Package software.amazon.awssdk.services.cloudfront.internal.utils

Class SigningUtils

  • public final class SigningUtils
extends Object

    • Method Detail

      • makeBytesUrlSafe

        public static String makeBytesUrlSafe​(byte[] bytes)
        Converts the given data to be safe for use in signed URLs for a private distribution by using specialized Base64 encoding.

      • makeStringUrlSafe

        public static String makeStringUrlSafe​(String str)
        Converts the given string to be safe for use in signed URLs for a private distribution.

      • signWithSha1Rsa

        public static byte[] signWithSha1Rsa​(byte[] dataToSign,
                                     PrivateKey privateKey)
                              throws InvalidKeyException
        Signs the data given with the private key given, using the SHA1withRSA algorithm provided by bouncy castle.
        Throws:
        InvalidKeyException

      • buildCustomPolicyForSignedUrl

        public static String buildCustomPolicyForSignedUrl​(String resourceUrl,
                                                   Instant activeDate,
                                                   Instant expirationDate,
                                                   String limitToIpAddressCidr)
        Generate a policy document that describes custom access permissions to apply via a private distribution's signed URL.
        Parameters:
        resourceUrl - The HTTP/S resource path that restricts which distribution and S3 objects will be accessible in a signed URL, i.e., "https://" + distributionName + "/" + objectKey (may also include URL parameters). The '*' and '?' characters can be used as a wildcards to allow multi-character or single-character matches respectively:
        • * : All distributions/objects will be accessible
        • a1b2c3d4e5f6g7.cloudfront.net/* : All objects within the distribution a1b2c3d4e5f6g7 will be accessible
        • a1b2c3d4e5f6g7.cloudfront.net/path/to/object.txt : Only the S3 object named path/to/object.txt in the distribution a1b2c3d4e5f6g7 will be accessible.
        activeDate - An optional UTC time and date when the signed URL will become active. If null, the signed URL will be active as soon as it is created.
        expirationDate - The UTC time and date when the signed URL will expire. REQUIRED.
        limitToIpAddressCidr - An optional range of client IP addresses that will be allowed to access the distribution, specified as an IPv4 CIDR range (IPv6 format is not supported). If null, the CIDR will be omitted and any client will be permitted.
        Returns:
        A policy document describing the access permission to apply when generating a signed URL.

      • loadPrivateKey

        public static PrivateKey loadPrivateKey​(Path keyFile)
                                 throws Exception
        Creates a private key from the file given, either in pem or der format. Other formats will cause an exception to be thrown.
        Throws:
        Exception