Permalink
Browse files

Allowing for resources to be different from the url to sign

  • Loading branch information...
1 parent d178464 commit 7d5554bdef2ed84fcf4f447d2d77391261801217 Dylan Vaughn committed Nov 17, 2010
Showing with 9 additions and 8 deletions.
  1. +7 −6 lib/aws_cf_signer.rb
  2. +2 −2 test/test_aws_cf_signer.rb
View
13 lib/aws_cf_signer.rb
@@ -15,22 +15,23 @@ def initialize(pem_path, key_pair_id = nil)
end
end
- def sign(resource, policy_options = {})
- separator = resource =~ /\?/ ? '&' : '?'
+ def sign(url_to_sign, policy_options = {})
+ separator = url_to_sign =~ /\?/ ? '&' : '?'
if policy_options[:policy_file]
policy = IO.read(policy_options[:policy_file])
- "#{resource}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+ "#{url_to_sign}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
else
raise ArgumentError.new("'ending' argument is required") if policy_options[:ending].nil?
if policy_options.keys.size == 1
# Canned Policy - shorter URL
expires_at = epoch_time(policy_options[:ending])
- policy = %({"Statement":[{"Resource":"#{resource}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
- "#{resource}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+ policy = %({"Statement":[{"Resource":"#{url_to_sign}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]})
+ "#{url_to_sign}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
else
# Custom Policy
+ resource = policy_options[:resource] || url_to_sign
policy = generate_custom_policy(resource, policy_options)
- "#{resource}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
+ "#{url_to_sign}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}"
end
end
end
View
4 test/test_aws_cf_signer.rb
@@ -55,8 +55,8 @@ class TestAwsCfSigner < Test::Unit::TestCase
ending = Time.now + 3600
ip_range = '216.98.35.1/32'
assert_equal(
- @cf_signer.generate_custom_policy('http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz', :starting => starting, :ending => ending, :ip_range => ip_range),
- %({"Statement":[{"Resource":"http://d84l721fxaaqy9.cloudfront.net/downloads/pictures.tgz","Condition":{"DateLessThan":{"AWS:EpochTime":#{ending.to_i}},"DateGreaterThan":{"AWS:EpochTime":#{starting.to_i}},"IpAddress":{"AWS:SourceIp":#{ip_range}}}]})
+ @cf_signer.generate_custom_policy('http://d84l721fxaaqy9.cloudfront.net/downloads/*', :starting => starting, :ending => ending, :ip_range => ip_range),
+ %({"Statement":[{"Resource":"http://d84l721fxaaqy9.cloudfront.net/downloads/*","Condition":{"DateLessThan":{"AWS:EpochTime":#{ending.to_i}},"DateGreaterThan":{"AWS:EpochTime":#{starting.to_i}},"IpAddress":{"AWS:SourceIp":#{ip_range}}}]})
)
end
end

0 comments on commit 7d5554b

Please sign in to comment.