Created
July 27, 2015 05:42
-
-
Save jakubboucek/65b452486ae6cc0dbfab to your computer and use it in GitHub Desktop.
AWS serve private files via CloudFront
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$books = array( | |
'Arthur-Charles-Clarke-3001-Posledni-vesmirna-Odyssea-(ID-1004-eBookEater.cz).epub', | |
'Arthur-Charles-Clarke-3001-Posledni-vesmirna-Odyssea-(ID-1004-eBookEater.cz).mobi', | |
'Bozena-Nemcova-Babicka-(ID-38-eBookEater.cz).mobi', | |
'Don-Miguel-Ruiz---1997-Ctyri-dohody.pdf', | |
'Don-Miguel-Ruiz---2006-Ctyri-dohody-pracovni-kniha.pdf', | |
'Don_Miguel_Ruiz_1997_ty_i_dohody_p-(1).mobi', | |
'Don_Miguel_Ruiz_1997_ty_i_dohody_p.mobi', | |
'Essential-Grammar-in-Use---big.pdf', | |
'Filipa-Filik-Penize-Te-neuchrani-(ID-835-eBookEater.cz).mobi', | |
'Gabriel-Decay-Hysteria-(ID-472-eBookEater.cz).mobi', | |
'Karel-Havlicek-Borovsky-Kral-Lavra-(ID-277-eBookEater.cz).mobi', | |
'Karel-Capek-Bila-nemoc-(ID-221-eBookEater.cz).mobi', | |
'Lukas-Komarek-Adolf-Hitler-jak-jej-nezname-(ID-652-eBookEater.cz).mobi', | |
'Rudolf-Rudd-Exekutor-(ID-1213-eBookEater.cz).mobi', | |
'Stanislav-Filip-Blamaz-o-Velkem-tresku-(ID-580-eBookEater.cz).mobi', | |
); | |
$key = '-----BEGIN RSA PRIVATE KEY----- | |
//put your private key here | |
-----END RSA PRIVATE KEY-----'; | |
$key_pair_id = 'put your key ID here'; | |
$cdn = 'http://your_cloudfornt_id.cloudfront.net/'; | |
?> | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>amazon test</title> | |
<link rel="icon" type="image/ico" href="https://awsmedia.s3.amazonaws.com/favicon.ico"/> | |
<link rel="shortcut icon" type="image/ico" href="https://awsmedia.s3.amazonaws.com/favicon.ico"/> | |
</head> | |
<body> | |
<h1>Test privátniho cloundfrontu</h1> | |
<table border="1"> | |
<tr> | |
<th rowspan=2>Kniha</th> | |
<th rowspan=2>velikost</th> | |
<th colspan=4>expirace</th> | |
</tr> | |
<tr> | |
<th>link 5 sekunda</th> | |
<th>link 1 minuta</th> | |
<th>link 1 hodina</th> | |
<th>link 1 den</th> | |
</tr> | |
<?php foreach ($books as $i =>$book):?> | |
<tr> | |
<td><?php echo urldecode($book);?></td> | |
<td><?php if($i == 7) {echo "~ 250 MB"; }else{ echo "pár kilo";}; ?></td> | |
<td><a href="<?php echo makelink($book, 5); ?>">Link</a></td> | |
<td><a href="<?php echo makelink($book, 60); ?>">Link</a></td> | |
<td><a href="<?php echo makelink($book, 3600); ?>">Link</a></td> | |
<td><a href="<?php echo makelink($book, 86400); ?>">Link</a></td> | |
</tr> | |
<?php endforeach; ?> | |
</table> | |
</body></html> | |
<?php | |
/***************************************************** | |
Libraries | |
******************************************************/ | |
function makelink($file, $expire_sec){ | |
global $cdn; | |
global $key; | |
global $key_pair_id; | |
$file_query = get_canned_policy_stream_name( | |
$cdn . urldecode($file), | |
$key, | |
$key_pair_id, | |
time() + $expire_sec | |
); | |
return $file_query; | |
} | |
function rsa_sha1_sign($policy, $priv_key) { | |
$signature = ""; | |
$pkeyid = openssl_get_privatekey($priv_key); | |
// compute signature | |
openssl_sign($policy, $signature, $pkeyid); | |
// free the key from memory | |
openssl_free_key($pkeyid); | |
return $signature; | |
} | |
function url_safe_base64_encode($value) { | |
$encoded = base64_encode($value); | |
// replace unsafe characters +, = and / with | |
// the safe characters -, _ and ~ | |
return str_replace( | |
array('+', '=', '/'), | |
array('-', '_', '~'), | |
$encoded); | |
} | |
function get_canned_policy_stream_name($file_name, $private_key, $key_pair_id, $expires) { | |
// this policy is well known by CloudFront, but you still need to sign it, | |
// since it contains your parameters | |
$canned_policy = '{"Statement":[{"Resource":"' . $file_name . '","Condition":{"DateLessThan":{"AWS:EpochTime":'. $expires . '}}}]}'; | |
// the policy contains characters that cannot be part of a URL, | |
// so we Base64 encode it | |
$encoded_policy = url_safe_base64_encode($canned_policy); | |
// sign the original policy, not the encoded version | |
$signature = rsa_sha1_sign($canned_policy, $private_key); | |
// make the signature safe to be included in a url | |
$encoded_signature = url_safe_base64_encode($signature); | |
// combine the above into a stream name | |
$stream_name = create_stream_name($file_name, $encoded_signature, $key_pair_id, $expires); | |
// url-encode the query string characters to work around a flash player bug | |
return $stream_name; | |
} | |
function create_stream_name($file_name, $encoded_signature, $key_pair_id, $expires) | |
{ | |
global $query_string ; | |
$query_string = $file_name ; | |
$query_string .= "?" ; | |
$query_string .= "Expires=" ; | |
$query_string .= $expires ; | |
$query_string .= "&" ; | |
$query_string .= "Signature=" ; | |
$query_string .= $encoded_signature ; | |
$query_string .= "&" ; | |
$query_string .= "Key-Pair-Id=" ; | |
$query_string .= $key_pair_id ; | |
return $query_string ; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment