Skip to content

Commit 9313708

Browse files
davidh44davidh44
authored
Keep port number in SignedUrl (#5222)
* Keep port number in SignedUrl * Add changelog entry
1 parent f691417 commit 9313708

File tree

3 files changed

+55
-18
lines changed

3 files changed

+55
-18
lines changed

.changes/next-release/bugfix-CloudFront-4ae6e11.json

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"category": "Amazon CloudFront",
3+
"contributor": "",
4+
"type": "bugfix",
5+
"description": "Fixes bug where SignedUrl strips the port number from the url."
6+
}

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.java

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -144,14 +144,17 @@ public SignedUrl getSignedUrlWithCannedPolicy(CannedSignerRequest request) {
144144
String urlSafeSignature = SigningUtils.makeBytesUrlSafe(signatureBytes);
145145
URI uri = URI.create(resourceUrl);
146146
String protocol = uri.getScheme();
147-
String domain = uri.getHost();
148147
String encodedPath = uri.getRawPath()
149148
+ (uri.getQuery() != null ? "?" + uri.getRawQuery() + "&" : "?")
150149
+ "Expires=" + request.expirationDate().getEpochSecond()
151150
+ "&Signature=" + urlSafeSignature
152151
+ "&Key-Pair-Id=" + request.keyPairId();
153-
return DefaultSignedUrl.builder().protocol(protocol).domain(domain).encodedPath(encodedPath)
154-
.url(protocol + "://" + domain + encodedPath).build();
152+
return DefaultSignedUrl.builder()
153+
.protocol(protocol)
154+
.domain(uri.getHost())
155+
.encodedPath(encodedPath)
156+
.url(protocol + "://" + uri.getAuthority() + encodedPath)
157+
.build();
155158
} catch (InvalidKeyException e) {
156159
throw SdkClientException.create("Could not sign url", e);
157160
}
@@ -253,14 +256,17 @@ public SignedUrl getSignedUrlWithCustomPolicy(CustomSignerRequest request) {
253256
String urlSafeSignature = SigningUtils.makeBytesUrlSafe(signatureBytes);
254257
URI uri = URI.create(resourceUrl);
255258
String protocol = uri.getScheme();
256-
String domain = uri.getHost();
257259
String encodedPath = uri.getRawPath()
258260
+ (uri.getQuery() != null ? "?" + uri.getRawQuery() + "&" : "?")
259261
+ "Policy=" + urlSafePolicy
260262
+ "&Signature=" + urlSafeSignature
261263
+ "&Key-Pair-Id=" + request.keyPairId();
262-
return DefaultSignedUrl.builder().protocol(protocol).domain(domain).encodedPath(encodedPath)
263-
.url(protocol + "://" + domain + encodedPath).build();
264+
return DefaultSignedUrl.builder()
265+
.protocol(protocol)
266+
.domain(uri.getHost())
267+
.encodedPath(encodedPath)
268+
.url(protocol + "://" + uri.getAuthority() + encodedPath)
269+
.build();
264270
} catch (InvalidKeyException e) {
265271
throw SdkClientException.create("Could not sign url", e);
266272
}

services/cloudfront/src/test/java/software/amazon/awssdk/services/cloudfront/CloudFrontUtilitiesTest.java

Lines changed: 37 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,8 @@
3939

4040

4141
class CloudFrontUtilitiesTest {
42-
private static final String resourceUrl = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey";
42+
private static final String RESOURCE_URL = "https://d1npcfkc2mojrf.cloudfront.net/s3ObjectKey";
43+
private static final String RESOURCE_URL_WITH_PORT = "https://d1npcfkc2mojrf.cloudfront.net:65535/s3ObjectKey";
4344
private static KeyPairGenerator kpg;
4445
private static KeyPair keyPair;
4546
private static File keyFile;
@@ -77,7 +78,7 @@ void getSignedURLWithCannedPolicy_producesValidUrl() {
7778
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
7879
SignedUrl signedUrl =
7980
cloudFrontUtilities.getSignedUrlWithCannedPolicy(r -> r
80-
.resourceUrl(resourceUrl)
81+
.resourceUrl(RESOURCE_URL)
8182
.privateKey(keyPair.getPrivate())
8283
.keyPairId("keyPairId")
8384
.expirationDate(expirationDate));
@@ -115,7 +116,7 @@ void getSignedURLWithCustomPolicy_producesValidUrl() throws Exception {
115116
String ipRange = "1.2.3.4";
116117
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> {
117118
try {
118-
r.resourceUrl(resourceUrl)
119+
r.resourceUrl(RESOURCE_URL)
119120
.privateKey(keyFilePath)
120121
.keyPairId("keyPairId")
121122
.expirationDate(expirationDate)
@@ -164,7 +165,7 @@ void getSignedURLWithCustomPolicy_withIpRangeOmitted_producesValidUrl() throws E
164165
Instant activeDate = LocalDate.of(2022, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
165166
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
166167
CustomSignerRequest request = CustomSignerRequest.builder()
167-
.resourceUrl(resourceUrl)
168+
.resourceUrl(RESOURCE_URL)
168169
.privateKey(keyFilePath)
169170
.keyPairId("keyPairId")
170171
.expirationDate(expirationDate)
@@ -186,7 +187,7 @@ void getSignedURLWithCustomPolicy_withActiveDateOmitted_producesValidUrl() throw
186187
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
187188
String ipRange = "1.2.3.4";
188189
CustomSignerRequest request = CustomSignerRequest.builder()
189-
.resourceUrl(resourceUrl)
190+
.resourceUrl(RESOURCE_URL)
190191
.privateKey(keyFilePath)
191192
.keyPairId("keyPairId")
192193
.expirationDate(expirationDate)
@@ -207,7 +208,7 @@ void getSignedURLWithCustomPolicy_withActiveDateOmitted_producesValidUrl() throw
207208
void getSignedURLWithCustomPolicy_withMissingExpirationDate_shouldThrowException() {
208209
SdkClientException exception = assertThrows(SdkClientException.class, () ->
209210
cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> r
210-
.resourceUrl(resourceUrl)
211+
.resourceUrl(RESOURCE_URL)
211212
.privateKey(keyPair.getPrivate())
212213
.keyPairId("keyPairId"))
213214
);
@@ -260,17 +261,41 @@ void getSignedURLWithCustomPolicy_withEncodedUrl_doesNotDecodeUrl() {
260261
assertThat(expected).isEqualTo(url);
261262
}
262263

