aws-cloudfront-signer-1.1.0.3: For signing AWS CloudFront HTTP URL requests

Safe HaskellNone
LanguageHaskell2010

Aws.CloudFront.Signer

Synopsis

Documentation

type URL = String Source

input and output URLs

type JSONPOlicy = String Source

a JSON CloudFront policy

data CloudFrontSigningKey Source

a CloudFront siging key has an identifier and an RSA private key

Constructors

CloudFrontSigningKey 

Fields

cfk_key_id :: KeyID
 
cfk_key :: PrivateKey
 

data CloudFrontPolicy Source

a CloudFront policy must identify the resource being accessed and the expiry time; a starting time and IPv4 address may also be specified

readCloudFrontSigningKeyFromDER :: KeyID -> FilePath -> IO CloudFrontSigningKey Source

RSA private keys can only be read from DER file for now (the OpenSSL tools can be used to convert from PEM:

openssl rsa -in input.pem -inform PEM -out output.der -outform DER

parseRSAPrivateKeyDER :: ByteString -> Either String PrivateKey Source

If you have the DER ByteString then you can construct a private key functionally.

signCannedPolicyURL :: CloudFrontSigningKey -> UTCTime -> URL -> URL Source

In most cases only a time-limited, signed URL is needed, in which case a canned policy can be used; URLs signed with a canned policy are shorter than those signed with a custom policy.

signCustomPolicyURL :: CloudFrontSigningKey -> CloudFrontPolicy -> URL Source

Signing a URL with a custom policy allows a start time to be specified and the IP address of the recipient(s) to be specified.

signCustomPolicyURL_ :: CloudFrontSigningKey -> JSONPOlicy -> URL -> URL Source

The URL can also be signed with the custom policy in JSON format. (See the CloudFront documentation for details.)

cannedPolicy :: UTCTime -> URL -> JSONPOlicy Source

The JSON canned policy can be generated from the expiry time and the URL of the distributed resource.

customPolicy :: CloudFrontPolicy -> JSONPOlicy Source

JSON custom policies provide more flexibility (allowing start times and recipient IP addresses to be specified) but generate longer signed URLs.

unixTime :: UTCTime -> String Source

CloudFront uses Unix Epoch time (number of seconds since 1970, UTC) to specify UTC.