| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Network.AWS.CloudFront.SignedCookies
Description
Example usage:
{-# LANGUAGE OverloadedStrings, ScopedTypeVariables #-}
import Network.AWS.CloudFront.SignedCookies
import qualified Data.Text.IO
main :: IO ()
main = do
-- Construct an IAM policy that expires three days from now
policy :: Policy <- simplePolicy
(Resource "https://example.com/secrets/*")
(Lifespan (3 * nominalDay))
-- Parse the .pem file to get the private key
key :: PrivateKey <- readPrivateKeyPemFile
(PemFilePath "./pk-APKAIATXN3RCIOVT5WRQ.pem")
-- Construct signed cookies
cookies :: CookiesText <- createSignedCookies
(KeyPairId "APKAIATXN3RCIOVT5WRQ") key policy
Data.Text.IO.putStrLn (renderCookiesText cookies)Output:
Cookie: CloudFront-Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc29... Cookie: CloudFront-Signature=wMN6V3Okxk7sdSPZeebMh-wo... Cookie: CloudFront-Key-Pair-Id=APKAIATXN3RCIOVT5WRQ
You can see a very similar example in action in the Network.AWS.CloudFront.SignedCookies.CLI module.
Synopsis
- createSignedCookies :: KeyPairId -> PrivateKey -> Policy -> IO CookiesText
- simplePolicy :: Resource -> Lifespan -> IO Policy
- data Policy = Policy {}
- newtype Resource = Resource Text
- newtype Lifespan = Lifespan NominalDiffTime
- data StartTime
- newtype EndTime = EndTime POSIXTime
- data IpAddress
- readPrivateKeyPemFile :: PemFilePath -> IO PrivateKey
- newtype PemFilePath = PemFilePath Text
- newtype KeyPairId = KeyPairId Text
- data PrivateKey
- policyJSON :: Policy -> ByteString
- jsonTextPolicy :: Text -> Either String Policy
- jsonValPolicy :: Value -> Either String Policy
- cookiePolicy :: PolicyCookie -> Either String Policy
- type CookiesText = [(Text, Text)]
- renderCookiesText :: CookiesText -> Text
- newtype PolicyCookie = PolicyCookie Text
- newtype SignatureCookie = SignatureCookie Text
- data NominalDiffTime
- type POSIXTime = NominalDiffTime
- nominalDay :: NominalDiffTime
- getPOSIXTime :: IO POSIXTime
- data Text
Creating signed cookies
Arguments
| :: KeyPairId | A CloudFront key pair ID, which must be associated with a
trusted signer in the CloudFront distribution that you
specify in the |
| -> PrivateKey | The private key associated with the |
| -> Policy | The policy specifies what resource is being granted, for what
time period, and to what IP addresses. Construct a policy
using the |
| -> IO CookiesText |
Defining a CloudFront policy
A policy specifies what resource is being granted, for what time period, and to what IP addresses.
For AWS's documentation on what going into a CloudFront policy statement, see Values That You Specify in the Policy Statement for a Custom Policy for Signed Cookies.
Constructors
| Policy | |
Fields
| |
URL that a policy will grant access to, optionally containing asterisks for wildcards.
Examples:
"https://d123example.cloudfront.net/index.html""https://d123example.cloudfront.net/*.jpeg"
How long from now the credentials expire
Constructors
| Lifespan NominalDiffTime |
The time at which credentials begin to take effect
Constructors
| StartImmediately | |
| StartTime POSIXTime |
The IP address or address range of clients allowed to make requests
Getting your private key
readPrivateKeyPemFile Source #
Arguments
| :: PemFilePath | The filesystem path of the |
| -> IO PrivateKey |
Read an RSA private key from a .pem file you downloaded from AWS.
newtype PemFilePath Source #
Location in the filesystem where a .pem file containing an RSA secret key can be found.
The filename downloaded from AWS looks like this:
"pk-APKAIATXN3RCIOVT5WRQ.pem"
Constructors
| PemFilePath Text |
Instances
| Show PemFilePath Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods showsPrec :: Int -> PemFilePath -> ShowS # show :: PemFilePath -> String # showList :: [PemFilePath] -> ShowS # | |
| Eq PemFilePath Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types | |
CloudFront key pair ID for the key pair that you are using to generate signature.
The key pair ID can be found in the name of key files that you download, and looks like this:
APKAIATXN3RCIOVT5WRQ
data PrivateKey #
Represent a RSA private key.
Only the pub, d fields are mandatory to fill.
p, q, dP, dQ, qinv are by-product during RSA generation, but are useful to record here to speed up massively the decrypt and sign operation.
implementations can leave optional fields to 0.
