RubyGems - cloudfront-signer - Versions diffs - 1.0.0 → 2.0.0 - Mend

cloudfront-signer 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/.rspec +3 -0
data/cloudfront-signer.gemspec +1 -1
data/lib/cloudfront-signer.rb +216 -176
data/lib/cloudfront-signer/version.rb +1 -1
data/spec/signer_spec.rb +61 -55
data/spec/spec_helper.rb +6 -6
metadata +12 -8

data/.rspec ADDED Viewed

@@ -0,0 +1,3 @@
+--colour
+--drb
+--format documentation

data/cloudfront-signer.gemspec CHANGED Viewed

@@ -9,7 +9,7 @@ Gem::Specification.new do |s|
   s.email       = ["tony@58bits.com"]
   s.homepage    = "http://github.com/58bits/cloudfront-signer"
   s.summary     = %q{A gem to sign url and stream paths for Amazon CloudFront private content.}
-  s.description = %q{A fork of Dylan Vaughn's excellent signing gem - https://github.com/stlondemand/aws_cf_signer. The gem has been rewritten to use class methods and includes specific signing methods for both url and streaming paths, including html 'safe' escpaed versions of each.}
+  s.description = %q{A fork of Dylan Vaughn's signing gem - https://github.com/stlondemand/aws_cf_signer. The gem has been rewritten to use class methods and includes specific signing methods for both url and streaming paths, including html 'safe' escpaed versions of each.}
   s.rubyforge_project = "cloudfront-signer"

