@aws-sdk/cloudfront-signer 3.575.0 → 3.576.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/package.json +4 -1
  2. package/CHANGELOG.md +0 -644
  3. package/api-extractor.json +0 -4
  4. package/jest.config.js +0 -6
  5. package/src/index.ts +0 -1
  6. package/src/sign.spec.ts +0 -605
  7. package/src/sign.ts +0 -447
  8. package/tsconfig.cjs.json +0 -9
  9. package/tsconfig.cjs.tsbuildinfo +0 -1
  10. package/tsconfig.es.json +0 -9
  11. package/tsconfig.es.tsbuildinfo +0 -1
  12. package/tsconfig.types.json +0 -9
  13. package/tsconfig.types.tsbuildinfo +0 -1
package/src/sign.spec.ts DELETED
@@ -1,605 +0,0 @@
1
- import { parseUrl } from "@smithy/url-parser";
2
- import { createSign, createVerify } from "crypto";
3
-
4
- import { getSignedCookies, getSignedUrl } from "./index";
5
-
6
- const url = "https://d111111abcdef8.cloudfront.net/private-content/private.jpeg";
7
- const keyPairId = "APKAEIBAERJR2EXAMPLE";
8
- const dateLessThan = "2020-01-01";
9
- const epochDateLessThan = Math.round(new Date(dateLessThan).getTime() / 1000);
10
- const dateGreaterThan = "2019-12-01";
11
- const epochDateGreaterThan = Math.round(new Date(dateGreaterThan).getTime() / 1000);
12
- const ipAddress = "10.0.0.0";
13
- const privateKey = Buffer.from(`
14
- -----BEGIN RSA PRIVATE KEY-----
15
- MIIEowIBAAKCAQEAuHfxvylv0IgfsJkualzZtCqwLyg19Gcsy+jVAAioVtWBOgxE
16
- IYSsED+yzryecDnniJGokXiGTt6nlJk5o95jNSnKw9KOThWey95WudDnEcUWKJow
17
- dlcA1B2iXBx4cmwwdekNxs/hHZjubY+kHuaDc0D/tJYyiN7t84wQA/slRHZ0tDBy
18
- pGI4LeNFn3fmu4dvHcvSYFoa1sV/FDe0P6OHjrkG36XE6gh9+yHEFLAsGzuWZlIH
19
- KmdPx8wuz/73GPnQ/P3+sGjwVjimtzEo5R6VoyMHWHRjenjxN/oFrtizXXuRDsKw
20
- 9Vvg8FO3MUsYAEWmKZM3DI9/+niZl/GCjgCIlQIDAQABAoIBAQCX1mKuLrVSuDkd
21
- a3jBI9wuaFTM/BQtMB+3V9a7SGUH1IWh+ia6UDIwzb2oXaksRv1FdF+EHeivUqYt
22
- slG3iH2wbM3xkYaAz1r+A+zu1fzcq5UppoDtZ3/PGPVjTCv4QwVAiKxGUSXC7vaS
23
- SAGXTbY1T/Mp+dduwdCq/0bPgBGU32WzAGtx/JCnKD8brShrcwuGtirDq4c9Pq0T
24
- FOApejyMoYwN0Z6jkErU1qSiEKp/SZrQTO+5BoyjwlZTe8dWjAw4srJ4jH9q1zxm
25
- OZDT+80HnV6FiWqlitqDWQJvPhpW/PMTEmklZZw1WThqRxtm2Xee/KAD5grq+Xho
26
- 5xp30A4BAoGBAOXFrkOW65Z8GYzyCjw7XgFkSLA4Dhiwzebxdkv+s2NzHhzGz7pf
27
- Dqe8pQ/bS1B6PLi9v+f8RjP9f1bY3QPxYwfYLwhL/JB4pvLNcGRUQ0fSzWcpmhWH
28
- FN0V6K0kDswC9QL3vbEg9V/MM6EvwNxCPiZB6NQtOqhd48ErZ2cRQKBFAoGBAM2G
29
- aqcWYpyDd06Vc7iVN1QqabpGkDfdk8XC/21ZTOZOQocplv9k+kzSxce8KMZxyQVm
30
- K7D6Atx9uqEdqEutvgdYrJa+Br3VL2oLcBiYPOhuJROyl7Zl8bBeanYAhDraZWbL
31
- tVP/6h9dzowPvcNm6e6SVl+uShqKJb4tv0fftpQRAoGAEXhpWpxEB2oiKzRQEOpW
32
- qHZujG+Gqtvum+uqGfcgvqQHGxsGul316E0Qo9cBr/nLWiSbTdFBqTxSDVFp5J3a
33
- 8MLAOLpGVtnFn9p8/DPn9bMSiRCBtbdSn8jFqzx9n4duB668jpY58fG9zzipSlYD
34
- EbebM17JAfo5kftx3kVSi50CgYBPXPd0PA2qOI3ql4WPIneyFYqsNrFcEUEN3cW6
35
- mQA78r536RR43KpW3hEnlr38G1YvsotulKxkLlzR+FzTlGzL82756rk5tsfPYElS
36
- Bf+HFXlVyOISuf0BSQQ9OufUvh7n+gO0Qx9KK3Ql27JAcU4mJPYbjnbpFq2Kaany
37
- fC3JsQKBgANzZbf9D0lgQE1wsb45fzrAPAqRQHeVY7V8sZPQoJFcZ2Ymp/3L/UHc
38
- NwfPmGXHQDQaK9I3XpHfbyOelD6ghHi/wZj0sKR3Uoo84n8sIpCdUvwitjlHlZBE
39
- aoCHJ9c5Pnu6FwMAjP8aaKLQDvoHZKVWL2Ml6A6V3Ed95Itp/g2J
40
- -----END RSA PRIVATE KEY-----`);
41
- const passphrase = "SAMPLE";
42
-
43
- function createSignature(data: string): string {
44
- const signer = createSign("RSA-SHA1");
45
- signer.update(data);
46
- return normalizeBase64(signer.sign(privateKey, "base64"));
47
- }
48
- function verifySignature(signature: string, data: string): boolean {
