aws · smilkuri · Mar 20, 2025 · Mar 14, 2025 · Mar 14, 2025 · Mar 17, 2025
@@ -604,3 +604,167 @@ describe("getSignedCookies", () => {
     expect(verifySignature(denormalizeBase64(result["CloudFront-Signature"]), policy)).toBeTruthy();
   });
 });
+
+describe("getSignedUrl- when signing a URL with a date range", () => {
+  const dateString = "2024-05-17T12:30:45.000Z";
+  const dateGreaterThanString = "2024-05-16T12:30:45.000Z";
+  const dateNumber = 1125674245900;
+  const dateGreaterThanNumber = 1716034245000;
+  const dateObject = new Date(dateString);
+  const dateGreaterThanObject = new Date(dateGreaterThanString);
+  it("allows string input compatible with Date constructor", () => {
+    const epochDateLessThan = Math.round(new Date(dateString).getTime() / 1000);
+    const resultUrl = getSignedUrl({
+      url,
+      keyPairId,
+      dateLessThan: dateString,
+      privateKey,
+      passphrase,
+    });
+    const resultCookies = getSignedCookies({
+      url,
+      keyPairId,
+      dateLessThan: dateString,
+      privateKey,
+      passphrase,
+    });
+
+    expect(resultUrl).toContain(`Expires=${epochDateLessThan}`);
+    expect(resultCookies["CloudFront-Expires"]).toBe(epochDateLessThan);
+  });
+
+  it("allows number input in milliseconds compatible with Date constructor", () => {
+    const epochDateLessThan = Math.round(new Date(dateNumber).getTime() / 1000);
+    const resultUrl = getSignedUrl({
+      url,
+      keyPairId,
+      dateLessThan: dateNumber as unknown as string,
+      privateKey,
+      passphrase,
+    });
+    const resultCookies = getSignedCookies({
+      url,
+      keyPairId,
+      dateLessThan: dateNumber as unknown as string,
+      privateKey,
+      passphrase,
+    });
+
+    expect(resultUrl).toContain(`Expires=${epochDateLessThan}`);
+    expect(resultCookies["CloudFront-Expires"]).toBe(epochDateLessThan);
+  });
+  it("allows Date object input", () => {
+    const epochDateLessThan = Math.round(dateObject.getTime() / 1000);
+    const resultUrl = getSignedUrl({
+      url,
+      keyPairId,
+      dateLessThan: dateObject as unknown as string,
+      privateKey,
+      passphrase,
+    });
+    const resultCookies = getSignedCookies({
+      url,
+      keyPairId,
+      dateLessThan: dateObject as unknown as string,
+      privateKey,
+      passphrase,
+    });
+
+    expect(resultUrl).toContain(`Expires=${epochDateLessThan}`);
+    expect(resultCookies["CloudFront-Expires"]).toBe(epochDateLessThan);
+  });
+  it("allows string input for date range", () => {
+    const result = getSignedUrl({
+      url,
+      keyPairId,
+      dateLessThan: dateString,
+      dateGreaterThan: dateGreaterThanString,
+      privateKey,
+      passphrase,
+    });
+
+    const policyStr = JSON.stringify({
+      Statement: [
+        {
+          Resource: url,
+          Condition: {
+            DateLessThan: {
+              "AWS:EpochTime": Math.round(new Date(dateString).getTime() / 1000),
+            },
+            DateGreaterThan: {
+              "AWS:EpochTime": Math.round(new Date(dateGreaterThanString).getTime() / 1000),
+            },
+          },
+        },
+      ],
+    });
+
+    const parsedUrl = parseUrl(result);
+    expect(parsedUrl).toBeDefined();
+    const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
+    expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
+  });
+
+  it("allows number input for date range", () => {
+    const result = getSignedUrl({
+      url,
+      keyPairId,
+      dateLessThan: dateNumber as unknown as string,
+      dateGreaterThan: dateGreaterThanNumber as unknown as string,
+      privateKey,
+      passphrase,
+    });
+
+    const policyStr = JSON.stringify({
+      Statement: [
+        {
+          Resource: url,
+          Condition: {
+            DateLessThan: {
+              "AWS:EpochTime": Math.round(dateNumber / 1000),
+            },
+            DateGreaterThan: {
+              "AWS:EpochTime": Math.round(dateGreaterThanNumber / 1000),
+            },
+          },
+        },
+      ],
+    });
+
+    const parsedUrl = parseUrl(result);
+    expect(parsedUrl).toBeDefined();
+    const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
+    expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
+  });
+  it("allows Date object input for date range", () => {
+    const result = getSignedUrl({
+      url,
+      keyPairId,
+      dateLessThan: dateObject as unknown as string,
+      dateGreaterThan: dateGreaterThanObject as unknown as string,
+      privateKey,
+      passphrase,
+    });
+
+    const policyStr = JSON.stringify({
+      Statement: [
+        {
+          Resource: url,
+          Condition: {
+            DateLessThan: {
+              "AWS:EpochTime": Math.round(dateObject.getTime() / 1000),
+            },
+            DateGreaterThan: {
+              "AWS:EpochTime": Math.round(dateGreaterThanObject.getTime() / 1000),
+            },
+          },
+        },
+      ],
+    });
+
+    const parsedUrl = parseUrl(result);
+    expect(parsedUrl).toBeDefined();
+    const signatureQueryParam = denormalizeBase64(parsedUrl.query!["Signature"] as string);
+    expect(verifySignature(signatureQueryParam, policyStr)).toBeTruthy();
+  });
+});
@@ -359,12 +359,12 @@ class CloudfrontSignBuilder {
     return Math.round(date.getTime() / 1000);
   }
 
-  private parseDate(date?: string): number | undefined {
+  private parseDate(date?: string | number | Date): number | undefined {
     if (!date) {
       return undefined;
     }
-    const parsedDate = Date.parse(date);
-    return isNaN(parsedDate) ? undefined : this.epochTime(new Date(parsedDate));
+    const parsedDate = new Date(date);
+    return isNaN(parsedDate.getTime()) ? undefined : this.epochTime(parsedDate);
   }
 
   private parseDateWindow(expiration: string, start?: string): PolicyDates {