data/lib/cloudfront-signer.rb CHANGED Viewed

@@ -6,183 +6,223 @@ require 'base64'
 require "cloudfront-signer/version"
 module AWS
-    module CF
-        class Signer
-            # Public non-inheritable class accessors
-            #----------------------------------------------------------------------------
-            class << self
-                attr_accessor :key_pair_id
-                def key_path
-                    @key_path
-                end
-                def key_path=(path)
-                    raise ArgumentError.new("The signing key could not be found at #{path}") unless File.exists?(path)
-                    @key_path = path
-                    @key = OpenSSL::PKey::RSA.new(File.readlines(path).join(""))
-                end
-                def default_expires
-                    @default_expires ||= 3600
-                end
-                def default_expires=(value)
-                    raise ArgumentError.new("The default expires value must be an integer") unless value.is_a?(Integer)
-                    @default_expires = value
-                end
-                private
-                # Private key
-                #----------------------------------------------------------------------------
-                def private_key
-                    @key
-                end
-            end
-            #----------------------------------------------------------------------------
-            def self.is_configured?
-                if self.key_path && self.key_pair_id && private_key
-                    return true
-                else
-                    return false
-                end
-            end
-            # Configure the signing class.
-            #----------------------------------------------------------------------------
-            def self.configure!(key_path, options = {})
-                raise ArgumentError.new("You must supply the path to a PEM format private RSA key.") if key_path.nil?
-                self.key_path = key_path
-                @key_pair_id = options[:key_pair_id] || extract_key_pair_id(key_path)
-                unless @key_pair_id
-                    raise ArgumentError.new("The Cloudfront signing key id could not be inferred from #{key_path}. Please supply the key pair id as a configuration arguemet.")
-                end
-                @default_expires = options[:default_expires] ? options[:default_expires] : 3600
-            end
-            # Signing methods
-            #----------------------------------------------------------------------------
-            # Sign a url - encoding any spaces in the url before signing. CloudFront
-            # stipulates that signed URLs must not contain spaces (as opposed to stream
-            # paths/filenames which CAN contain spaces).
-            #----------------------------------------------------------------------------
-            def self.sign_url(subject, policy_options = {})
-                self.sign(subject, {:remove_spaces => true}, policy_options)
-            end
-            # Sign a url (as above) and HTML encode the result.
-            #----------------------------------------------------------------------------
-            def self.sign_url_safe(subject, policy_options = {})
-                self.sign(subject, {:remove_spaces => true, :html_escape => true}, policy_options)
-            end
-            # Sign a stream path part or filename (spaces are allowed in stream paths
-            # and so are not removed).
-            #----------------------------------------------------------------------------
-            def self.sign_path(subject, policy_options ={})
-                self.sign(subject, {:remove_spaces => false}, policy_options)
-            end
-            # Sign a stream path or filename and HTML encode the result.
-            #----------------------------------------------------------------------------
-            def self.sign_path_safe(subject, policy_options ={})
-                self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options)
-            end
-            # Sign a subject url or stream resource name with optional configuration and
-            # policy options
-            #----------------------------------------------------------------------------
-            def self.sign(subject, configuration_options = {}, policy_options = {})
-                raise "Configure using AWS::CF.Signer.configure! before signing." unless self.is_configured?
-                # If the url or stream path already has a query string parameter - append to that.
-                separator = subject =~ /\?/ ? '&' : '?'
-                if configuration_options[:remove_spaces]
-                    subject.gsub!(/\s/, "%20")
-                end
-                if policy_options[:policy_file]
-                    policy = IO.read(policy_options[:policy_file])
-                    result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
-                else
-                    if policy_options.keys.size <= 1
-                        # Canned Policy - shorter URL
-                        expires_at = epoch_time(policy_options[:expires] || Time.now + self.default_expires)
-                        policy = %({"Statement":[{"Resource":"#{subject}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
-                        result = "#{subject}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
-                    else
-                        # Custom Policy
-                        resource = policy_options[:resource] || subject
-                        policy = generate_custom_policy(resource, policy_options)
-                        result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
-                    end
-                end
-                if configuration_options[:html_escape]
-                    return html_encode(result)
-                else
-                    return result
-                end
-            end
-            # Private helper methods
-            #----------------------------------------------------------------------------
-            private
-            #----------------------------------------------------------------------------
-            def self.generate_custom_policy(resource, options)
-                conditions = ["\"DateLessThan\":{\"AWS:EpochTime\":#{epoch_time(options[:expires])}}"]
-                conditions << "\"DateGreaterThan\":{\"AWS:EpochTime\":#{epoch_time(options[:starting])}}" if options[:starting]
-                conditions << "\"IpAddress\":{\"AWS:SourceIp\":\"#{options[:ip_range]}\"" if options[:ip_range]
+  module CF
+    class Signer
+      # Public non-inheritable class accessors
+      class << self
+        # Public: Provides a configuration option to set the key_pair_id if it has not
+        # been inferred from the key_path
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.key_pair_id = "XXYYZZ"
+        #   end
+        #
+        # Returns a String value indicating the current setting
+        attr_accessor :key_pair_id
+        # Public: Provides a configuration option that sets the key_path
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.key_path = "/path/to/your/keyfile.pem"
+        #   end
+        #
+        # Returns nothing.
+        def key_path=(path)
+          raise ArgumentError.new("The signing key could not be found at #{path}") unless File.exists?(path)
+          @key_path = path
+          @key = OpenSSL::PKey::RSA.new(File.readlines(path).join(""))
+        end
+        # Public: Provides an accessor to the key_path
+        #
+        # Returns a String value indicating the current setting
+        def key_path
+          @key_path
+        end
