Skip to content

Commit bced6db

Browse files
davidh44davidh44
committed
CloudFront Signer
1 parent cd9787a commit bced6db

File tree

4 files changed

+35
-28
lines changed

4 files changed

+35
-28
lines changed

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/utils/CloudFrontSignedCookie.java

Lines changed: 6 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -31,18 +31,15 @@
3131
import java.security.spec.InvalidKeySpecException;
3232
import java.time.ZonedDateTime;
3333
import java.util.Map;
34+
import software.amazon.awssdk.annotations.Immutable;
3435
import software.amazon.awssdk.annotations.SdkPublicApi;
3536
import software.amazon.awssdk.core.exception.SdkClientException;
3637
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignerUtils.Protocol;
3738

39+
@Immutable
3840
@SdkPublicApi
3941
public final class CloudFrontSignedCookie {
4042

41-
private static final String EXPIRES_KEY = "CloudFront-Expires";
42-
private static final String SIGNATURE_KEY = "CloudFront-Signature";
43-
private static final String POLICY_KEY = "CloudFront-Policy";
44-
private static final String KEY_PAIR_ID_KEY = "CloudFront-Key-Pair-Id";
45-
4643
private CloudFrontSignedCookie() {
4744
}
4845

@@ -227,15 +224,15 @@ public Map.Entry<String, String> getKeyPairId() {
227224
}
228225

229226
public void setKeyPairId(String keyPairId) {
230-
this.keyPairId = new CookieKeyValuePair(KEY_PAIR_ID_KEY, keyPairId);
227+
this.keyPairId = new CookieKeyValuePair("CloudFront-Key-Pair-Id", keyPairId);
231228
}
232229

233230
public Map.Entry<String, String> getSignature() {
234231
return signature;
235232
}
236233

237234
public void setSignature(String signature) {
238-
this.signature = new CookieKeyValuePair(SIGNATURE_KEY, signature);
235+
this.signature = new CookieKeyValuePair("CloudFront-Signature", signature);
239236
}
240237
}
241238

@@ -251,7 +248,7 @@ public Map.Entry<String, String> getExpires() {
251248
}
252249

253250
public void setExpires(String expires) {
254-
this.expires = new CookieKeyValuePair(EXPIRES_KEY, expires);
251+
this.expires = new CookieKeyValuePair("CloudFront-Expires", expires);
255252
}
256253
}
257254

@@ -267,7 +264,7 @@ public Map.Entry<String, String> getPolicy() {
267264
}
268265

269266
public void setPolicy(String policy) {
270-
this.policy = new CookieKeyValuePair(POLICY_KEY, policy);
267+
this.policy = new CookieKeyValuePair("CloudFront-Policy", policy);
271268
}
272269
}
273270
}

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/utils/CloudFrontSignedUrl.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,10 +30,12 @@
3030
import java.security.PrivateKey;
3131
import java.security.spec.InvalidKeySpecException;
3232
import java.time.ZonedDateTime;
33+
import software.amazon.awssdk.annotations.Immutable;
3334
import software.amazon.awssdk.annotations.SdkPublicApi;
3435
import software.amazon.awssdk.core.exception.SdkClientException;
3536
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignerUtils.Protocol;
3637

38+
@Immutable
3739
@SdkPublicApi
3840
public final class CloudFrontSignedUrl {
3941

services/cloudfront/src/main/java/software/amazon/awssdk/services/cloudfront/utils/CloudFrontSignerUtils.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,12 +32,14 @@
3232
import java.security.spec.InvalidKeySpecException;
3333
import java.time.ZonedDateTime;
3434
import java.util.Base64;
35+
import software.amazon.awssdk.annotations.Immutable;
3536
import software.amazon.awssdk.annotations.SdkPublicApi;
3637
import software.amazon.awssdk.core.exception.SdkClientException;
3738
import software.amazon.awssdk.services.cloudfront.auth.Pem;
3839
import software.amazon.awssdk.services.cloudfront.auth.Rsa;
3940
import software.amazon.awssdk.utils.StringUtils;
4041

42+
@Immutable
4143
@SdkPublicApi
4244
public final class CloudFrontSignerUtils {
4345

@@ -186,7 +188,7 @@ public static PrivateKey loadPrivateKey(File privateKeyFile) throws InvalidKeySp
186188
throw SdkClientException.create("Unsupported file type for private key");
187189
}
188190

