@@ -96,18 +96,16 @@ public class CloudFrontSignerIntegrationTest extends IntegrationTestBase {
9696 private static final String bucketName = StringUtils .lowerCase (CloudFrontSignerIntegrationTest .class .getSimpleName ())
9797 + "." + callerReference ;
9898 private static final String s3ObjectKey = "s3ObjectKey" ;
99- private static String dnsName = bucketName + ".s3.amazonaws.com" ;
10099 private static String publicKeyId ;
101100 private static String domainName ;
102101 private static String distributionId ;
103- private static KeyPair keyPair ;
104102 private static File keyFile ;
105103 private static String keyGroupId ;
106104 private static String originAccessId ;
107105 private static String distributionETag ;
108106
109107 @ BeforeAll
110- public static void initial () throws IOException , InterruptedException , NoSuchAlgorithmException {
108+ public static void init () throws IOException , InterruptedException , NoSuchAlgorithmException {
111109 IntegrationTestBase .setUp ();
112110 initKeys ();
113111 setUpDistribution ();
@@ -116,14 +114,7 @@ public static void initial() throws IOException, InterruptedException, NoSuchAlg
116114 @ AfterAll
117115 public static void tearDown () throws InterruptedException {
118116 disableDistribution ();
119- if (distributionId != null ) {
120- try {
121- cloudFrontClient .deleteDistribution (DeleteDistributionRequest .builder ().ifMatch (distributionETag ).id (distributionId ).build ());
122- } catch (Exception e ) {
123- e .printStackTrace ();
124- }
125- }
126-
117+ cloudFrontClient .deleteDistribution (DeleteDistributionRequest .builder ().ifMatch (distributionETag ).id (distributionId ).build ());
127118 deleteBucketAndAllContents (bucketName );
128119 String keyGroupETag = cloudFrontClient .getKeyGroup (GetKeyGroupRequest .builder ().id (keyGroupId ).build ()).eTag ();
129120 cloudFrontClient .deleteKeyGroup (DeleteKeyGroupRequest .builder ().ifMatch (keyGroupETag ).id (keyGroupId ).build ());
@@ -135,7 +126,24 @@ public static void tearDown() throws InterruptedException {
135126 }
136127
137128 @ Test
138- void getSignedURLWithCannedPolicy_shouldWork () throws Exception {
129+ void unsignedUrl_shouldReturn403Response () throws Exception {
130+ String unsignedUrl = generateResourceUrl (Protocol .HTTPS , domainName , s3ObjectKey );
131+ SdkHttpClient client = ApacheHttpClient .create ();
132+ HttpExecuteResponse response =
133+ client .prepareRequest (HttpExecuteRequest .builder ()
134+ .request (SdkHttpRequest .builder ()
135+ .encodedPath (unsignedUrl )
136+ .host (domainName )
137+ .method (SdkHttpMethod .GET )
138+ .protocol ("https" )
139+ .build ())
140+ .build ()).call ();
141+ int expectedStatus = 403 ;
142+ assertThat (response .httpResponse ().statusCode ()).isEqualTo (expectedStatus );
143+ }
144+
145+ @ Test
146+ void getSignedUrlWithCannedPolicy_shouldWork () throws Exception {
139147 InputStream originalBucketContent = s3Client .getObject (GetObjectRequest .builder ().bucket (bucketName ).key (s3ObjectKey ).build ());
140148 ZonedDateTime expirationDate = ZonedDateTime .of (2050 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
141149 String signedUrl = getSignedUrlWithCannedPolicy (Protocol .HTTPS , domainName , s3ObjectKey , keyFile , publicKeyId , expirationDate );
@@ -158,7 +166,7 @@ void getSignedURLWithCannedPolicy_shouldWork() throws Exception {
158166 }
159167
160168 @ Test
161- void getSignedURLWithCannedPolicy_withExpiredDate_shouldReturn403Response () throws Exception {
169+ void getSignedUrlWithCannedPolicy_withExpiredDate_shouldReturn403Response () throws Exception {
162170 ZonedDateTime expirationDate = ZonedDateTime .of (2020 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
163171 String signedUrl = getSignedUrlWithCannedPolicy (Protocol .HTTPS , domainName , s3ObjectKey , keyFile , publicKeyId , expirationDate );
164172 String encodedPath = signedUrl .substring (signedUrl .indexOf ("s3ObjectKey" ));
@@ -177,7 +185,7 @@ void getSignedURLWithCannedPolicy_withExpiredDate_shouldReturn403Response() thro
177185 }
178186
179187 @ Test
180- void getSignedURLWithCustomPolicy_shouldWork () throws Exception {
188+ void getSignedUrlWithCustomPolicy_shouldWork () throws Exception {
