policy_file])
+          result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+        else
+          if policy_options.keys.size <= 1
+            # Canned Policy - shorter URL
+            expires_at = epoch_time(policy_options[:expires] || Time.now + self.default_expires)
+            policy = %({"Statement":[{"Resource":"#{subject}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
+            result = "#{subject}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+          else
+            # Custom Policy
+            resource = policy_options[:resource] || subject
+            policy = generate_custom_policy(resource, policy_options)
+            result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+          end
+        end
+        if configuration_options[:html_escape]
+          return html_encode(result)
+        else
+          return result
+        end
+      end
+      # Private helper methods
+      private
+      def self.generate_custom_policy(resource, options)
+        conditions = ["\"DateLessThan\":{\"AWS:EpochTime\":#{epoch_time(options[:expires])}}"]
+        conditions << "\"DateGreaterThan\":{\"AWS:EpochTime\":#{epoch_time(options[:starting])}}" if options[:starting]
+        conditions << "\"IpAddress\":{\"AWS:SourceIp\":\"#{options[:ip_range]}\"" if options[:ip_range]
                 %({"Statement":[{"Resource":"#{resource}","Condition":{#{conditions.join(',')}}}}]})
-            end
-            #----------------------------------------------------------------------------
-            def self.epoch_time(timelike)
-                case timelike
-                when String then Time.parse(timelike).to_i
-                when Time   then timelike.to_i
-                else raise ArgumentError.new("Invalid argument - String or Time required - #{timelike.class} passed.")
-                end
-            end
-            #----------------------------------------------------------------------------
-            def self.encode_policy(policy)
-                url_encode(Base64.encode64(policy))
-            end
-            #----------------------------------------------------------------------------
-            def self.create_signature(policy)
-                url_encode(Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, (policy))))
-            end
-            #----------------------------------------------------------------------------
-            def self.extract_key_pair_id(key_path)
-                File.basename(key_path) =~ /^pk-(.*).pem$/ ? $1 : nil
-            end
-            #----------------------------------------------------------------------------
-            def self.url_encode(s)
-                s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','')
-            end
-            #----------------------------------------------------------------------------
-            def self.html_encode(s)
-                return s.gsub('?', '%3F').gsub('=', '%3D').gsub('&', '%26')
-            end
+      end
+      def self.epoch_time(timelike)
+        case timelike
+        when String then Time.parse(timelike).to_i
+        when Time   then timelike.to_i
+        else raise ArgumentError.new("Invalid argument - String or Time required - #{timelike.class} passed.")
         end
+      end
+      def self.encode_policy(policy)
+        url_encode(Base64.encode64(policy))
+      end
+      def self.create_signature(policy)
+        url_encode(Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, (policy))))
+      end
+      def self.extract_key_pair_id(key_path)
+        File.basename(key_path) =~ /^pk-(.*).pem$/ ? $1 : nil
+      end
+      def self.url_encode(s)
+        s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','')
+      end
+      def self.html_encode(s)
+        return s.gsub('?', '%3F').gsub('=', '%3D').gsub('&', '%26')
+      end
     end
+  end
 end

data/lib/cloudfront-signer/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module AWS
     module CF
-        VERSION = "1.0.0"
+        VERSION = "2.0.0"
     end
 end

