| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Aws.CloudFront.Signer
- type URL = String
- type JSONPOlicy = String
- data CloudFrontSigningKey = CloudFrontSigningKey {
- cfk_key_id :: KeyID
- cfk_key :: PrivateKey
- data CloudFrontPolicy = CloudFrontPolicy {}
- readCloudFrontSigningKeyFromDER :: KeyID -> FilePath -> IO CloudFrontSigningKey
- parseRSAPrivateKeyDER :: ByteString -> Either String PrivateKey
- signCannedPolicyURL :: CloudFrontSigningKey -> UTCTime -> URL -> URL
- signCustomPolicyURL :: CloudFrontSigningKey -> CloudFrontPolicy -> URL
- signCustomPolicyURL_ :: CloudFrontSigningKey -> JSONPOlicy -> URL -> URL
- cannedPolicy :: UTCTime -> URL -> JSONPOlicy
- customPolicy :: CloudFrontPolicy -> JSONPOlicy
- unixTime :: UTCTime -> String
Documentation
type JSONPOlicy = String Source
a JSON CloudFront policy
data CloudFrontSigningKey Source
a CloudFront siging key has an identifier and an RSA private key
Constructors
| CloudFrontSigningKey | |
Fields
| |
Instances
data CloudFrontPolicy Source
a CloudFront policy must identify the resource being accessed and the expiry time; a starting time and IPv4 address may also be specified
Constructors
| CloudFrontPolicy | |
Fields | |
readCloudFrontSigningKeyFromDER :: KeyID -> FilePath -> IO CloudFrontSigningKey Source
RSA private keys can only be read from DER file for now (the OpenSSL tools can be used to convert from PEM:
openssl rsa -in input.pem -inform PEM -out output.der -outform DER
parseRSAPrivateKeyDER :: ByteString -> Either String PrivateKey Source
If you have the DER ByteString then you can construct a private key functionally.
signCannedPolicyURL :: CloudFrontSigningKey -> UTCTime -> URL -> URL Source
In most cases only a time-limited, signed URL is needed, in which case a canned policy can be used; URLs signed with a canned policy are shorter than those signed with a custom policy.
signCustomPolicyURL :: CloudFrontSigningKey -> CloudFrontPolicy -> URL Source
Signing a URL with a custom policy allows a start time to be specified and the IP address of the recipient(s) to be specified.
signCustomPolicyURL_ :: CloudFrontSigningKey -> JSONPOlicy -> URL -> URL Source
The URL can also be signed with the custom policy in JSON format. (See the CloudFront documentation for details.)
cannedPolicy :: UTCTime -> URL -> JSONPOlicy Source
The JSON canned policy can be generated from the expiry time and the URL of the distributed resource.
customPolicy :: CloudFrontPolicy -> JSONPOlicy Source
JSON custom policies provide more flexibility (allowing start times and recipient IP addresses to be specified) but generate longer signed URLs.