Enum CloudFrontUrlSigner
- All Implemented Interfaces:
Serializable
,Comparable<CloudFrontUrlSigner>
,java.lang.constant.Constable
Utility class for generating pre-signed URLs for serving private CloudFront
content. All dates must be in UTC. Use
Calendar
to set the timezone
specifically before converting to a Date
object, or else use
DateUtils
to turn a UTC date String into a Date object.
Protocol protocol = Protocol.http; String distributionDomain = "d1b2c3a4g5h6.cloudfront.net"; File privateKeyFile = new File("/path/to/cfcurlCloud/rsa-private-key.pem"); String s3ObjectKey = "a/b/images.jpeg"; String keyPairId = "APKAJCEOKRHC3XIVU5NA"; Date dateLessThan = DateUtils.parseISO8601Date("2012-11-14T22:20:00.000Z"); Date dateGreaterThan = DateUtils.parseISO8601Date("2011-11-14T22:20:00.000Z"); String ipRange = "192.168.0.1/24"; String url1 = CloudFrontUrlSigner.getSignedURLWithCannedPolicy( protocol, distributionDomain, privateKeyFile, s3ObjectKey, keyPairId, dateLessThan); String url2 = CloudFrontUrlSigner.getSignedURLWithCustomPolicy( protocol, distributionDomain, privateKeyFile, s3ObjectKey, keyPairId, dateLessThan, dateGreaterThan, ipRange);
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class java.lang.Enum
Enum.EnumDesc<E extends Enum<E>>
-
Method Summary
Modifier and TypeMethodDescriptionstatic String
buildCustomPolicyForSignedUrl
(String resourcePath, Date epochDateLessThan, String limitToIpAddressCIDR, Date epochDateGreaterThan) Generate a policy document that describes custom access permissions to apply via a private distribution's signed URL.static String
getSignedURLWithCannedPolicy
(SignerUtils.Protocol protocol, String distributionDomain, File privateKeyFile, String s3ObjectKey, String keyPairId, Date dateLessThan) Returns a signed URL with a canned policy that grants universal access to private content until a given date.static String
getSignedURLWithCannedPolicy
(String resourceUrlOrPath, String keyPairId, PrivateKey privateKey, Date dateLessThan) Generate a signed URL that allows access to a specific distribution and S3 object by applying a access restrictions from a "canned" (simplified) policy document.static String
getSignedURLWithCustomPolicy
(SignerUtils.Protocol protocol, String distributionDomain, File privateKeyFile, String s3ObjectKey, String keyPairId, Date dateLessThan, Date dateGreaterThan, String ipRange) Returns a signed URL that provides tailored access to private content based on an access time window and an ip range.static String
getSignedURLWithCustomPolicy
(String resourceUrlOrPath, String keyPairId, PrivateKey privateKey, String policy) Generate a signed URL that allows access to distribution and S3 objects by applying access restrictions specified in a custom policy document.static CloudFrontUrlSigner
Returns the enum constant of this type with the specified name.static CloudFrontUrlSigner[]
values()
Returns an array containing the constants of this enum type, in the order they are declared.
-
Method Details
-
values
Returns an array containing the constants of this enum type, in the order they are declared.- Returns:
- an array containing the constants of this enum type, in the order they are declared
-
valueOf
Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)- Parameters:
name
- the name of the enum constant to be returned.- Returns:
- the enum constant with the specified name
- Throws:
IllegalArgumentException
- if this enum type has no constant with the specified nameNullPointerException
- if the argument is null
-
getSignedURLWithCannedPolicy
public static String getSignedURLWithCannedPolicy(SignerUtils.Protocol protocol, String distributionDomain, File privateKeyFile, String s3ObjectKey, String keyPairId, Date dateLessThan) throws InvalidKeySpecException, IOException Returns a signed URL with a canned policy that grants universal access to private content until a given date. For more information, see Overview of Signed URLs.- Parameters:
protocol
- The protocol of the URLdistributionDomain
- The domain name of the distributionprivateKeyFile
- The private key file. RSA private key (.pem) and pkcs8 (.der) files are supported.s3ObjectKey
- The s3 key of the object, or the name of the stream for rtmpkeyPairId
- The key pair id corresponding to the private key file givendateLessThan
- The expiration date of the signed URL in UTC- Returns:
- The signed URL.