189-
public static byte[] toByteArray(InputStream is) throws IOException {
191+
private static byte[] toByteArray(InputStream is) throws IOException {
190192
try (ByteArrayOutputStream output = new ByteArrayOutputStream()) {
191193
byte[] b = new byte[1024 * 4];
192194
int n = 0;

services/cloudfront/src/test/java/software/amazon/awssdk/services/cloudfront/CloudFrontSignerIntegrationTest.java

Lines changed: 24 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -16,11 +16,6 @@
1616
package software.amazon.awssdk.services.cloudfront;
1717

1818
import static org.assertj.core.api.Assertions.assertThat;
19-
import static software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedCookie.getCookiesForCannedPolicy;
20-
import static software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedCookie.getCookiesForCustomPolicy;
21-
import static software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedUrl.getSignedUrlWithCannedPolicy;
22-
import static software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedUrl.getSignedUrlWithCustomPolicy;
23-
import static software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignerUtils.generateResourceUrl;
2419

2520
import java.io.File;
2621
import java.io.FileWriter;
@@ -80,6 +75,9 @@
8075
import software.amazon.awssdk.services.cloudfront.model.TrustedKeyGroups;
8176
import software.amazon.awssdk.services.cloudfront.model.UpdateDistributionResponse;
8277
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
78+
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedCookie;
79+
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedUrl;
80+
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignerUtils;
8381
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedCookie.CookiesForCannedPolicy;
8482
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignedCookie.CookiesForCustomPolicy;
8583
import software.amazon.awssdk.services.cloudfront.utils.CloudFrontSignerUtils.Protocol;
@@ -127,7 +125,7 @@ public static void tearDown() throws InterruptedException {
127125

128126
@Test
129127
void unsignedUrl_shouldReturn403Response() throws Exception {
130-
String unsignedUrl = generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
128+
String unsignedUrl = CloudFrontSignerUtils.generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
131129
SdkHttpClient client = ApacheHttpClient.create();
132130
HttpExecuteResponse response =
133131
client.prepareRequest(HttpExecuteRequest.builder()
@@ -146,7 +144,8 @@ void unsignedUrl_shouldReturn403Response() throws Exception {
146144
void getSignedUrlWithCannedPolicy_shouldWork() throws Exception {
147145
InputStream originalBucketContent = s3Client.getObject(GetObjectRequest.builder().bucket(bucketName).key(s3ObjectKey).build());
148146
ZonedDateTime expirationDate = ZonedDateTime.of(2050, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
149-
String signedUrl = getSignedUrlWithCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, expirationDate);
147+
String signedUrl = CloudFrontSignedUrl.getSignedUrlWithCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile,
148+
publicKeyId, expirationDate);
150149
String encodedPath = signedUrl.substring(signedUrl.indexOf("s3ObjectKey"));
151150
SdkHttpClient client = ApacheHttpClient.create();
152151
HttpExecuteResponse response =
@@ -168,7 +167,8 @@ void getSignedUrlWithCannedPolicy_shouldWork() throws Exception {
168167
@Test
169168
void getSignedUrlWithCannedPolicy_withExpiredDate_shouldReturn403Response() throws Exception {
170169
ZonedDateTime expirationDate = ZonedDateTime.of(2020, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
171-
String signedUrl = getSignedUrlWithCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, expirationDate);
170+
String signedUrl = CloudFrontSignedUrl.getSignedUrlWithCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile,
171+
publicKeyId, expirationDate);
172172
String encodedPath = signedUrl.substring(signedUrl.indexOf("s3ObjectKey"));
173173
SdkHttpClient client = ApacheHttpClient.create();
174174
HttpExecuteResponse response =
@@ -189,7 +189,8 @@ void getSignedUrlWithCustomPolicy_shouldWork() throws Exception {
189189
InputStream originalBucketContent = s3Client.getObject(GetObjectRequest.builder().bucket(bucketName).key(s3ObjectKey).build());
190190
ZonedDateTime activeDate = ZonedDateTime.of(2020, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
191191
ZonedDateTime expirationDate = ZonedDateTime.of(2050, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
192-
String signedUrl = getSignedUrlWithCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, activeDate, expirationDate, null);
192+
String signedUrl = CloudFrontSignedUrl.getSignedUrlWithCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile,
193+
publicKeyId, activeDate, expirationDate, null);
193194
String encodedPath = signedUrl.substring(signedUrl.indexOf("s3ObjectKey"));
194195
SdkHttpClient client = ApacheHttpClient.create();
195196
HttpExecuteResponse response =
@@ -212,7 +213,8 @@ void getSignedUrlWithCustomPolicy_shouldWork() throws Exception {
212213
void getSignedUrlWithCustomPolicy_withFutureActiveDate_shouldReturn403Response() throws Exception {
213214
ZonedDateTime activeDate = ZonedDateTime.of(2040, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
214215
ZonedDateTime expirationDate = ZonedDateTime.of(2050, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
215-
String signedUrl = getSignedUrlWithCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, activeDate, expirationDate, null);
216+
String signedUrl = CloudFrontSignedUrl.getSignedUrlWithCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile,
217+
publicKeyId, activeDate, expirationDate, null);
216218
String encodedPath = signedUrl.substring(signedUrl.indexOf("s3ObjectKey"));
217219
SdkHttpClient client = ApacheHttpClient.create();
218220
HttpExecuteResponse response =
@@ -232,8 +234,9 @@ void getSignedUrlWithCustomPolicy_withFutureActiveDate_shouldReturn403Response()
232234
void getCookiesForCannedPolicy_shouldWork() throws Exception {
233235
InputStream originalBucketContent = s3Client.getObject(GetObjectRequest.builder().bucket(bucketName).key(s3ObjectKey).build());
234236
ZonedDateTime expirationDate = ZonedDateTime.of(2050, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
235-
CookiesForCannedPolicy cookies = getCookiesForCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, expirationDate);
236-
String encodedPath = generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
237+
CookiesForCannedPolicy cookies = CloudFrontSignedCookie.getCookiesForCannedPolicy(Protocol.HTTPS, domainName,
238+
s3ObjectKey, keyFile, publicKeyId, expirationDate);
239+
String encodedPath = CloudFrontSignerUtils.generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
237240

