joshkh/cloudfront-s3-sig.clj

## cloudfront-s3-sig.clj
(ns signit
  (:require [buddy.core.dsa :as dsa]
            [buddy.core.codecs.base64 :as b64]
            [clojure.string :as str])
  (:import [java.security Signature]))

(defn access-policy
  "Create a stringified JSON policy to grant access to a URL until a given Epoch time"
  [url exp]
  (str "{\"Statement\":[{\"Resource\":\""
       url
       "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":"
       exp
       "}}}]}"))

(defn replace-valid-chars
  "Replace unsafe URL query string characters with safe ones"
  [s]
  (str/replace s #"\+|=|/" (fn [m] (get {"+" "-" "=" "_" "/" "~"} m))))

(defn sign [url exp private-key]
  (-> (access-policy url exp)
    (dsa/sign {:key private-key :alg #(Signature/getInstance "SHA1withRSA")})
    b64/encode
    String.
    replace-valid-chars))

(defn sign-url [url exp private-key-id private-key]
  (str
    url
    "?Expires=" exp
    "&Key-Pair-Id=" private-key-id
    "&Signature=" (sign url exp private-key)))
	(ns signit
	(:require [buddy.core.dsa :as dsa]
	[buddy.core.codecs.base64 :as b64]
	[clojure.string :as str])
	(:import [java.security Signature]))

	(defn access-policy
	"Create a stringified JSON policy to grant access to a URL until a given Epoch time"
	[url exp]
	(str "{\"Statement\":[{\"Resource\":\""
	url
	"\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":"
	exp
	"}}}]}"))

	(defn replace-valid-chars
	"Replace unsafe URL query string characters with safe ones"
	[s]
	(str/replace s #"\+\|=\|/" (fn [m] (get {"+" "-" "=" "_" "/" "~"} m))))

	(defn sign [url exp private-key]
	(-> (access-policy url exp)
	(dsa/sign {:key private-key :alg #(Signature/getInstance "SHA1withRSA")})
	b64/encode
	String.
	replace-valid-chars))

	(defn sign-url [url exp private-key-id private-key]
	(str
	url
	"?Expires=" exp
	"&Key-Pair-Id=" private-key-id
	"&Signature=" (sign url exp private-key)))