CloudFront - Signed Cookies Using a Custom Policy

custom_policy_request.rb

#!/usr/bin/env ruby

require 'json'

### CloudFront Key Pair
KEY_PAIR_ID = "XXXXX"
PRIVATE_KEY = "pk-XXXXX.pem"
### Destination URL and RESOURCE for Policy
DST_URL = "https://xxxx.cloudfront.net/index.html"
RESOURCE = "http*://xxxx.cloudfront.net/index.html"

start_time = (Time.now - 60).to_i
expire_time = (Time.now + 60*60*24*10).to_i

condition = { "DateLessThan" => {"AWS:EpochTime" => expire_time }, "DateGreaterThan" => {"AWS:EpochTime" => start_time } }

policy = { "Statement" => ["Resource" => RESOURCE, "Condition" => condition] }

puts "------- policy -------"
p policy = policy.to_json

puts "------- encoded_policy -------"
encoded_policy = `printf %s '#{policy}' | base64 | tr '+=/' '-_~'`
p encoded_policy.gsub!(/(\r\n|\r|\n)/, "")

# cat policy.json | openssl sha1 -sign pk.pem | openssl base64 | tr '+=/' '-_~'
signature = `printf %s '#{policy}' | openssl sha1 -sign #{PRIVATE_KEY} | openssl base64 | tr '+=/' '-_~'`

puts "------ signature --------"
p signature.gsub!(/(\r\n|\r|\n)/, "")

header = "Cookie:CloudFront-Expires=#{expire_time}; CloudFront-Policy=#{encoded_policy}; CloudFront-Signature=#{signature}; CloudFront-Key-Pair-Id=#{KEY_PAIR_ID}"

puts "-------- header -------"
p header

puts "---------------"
puts `curl -vH '#{header}' #{DST_URL}`

Prerequisite

• CloudFront Distribution and the Settings
• Create CloudFront Key Pair

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html

http://dev.classmethod.jp/cloud/aws/cf-s3-private-content-signed-cookies/