AWS SDK

rev. 0f697fe024b95fa2edbb5bf2fc415edbd1a0c921 (ignoring whitespace)

Files changed:

tmp-codegen-diff/aws-sdk/sdk/aws-sdk-cloudfront-url-signer/src/sign.rs

@@ -0,1 +0,593 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-+
 use crate::error::{ErrorKind, SigningError};
 use crate::key::PrivateKey;
 use crate::policy::Policy;
 use aws_smithy_types::DateTime;
 use std::borrow::Cow;
 use std::fmt;
 use std::time::Duration;
-+
 /// CloudFront-specific base64 encoding.
 /// Standard base64 with: `+` → `-`, `=` → `_`, `/` → `~`
 fn cloudfront_base64(data: &[u8]) -> String {
     base64_simd::STANDARD
         .encode_to_string(data)
         .replace('+', "-")
         .replace('=', "_")
         .replace('/', "~")
-+
+}
-+
 const COOKIE_POLICY: &str = "CloudFront-Policy";
 const COOKIE_SIGNATURE: &str = "CloudFront-Signature";
 const COOKIE_KEY_PAIR_ID: &str = "CloudFront-Key-Pair-Id";
 const COOKIE_EXPIRES: &str = "CloudFront-Expires";
-+
 #[derive(Debug, Clone)]
 enum Expiration {
     DateTime(DateTime),
     Duration(Duration),
-+
+}
-+
 /// Request to sign a CloudFront URL or generate signed cookies.
 #[derive(Debug, Clone)]
 pub struct SigningRequest {
     pub(crate) resource_url: String,
     pub(crate) resource_pattern: Option<String>,
     pub(crate) key_pair_id: String,
     pub(crate) private_key: PrivateKey,
     pub(crate) expiration: DateTime,
     pub(crate) active_date: Option<DateTime>,
     pub(crate) ip_range: Option<String>,
-+
+}
-+
 impl SigningRequest {
     /// Creates a new builder for constructing a signing request.
     pub fn builder() -> SigningRequestBuilder {
         SigningRequestBuilder::default()
-+
+    }
-+
+}
-+
 /// Builder for [`SigningRequest`].
 #[derive(Default, Debug)]
 pub struct SigningRequestBuilder {
     resource_url: Option<String>,
     resource_pattern: Option<String>,
     key_pair_id: Option<String>,
     private_key: Option<PrivateKey>,
     expiration: Option<Expiration>,
     active_date: Option<DateTime>,
     ip_range: Option<String>,
     time_source: Option<aws_smithy_async::time::SharedTimeSource>,
-+
+}
-+
 impl SigningRequestBuilder {
     /// Sets the CloudFront resource URL to sign.
     pub fn resource_url(mut self, url: impl Into<String>) -> Self {
         self.resource_url = Some(url.into());
         self
-+
+    }
-+
     /// Sets a wildcard pattern for the policy's `Resource` field.
     ///
     /// Use this when you want the signed URL to grant access to multiple resources
     /// matching a pattern. If not set, `resource_url` is used in the policy.
     ///
     /// Wildcards:
     /// - `*` matches zero or more characters
     /// - `?` matches exactly one character
     ///
     /// # Example
     /// ```ignore
     /// // Sign a specific URL but grant access to all files under /videos/
     /// SigningRequest::builder()
     ///     .resource_url("https://d111111abcdef8.cloudfront.net/videos/intro.mp4")
     ///     .resource_pattern("https://d111111abcdef8.cloudfront.net/videos/*")
     ///     // ...
     /// ```
     pub fn resource_pattern(mut self, pattern: impl Into<String>) -> Self {
         self.resource_pattern = Some(pattern.into());
         self
-+
+    }
-+
     /// Sets the CloudFront key pair ID.
     pub fn key_pair_id(mut self, id: impl Into<String>) -> Self {
         self.key_pair_id = Some(id.into());
         self
-+
+    }
-+
     /// Sets the private key for signing.
     pub fn private_key(mut self, key: PrivateKey) -> Self {
         self.private_key = Some(key);
         self
-+
+    }
-+
     /// Sets an absolute expiration time.
     pub fn expires_at(mut self, time: DateTime) -> Self {
         self.expiration = Some(Expiration::DateTime(time));
         self
-+
+    }
-+
     /// Sets a relative expiration time from now.
     pub fn expires_in(mut self, duration: Duration) -> Self {
         self.expiration = Some(Expiration::Duration(duration));
         self
-+
+    }
-+
     /// Sets an activation time (not-before date) for custom policy.
     pub fn active_at(mut self, time: DateTime) -> Self {
         self.active_date = Some(time);
         self
-+
+    }
-+
     /// Sets an IP range restriction (CIDR notation) for custom policy.
     pub fn ip_range(mut self, cidr: impl Into<String>) -> Self {
         self.ip_range = Some(cidr.into());
         self
-+
+    }
-+
     /// Builds the signing request.
