gregworley/gist:1198903

## gistfile1.go
//http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html#PrivateContent_AuthExamples
//Amazon CloudFront Developer's Guide (API Version 2010-11-01) Using Amazon Cloudfront>Serving Private Content > Creating a Signed URL

package main

import (
	"os"
	"strconv"
	"fmt"
	"io/ioutil"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/pem"
	"bytes"
)


func expire(minutes int) (expires string) {
	secondsNow, _, _ := os.Time()
	addSeconds := minutes * 60
	secondsNew := int(secondsNow)
	expiresInt := secondsNew + addSeconds
	expires = strconv.Itoa(expiresInt)
	return
}
func privkey(file string) (key *rsa.PrivateKey, err os.Error) {
        f, err := os.Open(file, os.O_RDONLY, 0400)
        if err != nil {
                return
        }
        buf, err := ioutil.ReadAll(f)
        if err != nil {
                return
        }
        p, _ := pem.Decode(buf)
        if p == nil {
                return nil, os.NewError("no pem block found")
        }
        return x509.ParsePKCS1PrivateKey(p.Bytes)
}

func main() {
	expires := expire(10)
	resource := `http://d604721fxaaqy9.cloudfront.net/horizon.jpg?large=yes&license=yes`//testing value
	privateKey := "./private-key.pem"
	// The Signature value is an RSA-SHA1 digital Signature of the following JSON policy
	// with the RESOURCE and EXPIRES values replaced with your values
	//{"Statement":[{"Resource":"RESOURCE","Condition":{"DateLessThan":{"AWS:EpochTime":EXPIRES}}}]}
	fmt.Printf("\nexpires would be:%s, and it's being reset to: 1258237200 for testing\n", expires)
        p1 := `{"Statement":[{"Resource":"`
        p2 := resource
        p3 := `","Condition":{"DateLessThan":{"AWS:EpochTime":`
        p4 := "1258237200"//normally use expires, but this is for testing
        p5 := `}}}]}`
        toSign := p1 + p2 + p3 + p4 + p5
	fmt.Printf("We're going to sign %s, of Type %T\n", toSign, toSign)
	key, err := privkey(privateKey)
        if err != nil {
		fmt.Print("oops")
        }
        h := sha1.New()
	h.Write([]byte(toSign))
        sum := h.Sum()
        sig, err := rsa.SignPKCS1v15(rand.Reader, key, rsa.HashSHA1, sum)
        if err != nil {
               fmt.Print("oops2")
        }
	f := bytes.NewBuffer(sig)
	g := f.String()
	fmt.Printf("The Signed String is: %s\n and is of type:%T\n",g,g)
}
	//http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html#PrivateContent_AuthExamples
	//Amazon CloudFront Developer's Guide (API Version 2010-11-01) Using Amazon Cloudfront>Serving Private Content > Creating a Signed URL

	package main

	import (
	"os"
	"strconv"
	"fmt"
	"io/ioutil"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha1"
	"crypto/x509"
	"encoding/pem"
	"bytes"
	)


	func expire(minutes int) (expires string) {
	secondsNow, _, _ := os.Time()
	addSeconds := minutes * 60
	secondsNew := int(secondsNow)
	expiresInt := secondsNew + addSeconds
	expires = strconv.Itoa(expiresInt)
	return
	}
	func privkey(file string) (key *rsa.PrivateKey, err os.Error) {
	f, err := os.Open(file, os.O_RDONLY, 0400)
	if err != nil {
	return
	}
	buf, err := ioutil.ReadAll(f)
	if err != nil {
	return
	}
	p, _ := pem.Decode(buf)
	if p == nil {
	return nil, os.NewError("no pem block found")
	}
	return x509.ParsePKCS1PrivateKey(p.Bytes)
	}

	func main() {
	expires := expire(10)
	resource := `http://d604721fxaaqy9.cloudfront.net/horizon.jpg?large=yes&license=yes`//testing value
	privateKey := "./private-key.pem"
	// The Signature value is an RSA-SHA1 digital Signature of the following JSON policy
	// with the RESOURCE and EXPIRES values replaced with your values
	//{"Statement":[{"Resource":"RESOURCE","Condition":{"DateLessThan":{"AWS:EpochTime":EXPIRES}}}]}
	fmt.Printf("\nexpires would be:%s, and it's being reset to: 1258237200 for testing\n", expires)
	p1 := `{"Statement":[{"Resource":"`
	p2 := resource
	p3 := `","Condition":{"DateLessThan":{"AWS:EpochTime":`
	p4 := "1258237200"//normally use expires, but this is for testing
	p5 := `}}}]}`
	toSign := p1 + p2 + p3 + p4 + p5
	fmt.Printf("We're going to sign %s, of Type %T\n", toSign, toSign)
	key, err := privkey(privateKey)
	if err != nil {
	fmt.Print("oops")
	}
	h := sha1.New()
	h.Write([]byte(toSign))
	sum := h.Sum()
	sig, err := rsa.SignPKCS1v15(rand.Reader, key, rsa.HashSHA1, sum)
	if err != nil {
	fmt.Print("oops2")
	}
	f := bytes.NewBuffer(sig)
	g := f.String()
	fmt.Printf("The Signed String is: %s\n and is of type:%T\n",g,g)
	}