cloudfront-signer 3.0.1 → 3.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +5 -0
- data/Rakefile +11 -0
- data/lib/cloudfront-signer.rb +17 -2
- data/lib/cloudfront-signer/version.rb +1 -1
- data/spec/files/custom_policy.json +12 -0
- data/spec/{keys → files}/pk-APKAIKUROOUNR2BAFUUU.pem +0 -0
- data/spec/files/private_key.pem +15 -0
- data/spec/{keys → files}/rsa-APKAIKUROOUNR2BAFUUU.pem +0 -0
- data/spec/signer_spec.rb +99 -18
- metadata +11 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1a9dcd6de6a454594341272c94b9f63766580855
|
4
|
+
data.tar.gz: 3fc69573f4c24f7d7d9d23119d610be44761e947
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6132b2d861fd06a6d8ec773f132d4027c962b1e5406550f24855791e333fb11af0ae72fa35809ed71d773332a7076a3d77b9f95ae2d4d675bb6a2ad06741a746
|
7
|
+
data.tar.gz: 8722d602d33b1d0f453c13468f2fdea8cbd50bb3b6382b0627aed383559339340f3f2ead7a3bb5c1012862aff97118596dfe0bc4a8c151c9cf00aa1c36d6fb46
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# Change Log
|
2
2
|
|
3
|
+
## 3.0.2 / 2017-06-22
|
4
|
+
|
5
|
+
* Provides an option to URI escape the path before signing it. Issue and accepted PR from [@mynock](https://github.com/mynock)
|
6
|
+
* Replaces Fixnum with Integer for Ruby 2.4.1. Issue and accepted PR from [@scott-knight](https://github.com/scott-knight)
|
7
|
+
|
3
8
|
## 3.0.1 / 2017-01-20
|
4
9
|
|
5
10
|
* Supports signing frozen strings. Bug reported by [@alexandermayr](https://github.com/alexandermayr).
|
data/Rakefile
CHANGED
@@ -8,3 +8,14 @@ RSpec::Core::RakeTask.new(:spec) do |t|
|
|
8
8
|
end
|
9
9
|
|
10
10
|
task default: :spec
|
11
|
+
|
12
|
+
require 'rdoc/task'
|
13
|
+
|
14
|
+
Rake::RDocTask.new do |rdoc|
|
15
|
+
rdoc.main = 'README.md'
|
16
|
+
rdoc.rdoc_files.include %w(README.md LICENSE lib/cloudfront-signer.rb)
|
17
|
+
rdoc.rdoc_dir = 'doc'
|
18
|
+
rdoc.options << '--line-numbers'
|
19
|
+
rdoc.options << '--coverage-report'
|
20
|
+
rdoc.markup = 'markdown'
|
21
|
+
end
|
data/lib/cloudfront-signer.rb
CHANGED
@@ -142,6 +142,13 @@ module Aws
|
|
142
142
|
build_url subject, { remove_spaces: true, html_escape: true }, policy_options
|
143
143
|
end
|
144
144
|
|
145
|
+
# Public: Sign a url (as above) but URI encode the string first.
|
146
|
+
#
|
147
|
+
# Returns a String
|
148
|
+
def self.sign_url_escaped(subject, policy_options = {})
|
149
|
+
build_url subject, { uri_escape: true }, policy_options
|
150
|
+
end
|
151
|
+
|
145
152
|
# Public: Sign a stream path part or filename (spaces are allowed in
|
146
153
|
# stream paths and so are not removed).
|
147
154
|
#
|
@@ -159,6 +166,13 @@ module Aws
|
|
159
166
|
policy_options
|
160
167
|
end
|
161
168
|
|
169
|
+
# Public: Sign a stream path or filename but URI encode the string first
|
170
|
+
#
|
171
|
+
# Returns a String
|
172
|
+
def self.sign_path_escaped(subject, policy_options = {})
|
173
|
+
build_url subject, { uri_escape: true }, policy_options
|
174
|
+
end
|
175
|
+
|
162
176
|
# Public: Builds a signed url or stream resource name with optional
|
163
177
|
# configuration and policy options
|
164
178
|
#
|
@@ -170,6 +184,7 @@ module Aws
|
|
170
184
|
separator = subject =~ /\?/ ? '&' : '?'
|
171
185
|
|
172
186
|
subject.gsub!(/\s/, '%20') if configuration_options[:remove_spaces]
|
187
|
+
subject = URI.escape(subject) if configuration_options[:uri_escape]
|
173
188
|
|
174
189
|
result = subject +
|
175
190
|
separator +
|
@@ -244,9 +259,9 @@ module Aws
|
|
244
259
|
case timelike
|
245
260
|
when String then Time.parse(timelike).to_i
|
246
261
|
when Time then timelike.to_i
|
247
|
-
when
|
262
|
+
when Integer then timelike
|
248
263
|
else fail ArgumentError,
|
249
|
-
'Invalid argument - String,
|
264
|
+
'Invalid argument - String, Integer or Time required - ' \
|
250
265
|
"#{timelike.class} passed."