     pub fn build(self) -> Result<SigningRequest, SigningError> {
         let resource_url = self
             .resource_url
             .ok_or_else(|| SigningError::invalid_input("resource_url is required"))?;
-+
         let key_pair_id = self
             .key_pair_id
             .ok_or_else(|| SigningError::invalid_input("key_pair_id is required"))?;
-+
         let private_key = self
             .private_key
             .ok_or_else(|| SigningError::invalid_input("private_key is required"))?;
-+
         let expiration = self.expiration.ok_or_else(|| {
             SigningError::invalid_input("expiration is required (use expires_at or expires_in)")
         })?;
-+
         let expiration = match expiration {
             Expiration::DateTime(dt) => dt,
             Expiration::Duration(dur) => {
                 let time_source = self.time_source.unwrap_or_default();
                 let now = DateTime::from(time_source.now());
                 DateTime::from_secs(now.secs() + dur.as_secs() as i64)
-+
+            }
         };
-+
         // Validate that activeDate is before expirationDate
         if let Some(active) = self.active_date {
             if active.secs() >= expiration.secs() {
                 return Err(SigningError::invalid_input(
                     "active_at must be before expiration",
                 ));
-+
+            }
-+
+        }
-+
         Ok(SigningRequest {
             resource_url,
             resource_pattern: self.resource_pattern,
             key_pair_id,
             private_key,
             expiration,
             active_date: self.active_date,
             ip_range: self.ip_range,
         })
-+
+    }
-+
+}
-+
 /// A signed CloudFront URL.
 #[derive(Debug, Clone)]
 pub struct SignedUrl {
     url: url::Url,
-+
+}
-+
 impl SignedUrl {
     pub(crate) fn new(url: String) -> Result<Self, SigningError> {
         let url = url::Url::parse(&url).map_err(|e| {
             SigningError::new(
                 ErrorKind::InvalidInput,
                 Some(Box::new(e)),
                 Some("failed to parse URL".into()),
-+
+            )
         })?;
         Ok(Self { url })
-+
+    }
-+
     /// Returns the complete signed URL as a string.
     pub fn as_str(&self) -> &str {
         self.url.as_str()
-+
+    }
-+
     /// Returns a reference to the parsed URL.
     pub fn as_url(&self) -> &url::Url {
         &self.url
-+
+    }
-+
     /// Consumes self and returns the parsed URL.
     pub fn into_url(self) -> url::Url {
         self.url
-+
+    }
-+
+}
-+
 impl fmt::Display for SignedUrl {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         write!(f, "{}", self.url)
-+
+    }
-+
+}
-+
 impl AsRef<str> for SignedUrl {
     fn as_ref(&self) -> &str {
         self.url.as_str()
-+
+    }
-+
+}
-+
 impl AsRef<url::Url> for SignedUrl {
     fn as_ref(&self) -> &url::Url {
         &self.url
-+
+    }
-+
+}
-+
 #[cfg(feature = "http-1x")]
 impl TryFrom<SignedUrl> for http::Request<()> {
     type Error = http::Error;
-+
     fn try_from(signed_url: SignedUrl) -> Result<Self, Self::Error> {
         http::Request::builder()
             .uri(signed_url.url.as_str())
             .body(())
-+
+    }
-+
+}
-+
 #[cfg(feature = "http-1x")]
 impl TryFrom<&SignedUrl> for http::Request<()> {
     type Error = http::Error;
-+
     fn try_from(signed_url: &SignedUrl) -> Result<Self, Self::Error> {
         http::Request::builder()
             .uri(signed_url.url.as_str())
             .body(())
-+
+    }
-+
+}
-+
 /// Signed cookies for CloudFront.
 #[derive(Debug, Clone)]
 pub struct SignedCookies {
     cookies: Vec<(Cow<'static, str>, String)>,
-+
+}
-+
 impl SignedCookies {
     pub(crate) fn new(cookies: Vec<(Cow<'static, str>, String)>) -> Self {
         Self { cookies }
-+
+    }
-+
     /// Returns all cookies as name-value pairs.
     pub fn cookies(&self) -> &[(Cow<'static, str>, String)] {
         &self.cookies
-+
+    }
-+
     /// Gets a specific cookie value by name.
     pub fn get(&self, name: &str) -> Option<&str> {
         self.cookies
             .iter()
             .find(|(n, _)| n == name)
             .map(|(_, v)| v.as_str())
-+
+    }
-+
     /// Returns an iterator over cookies.
     pub fn iter(&self) -> impl Iterator<Item = (&str, &str)> {
         self.cookies.iter().map(|(n, v)| (n.as_ref(), v.as_str()))
-+
+    }
-+
+}
-+
 // Internal signing implementation
 impl SigningRequest {
     /// Returns true if this request should use a canned policy.