49
- const verifier = createVerify("RSA-SHA1");
50
- verifier.update(data);
51
- return verifier.verify(privateKey, signature, "base64");
52
- }
53
- function encodeToBase64(str: string): string {
54
- return normalizeBase64(Buffer.from(str).toString("base64"));
55
- }
56
- function normalizeBase64(str: string): string {
57
- return str.replace(/\+/g, "-").replace(/=/g, "_").replace(/\//g, "~");
58
- }
59
- function denormalizeBase64(str: string): string {
60
- return str.replace(/\-/g, "+").replace(/_/g, "=").replace(/~/g, "/");
61
- }
62
-
63
- describe("getSignedUrl", () => {
64
- it("should maintain query params after signing a URL", () => {
65
- const url = `https://example.com/private.jpeg?foo=${encodeURIComponent("bar &=; baz")}`;
66
- const result = parseUrl(
67
- getSignedUrl({
68
- url,
69
- keyPairId,
70
- dateLessThan,
71
- privateKey,
72
- passphrase,
73
- })
74
- );
75
- if (!result.query) {
76
- throw new Error("query parameter is undefined");
77
- }
78
- expect(result.query["foo"]).toBe("bar &=; baz");
79
- });
80
- it("should include url path in policy of signed URL", () => {
81
- const url = "https://example.com/private.jpeg?foo=bar";
82
- const result = parseUrl(
83
- getSignedUrl({
84
- url,
85
- keyPairId,
86
- dateLessThan,
87
- privateKey,
88
- passphrase,
89
- })
90
- );
91
- if (!result.query) {
92
- throw new Error("query parameter is undefined");
93
- }
94
- expect(result.query["Signature"]).toBeDefined();
95
- const signatureQueryParam = denormalizeBase64(result.query["Signature"] as string);
96
- const policyStr = JSON.stringify({
97
- Statement: [
98
- {
99
- Resource: url,
100
- Condition: {
101
- DateLessThan: {
102
- "AWS:EpochTime": epochDateLessThan,
103
- },
104
- },
105
- },
106
- ],
107
- });
108
- expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
109
- });
110
- it("should sign a URL with a canned policy", () => {
111
- const result = getSignedUrl({
112
- url,
113
- keyPairId,
114
- dateLessThan,
115
- privateKey,
116
- passphrase,
117
- });
118
- const policyStr = JSON.stringify({
119
- Statement: [
120
- {
121
- Resource: url,
122
- Condition: {
123
- DateLessThan: {
124
- "AWS:EpochTime": epochDateLessThan,
125
- },
126
- },
127
- },
128
- ],
129
- });
130
- const signature = createSignature(policyStr);
131
- expect(result).toBe(`${url}?Expires=${epochDateLessThan}&Key-Pair-Id=${keyPairId}&Signature=${signature}`);
132
- const parsedUrl = parseUrl(result);
133
- expect(parsedUrl).toBeDefined();
134
- const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
135
- expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
136
- });
137
- it("should sign a URL with a custom policy containing a start date", () => {
138
- const result = getSignedUrl({
139
- url,
140
- keyPairId,
141
- dateLessThan,
142
- dateGreaterThan,
143
- privateKey,
144
- passphrase,
145
- });
146
- const policyStr = JSON.stringify({
147
- Statement: [
148
- {
149
- Resource: url,
150
- Condition: {
151
- DateLessThan: {
152
- "AWS:EpochTime": epochDateLessThan,
153
- },
154
- DateGreaterThan: {
155
- "AWS:EpochTime": epochDateGreaterThan,
156
- },
157
- },
158
- },
159
- ],
160
- });
161
- const signature = createSignature(policyStr);
162
- expect(result).toBe(`${url}?Policy=${encodeToBase64(policyStr)}&Key-Pair-Id=${keyPairId}&Signature=${signature}`);
163
