cloudfront-signer 2.1.0 → 2.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d37c96b16a6cb79d5ac0d02e63832c5a7e0f025b
+  data.tar.gz: 18a4dec2b55f184a73101d7cc5c7215442fd83ec
+SHA512:
+  metadata.gz: c85cc296da175cc226fb149a84bb45d0c8cef0dca4fa738ebc79ebeae2e9e64d0556a7ddc69ceb9fa50ae18986b109d6bef914b5a3385260ff9f29a2cd2f428b
+  data.tar.gz: 3dc4a69e1e0aa92dbefa2621bc88d267a212edf9168b70b47f47c4817600f57e538f97b7c8cc2b48296a681c036463e36af4fab5f520c58893272d7c939ce445

data/ChangeLog.markdown

@@ -0,0 +1,4 @@
+### 2.1.1 / 2013-10-31
+* Added changelog file
+* Aceppted merge request from https://github.com/bullfight, Refactored configuration to allow for key to be passed in directly.
+

data/README.markdown

@@ -1,6 +1,8 @@
 # cloudfront-signer
 
-A fork and re-write of Dylan Vaughn's [signing gem](https://github.com/stlondemand/aws_cf_signer). 
+See the [ChangeLog](https://github.com/58bits/cloudfront-signer/blob/master/ChangeLog.markdown) for details of this release.
+
+A fork and re-write of Dylan Vaughn's [signing gem](https://github.com/stlondemand/aws_cf_signer).
 
 See Amazon docs for [Using a Signed URL to Serve Private Content](http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?PrivateContent.html)
 
@@ -12,11 +14,11 @@ Seperate helper methods exist for safe signing of urls and stream paths, each of
 
 The original gem was published as `aws_cf_signer`. Use `gem install aws_cf_signer` to install that version.
 
-This gem has been publised as `cloudfront-signer`. Use `gem install cloudfront-signer` to install this gem. 
+This gem has been publised as `cloudfront-signer`. Use `gem install cloudfront-signer` to install this gem.
 
 Alternatively, place a copy of cloudfront-signer.rb (and the cloundfront-signer sub directory) in your lib directory.
 