     /// Canned policy is used only when there's no resource_pattern, active_date, or ip_range.
     fn use_canned_policy(&self) -> bool {
         self.resource_pattern.is_none() && self.active_date.is_none() && self.ip_range.is_none()
-+
+    }
-+
     pub(crate) fn sign_url(&self) -> Result<SignedUrl, SigningError> {
         let policy = self.build_policy()?;
         let policy_json = policy.to_json();
         let signature = self.private_key.sign(policy_json.as_bytes())?;
         let signature_b64 = cloudfront_base64(&signature);
-+
         let separator = if self.resource_url.contains('?') {
             "&"
         } else {
             "?"
         };
-+
         let signed_url = if self.use_canned_policy() {
             format!(
                 "{}{}Expires={}&Signature={}&Key-Pair-Id={}",
                 self.resource_url,
                 separator,
                 self.expiration.secs(),
                 signature_b64,
                 self.key_pair_id
-+
+            )
         } else {
             let policy_b64 = policy.to_cloudfront_base64();
             format!(
                 "{}{}Policy={}&Signature={}&Key-Pair-Id={}",
                 self.resource_url, separator, policy_b64, signature_b64, self.key_pair_id
-+
+            )
         };
-+
         SignedUrl::new(signed_url)
-+
+    }
-+
     pub(crate) fn sign_cookies(&self) -> Result<SignedCookies, SigningError> {
         let policy = self.build_policy()?;
         let policy_json = policy.to_json();
         let signature = self.private_key.sign(policy_json.as_bytes())?;
         let signature_b64 = cloudfront_base64(&signature);
-+
         let cookies = if self.use_canned_policy() {
             vec![
-+
+                (
                     Cow::Borrowed(COOKIE_EXPIRES),
                     self.expiration.secs().to_string(),
                 ),
                 (Cow::Borrowed(COOKIE_SIGNATURE), signature_b64),
                 (Cow::Borrowed(COOKIE_KEY_PAIR_ID), self.key_pair_id.clone()),
-+
+            ]
         } else {
             let policy_b64 = policy.to_cloudfront_base64();
             vec![
                 (Cow::Borrowed(COOKIE_POLICY), policy_b64),
                 (Cow::Borrowed(COOKIE_SIGNATURE), signature_b64),
                 (Cow::Borrowed(COOKIE_KEY_PAIR_ID), self.key_pair_id.clone()),
-+
+            ]
         };
-+
         Ok(SignedCookies::new(cookies))
-+
+    }
-+
     fn build_policy(&self) -> Result<Policy, SigningError> {
         // Use resource_pattern for policy if set, otherwise use resource_url
         let policy_resource = self.resource_pattern.as_ref().unwrap_or(&self.resource_url);
-+
         let mut builder = Policy::builder()
             .resource(policy_resource)
             .expires_at(self.expiration);
-+
         if let Some(active) = self.active_date {
             builder = builder.starts_at(active);
-+
+        }
         if let Some(ref ip) = self.ip_range {
             builder = builder.ip_range(ip);
-+
+        }
-+
         builder.build()
-+
+    }
-+
+}
-+
 #[cfg(test)]
 mod tests {
     use super::*;
-+
     const TEST_RSA_KEY: &[u8] = b"-----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBANW8WjQksUoX/7nwOfRDNt1XQpLCueHoXSt91MASMOSAqpbzZvXO
 g2hW2gCFUIFUPCByMXPoeRe6iUZ5JtjepssCAwEAAQJBALR7ybwQY/lKTLKJrZab
 D4BXCCt/7ZFbMxnftsC+W7UHef4S4qFW8oOOLeYfmyGZK1h44rXf2AIp4PndKUID
 zECIQD1suunYw5U22Pa0+2dFThp1VMXdVbPuf/5k3HT2/hSeQIhAN6yX0aT/N6G
 gb1XlBKw6GQvhcM0fXmP+bVXV+RtzFJjAiAP+2Z2yeu5u1egeV6gdCvqPnUcNobC
 FmA/NMcXt9xMSQIhALEMMJEFAInNeAIXSYKeoPNdkMPDzGnD3CueuCLEZCevAiEA
 j+KnJ7pJkTvOzFwE8RfNLli9jf6/OhyYaLL4et7Ng5k=
 -----END RSA PRIVATE KEY-----";
-+
     #[test]
     fn test_sign_url_canned_policy() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/image.jpg")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let signed_url = request.sign_url().unwrap();
         let url = signed_url.as_str();
-+
         assert!(url.contains("Expires=1767290400"));
         assert!(url.contains("Signature="));
         assert!(url.contains("Key-Pair-Id=APKAEXAMPLE"));
         assert!(!url.contains("Policy="));
-+
+    }
-+
     #[test]
     fn test_sign_url_custom_policy() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/*")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .active_at(DateTime::from_secs(1767200000))
             .build()
             .unwrap();
-+
         let signed_url = request.sign_url().unwrap();
         let url = signed_url.as_str();
-+
         assert!(url.contains("Policy="));
         assert!(url.contains("Signature="));
         assert!(url.contains("Key-Pair-Id=APKAEXAMPLE"));