- const parsedUrl = parseUrl(result);
164
- expect(parsedUrl).toBeDefined();
165
- const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
166
- expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
167
- });
168
- it("should sign a URL with a custom policy containing an ip address", () => {
169
- const result = getSignedUrl({
170
- url,
171
- keyPairId,
172
- dateLessThan,
173
- ipAddress,
174
- privateKey,
175
- passphrase,
176
- });
177
- const policyStr = JSON.stringify({
178
- Statement: [
179
- {
180
- Resource: url,
181
- Condition: {
182
- DateLessThan: {
183
- "AWS:EpochTime": epochDateLessThan,
184
- },
185
- IpAddress: {
186
- "AWS:SourceIp": `${ipAddress}/32`,
187
- },
188
- },
189
- },
190
- ],
191
- });
192
- const signature = createSignature(policyStr);
193
- expect(result).toBe(`${url}?Policy=${encodeToBase64(policyStr)}&Key-Pair-Id=${keyPairId}&Signature=${signature}`);
194
- const parsedUrl = parseUrl(result);
195
- expect(parsedUrl).toBeDefined();
196
- const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
197
- expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
198
- });
199
- it("should sign a URL with a custom policy containing a start date and ip address", () => {
200
- const result = getSignedUrl({
201
- url,
202
- keyPairId,
203
- dateLessThan,
204
- dateGreaterThan,
205
- ipAddress,
206
- privateKey,
207
- passphrase,
208
- });
209
- const policyStr = JSON.stringify({
210
- Statement: [
211
- {
212
- Resource: url,
213
- Condition: {
214
- DateLessThan: {
215
- "AWS:EpochTime": epochDateLessThan,
216
- },
217
- DateGreaterThan: {
218
- "AWS:EpochTime": epochDateGreaterThan,
219
- },
220
- IpAddress: {
221
- "AWS:SourceIp": `${ipAddress}/32`,
222
- },
223
- },
224
- },
225
- ],
226
- });
227
- const signature = createSignature(policyStr);
228
- expect(result).toBe(`${url}?Policy=${encodeToBase64(policyStr)}&Key-Pair-Id=${keyPairId}&Signature=${signature}`);
229
- const parsedUrl = parseUrl(result);
230
- expect(parsedUrl).toBeDefined();
231
- const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
232
- expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
233
- });
234
- it("should allow an ip address with and without a mask", () => {
235
- const baseArgs = {
236
- url,
237
- keyPairId,
238
- dateLessThan,
239
- privateKey,
240
- passphrase,
241
- };
242
- expect(
243
- getSignedUrl({
244
- ...baseArgs,
245
- ipAddress: "10.0.0.0/32",
246
- })
247
- ).toBeTruthy();
248
- expect(
249
- getSignedUrl({
250
- ...baseArgs,
251
- ipAddress: "10.0.0.0",
252
- })
253
- ).toBeTruthy();
254
- });
255
- it("should throw an error when the ip address is invalid", () => {
256
- const baseArgs = {
257
- url,
258
- keyPairId,
259
- dateLessThan,
260
- privateKey,
261
- passphrase,
262
- };
263
- expect(() =>
264
- getSignedUrl({
265
- ...baseArgs,
266
- ipAddress: "10.0.0.0/",
267
- })
268
- ).toThrow('IP address "10.0.0.0/" is invalid due to missing ip or mask part of CIDR.');
269
- expect(() =>
270
- getSignedUrl({
271
- ...baseArgs,
272
- ipAddress: "/32",
273
- })
274
- ).toThrow('IP address "/32" is invalid due to missing ip or mask part of CIDR.');
275
- expect(() =>
276
- getSignedUrl({
277
- ...baseArgs,
278
- ipAddress: "10.0.0.0/-1",
279
- })
280
- ).toThrow('IP address "10.0.0.0/-1" is invalid due to invalid mask.');
281
- expect(() =>
282
- getSignedUrl({
