Class: AwsCfSigner
- Inherits:
-
Object
- Object
- AwsCfSigner
- Defined in:
- lib/aws_cf_signer.rb,
lib/aws_cf_signer/version.rb
Constant Summary collapse
- VERSION =
"0.1.3"
Instance Attribute Summary collapse
-
#key_pair_id ⇒ Object
readonly
Returns the value of attribute key_pair_id.
Instance Method Summary collapse
- #create_signature(policy) ⇒ Object
- #encode_policy(policy) ⇒ Object
- #epoch_time(timelike) ⇒ Object
- #extract_key_pair_id(key_path) ⇒ Object
- #generate_custom_policy(resource, options) ⇒ Object
-
#initialize(key_or_pem_path, key_pair_id = nil) ⇒ AwsCfSigner
constructor
A new instance of AwsCfSigner.
- #sign(url_to_sign, policy_options = {}) ⇒ Object
- #url_safe(s) ⇒ Object
Constructor Details
#initialize(key_or_pem_path, key_pair_id = nil) ⇒ AwsCfSigner
Returns a new instance of AwsCfSigner.
9 10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/aws_cf_signer.rb', line 9 def initialize(key_or_pem_path, key_pair_id = nil) if key_or_pem_path =~ /BEGIN RSA PRIVATE KEY/ @key = OpenSSL::PKey::RSA.new(key_or_pem_path) @key_pair_id = key_pair_id or raise ArgumentError, "key_pair_id could not be inferred - please pass in explicitly" else @pem_path = key_or_pem_path @key = OpenSSL::PKey::RSA.new(File.readlines(@pem_path).join("")) @key_pair_id = key_pair_id ? key_pair_id : extract_key_pair_id(@pem_path) unless @key_pair_id raise ArgumentError.new("key_pair_id couldn't be inferred from #{@pem_path} - please pass in explicitly") end end end |
Instance Attribute Details
#key_pair_id ⇒ Object (readonly)
Returns the value of attribute key_pair_id.
7 8 9 |
# File 'lib/aws_cf_signer.rb', line 7 def key_pair_id @key_pair_id end |
Instance Method Details
#create_signature(policy) ⇒ Object
63 64 65 |
# File 'lib/aws_cf_signer.rb', line 63 def create_signature(policy) url_safe(Base64.encode64(@key.sign(OpenSSL::Digest::SHA1.new, (policy)))) end |
#encode_policy(policy) ⇒ Object
59 60 61 |
# File 'lib/aws_cf_signer.rb', line 59 def encode_policy(policy) url_safe(Base64.encode64(policy)) end |
#epoch_time(timelike) ⇒ Object
51 52 53 54 55 56 57 |
# File 'lib/aws_cf_signer.rb', line 51 def epoch_time(timelike) case timelike when String then Time.parse(timelike).to_i when Time then timelike.to_i else raise ArgumentError.new("Invalid argument - String or Time required - #{timelike.class} passed.") end end |
#extract_key_pair_id(key_path) ⇒ Object
67 68 69 |
# File 'lib/aws_cf_signer.rb', line 67 def extract_key_pair_id(key_path) File.basename(key_path) =~ /^pk-(.*).pem$/ ? $1 : nil end |
#generate_custom_policy(resource, options) ⇒ Object
44 45 46 47 48 49 |
# File 'lib/aws_cf_signer.rb', line 44 def generate_custom_policy(resource, ) conditions = ["\"DateLessThan\":{\"AWS:EpochTime\":#{epoch_time([:ending])}}"] conditions << "\"DateGreaterThan\":{\"AWS:EpochTime\":#{epoch_time([:starting])}}" if [:starting] conditions << "\"IpAddress\":{\"AWS:SourceIp\":\"#{[:ip_range] || '0.0.0.0/0'}\"" %({"Statement":[{"Resource":"#{resource}","Condition":{#{conditions.join(',')}}}}]}) end |
#sign(url_to_sign, policy_options = {}) ⇒ Object
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/aws_cf_signer.rb', line 23 def sign(url_to_sign, = {}) separator = url_to_sign =~ /\?/ ? '&' : '?' if [:policy_file] policy = IO.read([:policy_file]) "#{url_to_sign}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}" else raise ArgumentError.new("'ending' argument is required") if [:ending].nil? if .keys == [:ending] || .keys.sort == [:ending, :resource] # Canned Policy - shorter URL expires_at = epoch_time([:ending]) policy = %({"Statement":[{"Resource":"#{[:resource] || url_to_sign}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires_at}}}}]}) "#{url_to_sign}#{separator}Expires=#{expires_at}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}" else # Custom Policy resource = [:resource] || url_to_sign policy = generate_custom_policy(resource, ) "#{url_to_sign}#{separator}Policy=#{encode_policy(policy)}&Signature=#{create_signature(policy)}&Key-Pair-Id=#{@key_pair_id}" end end end |
#url_safe(s) ⇒ Object
71 72 73 |
# File 'lib/aws_cf_signer.rb', line 71 def url_safe(s) s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','') end |