         assert!(!url.contains("Expires="));
-+
+    }
-+
     #[test]
     fn test_sign_url_with_existing_params() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/image.jpg?size=large")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let signed_url = request.sign_url().unwrap();
         let url = signed_url.as_str();
-+
         assert!(url.contains("size=large"));
         assert!(url.contains("&Expires="));
-+
+    }
-+
     #[test]
     fn test_sign_cookies_canned_policy() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/*")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let cookies = request.sign_cookies().unwrap();
-+
         assert_eq!(cookies.get("CloudFront-Expires"), Some("1767290400"));
         assert!(cookies.get("CloudFront-Signature").is_some());
         assert_eq!(cookies.get("CloudFront-Key-Pair-Id"), Some("APKAEXAMPLE"));
         assert!(cookies.get("CloudFront-Policy").is_none());
-+
+    }
-+
     #[test]
     fn test_sign_cookies_custom_policy() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/*")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .ip_range("192.0.2.0/24")
             .build()
             .unwrap();
-+
         let cookies = request.sign_cookies().unwrap();
-+
         assert!(cookies.get("CloudFront-Policy").is_some());
         assert!(cookies.get("CloudFront-Signature").is_some());
         assert_eq!(cookies.get("CloudFront-Key-Pair-Id"), Some("APKAEXAMPLE"));
         assert!(cookies.get("CloudFront-Expires").is_none());
-+
+    }
-+
     #[test]
     fn test_sign_url_with_resource_pattern() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/videos/intro.mp4")
             .resource_pattern("https://d111111abcdef8.cloudfront.net/videos/*")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let signed_url = request.sign_url().unwrap();
         let url = signed_url.as_str();
-+
         // Should use custom policy format (Policy param) because resource_pattern is set
         assert!(url.contains("Policy="));
         assert!(url.contains("Signature="));
         assert!(url.contains("Key-Pair-Id=APKAEXAMPLE"));
         assert!(!url.contains("Expires="));
         // The actual URL should be the resource_url, not the pattern
         assert!(url.starts_with("https://d111111abcdef8.cloudfront.net/videos/intro.mp4?"));
-+
+    }
-+
     #[test]
     fn test_sign_cookies_with_resource_pattern() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/videos/*")
             .resource_pattern("https://d111111abcdef8.cloudfront.net/videos/*")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let cookies = request.sign_cookies().unwrap();
-+
         // Should use custom policy format because resource_pattern is set
         assert!(cookies.get("CloudFront-Policy").is_some());
         assert!(cookies.get("CloudFront-Signature").is_some());
         assert_eq!(cookies.get("CloudFront-Key-Pair-Id"), Some("APKAEXAMPLE"));
         assert!(cookies.get("CloudFront-Expires").is_none());
-+
+    }
-+
     #[test]
     fn test_signed_url_accessors() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/image.jpg")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let signed_url = request.sign_url().unwrap();
-+
         // Test as_str()
         let url_str = signed_url.as_str();
         assert!(url_str.starts_with("https://d111111abcdef8.cloudfront.net/image.jpg"));
         assert!(url_str.contains("Expires="));
-+
         // Test as_url()
         let url_ref = signed_url.as_url();
         assert_eq!(url_ref.scheme(), "https");
         assert_eq!(url_ref.host_str(), Some("d111111abcdef8.cloudfront.net"));
         assert_eq!(url_ref.path(), "/image.jpg");
-+
         // Test Display
         let displayed = format!("{}", signed_url);
         assert_eq!(displayed, url_str);
-+
         // Test AsRef<str>
         let as_ref_str: &str = signed_url.as_ref();
         assert_eq!(as_ref_str, url_str);
-+
         // Test AsRef<url::Url>
         let as_ref_url: &url::Url = signed_url.as_ref();
         assert_eq!(as_ref_url, url_ref);
-+
         // Test into_url()
         let url = signed_url.into_url();
         assert_eq!(url.scheme(), "https");
         assert_eq!(url.host_str(), Some("d111111abcdef8.cloudfront.net"));
-+
+    }
-+
     #[cfg(feature = "http-1x")]
     #[test]
     fn test_signed_url_to_http_request() {
         let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
         let request = SigningRequest::builder()
             .resource_url("https://d111111abcdef8.cloudfront.net/image.jpg")
             .key_pair_id("APKAEXAMPLE")
             .private_key(key)