-In either case the signing class must be configured - supplying the path to a signing key. Create the initializer by running:
+In either case the signing class must be configured - supplying the path to a signing key, or supplying the signing key directly as a string along with the `key_pair_id`. Create the initializer by running:
 
 ```
 bundle exec rails g cloudfront:install
@@ -24,13 +26,22 @@ bundle exec rails g cloudfront:install
 
 and customizing the resulting `config/initializers/cloudfront-signer.rb` file.
 
+### Generated `cloudfront-signer.rb`
+
+    AWS::CF::Signer.configure do |config|
+      config.key_path = '/path/to/keyfile.pem'
+      # config.key = ENV.fetch('PRIVATE_KEY') # key_path not required if key supplied directly
+      config.key_pair_id  = "XXYYZZ"
+      config.default_expires = 3600
+    end
+
 ## Usage
 
 Call the class `sign_url` or `sign_path` method with optional policy settings.
 
     AWS::CF::Signer.sign_url 'http://mydomain/path/to/my/content'
 
-or 
+or
 
     AWS::CF::Signer.sign_url 'http://mydomain/path/to/my/content', :expires => Time.now + 600
 
@@ -38,7 +49,7 @@ Streaming paths can be signed with the `sign_path` method.
 
     AWS::CF::Signer.sign_path 'path/to/my/content'
 
-or 
+or
 
     AWS::CF::Signer.sign_path 'path/to/my/content', :expires => Time.now + 600
 
@@ -70,11 +81,11 @@ You can also pass in a path to a policy file. This will supersede any other poli
     url = AWS::CF::Signer.sign_url('http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz', :policy_file => '/path/to/policy/file.txt')
 
 
-## Patches/Pull Requests 
+## Patches/Pull Requests
 
 * Fork the project.
 * Make your feature addition or bug fix.
-* Add tests for it. 
+* Add tests for it.
 * Commit
 * Send me a pull request. Bonus points for topic branches.
 

data/lib/cloudfront-signer.rb

@@ -10,8 +10,8 @@ module AWS
     class Signer
       # Public non-inheritable class accessors
       class << self
-        
-        # Public: Provides a configuration option to set the key_pair_id if it has not 
+
+        # Public: Provides a configuration option to set the key_pair_id if it has not
         # been inferred from the key_path
         #
         # Examples
@@ -23,7 +23,7 @@ module AWS
         # Returns a String value indicating the current setting
         attr_accessor :key_pair_id
 
-        # Public: Provides a configuration option that sets the key_path 
+        # Public: Provides a configuration option that sets the key_path
         #
         # Examples
         #
@@ -35,10 +35,22 @@ module AWS
         def key_path=(path)
           raise ArgumentError.new("The signing key could not be found at #{path}") unless File.exists?(path)
           @key_path = path
-          @key = OpenSSL::PKey::RSA.new(File.readlines(path).join(""))
+          self.key=(File.readlines(path).join(""))
         end
 
-        # Public: Provides an accessor to the key_path 
+        # Public: Provides a configuration option to set the key directly as a string e.g. as an ENV var
+        #
+        # Examples
+        #
+        #   AWS::CF::Signer.configure do |config|
+        #     config.key = ENV.fetch('KEY')
+        #   end
+        # Returns nothing.
+        def key=(key)
+          @key = OpenSSL::PKey::RSA.new(key)
+        end
+
+        # Public: Provides an accessor to the key_path
         #
         # Returns a String value indicating the current setting
         def key_path
@@ -59,7 +71,7 @@ module AWS
           @default_expires = value
         end
 
-        # Public: Provides an accessor to the default_expires value 
+        # Public: Provides an accessor to the default_expires value
         #
         # Returns an Integer value indicating the current setting
         def default_expires
@@ -69,7 +81,7 @@ module AWS
 
         private
 
-        # Private: Provides an accessor to the RSA key value 
+        # Private: Provides an accessor to the RSA key value
         #
         # Returns an RSA key pair.
         def private_key
@@ -94,30 +106,30 @@ module AWS
 
         yield self if block_given?
 
-        raise ArgumentError.new("You must supply the path to a PEM format RSA key pair.") unless self.key_path
+        raise ArgumentError.new("You must supply the path to a PEM format RSA key pair.") unless self.key_path || private_key
 
         unless @key_pair_id
           @key_pair_id = extract_key_pair_id(self.key_path)
-          raise ArgumentError.new("The Cloudfront signing key id could not be inferred from #{self.key_path}. Please supply the key pair id as a configuration argument.") unless @key_pair_id 
+          raise ArgumentError.new("The Cloudfront signing key id could not be inferred from #{self.key_path}. Please supply the key pair id as a configuration argument.") unless @key_pair_id
         end
 
       end
 
-      # Public: Provides a configuration check method which tests to see 
+      # Public: Provides a configuration check method which tests to see
