Sign Cloudfront URLs with Go

cloudfront.go

package main

import (
	"crypto/x509"
	"encoding/pem"

	"flag"
	"fmt"
	"io/ioutil"
	"time"

	"github.com/aws/aws-sdk-go/service/cloudfront/sign"
)

/*
	Simple CLI tool to sign Cloudfron URLs
	
	Run with:
	go run cloudfront.go -key-path "cf-key.pem" -key-id "cf-key-id" -url "http://www.mydomain.com/private/stuff.json"
*/

func main() {
	keyID := flag.String("key-id", "", "Signing key ID")
	keyPath := flag.String("key-path", "", "Signing key path")
	rawURL := flag.String("url", "", "URL to be signed")
	ttl := flag.Duration("ttl", time.Hour*24, "URL TTL")
	flag.Parse()

	privBytes, err := ioutil.ReadFile(*keyPath)
	if err != nil {
		fmt.Printf("Failed to read Cloudfront signing key from: %s\n", *keyPath)
		return
	}

	block, _ := pem.Decode(privBytes)
	if block == nil {
		fmt.Printf("Not a valid PEM key file: %s\n", *keyPath)
		return
	}

	privKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		fmt.Printf("Failed to parse private key from: %s\n", *keyPath)
		return
	}

	signer := sign.NewURLSigner(*keyID, privKey)
	signedURL, err := signer.Sign(*rawURL, time.Now().Add(*ttl))
	if err != nil {
		fmt.Printf("Failed to sign url, err: %s\n", err.Error())
		return
	}

	fmt.Println(signedURL)
}