t11a · July 25, 2017 06:07 · t11a · Jun 12, 2015
diff --git a/custom_policy_request.rb b/custom_policy_request.rb
 #!/usr/bin/env ruby

 require 'json'

 ### CloudFront Key Pair
 KEY_PAIR_ID = "XXXXX"
 PRIVATE_KEY = "pk-XXXXX.pem"
 ### Destination URL and RESOURCE for Policy
 DST_URL = "https://xxxx.cloudfront.net/index.html"
 RESOURCE = "http*://xxxx.cloudfront.net/index.html"

 start_time = (Time.now - 60).to_i
 expire_time = (Time.now + 60*60*24*10).to_i

 condition = { "DateLessThan" => {"AWS:EpochTime" => expire_time }, "DateGreaterThan" => {"AWS:EpochTime" => start_time } }

 policy = { "Statement" => ["Resource" => RESOURCE, "Condition" => condition] }

 puts "------- policy -------"
 p policy = policy.to_json

 puts "------- encoded_policy -------"
 encoded_policy = `printf %s '#{policy}' | base64 | tr '+=/' '-_~'`
 p encoded_policy.gsub!(/(\r\n|\r|\n)/, "")

 # cat policy.json | openssl sha1 -sign pk.pem | openssl base64 | tr '+=/' '-_~'
 signature = `printf %s '#{policy}' | openssl sha1 -sign #{PRIVATE_KEY} | openssl base64 | tr '+=/' '-_~'`

 puts "------ signature --------"
 p signature.gsub!(/(\r\n|\r|\n)/, "")

 header = "Cookie:CloudFront-Expires=#{expire_time}; CloudFront-Policy=#{encoded_policy}; CloudFront-Signature=#{signature}; CloudFront-Key-Pair-Id=#{KEY_PAIR_ID}"

 puts "-------- header -------"
 p header

 puts "---------------"
 puts `curl -vH '#{header}' #{DST_URL}`
	#!/usr/bin/env ruby

	require 'json'

	### CloudFront Key Pair
	KEY_PAIR_ID = "XXXXX"
	PRIVATE_KEY = "pk-XXXXX.pem"
	### Destination URL and RESOURCE for Policy
	DST_URL = "https://xxxx.cloudfront.net/index.html"
	RESOURCE = "http*://xxxx.cloudfront.net/index.html"

	start_time = (Time.now - 60).to_i
	expire_time = (Time.now + 606024*10).to_i

	condition = { "DateLessThan" => {"AWS:EpochTime" => expire_time }, "DateGreaterThan" => {"AWS:EpochTime" => start_time } }

	policy = { "Statement" => ["Resource" => RESOURCE, "Condition" => condition] }

	puts "------- policy -------"
	p policy = policy.to_json

	puts "------- encoded_policy -------"
	encoded_policy = `printf %s '#{policy}' \| base64 \| tr '+=/' '-_~'`
	p encoded_policy.gsub!(/(\r\n\|\r\|\n)/, "")

	# cat policy.json \| openssl sha1 -sign pk.pem \| openssl base64 \| tr '+=/' '-_~'
	signature = `printf %s '#{policy}' \| openssl sha1 -sign #{PRIVATE_KEY} \| openssl base64 \| tr '+=/' '-_~'`

	puts "------ signature --------"
	p signature.gsub!(/(\r\n\|\r\|\n)/, "")

	header = "Cookie:CloudFront-Expires=#{expire_time}; CloudFront-Policy=#{encoded_policy}; CloudFront-Signature=#{signature}; CloudFront-Key-Pair-Id=#{KEY_PAIR_ID}"

	puts "-------- header -------"
	p header

	puts "---------------"
	puts `curl -vH '#{header}' #{DST_URL}`