+        # Public: Provides a configuration option that sets the default_expires in milliseconds
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.default_expires = 3600
+        #   end
+        #
+        # Returns nothing.
+        def default_expires=(value)
+          @default_expires = value
+        end
+        # Public: Provides an accessor to the default_expires value
+        #
+        # Returns an Integer value indicating the current setting
+        def default_expires
+          @default_expires ||= 3600
+        end
+        private
+        # Private: Provides an accessor to the RSA key value
+        #
+        # Returns an RSA key pair.
+        def private_key
+          @key
+        end
+      end
+      # Public: Provides a simple way to configure the signing class.
+      #
+      # Yields self.
+      #
+      # Examples
+      #
+      #   AWS::CF::Signer.configure do |config|
+      #     config.key_path = "/path/to/yourkeyfile.pem"
+      #     config.key_pair_id  = "XXYYZZ"
+      #     config.default_expires = 3600
+      #   end
+      #
+      # Returns nothing.
+      def self.configure
+        yield self if block_given?
+        raise ArgumentError.new("You must supply the path to a PEM format RSA key pair.") unless self.key_path
+        unless @key_pair_id
+          @key_pair_id = extract_key_pair_id(self.key_path)
+          raise ArgumentError.new("The Cloudfront signing key id could not be inferred from #{self.key_path}. Please supply the key pair id as a configuration argument.") unless @key_pair_id
+        end
+      end
+      # Public: Provides a configuration check method which tests to see
+      # that the key_path, key_pair_id and private key values have all been set.
+      #
+      # Returns a Boolean value indicating that settings are present.
+      def self.is_configured?
+        (self.key_path.nil? || self.key_pair_id.nil? || private_key.nil?) ? false : true
+      end
+      # Public: Sign a url - encoding any spaces in the url before signing. CloudFront
+      # stipulates that signed URLs must not contain spaces (as opposed to stream
+      # paths/filenames which CAN contain spaces).
+      #
+      # Returns a String
+      def self.sign_url(subject, policy_options = {})
+        self.sign(subject, {:remove_spaces => true}, policy_options)
+      end
+      # Public: Sign a url (as above) and HTML encode the result.
+      #
+      # Returns a String
+      def self.sign_url_safe(subject, policy_options = {})
+        self.sign(subject, {:remove_spaces => true, :html_escape => true}, policy_options)
+      end
+      # Public: Sign a stream path part or filename (spaces are allowed in stream paths
+      # and so are not removed).
+      #
+      # Returns a String
+      def self.sign_path(subject, policy_options ={})
+        self.sign(subject, {:remove_spaces => false}, policy_options)
+      end
+      # Public: Sign a stream path or filename and HTML encode the result.
+      #
+      # Returns a String
+      def self.sign_path_safe(subject, policy_options ={})
+        self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options)
+      end
+      # Public: Sign a subject url or stream resource name with optional configuration and
+      # policy options
+      #
+      # Returns a String
+      def self.sign(subject, configuration_options = {}, policy_options = {})
+        raise "Configure using AWS::CF.Signer.configure! before signing." unless self.is_configured?
+        # If the url or stream path already has a query string parameter - append to that.
+        separator = subject =~ /\?/ ? '&' : '?'
+        if configuration_options[:remove_spaces]
+          subject.gsub!(/\s/, "%20")
+        end
+        if policy_options[:policy_file]
+          policy = IO.read(policy_options[:policy_file])
+          result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+        else
+          if policy_options.keys.size <= 1
+            # Canned Policy - shorter URL
+            expires_at = epoch_time(policy_options[:expires] || Time.now + self.default_expires)
+            policy = %({"Statement":[{"Resource":"#{subject}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
+            result = "#{subject}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+          else
+            # Custom Policy
+            resource = policy_options[:resource] || subject
+            policy = generate_custom_policy(resource, policy_options)
+            result = "#{subject}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+          end
+        end
+        if configuration_options[:html_escape]
+          return html_encode(result)
+        else
+          return result
+        end
+      end
+      # Private helper methods
+      private
+      def self.generate_custom_policy(resource, options)
+        conditions = ["\"DateLessThan\":{\"AWS:EpochTime\":#{epoch_time(options[:expires])}}"]
+        conditions << "\"DateGreaterThan\":{\"AWS:EpochTime\":#{epoch_time(options[:starting])}}" if options[:starting]
+        conditions << "\"IpAddress\":{\"AWS:SourceIp\":\"#{options[:ip_range]}\"" if options[:ip_range]
                 %({"Statement":[{"Resource":"#{resource}","Condition":{#{conditions.join(',')}}}}]})
-            end
-            #----------------------------------------------------------------------------
-            def self.epoch_time(timelike)
-                case timelike
-                when String then Time.parse(timelike).to_i
-                when Time   then timelike.to_i
-                else raise ArgumentError.new("Invalid argument - String or Time required - #{timelike.class} passed.")
-                end
-            end
-            #----------------------------------------------------------------------------
-            def self.encode_policy(policy)
-                url_encode(Base64.encode64(policy))
-            end
-            #----------------------------------------------------------------------------
-            def self.create_signature(policy)
-                url_encode(Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, (policy))))
-            end
-            #----------------------------------------------------------------------------
-            def self.extract_key_pair_id(key_path)
-                File.basename(key_path) =~ /^pk-(.*).pem$/ ? $1 : nil
-            end
-            #----------------------------------------------------------------------------
-            def self.url_encode(s)
-                s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','')
-            end
-            #----------------------------------------------------------------------------
-            def self.html_encode(s)
-                return s.gsub('?', '%3F').gsub('=', '%3D').gsub('&', '%26')
-            end
+      end
+      def self.epoch_time(timelike)
+        case timelike
+        when String then Time.parse(timelike).to_i
+        when Time   then timelike.to_i
+        else raise ArgumentError.new("Invalid argument - String or Time required - #{timelike.class} passed.")
         end
+      end
+      def self.encode_policy(policy)
+        url_encode(Base64.encode64(policy))
+      end
+      def self.create_signature(policy)
+        url_encode(Base64.encode64(private_key.sign(OpenSSL::Digest::SHA1.new, (policy))))
+      end
+      def self.extract_key_pair_id(key_path)
+        File.basename(key_path) =~ /^pk-(.*).pem$/ ? $1 : nil
+      end
+      def self.url_encode(s)
+        s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','')
+      end
+      def self.html_encode(s)
+        return s.gsub('?', '%3F').gsub('=', '%3D').gsub('&', '%26')
+      end
     end
+  end
 end

