/// <summary> /// Returns signed cookies that provides tailored access to private content based on an access time window and an ip range. /// </summary> /// <param name="resourceUrlOrPath"> /// The URL or path for resource within a distribution. /// </param> /// <param name="privateKey">Your private key file. RSA private key (.pem) are supported.</param> /// <param name="keyPairId">The key pair id corresponding to the private key file given.</param> /// <param name="expiresOn">The expiration date till which content can be accessed using the generated cookies.</param> /// <param name="activeFrom">The date from which content can be accessed using the generated cookies.</param> /// <param name="ipRange">The allowed IP address range of the client making the GET request, in CIDR form (e.g. 192.168.0.1/24).</param> /// <returns>The signed cookies.</returns> public static CookiesForCustomPolicy GetCookiesForCustomPolicy(string resourceUrlOrPath, TextReader privateKey, string keyPairId, DateTime expiresOn, DateTime activeFrom, string ipRange) { var cookies = new CookiesForCustomPolicy(); var policy = AmazonCloudFrontUrlSigner.BuildPolicyForSignedUrl(resourceUrlOrPath, expiresOn, ipRange, activeFrom); var base64EncodedPolicy = AmazonCloudFrontUrlSigner.MakeStringUrlSafe(policy); cookies.Policy = new KeyValuePair <string, string>(PolicyKey, base64EncodedPolicy); RSAParameters rsaParameters = AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(privateKey); byte[] signatureBytes = AmazonCloudFrontUrlSigner.SignWithSha1RSA( UTF8Encoding.UTF8.GetBytes(policy), rsaParameters); string urlSafeSignature = AmazonCloudFrontUrlSigner.MakeBytesUrlSafe(signatureBytes); cookies.Signature = new KeyValuePair <string, string>(SignatureKey, urlSafeSignature); cookies.KeyPairId = new KeyValuePair <string, string>(KeyPairIdKey, keyPairId); return(cookies); }