| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Network.AWS.CloudFront.SignedCookies
Description
Example usage:
{-# LANGUAGE OverloadedStrings, ScopedTypeVariables #-}
import Network.AWS.CloudFront.SignedCookies
import qualified Data.Text.IO
main :: IO ()
main = do
-- Construct an IAM policy that expires three days from now
policy :: Policy <- simplePolicy
(Resource "https://example.com/secrets/*")
(Lifespan (3 * nominalDay))
-- Parse the .pem file to get the private key
key :: PrivateKey <- readPrivateKeyPemFile
(PemFilePath "./pk-APKAIATXN3RCIOVT5WRQ.pem")
-- Construct signed cookies
cookies :: CookiesText <- createSignedCookies
(KeyPairId "APKAIATXN3RCIOVT5WRQ") key policy
Data.Text.IO.putStrLn (renderCookiesText cookies)Output:
Cookie: CloudFront-Policy=eyJTdGF0ZW1lbnQiOlt7IlJlc29... Cookie: CloudFront-Signature=wMN6V3Okxk7sdSPZeebMh-wo... Cookie: CloudFront-Key-Pair-Id=APKAIATXN3RCIOVT5WRQ
You can see a very similar example in action in the Network.AWS.CloudFront.SignedCookies.CLI module.
Synopsis
- createSignedCookies :: KeyPairId -> PrivateKey -> Policy -> IO CookiesText
- simplePolicy :: Resource -> Lifespan -> IO Policy
- data Policy = Policy {}
- newtype Resource = Resource Text
- newtype Lifespan = Lifespan NominalDiffTime
- data StartTime
- newtype EndTime = EndTime POSIXTime
- data IpAddress
- readPrivateKeyPemFile :: PemFilePath -> IO PrivateKey
- newtype PemFilePath = PemFilePath Text
- newtype KeyPairId = KeyPairId Text
- data PrivateKey
- policyJSON :: Policy -> ByteString
- jsonTextPolicy :: Text -> Either String Policy
- jsonValPolicy :: Value -> Either String Policy
- cookiePolicy :: PolicyCookie -> Either String Policy
- type CookiesText = [(Text, Text)]
- renderCookiesText :: CookiesText -> Text
- newtype PolicyCookie = PolicyCookie Text
- newtype SignatureCookie = SignatureCookie Text
- data NominalDiffTime
- type POSIXTime = NominalDiffTime
- nominalDay :: NominalDiffTime
- getPOSIXTime :: IO POSIXTime
- data Text
Creating signed cookies
Arguments
| :: KeyPairId | A CloudFront key pair ID, which must be associated with a
trusted signer in the CloudFront distribution that you
specify in the |
| -> PrivateKey | The private key associated with the |
| -> Policy | The policy specifies what resource is being granted, for what
time period, and to what IP addresses. Construct a policy
using the |
| -> IO CookiesText |
Defining a CloudFront policy
A policy specifies what resource is being granted, for what time period, and to what IP addresses.
For AWS's documentation on what going into a CloudFront policy statement, see Values That You Specify in the Policy Statement for a Custom Policy for Signed Cookies.
Constructors
| Policy | |
Fields
| |
URL that a policy will grant access to, optionally containing asterisks for wildcards.
Examples:
"https://d123example.cloudfront.net/index.html""https://d123example.cloudfront.net/*.jpeg"
How long from now the credentials expire
Constructors
| Lifespan NominalDiffTime |
The time at which credentials begin to take effect
Constructors
| StartImmediately | |
| StartTime POSIXTime |
The IP address or address range of clients allowed to make requests
Getting your private key
readPrivateKeyPemFile Source #
Arguments
| :: PemFilePath | The filesystem path of the |
| -> IO PrivateKey |
Read an RSA private key from a .pem file you downloaded from AWS.
newtype PemFilePath Source #
Location in the filesystem where a .pem file containing an RSA secret key can be found.
The filename downloaded from AWS looks like this:
"pk-APKAIATXN3RCIOVT5WRQ.pem"
Constructors
| PemFilePath Text |
Instances
| Eq PemFilePath Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types | |
| Show PemFilePath Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods showsPrec :: Int -> PemFilePath -> ShowS # show :: PemFilePath -> String # showList :: [PemFilePath] -> ShowS # | |
CloudFront key pair ID for the key pair that you are using to generate signature.
The key pair ID can be found in the name of key files that you download, and looks like this:
APKAIATXN3RCIOVT5WRQ
data PrivateKey #
Represent a RSA private key.
Only the pub, d fields are mandatory to fill.
p, q, dP, dQ, qinv are by-product during RSA generation, but are useful to record here to speed up massively the decrypt and sign operation.
implementations can leave optional fields to 0.