data/lib/cloudfront-signer/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module AWS
     module CF
-        VERSION = "1.0.0"
+        VERSION = "2.0.0"
     end
 end

data/spec/signer_spec.rb CHANGED Viewed

@@ -2,73 +2,79 @@ require 'spec_helper'
 describe AWS::CF::Signer do
-    let(:key_path) { File.expand_path(File.dirname(__FILE__) + '/keys/pk-APKAIKUROOUNR2BAFUUU.pem') }
+  let(:key_path) { File.expand_path(File.dirname(__FILE__) + '/keys/pk-APKAIKUROOUNR2BAFUUU.pem') }
-    before(:each) do
-        AWS::CF::Signer.configure!(key_path)
+  before(:each) do
+    AWS::CF::Signer.configure do |config|
+      config.key_path = key_path
+      #config.key_pair_id  = "XXYYZZ"
+      #config.default_expires = 3600
     end
+  end
-    describe "before default use" do
+  describe "before default use" do
-        it "should be configured" do
-            AWS::CF::Signer.is_configured?.should eql(true)
-        end
+    it "should be configured" do
+      AWS::CF::Signer.is_configured?.should eql(true)
+    end
+    it "should expire urls and paths in one hour by default" do
+      AWS::CF::Signer.default_expires.should eql(3600)
+    end
+    it "should optionally be configured to expire urls and paths in ten minutes" do
+      AWS::CF::Signer.default_expires =  600
+      AWS::CF::Signer.default_expires.should eql(600)
+      AWS::CF::Signer.default_expires =  nil
+    end
+  end
+  describe "when signing a url" do
-        it "should expire urls and paths in one hour by default" do
-            AWS::CF::Signer.default_expires.should eql(3600)
-        end
+    it "should remove spaces from the url" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url)
+      (result =~ /\s/).should be_nil
+    end
+    it "should not html encode the signed url by default" do
+      url = "http://somedomain.com/someresource?opt1=one&opt2=two"
+      result = AWS::CF::Signer.sign_url(url)
+      (result =~ /\?/).should_not be_nil
+      (result =~ /=/).should_not be_nil
+      (result =~ /&/).should_not be_nil
+    end
-        it "should optionally be configured to expire urls and paths in ten minutes" do
-            AWS::CF::Signer.configure!(key_path, :default_expires => 600)
-            AWS::CF::Signer.default_expires.should eql(600)
-        end
+    it "should optionally html encode the signed url" do
+      url = "http://somedomain.com/someresource?opt1=one&opt2=two"
+      result = AWS::CF::Signer.sign_url_safe(url)
+      (result =~ /\?/).should be_nil
+      (result =~ /=/).should be_nil
+      (result =~ /&/).should be_nil
     end
-    describe "when signing a url" do
-        it "should remove spaces from the url" do
-            url = "http://somedomain.com/sign me"
-            result = AWS::CF::Signer.sign_url(url)
-            (result =~ /\s/).should be_nil
-        end
-        it "should not html encode the signed url by default" do
-            url = "http://somedomain.com/someresource?opt1=one&opt2=two"
-            result = AWS::CF::Signer.sign_url(url)
-            (result =~ /\?/).should_not be_nil
-            (result =~ /=/).should_not be_nil
-            (result =~ /&/).should_not be_nil
-        end
-        it "should optionally html encode the signed url" do
-            url = "http://somedomain.com/someresource?opt1=one&opt2=two"
-            result = AWS::CF::Signer.sign_url_safe(url)
-            (result =~ /\?/).should be_nil
-            (result =~ /=/).should be_nil
-            (result =~ /&/).should be_nil
-        end
-        it "should expire in one hour by default" do
-            url = "http://somedomain.com/sign me"
-            result = AWS::CF::Signer.sign_url(url)
-            get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
-        end
-        it "should optionally expire in ten minutes" do
-            url = "http://somedomain.com/sign me"
-            result = AWS::CF::Signer.sign_url(url, :expires => Time.now + 600)
-            get_query_value(result, 'Expires').to_i.should eql((Time.now + 600 ).to_i)
-        end
+    it "should expire in one hour by default" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url)
+      get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
+    end
+    it "should optionally expire in ten minutes" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url, :expires => Time.now + 600)
+      get_query_value(result, 'Expires').to_i.should eql((Time.now + 600 ).to_i)
     end
+  end
-    describe "when signing a path" do
+  describe "when signing a path" do
-        it "should not remove spaces from the path" do
-            path = "/someprefix/sign me"
-            result = AWS::CF::Signer.sign_path(path)
-            (result =~ /\s/).should_not be_nil
-        end
+    it "should not remove spaces from the path" do
+      path = "/someprefix/sign me"
+      result = AWS::CF::Signer.sign_path(path)
+      (result =~ /\s/).should_not be_nil
     end
+  end
 end

