Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keep port number in SignedUrl #5222

Merged
merged 5 commits into from
May 14, 2024
Merged

Keep port number in SignedUrl #5222

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9b13037
Keep port number in SignedUrl
davidh44 May 14, 2024
750b06b
Merge branch 'master' into hdavidh/signed-url-keep-port-number
davidh44 May 14, 2024
dfda07d
Merge branch 'master' into hdavidh/signed-url-keep-port-number
davidh44 May 14, 2024
23db090
Add changelog entry
davidh44 May 14, 2024
469e0f9
Add changelog entry
davidh44 May 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 12 additions & 6 deletions ...udfront/src/main/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.java
View file
Open in desktop
L-Applin marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -144,14 +144,17 @@ public SignedUrl getSignedUrlWithCannedPolicy(CannedSignerRequest request) {
String urlSafeSignature = SigningUtils.makeBytesUrlSafe(signatureBytes);
URI uri = URI.create(resourceUrl);
String protocol = uri.getScheme();
String domain = uri.getHost();
String encodedPath = uri.getRawPath()
+ (uri.getQuery() != null ? "?" + uri.getRawQuery() + "&" : "?")
+ "Expires=" + request.expirationDate().getEpochSecond()
+ "&Signature=" + urlSafeSignature
+ "&Key-Pair-Id=" + request.keyPairId();
return DefaultSignedUrl.builder().protocol(protocol).domain(domain).encodedPath(encodedPath)
.url(protocol + "://" + domain + encodedPath).build();
return DefaultSignedUrl.builder()
.protocol(protocol)
.domain(uri.getHost())
.encodedPath(encodedPath)
.url(protocol + "://" + uri.getAuthority() + encodedPath)
.build();
} catch (InvalidKeyException e) {
throw SdkClientException.create("Could not sign url", e);
}
Expand Down Expand Up @@ -253,14 +256,17 @@ public SignedUrl getSignedUrlWithCustomPolicy(CustomSignerRequest request) {
String urlSafeSignature = SigningUtils.makeBytesUrlSafe(signatureBytes);
URI uri = URI.create(resourceUrl);
String protocol = uri.getScheme();
String domain = uri.getHost();
String encodedPath = uri.getRawPath()
+ (uri.getQuery() != null ? "?" + uri.getRawQuery() + "&" : "?")
+ "Policy=" + urlSafePolicy
+ "&Signature=" + urlSafeSignature
+ "&Key-Pair-Id=" + request.keyPairId();
return DefaultSignedUrl.builder().protocol(protocol).domain(domain).encodedPath(encodedPath)
.url(protocol + "://" + domain + encodedPath).build();
return DefaultSignedUrl.builder()
.protocol(protocol)
.domain(uri.getHost())
.encodedPath(encodedPath)
.url(protocol + "://" + uri.getAuthority() + encodedPath)
.build();
} catch (InvalidKeyException e) {
throw SdkClientException.create("Could not sign url", e);
}
Expand Down
49 changes: 37 additions & 12 deletions ...ont/src/test/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilitiesTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@