|
251
266
|
end
|
252
267
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
{
|
2
|
+
"Statement": [
|
3
|
+
{
|
4
|
+
"Resource": "https://d84l721fxaaqy9.cloudfront.net/downloads/",
|
5
|
+
"Condition": {
|
6
|
+
"DateLessThan": { "AWS:EpochTime": 1255674716 },
|
7
|
+
"DateGreaterThan": {"AWS:EpochTime": 1241073790 },
|
8
|
+
"IpAddress": { "AWS:SourceIp": "216.98.35.1/32" }
|
9
|
+
}
|
10
|
+
}
|
11
|
+
]
|
12
|
+
}
|
File without changes
|
@@ -0,0 +1,15 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIICXgIBAAKBgQCp280I7v8JBVJBN7Kdfl4eD+noyqzbLAsz9mIr07hZQ3PjVa5g
|
3
|
+
3j5Q8oXioU2ycxzXephfPr83l/FTAtPSZQ94Jh6u/CdoEYXfEtFbJYQ2lHXrra36
|
4
|
+
yVcyyxQ6tAKgUHdWnZ/vbItUhLnhCSqwelTNpgRzf6AKdVOtQPaZ+bnkQQIDAQAB
|
5
|
+
AoGAXWSPTbQq4gjc+yLmwJW0pg7V67tUY4XJ+x4jSDm3CM1/sKVxpa1M0jEm0D8k
|
6
|
+
e1Ozrf6oPOZBOQ4AEEZjtTD/2Yi8U0bwG97fg9NlZddGNN2jj8pEOWY53/iVWcfb
|
7
|
+
VGXVDlhUA0uIZhKK3Sl2SW9t/8p7affjJmGKn2nGLieRKIkCQQDQmExXqRnVNtCz
|
8
|
+
qjTPt81MU4cIrzXr/tUC9s6An8OcgiTDjiIOnY3XB/F19lpMQIMEzrB7f04GrpkQ
|
9
|
+
0w6p/3NXAkEA0HXjiSyZaEoXoR2e/dTZrKw8npnjjW0CpKeSf8PK8qpFPK0UJOk7
|
10
|
+
aU0rStQmoAmygcHiw3hJ7slyVS8f9zn+JwJBAMMVbHCfadWKSm19RZ7um0ZC6Asr
|
11
|
+
MhbgYX9AK6kHwf3hiViK2TcqCrmMaDqWh6TAwMgCNfOKAAMnz2d4vEIo8kkCQQCl
|
12
|
+
qnq4gkQsWG2s8jBvg1+2VW8bkCsCMvbdyfqoJP69mUnK7bXLm7tGdTiJkE5d8zb0
|
13
|
+
3hQLyiXfaiK9xeS+gk0TAkEAtuFcd+taoBnjhVL6q0OhNuA1T1+qYr5fyzQWKKKC
|
14
|
+
+WMRi2/JCJCL/SX12q5hMq759VnzfnbgqwAq6MlPUZKEBQ==
|
15
|
+
-----END RSA PRIVATE KEY-----
|
File without changes
|
data/spec/signer_spec.rb
CHANGED
@@ -12,14 +12,42 @@ RSpec.shared_examples 'is configured' do
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
+
FILES_PATH = File.expand_path(File.dirname(__FILE__) + '/files')
|
16
|
+
KEY_PAIR_ID = 'APKAIKUROOUNR2BAFUUU'.freeze
|
17
|
+
|
15
18
|
RSpec.describe Aws::CF::Signer do
|
16
|
-
let(:
|
17
|
-
let(:
|
18
|
-
File.expand_path File.dirname(__FILE__) + "/keys/pk-#{key_pair_id}.pem"
|
19
|
-
end
|
19
|
+
let(:key_path) { FILES_PATH + "/pk-#{KEY_PAIR_ID}.pem" }
|
20
|
+
let(:other_key_path) { FILES_PATH + '/private_key.pem' }
|
20
21
|
let(:key) { File.readlines(key_path).join '' }
|
21
22
|
|
22
|
-
describe '
|
23
|
+
describe 'Errors' do
|
24
|
+
it 'raises ArgumentError when invalid path is passed to key_path' do
|
25
|
+
expect do
|
26
|
+
Aws::CF::Signer.configure { |config| config.key_path = 'foo/bar' }
|
27
|
+
end.to raise_error ArgumentError
|
28
|
+
end
|
29
|
+
|
30
|
+
it 'raises OpenSSL::PKey::RSAError when invalid key is passed' do
|
31
|
+
expect do
|
32
|
+
Aws::CF::Signer.configure { |config| config.key = '' }
|
33
|
+
end.to raise_error OpenSSL::PKey::RSAError
|
34
|
+
end
|
35
|
+
|
36
|
+
it 'raises ArgumentError when no key is provided through private_key' do
|
37
|
+
expect do
|
38
|
+
Aws::CF::Signer.configure { |_config| }
|
39
|
+
end.to raise_error ArgumentError
|
40
|
+
end
|
41
|
+
|
42
|
+
it "raises ArgumentError when no key is provided through key_path doesn't" \
|
43
|
+