283
- ...baseArgs,
284
- ipAddress: "10.0.0.0/33",
285
- })
286
- ).toThrow('IP address "10.0.0.0/33" is invalid due to invalid mask.');
287
- expect(() =>
288
- getSignedUrl({
289
- ...baseArgs,
290
- ipAddress: "10.0.0.-1",
291
- })
292
- ).toThrow('IP address "10.0.0.-1" is invalid due to invalid IP octets.');
293
- expect(() =>
294
- getSignedUrl({
295
- ...baseArgs,
296
- ipAddress: "10.0.0.256",
297
- })
298
- ).toThrow('IP address "10.0.0.256" is invalid due to invalid IP octets.');
299
- });
300
- it("should sign a RTMP URL", () => {
301
- const url = "rtmp://d111111abcdef8.cloudfront.net/private-content/private.jpeg";
302
- const result = getSignedUrl({
303
- url,
304
- keyPairId,
305
- dateLessThan,
306
- privateKey,
307
- passphrase,
308
- });
309
- const policyStr = JSON.stringify({
310
- Statement: [
311
- {
312
- Resource: "private-content/private.jpeg",
313
- Condition: {
314
- DateLessThan: {
315
- "AWS:EpochTime": epochDateLessThan,
316
- },
317
- },
318
- },
319
- ],
320
- });
321
- const signature = createSignature(policyStr);
322
- expect(result).toBe(
323
- `private-content/private.jpeg?Expires=${epochDateLessThan}&Key-Pair-Id=${keyPairId}&Signature=${signature}`
324
- );
325
- expect(verifySignature(denormalizeBase64(signature), policyStr)).toBeTruthy();
326
- });
327
- it("should sign a URL with a policy provided by the user", () => {
328
- const policy = '{"foo":"bar"}';
329
- const result = getSignedUrl({
330
- url,
331
- keyPairId,
332
- privateKey,
333
- policy,
334
- passphrase,
335
- });
336
- const signature = createSignature(policy);
337
- expect(result).toBe(`${url}?Policy=${encodeToBase64(policy)}&Key-Pair-Id=${keyPairId}&Signature=${signature}`);
338
- const signatureQueryParam = denormalizeBase64(signature);
339
- expect(verifySignature(signatureQueryParam, policy)).toBeTruthy();
340
- });
341
- it("should sign a URL automatically extracted from a policy provided by the user", () => {
342
- const policy = JSON.stringify({ Statement: [{ Resource: url }] });
343
- const result = getSignedUrl({
344
- keyPairId,
345
- privateKey,
346
- policy,
347
- passphrase,
348
- });
349
- const signature = createSignature(policy);
350
- expect(result).toBe(`${url}?Policy=${encodeToBase64(policy)}&Key-Pair-Id=${keyPairId}&Signature=${signature}`);
351
- const signatureQueryParam = denormalizeBase64(signature);
352
- expect(verifySignature(signatureQueryParam, policy)).toBeTruthy();
353
- });
354
- });
355
-
356
- describe("getSignedCookies", () => {
357
- it("should allow an ip address with and without a mask", () => {
358
- const baseArgs = {
359
- url,
360
- keyPairId,
361
- dateLessThan,
362
- privateKey,
363
- passphrase,
364
- };
365
- expect(
366
- getSignedCookies({
367
- ...baseArgs,
368
- ipAddress: "10.0.0.0/32",
369
- })
370
- ).toBeTruthy();
371
- expect(
372
- getSignedCookies({
373
- ...baseArgs,
374
- ipAddress: "10.0.0.0",
375
- })
376
- ).toBeTruthy();
377
- });
378
- it("should throw an error when the ip address is invalid", () => {
379
- const baseArgs = {
380
- url,
381
- keyPairId,
382
- dateLessThan,
383
- privateKey,
384
- passphrase,
385
- };
386
- expect(() =>
387
- getSignedCookies({
388
- ...baseArgs,
389
- ipAddress: "10.0.0.0/",
390
- })
391
- ).toThrow('IP address "10.0.0.0/" is invalid due to missing ip or mask part of CIDR.');
392
- expect(() =>
393