class CloudFrontUtilitiesTest {
private static final String resourceUrl = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey";
private static final String RESOURCE_URL = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey";
private static final String RESOURCE_URL_WITH_PORT = "https://d1npcfkc2mojrf.cloudfront.net:65535/s3ObjectKey";
private static KeyPairGenerator kpg;
private static KeyPair keyPair;
private static File keyFile;
Expand Down Expand Up @@ -77,7 +78,7 @@ void getSignedURLWithCannedPolicy_producesValidUrl() {
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
SignedUrl signedUrl =
cloudFrontUtilities.getSignedUrlWithCannedPolicy(r -> r
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyPair.getPrivate())
.keyPairId("keyPairId")
.expirationDate(expirationDate));
Expand Down Expand Up @@ -115,7 +116,7 @@ void getSignedURLWithCustomPolicy_producesValidUrl() throws Exception {
String ipRange = "1.2.3.4";
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> {
try {
r.resourceUrl(resourceUrl)
r.resourceUrl(RESOURCE_URL)
.privateKey(keyFilePath)
.keyPairId("keyPairId")
.expirationDate(expirationDate)
Expand Down Expand Up @@ -164,7 +165,7 @@ void getSignedURLWithCustomPolicy_withIpRangeOmitted_producesValidUrl() throws E
Instant activeDate = LocalDate.of(2022, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
CustomSignerRequest request = CustomSignerRequest.builder()
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyFilePath)
.keyPairId("keyPairId")
.expirationDate(expirationDate)
Expand All @@ -186,7 +187,7 @@ void getSignedURLWithCustomPolicy_withActiveDateOmitted_producesValidUrl() throw
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
String ipRange = "1.2.3.4";
CustomSignerRequest request = CustomSignerRequest.builder()
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyFilePath)
.keyPairId("keyPairId")
.expirationDate(expirationDate)
Expand All @@ -207,7 +208,7 @@ void getSignedURLWithCustomPolicy_withActiveDateOmitted_producesValidUrl() throw
void getSignedURLWithCustomPolicy_withMissingExpirationDate_shouldThrowException() {
SdkClientException exception = assertThrows(SdkClientException.class, () ->
cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> r
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyPair.getPrivate())
.keyPairId("keyPairId"))
);
Expand Down Expand Up @@ -260,17 +261,41 @@ void getSignedURLWithCustomPolicy_withEncodedUrl_doesNotDecodeUrl() {
assertThat(expected).isEqualTo(url);
}

@Test
void getSignedURLWithCannedPolicy_withPortNumber_returnsPortNumber() {
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
SignedUrl signedUrl =
cloudFrontUtilities.getSignedUrlWithCannedPolicy(r -> r
.resourceUrl(RESOURCE_URL_WITH_PORT)
.privateKey(keyPair.getPrivate())
.keyPairId("keyPairId")
.expirationDate(expirationDate));
assertThat(signedUrl.url()).contains("65535");
}

@Test
void getSignedURLWithCustomPolicy_withPortNumber_returnsPortNumber() {
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
SignedUrl signedUrl =
cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> r
.resourceUrl(RESOURCE_URL_WITH_PORT)
.privateKey(keyPair.getPrivate())
.keyPairId("keyPairId")
.expirationDate(expirationDate));
assertThat(signedUrl.url()).contains("65535");
}

@Test
void getCookiesForCannedPolicy_producesValidCookies() throws Exception {
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
CannedSignerRequest request = CannedSignerRequest.builder()
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyFilePath)
.keyPairId("keyPairId")
.expirationDate(expirationDate)
.build();
CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities.getCookiesForCannedPolicy(request);
assertThat(cookiesForCannedPolicy.resourceUrl()).isEqualTo(resourceUrl);
assertThat(cookiesForCannedPolicy.resourceUrl()).isEqualTo(RESOURCE_URL);
assertThat(cookiesForCannedPolicy.keyPairIdHeaderValue()).isEqualTo("CloudFront-Key-Pair-Id=keyPairId");
}

Expand All @@ -280,29 +305,29 @@ void getCookiesForCustomPolicy_producesValidCookies() throws Exception {
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
String ipRange = "1.2.3.4";
CustomSignerRequest request = CustomSignerRequest.builder()
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyFilePath)
.keyPairId("keyPairId")
.expirationDate(expirationDate)
.activeDate(activeDate)
.ipRange(ipRange)
.build();
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities.getCookiesForCustomPolicy(request);
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(resourceUrl);
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(RESOURCE_URL);
assertThat(cookiesForCustomPolicy.keyPairIdHeaderValue()).isEqualTo("CloudFront-Key-Pair-Id=keyPairId");
}

@Test
void getCookiesForCustomPolicy_withActiveDateAndIpRangeOmitted_producesValidCookies() {
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
CustomSignerRequest request = CustomSignerRequest.builder()
.resourceUrl(resourceUrl)
.resourceUrl(RESOURCE_URL)
.privateKey(keyPair.getPrivate())
.keyPairId("keyPairId")
.expirationDate(expirationDate)
.build();
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities.getCookiesForCustomPolicy(request);
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(resourceUrl);
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(RESOURCE_URL);
assertThat(cookiesForCustomPolicy.keyPairIdHeaderValue()).isEqualTo("CloudFront-Key-Pair-Id=keyPairId");
}

Expand Down
Loading