       # that the key_path, key_pair_id and private key values have all been set.
       #
       # Returns a Boolean value indicating that settings are present.
       def self.is_configured?
-        (self.key_path.nil? || self.key_pair_id.nil? || private_key.nil?) ? false : true
+        (self.key_pair_id.nil? || private_key.nil?) ? false : true
       end
 
-      # Public: Sign a url - encoding any spaces in the url before signing. CloudFront 
+      # Public: Sign a url - encoding any spaces in the url before signing. CloudFront
       # stipulates that signed URLs must not contain spaces (as opposed to stream
-      # paths/filenames which CAN contain spaces). 
+      # paths/filenames which CAN contain spaces).
       #
-      # Returns a String 
-      def self.sign_url(subject, policy_options = {}) 
-        self.sign(subject, {:remove_spaces => true}, policy_options) 
+      # Returns a String
+      def self.sign_url(subject, policy_options = {})
+        self.sign(subject, {:remove_spaces => true}, policy_options)
       end
 
 
@@ -125,27 +137,27 @@ module AWS
       # Public: Sign a url (as above) and HTML encode the result.
       #
       # Returns a String
-      def self.sign_url_safe(subject, policy_options = {}) 
-        self.sign(subject, {:remove_spaces => true, :html_escape => true}, policy_options) 
+      def self.sign_url_safe(subject, policy_options = {})
+        self.sign(subject, {:remove_spaces => true, :html_escape => true}, policy_options)
       end
 
-      # Public: Sign a stream path part or filename (spaces are allowed in stream paths 
+      # Public: Sign a stream path part or filename (spaces are allowed in stream paths
       # and so are not removed).
-      # 
+      #
       # Returns a String
       def self.sign_path(subject, policy_options ={})
-        self.sign(subject, {:remove_spaces => false}, policy_options) 
+        self.sign(subject, {:remove_spaces => false}, policy_options)
       end
 
       # Public: Sign a stream path or filename and HTML encode the result.
       #
       # Returns a String
       def self.sign_path_safe(subject, policy_options ={})
-        self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options) 
+        self.sign(subject, {:remove_spaces => false, :html_escape => true}, policy_options)
       end
 
 
-      # Public: Sign a subject url or stream resource name with optional configuration and 
+      # Public: Sign a subject url or stream resource name with optional configuration and
       # policy options
       #
       # Returns a String
@@ -178,7 +190,7 @@ module AWS
         end
 
         if configuration_options[:html_escape]
-          return html_encode(result)    
+          return html_encode(result)
         else
           return result
         end

data/lib/cloudfront-signer/version.rb

@@ -1,5 +1,5 @@
 module AWS
     module CF
-        VERSION = "2.1.0"
+        VERSION = "2.1.1"
     end
 end

data/lib/generators/cloudfront/install/templates/cloudfront-signer.rb

@@ -1,5 +1,6 @@
 AWS::CF::Signer.configure do |config|
   config.key_path = '/path/to/keyfile.pem'
+  # config.key = ENV.fetch('PRIVATE_KEY') # key_path not required if key supplied directly
   config.key_pair_id  = "XXYYZZ"
   config.default_expires = 3600
 end

data/spec/signer_spec.rb

@@ -1,80 +1,110 @@
 require 'spec_helper'
 
 describe AWS::CF::Signer do
-
-  let(:key_path) { File.expand_path(File.dirname(__FILE__) + '/keys/pk-APKAIKUROOUNR2BAFUUU.pem') }
-
-  before(:each) do
-    AWS::CF::Signer.configure do |config|
-      config.key_path = key_path
-      #config.key_pair_id  = "XXYYZZ"
-      #config.default_expires = 3600
+  let(:key_pair_id) { 'APKAIKUROOUNR2BAFUUU' }
+  let(:key_path) { File.expand_path(File.dirname(__FILE__) + "/keys/pk-#{key_pair_id}.pem") }
+  let(:key) { File.readlines(key_path).join("") }
+
+  context "configured with key and key_pair_id" do
+    before do
+      AWS::CF::Signer.configure do |config|
+        config.key_pair_id = key_pair_id
+        config.key = key
+      end
     end
-  end
-
-  describe "before default use" do
 
     it "should be configured" do
       AWS::CF::Signer.is_configured?.should eql(true)
     end
 
-    it "should expire urls and paths in one hour by default" do
-      AWS::CF::Signer.default_expires.should eql(3600)
+    it "sets the private_key" do
+      AWS::CF::Signer.send(:private_key).should be_instance_of OpenSSL::PKey::RSA
     end
 
-    it "should optionally be configured to expire urls and paths in ten minutes" do
-      AWS::CF::Signer.default_expires =  600
-      AWS::CF::Signer.default_expires.should eql(600)
-      AWS::CF::Signer.default_expires =  nil
+    it "should expire in one hour by default" do
+      url = "http://somedomain.com/sign me"
+      result = AWS::CF::Signer.sign_url(url)
+      get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
     end
   end
 
-  describe "when signing a url" do
+  context "configured with key_path" do
 
-    it "should remove spaces from the url" do
-      url = "http://somedomain.com/sign me"