- Throws:
InvalidKeySpecException
IOException
-
getSignedURLWithCustomPolicy
public static String getSignedURLWithCustomPolicy(SignerUtils.Protocol protocol, String distributionDomain, File privateKeyFile, String s3ObjectKey, String keyPairId, Date dateLessThan, Date dateGreaterThan, String ipRange) throws InvalidKeySpecException, IOException Returns a signed URL that provides tailored access to private content based on an access time window and an ip range. For more information, see Overview of Signed URLs.- Parameters:
protocol
- The protocol of the URLdistributionDomain
- The domain name of the distributionprivateKeyFile
- Your private key file. RSA private key (.pem) and pkcs8 (.der) files are supported.s3ObjectKey
- The s3 key of the object, or the name of the stream for rtmpkeyPairId
- The key pair id corresponding to the private key file givendateLessThan
- The expiration date of the signed URL in UTCdateGreaterThan
- The beginning valid date of the signed URL in UTCipRange
- The allowed IP address range of the client making the GET request, in CIDR form (e.g. 192.168.0.1/24).- Returns:
- The signed URL.
- Throws:
IOException
InvalidKeySpecException
-
getSignedURLWithCustomPolicy
public static String getSignedURLWithCustomPolicy(String resourceUrlOrPath, String keyPairId, PrivateKey privateKey, String policy) Generate a signed URL that allows access to distribution and S3 objects by applying access restrictions specified in a custom policy document. For more information, see Overview of Signed URLs.- Parameters:
resourceUrlOrPath
- The URL or path that uniquely identifies a resource within a distribution. For standard distributions the resource URL will be "http://" + distributionName + "/" + objectKey (may also include URL parameters. For distributions with the HTTPS required protocol, the resource URL must start with "https://". RTMP resources do not take the form of a URL, and instead the resource path is nothing but the stream's name.keyPairId
- Identifier of a public/private certificate keypair already configured in your Amazon Web Services account.privateKey
- The RSA private key data that corresponding to the certificate keypair identified by keyPairId.policy
- A policy document that describes the access permissions that will be applied by the signed URL. To generate a custom policy use- Returns:
- A signed URL that will permit access to distribution and S3 objects as specified in the policy document.
-
getSignedURLWithCannedPolicy
public static String getSignedURLWithCannedPolicy(String resourceUrlOrPath, String keyPairId, PrivateKey privateKey, Date dateLessThan) Generate a signed URL that allows access to a specific distribution and S3 object by applying a access restrictions from a "canned" (simplified) policy document. For more information, see Overview of Signed URLs.- Parameters:
resourceUrlOrPath
- The URL or path that uniquely identifies a resource within a distribution. For standard distributions the resource URL will be "http://" + distributionName + "/" + objectKey (may also include URL parameters. For distributions with the HTTPS required protocol, the resource URL must start with "https://". RTMP resources do not take the form of a URL, and instead the resource path is nothing but the stream's name.keyPairId
- Identifier of a public/private certificate keypair already configured in your Amazon Web Services account.privateKey
- The private key data that corresponding to the keypair identified by keyPairIddateLessThan
- The UTC time and date when the signed URL will expire. REQUIRED.- Returns:
- A signed URL that will permit access to a specific distribution and S3 object.
-
buildCustomPolicyForSignedUrl
public static String buildCustomPolicyForSignedUrl(String resourcePath, Date epochDateLessThan, String limitToIpAddressCIDR, Date epochDateGreaterThan) Generate a policy document that describes custom access permissions to apply via a private distribution's signed URL.- Parameters:
resourcePath
- An optional HTTP/S or RTMP resource path that restricts which distribution and S3 objects will be accessible in a signed URL. For standard distributions the resource URL will be "http://" + distributionName + "/" + objectKey (may also include URL parameters. For distributions with the HTTPS required protocol, the resource URL must start with "https://". RTMP resources do not take the form of a URL, and instead the resource path is nothing but the stream's name. The '*' and '?' characters can be used as a wildcards to allow multi-character or single-character matches respectively:- * : All distributions/objects will be accessible
- a1b2c3d4e5f6g7.cloudfront.net/* : All objects within the distribution a1b2c3d4e5f6g7 will be accessible
- a1b2c3d4e5f6g7.cloudfront.net/path/to/object.txt : Only the S3 object named path/to/object.txt in the distribution a1b2c3d4e5f6g7 will be accessible.
epochDateLessThan
- The UTC time and date when the signed URL will expire. REQUIRED.limitToIpAddressCIDR
- An optional range of client IP addresses that will be allowed to access the distribution, specified as a CIDR range. If null, the CIDR will be 0.0.0.0/0 and any client will be permitted.epochDateGreaterThan
- An optional UTC time and date when the signed URL will become active. If null, the signed URL will be active as soon as it is created.- Returns:
- A policy document describing the access permission to apply when generating a signed URL.
-