Contains the cookies used to access restricted content from CloudFront using a canned policy.
Inheritance: SignedCookies
Exemplo n.º 1
0
        /// <summary>
        /// Generate signed cookies that allows access to a specific distribution and
        /// resource path by applying a access restrictions from a "canned" (simplified)
        /// policy document.
        /// </summary>
        /// <param name="resourceUrlOrPath">
        /// The URL or path that uniquely identifies a resource within a
        /// distribution. For standard distributions the resource URL will
        /// be <tt>"http://" + distributionName + "/" + path</tt>
        /// (may also include URL parameters. For distributions with the
        /// HTTPS required protocol, the resource URL must start with
        /// <tt>"https://"</tt>. RTMP resources do not take the form of a
        /// URL, and instead the resource path is nothing but the stream's
        /// name.
        /// </param>
        /// <param name="keyPairId">Identifier of a public/private certificate keypair already configured in your Amazon Web Services account.</param>
        /// <param name="privateKey">The RSA private key data that corresponding to the certificate keypair identified by keyPairId.</param>
        /// <param name="expiresOn">The expiration date till which content can be accessed using the generated cookies.</param>
        /// <returns>The signed cookies.</returns>
        public static CookiesForCannedPolicy GetCookiesForCannedPolicy(string resourceUrlOrPath,
                                                                       string keyPairId,
                                                                       TextReader privateKey,
                                                                       DateTime expiresOn)
        {
            var cookies = new CookiesForCannedPolicy();

            int epochSeconds = AWSSDKUtils.ConvertToUnixEpochSeconds(expiresOn.ToUniversalTime());

            cookies.Expires = new KeyValuePair <string, string>(
                ExpiresKey, epochSeconds.ToString(CultureInfo.InvariantCulture));

            RSAParameters rsaParameters = AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(privateKey);
            string        cannedPolicy  = "{\"Statement\":[{\"Resource\":\"" + resourceUrlOrPath
                                          + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + epochSeconds
                                          + "}}}]}";

            byte[] signatureBytes = AmazonCloudFrontUrlSigner.SignWithSha1RSA(
                UTF8Encoding.UTF8.GetBytes(cannedPolicy), rsaParameters);
            string urlSafeSignature = AmazonCloudFrontUrlSigner.MakeBytesUrlSafe(signatureBytes);

            cookies.Signature = new KeyValuePair <string, string>(SignatureKey, urlSafeSignature);

            cookies.KeyPairId = new KeyValuePair <string, string>(KeyPairIdKey, keyPairId);

            return(cookies);
        }
        /// <summary>
        /// Generate signed cookies that allows access to a specific distribution and
        /// resource path by applying a access restrictions from a "canned" (simplified)
        /// policy document.
        /// </summary>
        /// <param name="resourceUrlOrPath">
        /// The URL or path that uniquely identifies a resource within a
        /// distribution. For standard distributions the resource URL will
        /// be <tt>"http://" + distributionName + "/" + path</tt>
        /// (may also include URL parameters. For distributions with the
        /// HTTPS required protocol, the resource URL must start with
        /// <tt>"https://"</tt>. RTMP resources do not take the form of a
        /// URL, and instead the resource path is nothing but the stream's
        /// name.
        /// </param>
        /// <param name="keyPairId">Identifier of a public/private certificate keypair already configured in your Amazon Web Services account.</param>
        /// <param name="privateKey">The RSA private key data that corresponding to the certificate keypair identified by keyPairId.</param>
        /// <param name="expiresOn">The expiration date till which content can be accessed using the generated cookies.</param>
        /// <returns>The signed cookies.</returns>
        public static CookiesForCannedPolicy GetCookiesForCannedPolicy(string resourceUrlOrPath,
                                           string keyPairId,
                                           TextReader privateKey,
                                           DateTime expiresOn)
        {
            var cookies = new CookiesForCannedPolicy();

            string epochSeconds = AWSSDKUtils.ConvertToUnixEpochSecondsString(expiresOn.ToUniversalTime());
            cookies.Expires = new KeyValuePair<string, string>(
                ExpiresKey, epochSeconds);

            RSAParameters rsaParameters = AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(privateKey);
            string cannedPolicy = "{\"Statement\":[{\"Resource\":\"" + resourceUrlOrPath
                    + "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + epochSeconds
                    + "}}}]}";
            byte[] signatureBytes = AmazonCloudFrontUrlSigner.SignWithSha1RSA(
                UTF8Encoding.UTF8.GetBytes(cannedPolicy), rsaParameters);
            string urlSafeSignature = AmazonCloudFrontUrlSigner.MakeBytesUrlSafe(signatureBytes);
            cookies.Signature = new KeyValuePair<string, string>(SignatureKey, urlSafeSignature);

            cookies.KeyPairId = new KeyValuePair<string, string>(KeyPairIdKey, keyPairId);

            return cookies;
        }