2019-01-22 19:39:22 -08:00
< ? php
2020-05-19 16:07:59 -07:00
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
2024-02-05 10:49:20 -07:00
2019-01-22 19:39:22 -08:00
// snippet-start:[cloudfront.php.signed_cookie.complete]
// snippet-start:[cloudfront.php.signed_cookie.import]
require 'vendor/autoload.php' ;
2024-02-05 10:49:20 -07:00
2019-01-22 19:39:22 -08:00
use Aws\CloudFront\CloudFrontClient ;
use Aws\Exception\AwsException ;
2024-02-05 10:49:20 -07:00
2019-01-22 19:39:22 -08:00
// snippet-end:[cloudfront.php.signed_cookie.import]
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
/* ////////////////////////////////////////////////////////////////////////////
2020-05-26 14:37:50 -07:00
* Purpose: Gets cookie-signing information that viewers need to
2020-05-22 14:15:19 -07:00
* access restricted content in a specially-configured Amazon CloudFront
* distribution.
2020-05-19 16:07:59 -07:00
*
2020-05-22 14:15:19 -07:00
* Prerequisites: A CloudFront distribution that is specially configured for
* restricted access, and a CloudFront key pair. For more information, see
* "Serving Private Content with Signed URLs and Signed Cookies" in the
* Amazon CloudFront Developer Guide.
2020-05-19 16:07:59 -07:00
*
* Inputs:
2020-05-22 14:15:19 -07:00
* - $cloudFrontClient: An initialized CloudFront client.
* - $resourceKey: A CloudFront URL to the restricted content.
* - $expires: The expiration date and time for access requests, in
* UTC Unix timestamp format.
* - $privateKey: The path to the CloudFront private key file, in .pem format.
* - $keyPairId: The corresponding CloudFront key pair ID.
2020-05-19 16:07:59 -07:00
*
2020-05-22 14:15:19 -07:00
* Returns: Information about required Set-Cookie headers for cookie signing;
* otherwise, the error message.
2020-05-19 16:07:59 -07:00
* ///////////////////////////////////////////////////////////////////////// */
2024-02-05 10:49:20 -07:00
2019-01-22 19:39:22 -08:00
// snippet-start:[cloudfront.php.signed_cookie.main]
2020-05-19 16:07:59 -07:00
function signCookie (
$cloudFrontClient ,
$resourceKey ,
$expires ,
$privateKey ,
$keyPairId
) {
try {
$result = $cloudFrontClient -> getSignedCookie ([
'url' => $resourceKey ,
'expires' => $expires ,
'private_key' => $privateKey ,
'key_pair_id' => $keyPairId
]);
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
return $result ;
} catch ( AwsException $e ) {
return [ 'Error' => $e -> getAwsErrorMessage () ];
2024-02-05 10:49:20 -07:00
}
2020-05-19 16:07:59 -07:00
}
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
function signACookie ()
{
$resourceKey = 'https://d13l49jEXAMPLE.cloudfront.net/my-file.txt' ;
$expires = time () + 300 ; // 5 minutes (5 * 60 seconds) from now.
$privateKey = dirname ( __DIR__ ) . '/cloudfront/my-private-key.pem' ;
2020-05-26 08:29:23 -07:00
$keyPairId = 'AAPKAJIKZATYYYEXAMPLE' ;
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
$cloudFrontClient = new CloudFrontClient ([
'profile' => 'default' ,
2023-10-03 14:06:31 -04:00
'version' => '2018-06-18' ,
2020-05-19 16:07:59 -07:00
'region' => 'us-east-1'
]);
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
$result = signCookie (
$cloudFrontClient ,
$resourceKey ,
$expires ,
$privateKey ,
$keyPairId
);
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
/* If successful, returns something like:
2020-05-22 14:15:19 -07:00
CloudFront-Expires = 1589926678
CloudFront-Signature = Lv1DyC2q...2HPXaQ__
2020-05-26 08:29:23 -07:00
CloudFront-Key-Pair-Id = AAPKAJIKZATYYYEXAMPLE
2020-05-19 16:07:59 -07:00
*/
foreach ( $result as $key => $value ) {
echo $key . ' = ' . $value . " \n " ;
}
}
2024-02-05 10:49:20 -07:00
2020-05-19 16:07:59 -07:00
// Uncomment the following line to run this code in an AWS account.
// signACookie();
2019-01-22 19:39:22 -08:00
// snippet-end:[cloudfront.php.signed_cookie.main]
// snippet-end:[cloudfront.php.signed_cookie.complete]
