Class SigningUtils

java.lang.Object
software.amazon.awssdk.services.cloudfront.internal.utils.SigningUtils
public final class SigningUtils extends Object

  • Method Details

    • buildCannedPolicy

      public static String buildCannedPolicy(String resourceUrl, Instant expirationDate)
      Returns a "canned" policy for the given parameters. For more information, see Creating a signed URL using a canned policy or Setting signed cookies using a canned policy.

    • buildCustomPolicy

      public static String buildCustomPolicy(String resourceUrl, Instant activeDate, Instant expirationDate, String ipAddress)
      Returns a custom policy for the given parameters. For more information, see Creating a signed URL using a custom policy or Setting signed cookies using a custom policy.

    • makeBytesUrlSafe

      public static String makeBytesUrlSafe(byte[] bytes)
      Converts the given data to be safe for use in signed URLs for a private distribution by using specialized Base64 encoding.

    • makeStringUrlSafe

      public static String makeStringUrlSafe(String str)
      Converts the given string to be safe for use in signed URLs for a private distribution.

    • signWithSha1Rsa

      public static byte[] signWithSha1Rsa(byte[] dataToSign, PrivateKey privateKey) throws InvalidKeyException
      Signs the data given with the private key given, using the SHA1withRSA algorithm provided by bouncy castle.
      Throws:
      InvalidKeyException

    • buildCustomPolicyForSignedUrl

      public static String buildCustomPolicyForSignedUrl(String resourceUrl, Instant activeDate, Instant expirationDate, String limitToIpAddressCidr)
      Generate a policy document that describes custom access permissions to apply via a private distribution's signed URL.
      Parameters:
      resourceUrl - The HTTP/S resource path that restricts which distribution and S3 objects will be accessible in a signed URL, i.e., "https://" + distributionName + "/" + objectKey (may also include URL parameters). The '*' and '?' characters can be used as a wildcards to allow multi-character or single-character matches respectively:
      • * : All distributions/objects will be accessible
      • a1b2c3d4e5f6g7.cloudfront.net/* : All objects within the distribution a1b2c3d4e5f6g7 will be accessible
      • a1b2c3d4e5f6g7.cloudfront.net/path/to/object.txt : Only the S3 object named path/to/object.txt in the distribution a1b2c3d4e5f6g7 will be accessible.
      activeDate - An optional UTC time and date when the signed URL will become active. If null, the signed URL will be active as soon as it is created.
      expirationDate - The UTC time and date when the signed URL will expire. REQUIRED.
      limitToIpAddressCidr - An optional range of client IP addresses that will be allowed to access the distribution, specified as an IPv4 CIDR range (IPv6 format is not supported). If null, the CIDR will be omitted and any client will be permitted.
      Returns:
      A policy document describing the access permission to apply when generating a signed URL.

    • loadPrivateKey

      public static PrivateKey loadPrivateKey(Path keyFile) throws Exception
      Creates a private key from the file given, either in pem or der format. Other formats will cause an exception to be thrown.
      Throws:
      Exception