Instances
| Eq PrivateKey | |
Defined in Crypto.PubKey.RSA.Types | |
| Data PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> PrivateKey -> c PrivateKey # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c PrivateKey # toConstr :: PrivateKey -> Constr # dataTypeOf :: PrivateKey -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c PrivateKey) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c PrivateKey) # gmapT :: (forall b. Data b => b -> b) -> PrivateKey -> PrivateKey # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> PrivateKey -> r # gmapQr :: forall r r'. (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> PrivateKey -> r # gmapQ :: (forall d. Data d => d -> u) -> PrivateKey -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> PrivateKey -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> PrivateKey -> m PrivateKey # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> PrivateKey -> m PrivateKey # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> PrivateKey -> m PrivateKey # | |
| Read PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods readsPrec :: Int -> ReadS PrivateKey # readList :: ReadS [PrivateKey] # readPrec :: ReadPrec PrivateKey # readListPrec :: ReadPrec [PrivateKey] # | |
| Show PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods showsPrec :: Int -> PrivateKey -> ShowS # show :: PrivateKey -> String # showList :: [PrivateKey] -> ShowS # | |
| NFData PrivateKey | |
Defined in Crypto.PubKey.RSA.Types Methods rnf :: PrivateKey -> () # | |
Policy JSON
policyJSON :: Policy -> ByteString Source #
Encode a Policy as JSON, with no whitespace, as AWS requires.
Excerpt from Setting Signed Cookies Using a Custom Policy:
- "Remove all whitespace (including tabs and newline characters) from the policy statement."
Reading cookies
Miscellaneous
Cookies
type CookiesText = [(Text, Text)] #
Textual cookies. Functions assume UTF8 encoding.
renderCookiesText :: CookiesText -> Text Source #
Format a list of cookies as HTTP request headers.
newtype PolicyCookie Source #
The value of a CloudFront-Policy cookie.
Constructors
| PolicyCookie Text |
Instances
| Eq PolicyCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types | |
| Show PolicyCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods showsPrec :: Int -> PolicyCookie -> ShowS # show :: PolicyCookie -> String # showList :: [PolicyCookie] -> ShowS # | |
newtype SignatureCookie Source #
The value of a CloudFront-Signature cookie.
Constructors
| SignatureCookie Text |
Instances
| Eq SignatureCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods (==) :: SignatureCookie -> SignatureCookie -> Bool # (/=) :: SignatureCookie -> SignatureCookie -> Bool # | |
| Show SignatureCookie Source # | |
Defined in Network.AWS.CloudFront.SignedCookies.Types Methods showsPrec :: Int -> SignatureCookie -> ShowS # show :: SignatureCookie -> String # showList :: [SignatureCookie] -> ShowS # | |
Time
data NominalDiffTime #
This is a length of time, as measured by UTC. It has a precision of 10^-12 s.
Conversion functions will treat it as seconds.
For example, (0.010 :: NominalDiffTime) corresponds to 10 milliseconds.
It ignores leap-seconds, so it's not necessarily a fixed amount of clock time. For instance, 23:00 UTC + 2 hours of NominalDiffTime = 01:00 UTC (+ 1 day), regardless of whether a leap-second intervened.
Instances
type POSIXTime = NominalDiffTime #
POSIX time is the nominal time since 1970-01-01 00:00 UTC
To convert from a CTime or System.Posix.EpochTime, use realToFrac.
nominalDay :: NominalDiffTime #
One day in NominalDiffTime.
getPOSIXTime :: IO POSIXTime #
Get the current POSIX time from the system clock.
Text
A space efficient, packed, unboxed Unicode text type.
Instances
| Hashable Text | |
Defined in Data.Hashable.Class | |
| ToJSON Text | |
Defined in Data.Aeson.Types.ToJSON | |
| KeyValue Object | Constructs a singleton |
| KeyValue Pair | |
| ToJSONKey Text | |
Defined in Data.Aeson.Types.ToJSON | |
| FromJSON Text | |
| FromJSONKey Text | |
Defined in Data.Aeson.Types.FromJSON | |
| Chunk Text | |
Defined in Data.Attoparsec.Internal.Types | |
| Ixed Text | |
Defined in Control.Lens.At | |
| AsNumber Text | |
| AsPrimitive Text | |
| AsValue Text | |
| AsJSON Text | |
| FromPairs Value (DList Pair) | |
Defined in Data.Aeson.Types.ToJSON | |
| v ~ Value => KeyValuePair v (DList Pair) | |
Defined in Data.Aeson.Types.ToJSON | |
| type State Text | |
Defined in Data.Attoparsec.Internal.Types | |
| type ChunkElem Text | |
Defined in Data.Attoparsec.Internal.Types | |
| type Item Text | |
| type Index Text | |
Defined in Control.Lens.At | |
| type IxValue Text | |
Defined in Control.Lens.At | |