Instances
| Data PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> PrivateKey -> c PrivateKey # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c PrivateKey # toConstr :: PrivateKey -> Constr # dataTypeOf :: PrivateKey -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c PrivateKey) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c PrivateKey) # gmapT :: (forall b. Data b => b -> b) -> PrivateKey -> PrivateKey # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> PrivateKey -> r # gmapQr :: forall r r'. (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> PrivateKey -> r # gmapQ :: (forall d. Data d => d -> u) -> PrivateKey -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> PrivateKey -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> PrivateKey -> m PrivateKey # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> PrivateKey -> m PrivateKey # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> PrivateKey -> m PrivateKey # | |
| Read PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods readsPrec :: Int -> ReadS PrivateKey # readList :: ReadS [PrivateKey] # readPrec :: ReadPrec PrivateKey # readListPrec :: ReadPrec [PrivateKey] # | |
| Show PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods showsPrec :: Int -> PrivateKey -> ShowS # show :: PrivateKey -> String # showList :: [PrivateKey] -> ShowS # | |
| NFData PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods rnf :: PrivateKey -> () # | |
| Eq PrivateKey | |
Defined in Crypto.PubKey.RSA.Types | |
Policy JSON
policyJSON :: Policy -> ByteString Source #
Encode a Policy as JSON, with no whitespace, as AWS requires.
Excerpt from Setting Signed Cookies Using a Custom Policy:
- "Remove all whitespace (including tabs and newline characters) from the policy statement."
Reading cookies
Miscellaneous
Cookies
type CookiesText = [(Text, Text)] #
Textual cookies. Functions assume UTF8 encoding.
renderCookiesText :: CookiesText -> Text Source #
Format a list of cookies as HTTP request headers.
newtype PolicyCookie Source #
The value of a CloudFront-Policy cookie.
Constructors
| PolicyCookie Text |
Instances
| Show PolicyCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods showsPrec :: Int -> PolicyCookie -> ShowS # show :: PolicyCookie -> String # showList :: [PolicyCookie] -> ShowS # | |
| Eq PolicyCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types | |
newtype SignatureCookie Source #
The value of a CloudFront-Signature cookie.
Constructors
| SignatureCookie Text |
Instances
| Show SignatureCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods showsPrec :: Int -> SignatureCookie -> ShowS # show :: SignatureCookie -> String # showList :: [SignatureCookie] -> ShowS # | |
| Eq SignatureCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods (==) :: SignatureCookie -> SignatureCookie -> Bool # (/=) :: SignatureCookie -> SignatureCookie -> Bool # | |
Time
data NominalDiffTime #
This is a length of time, as measured by UTC. It has a precision of 10^-12 s.
Conversion functions such as fromInteger and realToFrac will treat it as seconds.
For example, (0.010 :: NominalDiffTime) corresponds to 10 milliseconds.
It has a precision of one picosecond (= 10^-12 s). Enumeration functions will treat it as picoseconds.
It ignores leap-seconds, so it's not necessarily a fixed amount of clock time. For instance, 23:00 UTC + 2 hours of NominalDiffTime = 01:00 UTC (+ 1 day), regardless of whether a leap-second intervened.
Instances
type POSIXTime = NominalDiffTime #
POSIX time is the nominal time since 1970-01-01 00:00 UTC
To convert from a CTime or System.Posix.EpochTime, use realToFrac.
nominalDay :: NominalDiffTime #
One day in NominalDiffTime.
getPOSIXTime :: IO POSIXTime #
Get the current POSIX time from the system clock.
Text
A space efficient, packed, unboxed Unicode text type.
Instances
| FromJSON Text | |
| FromJSONKey Text | |
Defined in Data.Aeson.Types.FromJSON | |
| ToJSON Text | |
Defined in Data.Aeson.Types.ToJSON | |
| ToJSONKey Text | |
Defined in Data.Aeson.Types.ToJSON | |
| Chunk Text | |
Defined in Data.Attoparsec.Internal.Types Associated Types type ChunkElem Text Methods pappendChunk :: State Text -> Text -> State Text atBufferEnd :: Text -> State Text -> Pos bufferElemAt :: Text -> Pos -> State Text -> Maybe (ChunkElem Text, Int) chunkElemToChar :: Text -> ChunkElem Text -> Char | |
| Hashable Text | |
Defined in Data.Hashable.Class | |
| Ixed Text | |
Defined in Control.Lens.At | |
| AsJSON Text | |
| AsNumber Text | |
| AsValue Text | |
| IsKey Text | |
| type ChunkElem Text | |
Defined in Data.Attoparsec.Internal.Types | |
| type State Text | |
Defined in Data.Attoparsec.Internal.Types type State Text = Buffer | |
| type Item Text | |
| type Index Text | |
Defined in Control.Lens.At | |
| type IxValue Text | |
Defined in Control.Lens.At | |