data/spec/spec_helper.rb CHANGED Viewed

@@ -5,13 +5,13 @@ require 'rspec'
 require 'cloudfront-signer'
 def get_query_value(url, key)
-    query_string = url.slice((url =~ /\?/) + 1..-1)
-    pairs = query_string.split('&')
-    pairs.each do |item|
-        if item.start_with?(key)
-            return item.split('=')[1]
-        end
+  query_string = url.slice((url =~ /\?/) + 1..-1)
+  pairs = query_string.split('&')
+  pairs.each do |item|
+    if item.start_with?(key)
+      return item.split('=')[1]
     end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cloudfront-signer
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
   prerelease:
 platform: ruby
 authors:
@@ -9,12 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-08-08 00:00:00.000000000 +07:00
-default_executable:
+date: 2012-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2151692620 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,8 +21,13 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2151692620
-description: A fork of Dylan Vaughn's excellent signing gem - https://github.com/stlondemand/aws_cf_signer.
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A fork of Dylan Vaughn's signing gem - https://github.com/stlondemand/aws_cf_signer.
   The gem has been rewritten to use class methods and includes specific signing methods
   for both url and streaming paths, including html 'safe' escpaed versions of each.
 email:
@@ -33,6 +37,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .rspec
 - Gemfile
 - LICENSE
 - README.markdown
@@ -44,7 +49,6 @@ files:
 - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
 - spec/signer_spec.rb
 - spec/spec_helper.rb
-has_rdoc: true
 homepage: http://github.com/58bits/cloudfront-signer
 licenses: []
 post_install_message:
@@ -65,7 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: cloudfront-signer
-rubygems_version: 1.6.2
+rubygems_version: 1.8.23
 signing_key:
 specification_version: 3
 summary: A gem to sign url and stream paths for Amazon CloudFront private content.