             .expires_at(DateTime::from_secs(1767290400))
             .build()
             .unwrap();
-+
         let signed_url = request.sign_url().unwrap();
-+
         // Test TryFrom<SignedUrl>
         let http_req: http::Request<()> = signed_url.clone().try_into().unwrap();
         assert_eq!(http_req.method(), http::Method::GET);
         assert!(http_req.uri().to_string().contains("Expires="));
-+
         // Test TryFrom<&SignedUrl>
         let http_req: http::Request<()> = (&signed_url).try_into().unwrap();
         assert_eq!(http_req.method(), http::Method::GET);
         assert!(http_req.uri().to_string().contains("Expires="));
-+
+    }
-+
+}

tmp-codegen-diff/aws-sdk/sdk/aws-sdk-cloudfront-url-signer/tests/integration_test.rs

@@ -0,1 +0,83 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-+
 use aws_sdk_cloudfront_url_signer::{sign_cookies, sign_url, PrivateKey, SigningRequest};
 use aws_smithy_types::DateTime;
-+
 const TEST_RSA_KEY: &[u8] = b"-----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBANW8WjQksUoX/7nwOfRDNt1XQpLCueHoXSt91MASMOSAqpbzZvXO
 g2hW2gCFUIFUPCByMXPoeRe6iUZ5JtjepssCAwEAAQJBALR7ybwQY/lKTLKJrZab
 D4BXCCt/7ZFbMxnftsC+W7UHef4S4qFW8oOOLeYfmyGZK1h44rXf2AIp4PndKUID
 zECIQD1suunYw5U22Pa0+2dFThp1VMXdVbPuf/5k3HT2/hSeQIhAN6yX0aT/N6G
 gb1XlBKw6GQvhcM0fXmP+bVXV+RtzFJjAiAP+2Z2yeu5u1egeV6gdCvqPnUcNobC
 FmA/NMcXt9xMSQIhALEMMJEFAInNeAIXSYKeoPNdkMPDzGnD3CueuCLEZCevAiEA
 j+KnJ7pJkTvOzFwE8RfNLli9jf6/OhyYaLL4et7Ng5k=
 -----END RSA PRIVATE KEY-----";
-+
 const TEST_ECDSA_KEY: &[u8] = b"-----BEGIN PRIVATE KEY-----
 MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg4//aTM1/HqiVWagy
 cAx3EaegJ0Y5KLRoTtub8T8EWhRANCAARV/wa477wYpyWB5LCrCdS5M9bEAvD+
 VORtjoydSpheKlsa+gE4PcFG88G2gE1Lilb8f6wEq/Lz+5kFa2S8gZmb
 -----END PRIVATE KEY-----";
-+
 #[test]
 fn test_sign_url_with_rsa_key() {
     let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
     let request = SigningRequest::builder()
         .resource_url("https://d111111abcdef8.cloudfront.net/image.jpg")
         .key_pair_id("APKAEXAMPLE")
         .private_key(key)
         .expires_at(DateTime::from_secs(1767290400))
         .build()
         .unwrap();
-+
     let signed_url = sign_url(request).unwrap();
     assert!(signed_url.as_str().contains("Signature="));
-+
+}
-+
 #[test]
 fn test_sign_url_with_ecdsa_key() {
     let key = PrivateKey::from_pem(TEST_ECDSA_KEY).unwrap();
     let request = SigningRequest::builder()
         .resource_url("https://d111111abcdef8.cloudfront.net/image.jpg")
         .key_pair_id("APKAEXAMPLE")
         .private_key(key)
         .expires_at(DateTime::from_secs(1767290400))
         .build()
         .unwrap();
-+
     let signed_url = sign_url(request).unwrap();
     assert!(signed_url.as_str().contains("Signature="));
-+
+}
-+
 #[test]
 fn test_sign_cookies_with_rsa_key() {
     let key = PrivateKey::from_pem(TEST_RSA_KEY).unwrap();
     let request = SigningRequest::builder()
         .resource_url("https://d111111abcdef8.cloudfront.net/*")
         .key_pair_id("APKAEXAMPLE")
         .private_key(key)
         .expires_at(DateTime::from_secs(1767290400))
         .build()
         .unwrap();
-+
     let cookies = sign_cookies(request).unwrap();
     assert!(cookies.get("CloudFront-Signature").is_some());
-+
+}
-+
 #[test]
 fn test_sign_cookies_with_ecdsa_key() {
     let key = PrivateKey::from_pem(TEST_ECDSA_KEY).unwrap();
     let request = SigningRequest::builder()
         .resource_url("https://d111111abcdef8.cloudfront.net/*")
         .key_pair_id("APKAEXAMPLE")
         .private_key(key)
         .expires_at(DateTime::from_secs(1767290400))
         .build()
         .unwrap();
-+
     let cookies = sign_cookies(request).unwrap();
     assert!(cookies.get("CloudFront-Signature").is_some());
-+
+}

tmp-codegen-diff/aws-sdk/sdk/aws-sdk-cloudfront-url-signer/tests/sep_test_cases.rs

@@ -0,1 +0,213 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-+
 use aws_sdk_cloudfront_url_signer::{sign_cookies, sign_url, PrivateKey, SigningRequest};
 use aws_smithy_types::DateTime;
 use serde::Deserialize;
 use std::collections::HashMap;
-+
 #[derive(Debug, Deserialize)]
 struct TestCase {
     id: String,
     documentation: String,
     input: TestInput,
     expected: TestExpected,
-+
+}
-+
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "camelCase")]
 struct TestInput {
     resource_url: String,
     key_pair_id: String,
     private_key_file: String,
     expiration_date: Option<i64>,
     active_date: Option<i64>,
     ip_range: Option<String>,
     resource_url_pattern: Option<String>,
-+
+}
-+