'allow to guess key_pair_id' do
|
44
|
+
expect do
|
45
|
+
Aws::CF::Signer.configure { |config| config.key_path = other_key_path }
|
46
|
+
end.to raise_error ArgumentError
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
describe 'Defaults' do
|
23
51
|
it 'expire urls and paths in one hour by default' do
|
24
52
|
expect(Aws::CF::Signer.default_expires).to eq 3600
|
25
53
|
end
|
@@ -31,10 +59,10 @@ RSpec.describe Aws::CF::Signer do
|
|
31
59
|
end
|
32
60
|
end
|
33
61
|
|
34
|
-
context 'configured with key and key_pair_id' do
|
62
|
+
context 'When configured with key and key_pair_id' do
|
35
63
|
before do
|
36
64
|
Aws::CF::Signer.configure do |config|
|
37
|
-
config.key_pair_id =
|
65
|
+
config.key_pair_id = KEY_PAIR_ID
|
38
66
|
config.key = key
|
39
67
|
end
|
40
68
|
end
|
@@ -42,7 +70,7 @@ RSpec.describe Aws::CF::Signer do
|
|
42
70
|
include_examples 'is configured'
|
43
71
|
end
|
44
72
|
|
45
|
-
context 'configured with key_path' do
|
73
|
+
context 'When configured with key_path' do
|
46
74
|
before(:each) do
|
47
75
|
Aws::CF::Signer.configure { |config| config.key_path = key_path }
|
48
76
|
end
|
@@ -52,31 +80,28 @@ RSpec.describe Aws::CF::Signer do
|
|
52
80
|
end
|
53
81
|
|
54
82
|
describe 'when signing a url' do
|
83
|
+
let(:url) { 'https://example.com/somerésource?opt1=one&opt2=two' }
|
84
|
+
let(:url_with_spaces) { 'http://example.com/sign me' }
|
85
|
+
|
55
86
|
it "doesn't modifies the passed url" do
|
56
|
-
url = 'http://
|
87
|
+
url = 'http://example.com/'.freeze
|
57
88
|
expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
|
58
89
|
end
|
59
90
|
|
60
91
|
it 'removes spaces' do
|
61
|
-
|
62
|
-
expect(Aws::CF::Signer.sign_url(url)).not_to match(/\s/)
|
92
|
+
expect(Aws::CF::Signer.sign_url(url_with_spaces)).not_to match(/\s/)
|
63
93
|
end
|
64
94
|
|
65
95
|
it "doesn't HTML encode the signed url by default" do
|
66
|
-
url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
|
67
96
|
expect(Aws::CF::Signer.sign_url(url)).to match(/\?|=|&/)
|
68
97
|
end
|
69
98
|
|
70
99
|
it 'HTML encodes the signed url when using sign_url_safe' do
|
71
|
-
url = 'http://somedomain.com/someresource?opt1=one&opt2=two'
|
72
100
|
expect(Aws::CF::Signer.sign_url_safe(url)).not_to match(/\?|=|&/)
|
73
101
|
end
|
74
102
|
|
75
|
-
it '
|
76
|
-
url
|
77
|
-
signed_url = Aws::CF::Signer.sign_url(url, expires: Time.now + 600)
|
78
|
-
expires_value = get_query_value(signed_url, 'Expires').to_i
|
79
|
-
expect(expires_value).to eq(Time.now.to_i + 600)
|
103
|
+
it 'URL encodes the signed URL when using sign_url_escaped' do
|
104
|
+
expect(Aws::CF::Signer.sign_url_escaped(url)).not_to match(/é/)
|
80
105
|
end
|
81
106
|
end
|
82
107
|
|
@@ -85,6 +110,62 @@ RSpec.describe Aws::CF::Signer do
|
|
85
110
|
path = '/prefix/sign me'
|
86
111
|
expect(Aws::CF::Signer.sign_path(path)).to match(/\s/)
|
87
112
|
end
|
113
|
+
|
114
|
+
it 'HTML encodes the signed path when using sign_path_safe' do
|
115
|
+
path = '/prefix/sign me?'
|
116
|
+
expect(Aws::CF::Signer.sign_path_safe(path)).not_to match(/\?|=|&/)
|
117
|
+
end
|
118
|
+
|
119
|
+
it 'URL encodes the signed path when using sign_path_escaped' do
|
120
|
+
path = '/préfix/sign me?'
|
121
|
+
expect(Aws::CF::Signer.sign_path_escaped(path)).not_to match(/[é ]+/)
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
describe ':expires option' do
|
126
|
+
subject(:sign_url) { Aws::CF::Signer.sign_url '', expires: expires }
|
127
|
+
|
128
|
+
{ 'Time' => Time.now,
|
129
|
+
'String' => '2018-01-01',
|
130
|
+
'Integer' => 1_514_782_800,
|
131
|
+
'NilClass' => nil }.each do |klass, value|
|
132
|
+
context "as a #{klass}" do
|
133
|
+
let(:expires) { value }
|
134
|
+
it "doesn't raise an error" do
|
135
|
+
expect { subject }.not_to raise_error
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
context 'not as a String, Integer or Time' do
|
141
|
+
let(:expires) { [[], {}, true, 1.0].sample }
|
142
|
+
it 'raises ArgumentError' do
|
143
|
+
expect { subject }.to raise_error ArgumentError
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
147
|
+
|
148
|
+
describe 'Custom Policy' do
|
149
|
+
it 'builds policy from policy_options' do
|
150
|
+
signed_url = Aws::CF::Signer.sign_url(
|
151
|
+
'https://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
152
|
+
starting: 'Thu, 30 Apr 2009 06:43:10 GMT',
|
153
|
+
expires: 'Fri, 16 Oct 2009 06:31:56 GMT',
|
154
|
+
resource: 'https://d84l721fxaaqy9.cloudfront.net/downloads/',
|
155
|
+
ip_range: '216.98.35.1/32'
|
156
|
+
)
|
157
|
+
policy_value = get_query_value(signed_url, 'Policy')
|
158
|
+
expect(policy_value).not_to be_empty
|
159
|
+
end
|
160
|
+
|
161
|
+
it 'builds policy from policy_file' do
|
162
|
+
signed_url = Aws::CF::Signer.sign_url(
|
163
|
+
'https://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz',
|
164
|
+
policy_file: FILES_PATH + '/custom_policy.json'
|
165
|
+
)
|
166
|
+
policy_value = get_query_value(signed_url, 'Policy')
|
167
|
+
expect(policy_value).not_to be_empty
|
168
|
+
end
|
88
169
|
end
|
89
170
|
end
|
90
171
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cloudfront-signer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Anthony Bouch
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-06-22 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
@@ -64,8 +64,10 @@ files:
|
|
64
64
|
- lib/cloudfront-signer/version.rb
|
65
65
|
- lib/generators/cloudfront/install/install_generator.rb
|
66
66
|
- lib/generators/cloudfront/install/templates/cloudfront_signer.rb
|
67
|
-
- spec/
|
68
|
-
- spec/
|
67
|
+
- spec/files/custom_policy.json
|
68
|
+
- spec/files/pk-APKAIKUROOUNR2BAFUUU.pem
|
69
|
+
- spec/files/private_key.pem
|
70
|
+
- spec/files/rsa-APKAIKUROOUNR2BAFUUU.pem
|
69
71
|
- spec/signer_spec.rb
|
70
72
|
- spec/spec_helper.rb
|
71
73
|
homepage: http://github.com/leonelgalan/cloudfront-signer
|
@@ -88,12 +90,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
88
90
|
version: '0'
|
89
91
|
requirements: []
|
90
92
|
rubyforge_project: cloudfront-signer
|
91
|
-
rubygems_version: 2.
|
93
|
+
rubygems_version: 2.6.11
|
92
94
|
signing_key:
|
93
95
|
specification_version: 4
|
94
96
|
summary: A gem to sign url and stream paths for Amazon CloudFront private content.
|
95
97
|
test_files:
|
96
|
-
- spec/
|
97
|
-
- spec/
|
98
|
+
- spec/files/custom_policy.json
|
99
|
+
- spec/files/pk-APKAIKUROOUNR2BAFUUU.pem
|
100
|
+
- spec/files/private_key.pem
|
101
|
+
- spec/files/rsa-APKAIKUROOUNR2BAFUUU.pem
|
98
102
|
- spec/signer_spec.rb
|
99
103
|
- spec/spec_helper.rb
|