264+
@Test
265+
void getSignedURLWithCannedPolicy_withPortNumber_returnsPortNumber() {
266+
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
267+
SignedUrl signedUrl =
268+
cloudFrontUtilities.getSignedUrlWithCannedPolicy(r -> r
269+
.resourceUrl(RESOURCE_URL_WITH_PORT)
270+
.privateKey(keyPair.getPrivate())
271+
.keyPairId("keyPairId")
272+
.expirationDate(expirationDate));
273+
assertThat(signedUrl.url()).contains("65535");
274+
}
275+
276+
@Test
277+
void getSignedURLWithCustomPolicy_withPortNumber_returnsPortNumber() {
278+
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
279+
SignedUrl signedUrl =
280+
cloudFrontUtilities.getSignedUrlWithCustomPolicy(r -> r
281+
.resourceUrl(RESOURCE_URL_WITH_PORT)
282+
.privateKey(keyPair.getPrivate())
283+
.keyPairId("keyPairId")
284+
.expirationDate(expirationDate));
285+
assertThat(signedUrl.url()).contains("65535");
286+
}
287+
263288
@Test
264289
void getCookiesForCannedPolicy_producesValidCookies() throws Exception {
265290
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
266291
CannedSignerRequest request = CannedSignerRequest.builder()
267-
.resourceUrl(resourceUrl)
292+
.resourceUrl(RESOURCE_URL)
268293
.privateKey(keyFilePath)
269294
.keyPairId("keyPairId")
270295
.expirationDate(expirationDate)
271296
.build();
272297
CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities.getCookiesForCannedPolicy(request);
273-
assertThat(cookiesForCannedPolicy.resourceUrl()).isEqualTo(resourceUrl);
298+
assertThat(cookiesForCannedPolicy.resourceUrl()).isEqualTo(RESOURCE_URL);
274299
assertThat(cookiesForCannedPolicy.keyPairIdHeaderValue()).isEqualTo("CloudFront-Key-Pair-Id=keyPairId");
275300
}
276301

@@ -280,29 +305,29 @@ void getCookiesForCustomPolicy_producesValidCookies() throws Exception {
280305
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
281306
String ipRange = "1.2.3.4";
282307
CustomSignerRequest request = CustomSignerRequest.builder()
283-
.resourceUrl(resourceUrl)
308+
.resourceUrl(RESOURCE_URL)
284309
.privateKey(keyFilePath)
285310
.keyPairId("keyPairId")
286311
.expirationDate(expirationDate)
287312
.activeDate(activeDate)
288313
.ipRange(ipRange)
289314
.build();
290315
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities.getCookiesForCustomPolicy(request);
291-
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(resourceUrl);
316+
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(RESOURCE_URL);
292317
assertThat(cookiesForCustomPolicy.keyPairIdHeaderValue()).isEqualTo("CloudFront-Key-Pair-Id=keyPairId");
293318
}
294319

295320
@Test
296321
void getCookiesForCustomPolicy_withActiveDateAndIpRangeOmitted_producesValidCookies() {
297322
Instant expirationDate = LocalDate.of(2024, 1, 1).atStartOfDay().toInstant(ZoneOffset.of("Z"));
298323
CustomSignerRequest request = CustomSignerRequest.builder()
299-
.resourceUrl(resourceUrl)
324+
.resourceUrl(RESOURCE_URL)
300325
.privateKey(keyPair.getPrivate())
301326
.keyPairId("keyPairId")
302327
.expirationDate(expirationDate)
303328
.build();
304329
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities.getCookiesForCustomPolicy(request);
305-
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(resourceUrl);
330+
assertThat(cookiesForCustomPolicy.resourceUrl()).isEqualTo(RESOURCE_URL);
306331
assertThat(cookiesForCustomPolicy.keyPairIdHeaderValue()).isEqualTo("CloudFront-Key-Pair-Id=keyPairId");
307332
}
308333

0 commit comments

Comments
 (0)