-      result = AWS::CF::Signer.sign_url(url)
-      (result =~ /\s/).should be_nil
+    before(:each) do
+      AWS::CF::Signer.configure do |config|
+        config.key_path = key_path
+        #config.key_pair_id  = "XXYYZZ"
+        #config.default_expires = 3600
+      end
     end
 
-    it "should not html encode the signed url by default" do
-      url = "http://somedomain.com/someresource?opt1=one&opt2=two"
-      result = AWS::CF::Signer.sign_url(url)
-      (result =~ /\?/).should_not be_nil
-      (result =~ /=/).should_not be_nil
-      (result =~ /&/).should_not be_nil
-    end
+    describe "before default use" do
 
-    it "should optionally html encode the signed url" do
-      url = "http://somedomain.com/someresource?opt1=one&opt2=two"
-      result = AWS::CF::Signer.sign_url_safe(url)
-      (result =~ /\?/).should be_nil
-      (result =~ /=/).should be_nil
-      (result =~ /&/).should be_nil
-    end
+      it "should be configured" do
+        AWS::CF::Signer.is_configured?.should eql(true)
+      end
 
-    it "should expire in one hour by default" do
-      url = "http://somedomain.com/sign me"
-      result = AWS::CF::Signer.sign_url(url)
-      get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
-    end
+      it "sets the private_key" do
+        AWS::CF::Signer.send(:private_key).should be_instance_of OpenSSL::PKey::RSA
+      end
 
-    it "should optionally expire in ten minutes" do
-      url = "http://somedomain.com/sign me"
-      result = AWS::CF::Signer.sign_url(url, :expires => Time.now + 600)
-      get_query_value(result, 'Expires').to_i.should eql((Time.now + 600 ).to_i)
+      it "should expire urls and paths in one hour by default" do
+        AWS::CF::Signer.default_expires.should eql(3600)
+      end
+
+      it "should optionally be configured to expire urls and paths in ten minutes" do
+        AWS::CF::Signer.default_expires =  600
+        AWS::CF::Signer.default_expires.should eql(600)
+        AWS::CF::Signer.default_expires =  nil
+      end
     end
 
-  end
+    describe "when signing a url" do
+
+      it "should remove spaces from the url" do
+        url = "http://somedomain.com/sign me"
+        result = AWS::CF::Signer.sign_url(url)
+        (result =~ /\s/).should be_nil
+      end
+
+      it "should not html encode the signed url by default" do
+        url = "http://somedomain.com/someresource?opt1=one&opt2=two"
+        result = AWS::CF::Signer.sign_url(url)
+        (result =~ /\?/).should_not be_nil
+        (result =~ /=/).should_not be_nil
+        (result =~ /&/).should_not be_nil
+      end
+
+      it "should optionally html encode the signed url" do
+        url = "http://somedomain.com/someresource?opt1=one&opt2=two"
+        result = AWS::CF::Signer.sign_url_safe(url)
+        (result =~ /\?/).should be_nil
+        (result =~ /=/).should be_nil
+        (result =~ /&/).should be_nil
+      end
+
+      it "should expire in one hour by default" do
+        url = "http://somedomain.com/sign me"
+        result = AWS::CF::Signer.sign_url(url)
+        get_query_value(result, 'Expires').to_i.should eql((Time.now + 3600).to_i)
+      end
+
+      it "should optionally expire in ten minutes" do
+        url = "http://somedomain.com/sign me"
+        result = AWS::CF::Signer.sign_url(url, :expires => Time.now + 600)
+        get_query_value(result, 'Expires').to_i.should eql((Time.now + 600 ).to_i)
+      end
 
+    end
 
-  describe "when signing a path" do
+    describe "when signing a path" do
 
-    it "should not remove spaces from the path" do
-      path = "/someprefix/sign me"
-      result = AWS::CF::Signer.sign_path(path)
-      (result =~ /\s/).should_not be_nil
-    end
+      it "should not remove spaces from the path" do
+        path = "/someprefix/sign me"
+        result = AWS::CF::Signer.sign_path(path)
+        (result =~ /\s/).should_not be_nil
+      end
 
+    end
   end
 end

metadata

@@ -1,30 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: cloudfront-signer
 version: !ruby/object:Gem::Version
-  version: 2.1.0
-  prerelease: 
+  version: 2.1.1
 platform: ruby
 authors:
 - Anthony Bouch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-12 00:00:00.000000000 Z
+date: 2013-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: A gem to sign url and stream paths for Amazon CloudFront private content.
@@ -38,6 +35,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- ChangeLog.markdown
 - Gemfile
 - LICENSE
 - README.markdown
@@ -53,31 +51,29 @@ files:
 - spec/spec_helper.rb
 homepage: http://github.com/58bits/cloudfront-signer
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: cloudfront-signer
-rubygems_version: 1.8.23
+rubygems_version: 2.0.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: A gem to sign url and stream paths for Amazon CloudFront private content.
 test_files:
 - spec/keys/pk-APKAIKUROOUNR2BAFUUU.pem
 - spec/keys/rsa-APKAIKUROOUNR2BAFUUU.pem
 - spec/signer_spec.rb
 - spec/spec_helper.rb
-has_rdoc: