/// <summary> /// Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. /// </summary> /// <param name="resourceUrlOrPath"> /// The URL or path for resource within a distribution. /// </param> /// <param name="privateKey">Your private key file. RSA private key (.pem) are supported.</param> /// <param name="keyPairId">The key pair id corresponding to the private key file given.</param> /// <param name="expiresOn">The expiration date till which content can be accessed using the generated cookies.</param> /// <param name="activeFrom">The date from which content can be accessed using the generated cookies.</param> /// <param name="ipRange">The allowed IP address range of the client making the GET request, in CIDR form (e.g. 192.168.0.1/24).</param> /// <returns>The signed cookies.</returns> public static CookiesForCustomPolicy GetCookiesForCustomPolicy(string resourceUrlOrPath, TextReader privateKey, string keyPairId, DateTime expiresOn, DateTime activeFrom, string ipRange) { var cookies = new CookiesForCustomPolicy(); var policy = AmazonCloudFrontUrlSigner.BuildPolicyForSignedUrl(resourceUrlOrPath, expiresOn, ipRange, activeFrom); var base64EncodedPolicy = AmazonCloudFrontUrlSigner.MakeStringUrlSafe(policy); cookies.Policy = new KeyValuePair <string, string>(PolicyKey, base64EncodedPolicy); RSAParameters rsaParameters = AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(privateKey); byte[] signatureBytes = AmazonCloudFrontUrlSigner.SignWithSha1RSA( UTF8Encoding.UTF8.GetBytes(policy), rsaParameters); string urlSafeSignature = AmazonCloudFrontUrlSigner.MakeBytesUrlSafe(signatureBytes); cookies.Signature = new KeyValuePair <string, string>(SignatureKey, urlSafeSignature); cookies.KeyPairId = new KeyValuePair <string, string>(KeyPairIdKey, keyPairId); return(cookies); }
/// <summary> /// Generate signed cookies that allows access to a specific distribution and /// resource path by applying a access restrictions from a "canned" (simplified) /// policy document. /// </summary> /// <param name="resourceUrlOrPath"> /// The URL or path that uniquely identifies a resource within a /// distribution. For standard distributions the resource URL will /// be <tt>"http://" + distributionName + "/" + path</tt> /// (may also include URL parameters. For distributions with the /// HTTPS required protocol, the resource URL must start with /// <tt>"https://"</tt>. RTMP resources do not take the form of a /// URL, and instead the resource path is nothing but the stream's /// name. /// </param> /// <param name="keyPairId">Identifier of a public/private certificate keypair already configured in your Amazon Web Services account.</param> /// <param name="privateKey">The RSA private key data that corresponding to the certificate keypair identified by keyPairId.</param> /// <param name="expiresOn">The expiration date till which content can be accessed using the generated cookies.</param> /// <returns>The signed cookies.</returns> public static CookiesForCannedPolicy GetCookiesForCannedPolicy(string resourceUrlOrPath, string keyPairId, TextReader privateKey, DateTime expiresOn) { var cookies = new CookiesForCannedPolicy(); int epochSeconds = AWSSDKUtils.ConvertToUnixEpochSeconds(expiresOn.ToUniversalTime()); cookies.Expires = new KeyValuePair <string, string>( ExpiresKey, epochSeconds.ToString(CultureInfo.InvariantCulture)); RSAParameters rsaParameters = AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(privateKey); string cannedPolicy = "{\"Statement\":[{\"Resource\":\"" + resourceUrlOrPath + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + epochSeconds + "}}}]}"; byte[] signatureBytes = AmazonCloudFrontUrlSigner.SignWithSha1RSA( UTF8Encoding.UTF8.GetBytes(cannedPolicy), rsaParameters); string urlSafeSignature = AmazonCloudFrontUrlSigner.MakeBytesUrlSafe(signatureBytes); cookies.Signature = new KeyValuePair <string, string>(SignatureKey, urlSafeSignature); cookies.KeyPairId = new KeyValuePair <string, string>(KeyPairIdKey, keyPairId); return(cookies); }