public string GetCannedSignedURL(string fileName)
{
var cacheKey = $"s3url_{fileName}";
var url = _distributedCache.GetString(cacheKey);
if (string.IsNullOrEmpty(url))
{
url = "";
using (var textReader = File.OpenText(_cloudFrontOptions.PrivateKeyPath))
{
url = AmazonCloudFrontUrlSigner.GetCannedSignedURL(
AmazonCloudFrontUrlSigner.Protocol.https,
_cloudFrontOptions.Domain,
textReader,
fileName,
_cloudFrontOptions.KeypairId,
DateTime.Now.AddSeconds(_cloudFrontOptions.ExpiredInSecond));
}
var options = new DistributedCacheEntryOptions
{
AbsoluteExpiration = DateTime.Now.AddSeconds(_cloudFrontOptions.ExpiredInSecond)
};
_distributedCache.SetString(cacheKey, url, options);
}
return(url);
}
public void SignURLValidation()
{
string expectedSignedURL = @"http://awesome.dot.com/amazing/uri/?Policy=U2VjcmV0UG9saWN5"
+ @"&Signature=nmwKvD6cFoniNsMZeuxrzooEt73MtzS78g3u0Pym835Ty1cfV0sWK1sGnPpafaMw95kGNv7eHE3eivEosdXenrYMnz8EtobPOLyx4SQ4RvDrBfrjiNTGGgAowORLYc6sztZ8AKEQiQ9KVaOVNJ8DR5e2TQ7S~bNU91c0PEfrrcA_"
+ @"&Key-Pair-Id=amazingKeyPairId";
string signedURL = AmazonCloudFrontUrlSigner.SignUrl("http://awesome.dot.com/amazing/uri/", "amazingKeyPairId", privateRSAKeyStreamReader, "SecretPolicy");
Assert.Equal(expectedSignedURL, signedURL);
}
public void SignURLCannedValidation()
{
string expectedSignedURL = @"http://awesome.dot.com/amazing/uri/?Expires=-6106035600"
+ @"&Signature=RezrUdl1C4O4LiHnK2orurG-KjuAoPb3wcJr7R0wrvaERJ7H4FVv4OtNxT2QcY~m7KmAXOJEL6aR6Xs3CujxAb2rMOeIev6yy6C~YVkMQQucBDof6HiFdfCZD-aZr7IQxiap6Kd9uqwR9tTp9rKBENzvI3hHyKtCY8Rn~SzwpGU_"
+ @"&Key-Pair-Id=amazingKeyPairId";
string signedURL = AmazonCloudFrontUrlSigner.SignUrlCanned("http://awesome.dot.com/amazing/uri/", "amazingKeyPairId", privateRSAKeyStreamReader, new DateTime(1776, 7, 4));
Assert.AreEqual(signedURL, expectedSignedURL);
}
public void SignURLCannedValidation()
{
string expectedSignedURL = @"http://awesome.dot.com/amazing/uri/?Expires=1492153200" +
@"&Signature=XSFtfQPkZ3SgEulXvGpBH7L~Bfh3wv4kPtrYHkFA2yubVZ9tibq0Cz4HDaA-TVkuPOw0ipC4AmzOX8tjrtoD1U1N" +
@"MsnnA3H4SQJI4Pe9AXjJwARrbFegGmCLoMmun2FxbOZqo2zb1ltBMOx7HtXBF5lQVkdukQsam4B6g3Mm9ec_&Key-Pair-Id=amazingKeyPairId";
string signedURL = AmazonCloudFrontUrlSigner.SignUrlCanned("http://awesome.dot.com/amazing/uri/",
"amazingKeyPairId", privateRSAKeyStreamReader, new DateTime(2017, 4, 14, 7, 0, 0, DateTimeKind.Utc));
Assert.Equal(expectedSignedURL, signedURL);
}
private string CreateSignedUrlForCannedPolicy()
{
// coreclr StreamReader does not have ctor that takes filename
using (var fs = File.OpenRead(PrivateKeyFile))
using (var reader = new StreamReader(fs))
{
var signedUrl = AmazonCloudFrontUrlSigner.GetCannedSignedURL(ResourceUri.ToString(),
reader,
KeyPairId,
ExpiresOn);
return(signedUrl);
}
}
private static string GetSignedURL(string resourceUrl, string KeyFileName, string KEYPAIR_ID, int ExP)
{
string pathtokey = SiteConfig.Environment.ContentRootPath + "/wwwroot/security/aws/cloudfront/" + KeyFileName;
FileInfo privateKey = new FileInfo(pathtokey);
string file = new Uri(resourceUrl).PathAndQuery.Trim('/');
string distribution = new Uri(resourceUrl).Host.TrimEnd('/');
return(AmazonCloudFrontUrlSigner.GetCannedSignedURL(
AmazonCloudFrontUrlSigner.Protocol.http,
distribution,