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "camelCase")]
 struct TestExpected {
     #[allow(dead_code)]
     policy_json: Option<String>,
     query_params: Option<HashMap<String, String>>,
     cookies: Option<HashMap<String, String>>,
     signature: Option<String>,
     signature_algorithm: Option<String>,
     error: Option<bool>,
     error_contains: Option<Vec<String>>,
-+
+}
-+
 #[derive(Debug, Deserialize)]
 struct TestCases {
     #[serde(flatten)]
     #[allow(dead_code)]
     cases: Vec<TestCase>,
-+
+}
-+
 fn load_test_cases() -> Vec<TestCase> {
     let json = include_str!("test-cases.json");
     serde_json::from_str(json).expect("Failed to parse test cases")
-+
+}
-+
 fn parse_url_query_params(url: &str) -> HashMap<String, String> {
     url.split('?')
         .nth(1)
         .map(|query| {
             query
                 .split('&')
                 .filter_map(|pair| {
                     let mut parts = pair.split('=');
                     Some((parts.next()?.to_string(), parts.next()?.to_string()))
                 })
                 .collect()
         })
         .unwrap_or_default()
-+
+}
-+
 #[test]
 fn test_sep_test_cases() {
     let test_cases = load_test_cases();
-+
     for test_case in test_cases {
         println!(
             "\nRunning test: {} - {}",
             test_case.id, test_case.documentation
         );
-+
         // Load private key
         let key_path = format!("tests/{}", test_case.input.private_key_file);
         let key_bytes = std::fs::read(&key_path)
             .unwrap_or_else(|_| panic!("Failed to read key file: {key_path}"));
         let private_key = PrivateKey::from_pem(&key_bytes)
             .unwrap_or_else(|_| panic!("Failed to parse private key for test {}", test_case.id));
-+
         // Build signing request
         let mut builder = SigningRequest::builder()
             .resource_url(&test_case.input.resource_url)
             .key_pair_id(&test_case.input.key_pair_id)
             .private_key(private_key);
-+
         if let Some(exp) = test_case.input.expiration_date {
             builder = builder.expires_at(DateTime::from_secs(exp));
-+
+        }
-+
         if let Some(active) = test_case.input.active_date {
             builder = builder.active_at(DateTime::from_secs(active));
-+
+        }
-+
         if let Some(ip) = &test_case.input.ip_range {
             builder = builder.ip_range(ip);
-+
+        }
-+
         if let Some(pattern) = &test_case.input.resource_url_pattern {
             builder = builder.resource_pattern(pattern);
-+
+        }
-+
         // Handle error cases
         if test_case.expected.error == Some(true) {
             let result = builder.build();
             assert!(
                 result.is_err(),
                 "Test {} expected error but succeeded",
                 test_case.id
             );
-+
             if let Some(error_contains) = &test_case.expected.error_contains {
                 let error_msg = result.unwrap_err().to_string().to_lowercase();
                 for expected_text in error_contains {
                     assert!(
                         error_msg.contains(&expected_text.to_lowercase()),
                         "Test {} error message '{}' does not contain '{}'",
                         test_case.id,
                         error_msg,
                         expected_text
                     );
-+
+                }
-+
+            }
             continue;
-+
+        }
-+
         let request = builder
             .build()
             .unwrap_or_else(|e| panic!("Failed to build request for test {}: {}", test_case.id, e));
-+
         // Determine if this is a URL or cookie test
         let is_cookie_test = test_case.expected.cookies.is_some();
-+
         if is_cookie_test {
             // Test signed cookies
             let cookies = sign_cookies(request).unwrap_or_else(|e| {
                 panic!("Failed to sign cookies for test {}: {}", test_case.id, e)
             });
-+
             let cookie_map: HashMap<String, String> = cookies
                 .iter()
                 .map(|(k, v)| (k.to_string(), v.to_string()))
                 .collect();
-+
             // Verify expected cookies
             if let Some(expected_cookies) = &test_case.expected.cookies {
                 for (key, expected_value) in expected_cookies {
                     let actual_value = cookie_map
                         .get(key)
                         .unwrap_or_else(|| panic!("Test {} missing cookie: {}", test_case.id, key));
-+
                     assert_eq!(
                         actual_value, expected_value,