data/spec/signer_spec.rb CHANGED Viewed

@@ -2,73 +2,79 @@ require 'spec_helper'
 describe AWS::CF::Signer do
-    let(:key_path) { File.expand_path(File.dirname(__FILE__) + '/keys/pk-APKAIKUROOUNR2BAFUUU.pem') }
+  let(:key_path) { File.expand_path(File.dirname(__FILE__) + '/keys/pk-APKAIKUROOUNR2BAFUUU.pem') }
-    before(:each) do
-        AWS::CF::Signer.configure!(key_path)
+  before(:each) do
+    AWS::CF::Signer.configure do |config|
+      config.key_path = key_path
+      #config.key_pair_id  = "XXYYZZ"
+      #config.default_expires = 3600
     end
+  end
-    describe "before default use" do
+  describe "before default use" do
-        it "should be configured" do
-            AWS::CF::Signer.is_configured?.should eql(true)
-        end
+    it "should be configured" do
+      AWS::CF::Signer.is_configured?.should eql(true)
+    end
+    it "should expire urls and paths in one hour by default" do
+      AWS::CF::Signer.default_expires.should eql(3600)
+    end
+    it "should optionally be configured to expire urls and paths in ten minutes" do
+      AWS::CF::Signer.default_expires =  600
+      AWS::CF::Signer.default_expires.should eql(600)
+      AWS::CF::Signer.default_expires =  nil
+    end
+  end
+  describe "when signing a url" do
-        it "should expire urls and paths in one hour by default" do
-            AWS::CF::Signer.default_expires.should eql(3600)
-        end
+    it "should remove spaces from the url" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url)
+      (result =~ /\s/).should be_nil
+    end
+    it "should not html encode the signed url by default" do
+      url = "http://somedomain.com/someresource?opt1=one&opt2=two"
+      result = AWS::CF::Signer.sign_url(url)
+      (result =~ /\?/).should_not be_nil
+      (result =~ /=/).should_not be_nil
+      (result =~ /&/).should_not be_nil
+    end
-        it "should optionally be configured to expire urls and paths in ten minutes" do
-            AWS::CF::Signer.configure!(key_path, :default_expires => 600)
-            AWS::CF::Signer.default_expires.should eql(600)
-        end
+    it "should optionally html encode the signed url" do
+      url = "http://somedomain.com/someresource?opt1=one&opt2=two"
+      result = AWS::CF::Signer.sign_url_safe(url)
+      (result =~ /\?/).should be_nil
+      (result =~ /=/).should be_nil
+      (result =~ /&/).should be_nil
     end
-    describe "when signing a url" do
-        it "should remove spaces from the url" do
-            url = "http://somedomain.com/sign me"
-            result = AWS::CF::Signer.sign_url(url)
-            (result =~ /\s/).should be_nil
-        end
-        it "should not html encode the signed url by default" do
-            url = "http://somedomain.com/someresource?opt1=one&opt2=two"
-            result = AWS::CF::Signer.sign_url(url)
-            (result =~ /\?/).should_not be_nil
-            (result =~ /=/).should_not be_nil
-            (result =~ /&/).should_not be_nil
-        end
-        it "should optionally html encode the signed url" do
-            url = "http://somedomain.com/someresource?opt1=one&opt2=two"
-            result = AWS::CF::Signer.sign_url_safe(url)
-            (result =~ /\?/).should be_nil
-            (result =~ /=/).should be_nil
-            (result =~ /&/).should be_nil
-        end
-        it "should expire in one hour by default" do
-            url = "http://somedomain.com/sign me"
-            result = AWS::CF::Signer.sign_url(url)
-            get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
-        end
-        it "should optionally expire in ten minutes" do
-            url = "http://somedomain.com/sign me"
-            result = AWS::CF::Signer.sign_url(url, :expires => Time.now + 600)
-            get_query_value(result, 'Expires').to_i.should eql((Time.now + 600 ).to_i)
-        end
+    it "should expire in one hour by default" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url)
+      get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
+    end
+    it "should optionally expire in ten minutes" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url, :expires => Time.now + 600)
+      get_query_value(result, 'Expires').to_i.should eql((Time.now + 600 ).to_i)
     end
+  end
-    describe "when signing a path" do
+  describe "when signing a path" do
-        it "should not remove spaces from the path" do
-            path = "/someprefix/sign me"
-            result = AWS::CF::Signer.sign_path(path)
-            (result =~ /\s/).should_not be_nil
-        end
+    it "should not remove spaces from the path" do
+      path = "/someprefix/sign me"
+      result = AWS::CF::Signer.sign_path(path)
+      (result =~ /\s/).should_not be_nil
     end
+  end
 end

data/spec/spec_helper.rb CHANGED Viewed

@@ -5,13 +5,13 @@ require 'rspec'
 require 'cloudfront-signer'
 def get_query_value(url, key)
-    query_string = url.slice((url =~ /\?/) + 1..-1)
-    pairs = query_string.split('&')
-    pairs.each do |item|
-        if item.start_with?(key)
-            return item.split('=')[1]
-        end
+  query_string = url.slice((url =~ /\?/) + 1..-1)
+  pairs = query_string.split('&')
+  pairs.each do |item|
+    if item.start_with?(key)
+      return item.split('=')[1]
     end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloudfront-signer
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
   prerelease:
 platform: ruby
 authors:
@@ -9,12 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-08-08 00:00:00.000000000 +07:00
-default_executable:
+date: 2012-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2151692620 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,8 +21,13 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2151692620
-description: A fork of Dylan Vaughn's excellent signing gem - https://github.com/stlondemand/aws_cf_signer.
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A fork of Dylan Vaughn's signing gem - https://github.com/stlondemand/aws_cf_signer.
   The gem has been rewritten to use class methods and includes specific signing methods
   for both url and streaming paths, including html 'safe' escpaed versions of each.
 email:
@@ -33,6 +37,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .rspec
 - Gemfile
 - LICENSE
 - README.markdown
@@ -44,7 +49,6 @@ files:
 - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
 - spec/signer_spec.rb
 - spec/spec_helper.rb
-has_rdoc: true
 homepage: http://github.com/58bits/cloudfront-signer
 licenses: []
 post_install_message:
@@ -65,7 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: cloudfront-signer
-rubygems_version: 1.6.2
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: A gem to sign url and stream paths for Amazon CloudFront private content.