privateKey,
file,
KEYPAIR_ID,
DateTime.Now.AddSeconds((double)ExP)));
}
public void PolicyStatementWithNoAddress()
{
var resourcePath = "http://d111111abcdef8.cloudfront.net/game_download.zip";
var dateTime = new DateTime(2013, 1, 1, 10, 00, 0, DateTimeKind.Utc);
var policyWithEmptyString = AmazonCloudFrontUrlSigner.BuildPolicyForSignedUrl(
resourcePath,
dateTime,
"");
var policyWithNull = AmazonCloudFrontUrlSigner.BuildPolicyForSignedUrl(
resourcePath,
dateTime,
null);
Assert.AreEqual(policyWithEmptyString, policyWithNull);
foreach (var policy in new List <string> {
policyWithEmptyString, policyWithNull
})
{
var jsonObject = JsonMapper.ToObject(policy);
var statementList = jsonObject["Statement"];
Assert.IsTrue(statementList.IsArray);
var statement = statementList[0];
Assert.IsNotNull(statement);
var resource = statement["Resource"];
Assert.AreEqual(resource.ToString(), resourcePath);
var condition = statement["Condition"];
Assert.IsNotNull(condition);
Assert.IsTrue(condition.IsObject);
var IpAddress = condition["IpAddress"];
Assert.IsNull(IpAddress);
var epochTime = condition["DateLessThan"]["AWS:EpochTime"];
Assert.AreEqual(1357034400, long.Parse(epochTime.ToString()));
}
}
public static string ToCloudfrontSignedUrl(this string url)
{
var cloudFrontKeyPairID = Utils.GetKeyValue("CloudFrontPairID");
var pathtokey = HttpContext.Current.Request.MapPath("~/Secure/cert/pk-cf.pem");
var privateKey = new FileInfo(pathtokey);
string expirationEpoch = GetUnixTime(DateTime.UtcNow.AddDays(2)).ToString();
string policy =
@"{""Statement"":[{""Resource"":""<url>"",""Condition"":{""DateLessThan"":{""AWS:EpochTime"":<expiration>}}}]}".
Replace("<url>", url).
Replace("<expiration>", expirationEpoch);
var signedUrl = AmazonCloudFrontUrlSigner.SignUrl(
url,
cloudFrontKeyPairID,
privateKey,
policy);
return(signedUrl);
}
public static string GetCloudFrontSignedPlayer(string filePath, string cloudFrontDomain)
{
filePath = filePath ?? "133321-75943878-651C-45C8-B53D-D47961B89DF3.mp4";
string cloudFrontKeyPairID = "APKAJE56ZD4LJIRRJC6A"; //"APKAINOEJFZ5JOR7RPUQ"; //
var stream = new MemoryStream();
var writer = new StreamWriter(stream);
writer.Write(Constants.CLOUDFRONT_PRIVATEKEY);
writer.Flush();
stream.Position = 0;
var url = AmazonCloudFrontUrlSigner.GetCannedSignedURL(
AmazonCloudFrontUrlSigner.Protocol.http,
cloudFrontDomain, //"dpa1gnaivadn.cloudfront.net",
new StreamReader(stream),
filePath,
cloudFrontKeyPairID,
DateTime.Now.AddDays(2));
return(url);
}
public string Sign(string url, DateTime expiry = default)
{
if (expiry == default)
{
expiry = DateTime.Now.AddHours(6);
}
using var privateKeyReader = new StringReader(_privateKey);
Uri uri;
if (!Uri.TryCreate(url, UriKind.Absolute, out uri))
{
throw new ApplicationException("url is not valid: " + url);
}
var tempUrl = AmazonCloudFrontUrlSigner.GetCustomSignedURL(
AmazonCloudFrontUrlSigner.Protocol.https,
uri.Host.ToLower(),
privateKeyReader,
"*",
_keyPairId,
expiry,
null);
var queryParams = tempUrl[(tempUrl.IndexOf("?") + 1)..];
public void PolicyStatementWithAddress()
{
var resourcePath = "http://*";
var dateTime = new DateTime(2013, 1, 1, 10, 00, 0, DateTimeKind.Utc);
var ipRange = "192.0.2.0/24";
var cookies = AmazonCloudFrontUrlSigner.BuildPolicyForSignedUrl(