                         "Test {} cookie {} mismatch",
                         test_case.id, key
                     );
-+
+                }
-+
+            }
         } else {
             // Test signed URL
             let signed_url = sign_url(request)
                 .unwrap_or_else(|e| panic!("Failed to sign URL for test {}: {}", test_case.id, e));
-+
             let query_params = parse_url_query_params(signed_url.as_str());
-+
             // Verify expected query parameters
             if let Some(expected_params) = &test_case.expected.query_params {
                 for (key, expected_value) in expected_params {
                     let actual_value = query_params.get(key).unwrap_or_else(|| {
                         panic!("Test {} missing query param: {}", test_case.id, key)
                     });
-+
                     assert_eq!(
                         actual_value, expected_value,
                         "Test {} query param {} mismatch",
                         test_case.id, key
                     );
-+
+                }
-+
+            }
-+
             // Verify signature if provided (skip for ECDSA as it may not be deterministic)
             if let Some(expected_signature) = &test_case.expected.signature {
                 if test_case.expected.signature_algorithm.as_deref() != Some("ECDSA-SHA1") {
                     let actual_signature = query_params.get("Signature").unwrap_or_else(|| {
                         panic!("Test {} missing Signature query param", test_case.id)
                     });
-+
                     assert_eq!(
                         actual_signature, expected_signature,
                         "Test {} signature mismatch",
                         test_case.id
                     );
                 } else {
                     // For ECDSA, just verify signature is present
                     assert!(
                         query_params.contains_key("Signature"),
                         "Test {} missing Signature query param",
                         test_case.id
                     );
-+
+                }
-+
+            }
-+
+        }
-+
         println!("✓ Test {} passed", test_case.id);
-+
+    }
-+
+}

tmp-codegen-diff/aws-sdk/sdk/aws-sdk-cloudfront-url-signer/tests/test-cases.json

@@ -0,1 +0,184 @@

-+
+[
-+
+  {
     "id": "canned-policy-url-basic",
     "documentation": "Sign a URL with canned policy (expiration only)",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/image.jpg",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/image.jpg\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400}}}]}",
       "queryParams": {
         "Expires": "1767290400",
         "Key-Pair-Id": "K1TESTKEY"
       },
       "signature": "iONoMLnhiCy9q1~WB9GkR2DiHz18I85i3o6kZ64REf-fCSOg-AyXEZiq7fJuS~DT-kbZXjVpgIQqI4sCTcBW9XpO6dyJ5sh8Igk3V~OVncS9acGVnI~ZhHBWiGhU8GmkEMAhn6R2RGO-wKGClrXdJGEUE26XoALdHUzHbmU6AGI_",
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "canned-policy-url-existing-params",
     "documentation": "Sign a URL that already has query parameters",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/image.jpg?size=large",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/image.jpg?size=large\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400}}}]}",
       "queryParams": {
         "size": "large",
         "Expires": "1767290400",
         "Key-Pair-Id": "K1TESTKEY"
       },
       "signature": "kx5dxV5cSW50EuCMtYi9JI0D5H97if~zNqwKxZtS7FPc3NV5oi~zCb45ti8ve-YDYw45hzN4lceF6zhW~STVWa7r7fC9wi5XBG1T6ZT2b9R0wMWmGxsy9uVGXFn6JqcjQMsq09MnWrPezK0qFQ2X6pV1nGQqLQZ2sgO~FSlEoCo_",
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "custom-policy-url-with-active-date",
     "documentation": "Sign a URL with custom policy including activation date",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/video.mp4",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400,
       "activeDate": 1767200000
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/video.mp4\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400},\"DateGreaterThan\":{\"AWS:EpochTime\":1767200000}}}]}",
       "queryParams": {
         "Key-Pair-Id": "K1TESTKEY"
       },
       "signature": "aF0WSOV6dkNn-D0HJ~-EwLG69-4QZZ9dv1PgAZEsER~WXkaNa1pBM2aTVXrskBWVHUU6hc1nD6ZKYgBS5Sb9JluFVT0MbQWR~DrtUGu8ugCsnfzUe6ov38nFPBwQICY~jnoQZEXxO2ZkQrluOO4~jWOpqAGrCw5tkdHAnb9gHYQ_",
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "custom-policy-url-with-ip-range",
     "documentation": "Sign a URL with custom policy including IP restriction",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/document.pdf",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400,