181189 InputStream originalBucketContent = s3Client .getObject (GetObjectRequest .builder ().bucket (bucketName ).key (s3ObjectKey ).build ());
182190 ZonedDateTime activeDate = ZonedDateTime .of (2020 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
183191 ZonedDateTime expirationDate = ZonedDateTime .of (2050 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
@@ -201,7 +209,7 @@ void getSignedURLWithCustomPolicy_shouldWork() throws Exception {
201209 }
202210
203211 @ Test
204- void getSignedURLWithCustomPolicy_withFutureActiveDate_shouldReturn403Response () throws Exception {
212+ void getSignedUrlWithCustomPolicy_withFutureActiveDate_shouldReturn403Response () throws Exception {
205213 ZonedDateTime activeDate = ZonedDateTime .of (2040 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
206214 ZonedDateTime expirationDate = ZonedDateTime .of (2050 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
207215 String signedUrl = getSignedUrlWithCustomPolicy (Protocol .HTTPS , domainName , s3ObjectKey , keyFile , publicKeyId , activeDate , expirationDate , null );
@@ -232,7 +240,8 @@ void getCookiesForCannedPolicy_shouldWork() throws Exception {
232240 client .prepareRequest (HttpExecuteRequest .builder ()
233241 .request (SdkHttpRequest .builder ()
234242 .uri (URI .create (encodedPath ))
235- .appendHeader ("Cookie" ,cookies .getExpires ().getKey () + "=" + cookies .getExpires ().getValue ())
243+ .appendHeader ("Cookie" ,
244+ cookies .getExpires ().getKey () + "=" + cookies .getExpires ().getValue ())
236245 .appendHeader ("Cookie" ,
237246 cookies .getSignature ().getKey () + "=" + cookies .getSignature ().getValue ())
238247 .appendHeader ("Cookie" ,
@@ -258,7 +267,8 @@ void getCookiesForCannedPolicy_withExpiredDate_shouldReturn403Response() throws
258267 client .prepareRequest (HttpExecuteRequest .builder ()
259268 .request (SdkHttpRequest .builder ()
260269 .uri (URI .create (encodedPath ))
261- .appendHeader ("Cookie" ,cookies .getExpires ().getKey () + "=" + cookies .getExpires ().getValue ())
270+ .appendHeader ("Cookie" ,
271+ cookies .getExpires ().getKey () + "=" + cookies .getExpires ().getValue ())
262272 .appendHeader ("Cookie" ,
263273 cookies .getSignature ().getKey () + "=" + cookies .getSignature ().getValue ())
264274 .appendHeader ("Cookie" ,
@@ -274,7 +284,7 @@ void getCookiesForCannedPolicy_withExpiredDate_shouldReturn403Response() throws
274284 void getCookiesForCustomPolicy_shouldWork () throws Exception {
275285 InputStream originalBucketContent = s3Client .getObject (GetObjectRequest .builder ().bucket (bucketName ).key (s3ObjectKey ).build ());
276286 ZonedDateTime activeDate = ZonedDateTime .of (2020 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
277- ZonedDateTime expirationDate = ZonedDateTime .of (2023 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
287+ ZonedDateTime expirationDate = ZonedDateTime .of (2050 , 1 , 1 , 0 , 0 , 0 , 0 , ZoneId .of ("UTC" ));
278288 CookiesForCustomPolicy cookies = getCookiesForCustomPolicy (Protocol .HTTPS , domainName , s3ObjectKey , keyFile , publicKeyId , activeDate , expirationDate , null );
279289 String encodedPath = generateResourceUrl (Protocol .HTTPS , domainName , s3ObjectKey );
280290
@@ -325,7 +335,6 @@ void getCookiesForCustomPolicy_withFutureActiveDate_shouldReturn403Response() th
325335 }
326336
327337 static void setUpDistribution () throws IOException , InterruptedException {
328- //Create Origin Access Identity
329338 CreateCloudFrontOriginAccessIdentityResponse response = cloudFrontClient .createCloudFrontOriginAccessIdentity (
330339 CreateCloudFrontOriginAccessIdentityRequest .builder ()
331340 .cloudFrontOriginAccessIdentityConfig (CloudFrontOriginAccessIdentityConfig .builder ()
@@ -335,23 +344,17 @@ static void setUpDistribution() throws IOException, InterruptedException {
335344 .build ());
336345 originAccessId = response .cloudFrontOriginAccessIdentity ().id ();
337346
338- // Create Cloudfront trusted key group
339347 KeyGroup keyGroup =
340348 cloudFrontClient .createKeyGroup (CreateKeyGroupRequest .builder ().keyGroupConfig (KeyGroupConfig .builder ()
341349 .name ("TestKeyGroup" )
342350 .items (publicKeyId )