resourcePath,
dateTime,
ipRange);
var jsonObject = JsonMapper.ToObject(cookies);
var statementList = jsonObject["Statement"];
Assert.IsTrue(statementList.IsArray);
var statement = statementList[0];
Assert.IsNotNull(statement);
var resource = statement["Resource"];
Assert.AreEqual(resource.ToString(), resourcePath);
var condition = statement["Condition"];
Assert.IsNotNull(condition);
Assert.IsTrue(condition.IsObject);
var sourceIp = condition["IpAddress"]["AWS:SourceIp"];
Assert.AreEqual(ipRange, sourceIp.ToString());
var epochTime = condition["DateLessThan"]["AWS:EpochTime"];
Assert.AreEqual(1357034400, long.Parse(epochTime.ToString()));
}
/// <summary>
/// Get signed CloudFront URL
/// </summary>
/// <param name="photoPath"></param>
/// <param name="distributionDomain"></param>
/// <returns></returns>
public static string GetCannedSignedURLContactBase(string photoPath, string distributionDomain)
{
const string keyPairId = "APKAJYLNBTJQ44EXZHTQ";
const string rsaKey = @"-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAh/8nUGHs5EK5bDFzDKT/LuS2Jy5px2FCNSb6+SDP8j8tDLSe
DS10J/8W0rgK8YoKgqbSwHc7nqkQwaFK3dBhtRZWOeLvr7uCZEr1D0MFzb00lUqK
f4ph9n/A1kgsdOA/6qVeIeaA5xskQhFSngQCMkeAuBXulF5iOZcYGEsBiH5AGsVr
Bo0AJrRqwAP9Kd/e9Vw6J7FFyjTdm7zEhDlcH1SsiM02Ys82d3XHDx0h4THFbYwR
dWt6DtiKmL82xiDsAoNgYGY0csL9nUtsZSWVI0Wz6tAUCxHhpXgm+381WyeJsv0Q
liKDdqOdPykSth0f3kjQ4E3tyVvKIRmDRvR1fwIDAQABAoIBAD3Ld76zsGOL2htK
YN+m/Xj+XbJyCYiaLe5e9v1KppKJmFvEmmicdcJSy7kV/YsBUYNKcEsaIpIWelGx
i4Y80JjrPGTzNDwitL4DvVSg/LsetQz9IO+RHrBWHnZ/twuodgKV/67hwULB93i5
zFOWuLTF/rwm4xCxzmoiuMUZF+o/4QQKaabwd+89h7+DeFQq91jY4XUgcvHyQPV3
P4WiDjPTbIJG31GrP9Cbw4eBswL9KbvhYHNtbu9zuxhI/pqbap1lIuYObnoimWdE
hdm00FIc8ZbmLKkDRiKdQEcYQr4mpIKN5ODheFhA1l3pqMUoZuEcN4ldyIZtkRLW
0NyZzFkCgYEA0ZX07nr5R4JQ7sI8Us8WLcIJ4M6hhui43iDT59dJ9I3RRtuySzYX
pfc+NsklsPgbtpmVGp8r5uFld1CwlFVzvdOfozDsGbIwNgIWsGVsxeOLyKyhf79z
YOFidvId6e0wSarGmZUz4mhbHFClKDJapFBup24jk2qD6uJdig01A3MCgYEAph02
XA4vYdF/+UmMjmAogkpDozOmTpRGqkOJZ5/YmVpKoWq+hnOXddo4GGqT6b1AEnsv
nziuXZZBGSTuMRIfIsbqRRsKNKzGS30isF/PR/AnPJPH6/Zo28nS73xSRxWu8k7W
5pCAgzXnVr3Ob0ZGX09GuTzAatKa6KeoUMdsesUCgYBp3aVrERL53AmlkNeHvLMn
SexTcgyFaOh4y3w+j7D7pucfM7pL43bujoUOh2xSiAD3q3x1hhFW/mOScV/Ajal5
KXxpojygfjF8FnH/iDv5eYcSRqENNlfBiBeEnagekYDitTC8Q3GB29Sp6NKEC2td
tIMwb6HoxNT9wHofUayFoQKBgFimWF9SVqkOZAyG2tMUsCmwNl5/bu6apQeymT7L
CI32qMNyMxGP2LHVboBhSGTCUdJLGYQQfMWHLWCc290mPaWSoG2W26B24DBjLMMR
ro5GtLnYaCYeT6GUGNUj9Mjo4n9/4aIUVfEwMDCThPrPdzjgFu8+Y7XehTtKVkId
21+9AoGABSlZsV1+5n4TKbi4LGAwnKiOE7vEyQz7jFJEzNH8eqK3GKSzJIP3zFEC
MwBDKvyz+WsuhjccRKncswJBFZY3HleBBmQ43zPkL6kOCJLzBdFslk/0bVq0m+dJ
jyweJ5gTWfNgFuk4vrrioGUW10P/yuNU6C2bPQKDJtc7tfkuD7o=
-----END RSA PRIVATE KEY-----";
var rsaKeyText = new StringReader(rsaKey);
try
{
if (string.IsNullOrWhiteSpace(photoPath))
{
return("data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==");
}
if (photoPath.IndexOf("/") > -1)
{
photoPath = HttpUtility.UrlEncode(photoPath);
}
TimeSpan expiry = TimeSpan.FromHours(6);
var signedUrl = AmazonCloudFrontUrlSigner.GetCannedSignedURL(
string.Format("https://{0}/{1}", distributionDomain, photoPath),
rsaKeyText,
keyPairId,
DateTime.Now.AddSeconds((int)expiry.TotalSeconds));
return(signedUrl);
}
catch (Exception ex)
{
}
return(null);
}