       "ipRange": "192.168.0.0/24"
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/document.pdf\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400},\"IpAddress\":{\"AWS:SourceIp\":\"192.168.0.0/24\"}}}]}",
       "queryParams": {
         "Key-Pair-Id": "K1TESTKEY"
       },
       "signature": "fq~vePR~kmc5kWDveZOJ3j6PSYRsHSSanN1shBBpj2rQwvVQPU8e9MRwUDizOYHLnuAXQG89Xm7kXL03HIX0uzELcY2Q6Bw68BcGQHq-nyC2U6h0Uv277pg~FIwatR84y1FZiswIVmZwfPmpkvR0X~1skuooCPGiztAXREe-hsg_",
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "custom-policy-url-with-wildcard",
     "documentation": "Sign a URL with wildcard resource pattern",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/images/photo1.jpg",
       "resourceUrlPattern": "https://d111111abcdef8.cloudfront.net/images/*",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/images/*\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400}}}]}",
       "queryParams": {
         "Key-Pair-Id": "K1TESTKEY"
       },
       "signature": "nP~GtuBVUSEUDMXW1ZTGTx~BUQfjl7FsWBQBKwnTNhHlBAeYlzdbMGMphViPQbjawdYt1Z~iBHDr0ctooQyhEdsXwZPQKmRJQm3yIxmbvnuCzB2qdMDVGRKH8l3PnfAJErrgUVIzb6m3KUdtIDvSkLV~Mb0tyQJwZ6QE4BdlEmQ_",
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "canned-policy-cookies",
     "documentation": "Generate signed cookies with canned policy",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/*",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/*\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400}}}]}",
       "cookies": {
         "CloudFront-Expires": "1767290400",
         "CloudFront-Key-Pair-Id": "K1TESTKEY",
         "CloudFront-Signature": "e0yIAbSak8fgGDJfX0bwVT0uDrzdr6fV3kzHuZOGYxeitO8H-tvFuce7~aOGFNReoi6LNhYpvr0wP99~2KKbrbetwLmIdUnTToOabNamMDJSGZgVK31XPWmuxq~TGUB-4v338iQhpP5qk8rkUe3meE5VXlchIb4vvnzph83X~Z8_"
       },
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "custom-policy-cookies",
     "documentation": "Generate signed cookies with custom policy",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/*",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767290400,
       "ipRange": "10.0.0.0/8"
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/*\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400},\"IpAddress\":{\"AWS:SourceIp\":\"10.0.0.0/8\"}}}]}",
       "cookies": {
         "CloudFront-Key-Pair-Id": "K1TESTKEY",
         "CloudFront-Policy": "eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cHM6Ly9kMTExMTExYWJjZGVmOC5jbG91ZGZyb250Lm5ldC8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxNzY3MjkwNDAwfSwiSXBBZGRyZXNzIjp7IkFXUzpTb3VyY2VJcCI6IjEwLjAuMC4wLzgifX19XX0_",
         "CloudFront-Signature": "r28Jnd0t9aq7cu0k9jGWl4L0YsRxgueZtGRw5oEEspU9-eIPGM~ZGMQh36~5HpKC5c67cZjDgJcsqrCacmTHMZZx613gbeYAsx2-hEatU8URiuNHnVp4hPV3HqtbuZ6Din9iEZUpOBYVg6DWGEFJRCQ7SPouBhhJdYDZZOPHGpA_"
       },
       "signatureAlgorithm": "RSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "ecdsa-canned-policy-url",
     "documentation": "Sign a URL with ECDSA key and canned policy",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/video.mp4",
       "keyPairId": "K2ECDSATEST",
       "privateKeyFile": "test-ecdsa-key.pem",
       "expirationDate": 1767290400
     },
     "expected": {
       "policyJson": "{\"Statement\":[{\"Resource\":\"https://d111111abcdef8.cloudfront.net/video.mp4\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":1767290400}}}]}",
       "queryParams": {
         "Expires": "1767290400",
         "Key-Pair-Id": "K2ECDSATEST"
       },
       "signature": "MEQCIDS3JTjLLIRne5G3fDjf6MwgCmckmYVlJhqGVMl0Q4reAiBjXw1FMf9j03wqAHeE4LfRPjOVkp-jWhmDfHVwd7kkpA__",
       "signatureAlgorithm": "ECDSA-SHA1"
-+
+    }
   },
-+
+  {
     "id": "error-missing-expiration",
     "documentation": "Error when expiration date is not provided",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/file.txt",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem"
     },
     "expected": {
       "error": true,
       "errorContains": ["expiration", "required"]
-+
+    }
   },
-+
+  {
     "id": "error-active-after-expiration",
     "documentation": "Error when activeDate is after expirationDate",
     "input": {
       "resourceUrl": "https://d111111abcdef8.cloudfront.net/file.txt",
       "keyPairId": "K1TESTKEY",
       "privateKeyFile": "test-rsa-key.pem",
       "expirationDate": 1767200000,
       "activeDate": 1767290400
     },
     "expected": {
       "error": true,
       "errorContains": ["active", "before", "expiration"]
-+
+    }
-+
+  }
-+
+]

Pages: 1 2 3