343351 .build ()).build ()).keyGroup ();
344352 keyGroupId = keyGroup .id ();
345353
346- // Create S3 Bucket
347354 s3Client .createBucket (CreateBucketRequest .builder ().bucket (bucketName ).build ());
348- dnsName = bucketName + ".s3.amazonaws.com" ;
349-
350- //Upload temp file to bucket
351- File content = new RandomTempFile ("" + System .currentTimeMillis (), 1000L );
355+ File content = new RandomTempFile ("testFile" , 1000L );
352356 s3Client .putObject (PutObjectRequest .builder ().bucket (bucketName ).key (s3ObjectKey ).build (), RequestBody .fromFile (content ));
353357
354- //Distribution Config Parameters
355358 DefaultCacheBehavior defaultCacheBehavior = DefaultCacheBehavior .builder ()
356359 .forwardedValues (ForwardedValues .builder ()
357360 .queryString (false ).cookies (CookiePreference .builder ().forward ("none" ).build ())
@@ -366,15 +369,13 @@ static void setUpDistribution() throws IOException, InterruptedException {
366369 .headers (Headers .builder ().quantity (0 ).build ()).build ()).minTTL (10000L ).maxTTL (10000L ).defaultTTL (10000L )
367370 .targetOriginId ("1" )
368371 .viewerProtocolPolicy (ViewerProtocolPolicy .ALLOW_ALL )
369- .trustedKeyGroups (TrustedKeyGroups .builder ().enabled (true ).quantity (1 ).items (keyGroup .id ()).build ())
370- .pathPattern ("*" ).build ();
372+ .trustedKeyGroups (TrustedKeyGroups .builder ().enabled (true ).quantity (1 ).items (keyGroup .id ()).build ()).pathPattern ("*" ).build ();
371373
372374 Origin origin = Origin .builder ()
373- .domainName (dnsName )
375+ .domainName (bucketName + ".s3.amazonaws.com" )
374376 .id ("1" )
375377 .s3OriginConfig (S3OriginConfig .builder ().originAccessIdentity ("origin-access-identity/cloudfront/" + originAccessId ).build ()).build ();
376378
377- // Create CloudFront Distribution
378379 DistributionConfig distributionConfiguration = DistributionConfig .builder ()
379380 .priceClass (PriceClass .PRICE_CLASS_100 )
380381 .defaultCacheBehavior (defaultCacheBehavior )
@@ -404,7 +405,6 @@ static void setUpDistribution() throws IOException, InterruptedException {
404405
405406 waitForDistributionToDeploy (distributionId );
406407
407- // Add bucket policy for Origin Access Identity to read bucket object
408408 String bucketPolicy = "{\n "
409409 + "\" Version\" :\" 2012-10-17\" ,\n "
410410 + "\" Id\" :\" PolicyForCloudFrontPrivateContent\" ,\n "
@@ -424,21 +424,19 @@ static void setUpDistribution() throws IOException, InterruptedException {
424424 }
425425
426426 static void initKeys () throws NoSuchAlgorithmException , IOException {
427- //Generate key pair
428427 KeyPairGenerator kpg = KeyPairGenerator .getInstance ("RSA" );
429428 kpg .initialize (2048 );
430- keyPair = kpg .generateKeyPair ();
429+ KeyPair keyPair = kpg .generateKeyPair ();
431430
432- //Write private key to file
433431 keyFile = new File ("src/test/key.pem" );
434432 FileWriter writer = new FileWriter (keyFile );
435433 writer .write ("-----BEGIN PRIVATE KEY-----\n " );
436434 writer .write (encoder .encodeToString (keyPair .getPrivate ().getEncoded ()));
437435 writer .write ("\n -----END PRIVATE KEY-----\n " );
438436 writer .close ();
439437
440- //Upload public key to Cloudfront
441- String encodedKey = "-----BEGIN PUBLIC KEY----- \n " encoder .encodeToString (keyPair .getPublic ().getEncoded ())
438+ String encodedKey = "-----BEGIN PUBLIC KEY----- \n "
439+ + encoder .encodeToString (keyPair .getPublic ().getEncoded ())
442440 + "\n -----END PUBLIC KEY-----\n " ;
443441 CreatePublicKeyResponse publicKeyResponse =
444442 cloudFrontClient .createPublicKey (CreatePublicKeyRequest .builder ().publicKeyConfig (PublicKeyConfig .builder ()
@@ -453,7 +451,6 @@ static void disableDistribution() throws InterruptedException {
453451 cloudFrontClient .getDistributionConfig (GetDistributionConfigRequest .builder ().id (distributionId ).build ());
454452 distributionETag = distributionConfigResponse .eTag ();
455453 DistributionConfig originalConfig = distributionConfigResponse .distributionConfig ();
456-
457454 UpdateDistributionResponse updateDistributionResponse =
458455 cloudFrontClient .updateDistribution (r -> r .id (distributionId )
459456 .ifMatch (distributionETag )
0 commit comments