238241
SdkHttpClient client = ApacheHttpClient.create();
239242
HttpExecuteResponse response =
@@ -259,8 +262,9 @@ void getCookiesForCannedPolicy_shouldWork() throws Exception {
259262
@Test
260263
void getCookiesForCannedPolicy_withExpiredDate_shouldReturn403Response() throws Exception {
261264
ZonedDateTime expirationDate = ZonedDateTime.of(2020, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
262-
CookiesForCannedPolicy cookies = getCookiesForCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, expirationDate);
263-
String encodedPath = generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
265+
CookiesForCannedPolicy cookies = CloudFrontSignedCookie.getCookiesForCannedPolicy(Protocol.HTTPS, domainName, s3ObjectKey,
266+
keyFile, publicKeyId, expirationDate);
267+
String encodedPath = CloudFrontSignerUtils.generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
264268

265269
SdkHttpClient client = ApacheHttpClient.create();
266270
HttpExecuteResponse response =
@@ -285,8 +289,9 @@ void getCookiesForCustomPolicy_shouldWork() throws Exception {
285289
InputStream originalBucketContent = s3Client.getObject(GetObjectRequest.builder().bucket(bucketName).key(s3ObjectKey).build());
286290
ZonedDateTime activeDate = ZonedDateTime.of(2020, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
287291
ZonedDateTime expirationDate = ZonedDateTime.of(2050, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
288-
CookiesForCustomPolicy cookies = getCookiesForCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, activeDate, expirationDate, null);
289-
String encodedPath = generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
292+
CookiesForCustomPolicy cookies = CloudFrontSignedCookie.getCookiesForCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey,
293+
keyFile, publicKeyId, activeDate, expirationDate, null);
294+
String encodedPath = CloudFrontSignerUtils.generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
290295

291296
SdkHttpClient client = ApacheHttpClient.create();
292297
HttpExecuteResponse response =
@@ -313,8 +318,9 @@ void getCookiesForCustomPolicy_shouldWork() throws Exception {
313318
void getCookiesForCustomPolicy_withFutureActiveDate_shouldReturn403Response() throws Exception {
314319
ZonedDateTime activeDate = ZonedDateTime.of(2040, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
315320
ZonedDateTime expirationDate = ZonedDateTime.of(2050, 1, 1, 0, 0, 0, 0, ZoneId.of("UTC"));
316-
CookiesForCustomPolicy cookies = getCookiesForCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey, keyFile, publicKeyId, activeDate, expirationDate, null);
317-
String encodedPath = generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
321+
CookiesForCustomPolicy cookies = CloudFrontSignedCookie.getCookiesForCustomPolicy(Protocol.HTTPS, domainName, s3ObjectKey,
322+
keyFile, publicKeyId, activeDate, expirationDate, null);
323+
String encodedPath = CloudFrontSignerUtils.generateResourceUrl(Protocol.HTTPS, domainName, s3ObjectKey);
318324

319325
SdkHttpClient client = ApacheHttpClient.create();
320326
HttpExecuteResponse response =

0 commit comments

Comments
 (0)