- getSignedCookies({
394
- ...baseArgs,
395
- ipAddress: "/32",
396
- })
397
- ).toThrow('IP address "/32" is invalid due to missing ip or mask part of CIDR.');
398
- expect(() =>
399
- getSignedCookies({
400
- ...baseArgs,
401
- ipAddress: "10.0.0.0/-1",
402
- })
403
- ).toThrow('IP address "10.0.0.0/-1" is invalid due to invalid mask.');
404
- expect(() =>
405
- getSignedCookies({
406
- ...baseArgs,
407
- ipAddress: "10.0.0.0/33",
408
- })
409
- ).toThrow('IP address "10.0.0.0/33" is invalid due to invalid mask.');
410
- expect(() =>
411
- getSignedCookies({
412
- ...baseArgs,
413
- ipAddress: "10.0.0.-1",
414
- })
415
- ).toThrow('IP address "10.0.0.-1" is invalid due to invalid IP octets.');
416
- expect(() =>
417
- getSignedCookies({
418
- ...baseArgs,
419
- ipAddress: "10.0.0.256",
420
- })
421
- ).toThrow('IP address "10.0.0.256" is invalid due to invalid IP octets.');
422
- });
423
- it("should be able sign cookies that contain a URL with wildcards", () => {
424
- const url = "https://example.com/private-content/*";
425
- const result = getSignedCookies({
426
- url,
427
- keyPairId,
428
- dateLessThan,
429
- privateKey,
430
- passphrase,
431
- });
432
- const policyStr = JSON.stringify({
433
- Statement: [
434
- {
435
- Resource: url,
436
- Condition: {
437
- DateLessThan: {
438
- "AWS:EpochTime": epochDateLessThan,
439
- },
440
- },
441
- },
442
- ],
443
- });
444
- expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policyStr)).toBeTruthy();
445
- });
446
- it("should sign cookies with a canned policy", () => {
447
- const result = getSignedCookies({
448
- url,
449
- keyPairId,
450
- dateLessThan,
451
- privateKey,
452
- passphrase,
453
- });
454
- const policyStr = JSON.stringify({
455
- Statement: [
456
- {
457
- Resource: url,
458
- Condition: {
459
- DateLessThan: {
460
- "AWS:EpochTime": epochDateLessThan,
461
- },
462
- },
463
- },
464
- ],
465
- });
466
- const signature = createSignature(policyStr);
467
- const expected = {
468
- "CloudFront-Expires": epochDateLessThan,
469
- "CloudFront-Key-Pair-Id": keyPairId,
470
- "CloudFront-Signature": signature,
471
- };
472
- expect(result["CloudFront-Expires"]).toBe(expected["CloudFront-Expires"]);
473
- expect(result["CloudFront-Key-Pair-Id"]).toBe(expected["CloudFront-Key-Pair-Id"]);
474
- expect(result["CloudFront-Signature"]).toBe(expected["CloudFront-Signature"]);
475
- expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policyStr)).toBeTruthy();
476
- });
477
- it("should sign cookies with a custom policy containing a start date", () => {
478
- const result = getSignedCookies({
479
- url,
480
- keyPairId,
481
- dateLessThan,
482
- dateGreaterThan,
483
- privateKey,
484
- passphrase,
485
- });
486
- const policyStr = JSON.stringify({
487
- Statement: [
488
- {
489
- Resource: url,
490
- Condition: {
491
- DateLessThan: {
492
- "AWS:EpochTime": epochDateLessThan,
493
- },
494
- DateGreaterThan: {
495
- "AWS:EpochTime": epochDateGreaterThan,
496
- },
497
- },
498
- },
499
- ],
500
- });
501
- const signature = createSignature(policyStr);
502
- const expected = {
503
- "CloudFront-Policy": encodeToBase64(policyStr),
504
- "CloudFront-Key-Pair-Id": keyPairId,
505
- "CloudFront-Signature": signature,
506
- };
507
- expect(result["CloudFront-Policy"]).toBe(expected["CloudFront-Policy"]);
508
