t11a · June 13, 2015 01:58
diff --git a/custom_policy_request.rb b/custom_policy_request.rb
 #!/usr/bin/env ruby

 require 'json'
 require 'base64'
 require 'openssl'

 ### CloudFront Key Pair
 KEY_PAIR_ID = "XXXXX"
 PRIVATE_KEY = "pk-XXXXX.pem"
 ### Destination URL and RESOURCE for Policy
 DST_URL  = "https://xxxx.cloudfront.net/index.html"
 RESOURCE = "http*://xxxx.cloudfront.net/index.html"

 start_time = (Time.now - 60).to_i
 expire_time = (Time.now + 60*60*24*10).to_i

 condition = { "DateLessThan" => {"AWS:EpochTime" => expire_time }, "DateGreaterThan" => {"AWS:EpochTime" => start_time } }

 policy = { "Statement" => ["Resource" => RESOURCE, "Condition" => condition] }

 puts "------- policy -------"
 p policy = policy.to_json

 encoded_policy = Base64.encode64(policy).tr('+=/','-_~')
 puts "------- encoded_policy -------"
 p encoded_policy.gsub!(/(\r\n|\r|\n)/, "")

 # cat policy.json | openssl sha1 -sign pk.pem | openssl base64 | tr '+=/' '-_~'
 pkey = OpenSSL::PKey::read(File.read(PRIVATE_KEY))
 signature = pkey.sign(OpenSSL::Digest::SHA1.new, policy)
 encoded_signature = Base64.encode64(signature).tr('+=/','-_~')

 puts "------ encoded_signature --------"
 p encoded_signature.gsub!(/(\r\n|\r|\n)/, "")

 header = "Cookie:CloudFront-Expires=#{expire_time}; CloudFront-Policy=#{encoded_policy}; CloudFront-Signature=#{encoded_signature}; CloudFront-Key-Pair-Id=#{KEY_PAIR_ID}"

 puts "-------- header -------"
 p header

 puts "---------------"
 puts `curl -vH '#{header}' #{DST_URL}`
	#!/usr/bin/env ruby

	require 'json'
	require 'base64'
	require 'openssl'

	### CloudFront Key Pair
	KEY_PAIR_ID = "XXXXX"
	PRIVATE_KEY = "pk-XXXXX.pem"
	### Destination URL and RESOURCE for Policy
	DST_URL = "https://xxxx.cloudfront.net/index.html"
	RESOURCE = "http*://xxxx.cloudfront.net/index.html"

	start_time = (Time.now - 60).to_i
	expire_time = (Time.now + 606024*10).to_i

	condition = { "DateLessThan" => {"AWS:EpochTime" => expire_time }, "DateGreaterThan" => {"AWS:EpochTime" => start_time } }

	policy = { "Statement" => ["Resource" => RESOURCE, "Condition" => condition] }

	puts "------- policy -------"
	p policy = policy.to_json

	encoded_policy = Base64.encode64(policy).tr('+=/','-_~')
	puts "------- encoded_policy -------"
	p encoded_policy.gsub!(/(\r\n\|\r\|\n)/, "")

	# cat policy.json \| openssl sha1 -sign pk.pem \| openssl base64 \| tr '+=/' '-_~'
	pkey = OpenSSL::PKey::read(File.read(PRIVATE_KEY))
	signature = pkey.sign(OpenSSL::Digest::SHA1.new, policy)
	encoded_signature = Base64.encode64(signature).tr('+=/','-_~')

	puts "------ encoded_signature --------"
	p encoded_signature.gsub!(/(\r\n\|\r\|\n)/, "")

	header = "Cookie:CloudFront-Expires=#{expire_time}; CloudFront-Policy=#{encoded_policy}; CloudFront-Signature=#{encoded_signature}; CloudFront-Key-Pair-Id=#{KEY_PAIR_ID}"

	puts "-------- header -------"
	p header

	puts "---------------"
	puts `curl -vH '#{header}' #{DST_URL}`