- expect(result["CloudFront-Key-Pair-Id"]).toBe(expected["CloudFront-Key-Pair-Id"]);
509
- expect(result["CloudFront-Signature"]).toBe(expected["CloudFront-Signature"]);
510
- expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policyStr)).toBeTruthy();
511
- });
512
- it("should sign cookies with a custom policy containing an ip address", () => {
513
- const result = getSignedCookies({
514
- url,
515
- keyPairId,
516
- dateLessThan,
517
- ipAddress,
518
- privateKey,
519
- passphrase,
520
- });
521
- const policyStr = JSON.stringify({
522
- Statement: [
523
- {
524
- Resource: url,
525
- Condition: {
526
- DateLessThan: {
527
- "AWS:EpochTime": epochDateLessThan,
528
- },
529
- IpAddress: {
530
- "AWS:SourceIp": `${ipAddress}/32`,
531
- },
532
- },
533
- },
534
- ],
535
- });
536
- const signature = createSignature(policyStr);
537
- const expected = {
538
- "CloudFront-Policy": encodeToBase64(policyStr),
539
- "CloudFront-Key-Pair-Id": keyPairId,
540
- "CloudFront-Signature": signature,
541
- };
542
- expect(result["CloudFront-Policy"]).toBe(expected["CloudFront-Policy"]);
543
- expect(result["CloudFront-Key-Pair-Id"]).toBe(expected["CloudFront-Key-Pair-Id"]);
544
- expect(result["CloudFront-Signature"]).toBe(expected["CloudFront-Signature"]);
545
- expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policyStr)).toBeTruthy();
546
- });
547
- it("should sign cookies with a custom policy containing a start date and ip address", () => {
548
- const result = getSignedCookies({
549
- url,
550
- keyPairId,
551
- dateLessThan,
552
- dateGreaterThan,
553
- ipAddress,
554
- privateKey,
555
- passphrase,
556
- });
557
- const policyStr = JSON.stringify({
558
- Statement: [
559
- {
560
- Resource: url,
561
- Condition: {
562
- DateLessThan: {
563
- "AWS:EpochTime": epochDateLessThan,
564
- },
565
- DateGreaterThan: {
566
- "AWS:EpochTime": epochDateGreaterThan,
567
- },
568
- IpAddress: {
569
- "AWS:SourceIp": `${ipAddress}/32`,
570
- },
571
- },
572
- },
573
- ],
574
- });
575
- const signature = createSignature(policyStr);
576
- const expected = {
577
- "CloudFront-Policy": encodeToBase64(policyStr),
578
- "CloudFront-Key-Pair-Id": keyPairId,
579
- "CloudFront-Signature": signature,
580
- };
581
- expect(result["CloudFront-Policy"]).toBe(expected["CloudFront-Policy"]);
582
- expect(result["CloudFront-Key-Pair-Id"]).toBe(expected["CloudFront-Key-Pair-Id"]);
583
- expect(result["CloudFront-Signature"]).toBe(expected["CloudFront-Signature"]);
584
- expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policyStr)).toBeTruthy();
585
- });
586
- it("should sign cookies with a policy provided by the user without a url", () => {
587
- const policy = '{"foo":"bar"}';
588
- const result = getSignedCookies({
589
- keyPairId,
590
- privateKey,
591
- policy,
592
- passphrase,
593
- });
594
- const signature = createSignature(policy);
595
- const expected = {
596
- "CloudFront-Policy": encodeToBase64(policy),
597
- "CloudFront-Key-Pair-Id": keyPairId,
598
- "CloudFront-Signature": signature,
599
- };
600
- expect(result["CloudFront-Policy"]).toBe(expected["CloudFront-Policy"]);
601
- expect(result["CloudFront-Key-Pair-Id"]).toBe(expected["CloudFront-Key-Pair-Id"]);
602
- expect(result["CloudFront-Signature"]).toBe(expected["CloudFront-Signature"]);
603
- expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policy)).toBeTruthy();
604
- });
605
- });