get_private_object_url ( $distribution_hostname, $filename, $expires, $opt )

Generates a time-limited and/or query signed request for a private file with additional optional restrictions.

Access

public

Parameters

Parameter

Type

Required

Description

$distribution_hostname

string

Required

The hostname of the distribution. Obtained from create_distribution() or get_distribution_info().

$filename

string

Required

The file name of the object. Query parameters can be included. You can use multicharacter match wild cards () or a single-character match wild card (?) anywhere in the string.

$expires

integer
string

Required

The expiration time expressed either as a number of seconds since UNIX Epoch, or any string that strtotime() can understand.

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • BecomeAvailable - integer|string - Optional - The time when the private URL becomes active. Can be expressed either as a number of seconds since UNIX Epoch, or any string that strtotime() can understand.
  • IPAddress - string - Optional - A single IP address to restrict the access to.
  • Secure - boolean - Optional - Whether or not to use HTTPS as the protocol scheme. A value of true uses https. A value of false uses http. The default value is false.

Returns

Type

Description

string

The file URL with authentication parameters.

Examples

Get a private object URL.

  1. Ensure you have the OpenSSL PHP Extension installed.
  2. In your AWS Account Settings, create a new CloudFront key-pair to give you a key-pair ID, and download a *.pem private key.
  3. Add the key-pair ID and the contents of your private key to your config.inc.php file.
  4. In Amazon CloudFront, Create a new origin access identity (OAI).
  5. In Amazon S3, set the object permissions as Owner = Full Control and the OAI ID = Read
  6. Call get_private_object_url().
$cdn = new AmazonCloudFront();

$response = $cdn->get_private_object_url(
	'dabcdefghijklxyz.cloudfront.net',
	'video/folder with spaces/såmplé.mp4',
	'5 minutes'
);

// Success?
var_dump($response);

See Also

Source

Method defined in services/cloudfront.class.php | Toggle source view (93 lines) | View on GitHub

public function get_private_object_url($distribution_hostname, $filename, $expires, $opt = null)
{
    if (!$this->key_pair_id || !$this->private_key)
    {
        throw new CloudFront_Exception('You must set both a Amazon CloudFront keypair ID and an RSA private key for that keypair before using ' . __FUNCTION__ . '()');
    }
    if (!function_exists('openssl_sign'))
    {
        throw new CloudFront_Exception(__FUNCTION__ . '() uses functions from the OpenSSL PHP Extension <http://php.net/openssl>, which is not installed in this PHP installation');
    }

    if (!$opt) $opt = array();

    $resource = '';
    $expiration_key = 'Expires';
    if (is_string($expires))
    {
        $expires = strtotime($expires);
    }
    $conjunction = (strpos($filename, '?') === false ? '?' : '&');

    // Determine the protocol scheme
    switch (substr($distribution_hostname, 0, 1) === 's')
    {
        // Streaming
        case 's':
            $scheme = 'rtmp';
            $resource = str_replace(array('%3F', '%3D', '%26', '%2F'), array('?', '=', '&', '/'), rawurlencode($filename));
            break;

        // Default
        case 'd':
        default:
            $scheme = 'http';
            $scheme .= (isset($opt['Secure']) && $opt['Secure'] === true ? 's' : '');
            $resource = $scheme . '://' . $distribution_hostname . '/' . str_replace(array('%3F', '%3D', '%26', '%2F'), array('?', '=', '&', '/'), rawurlencode($filename));
            break;
    }

    // Generate default policy
    $raw_policy = array(
        'Statement' => array(
            array(
                'Resource' => $resource,
                'Condition' => array(
                    'DateLessThan' => array(
                        'AWS:EpochTime' => $expires
                    )
                )
            )
        )
    );

    // Become Available
    if (isset($opt['BecomeAvailable']))
    {
        // Switch to 'Policy' instead
        $expiration_key = 'Policy';

        // Update the policy
        $raw_policy['Statement'][0]['Condition']['DateGreaterThan'] = array(
            'AWS:EpochTime' => strtotime($opt['BecomeAvailable'])
        );
    }

    // IP Address
    if (isset($opt['IPAddress']))
    {
        // Switch to 'Policy' instead
        $expiration_key = 'Policy';

        // Update the policy
        $raw_policy['Statement'][0]['Condition']['IpAddress'] = array(
            'AWS:SourceIp' => $opt['IPAddress']
        );
    }

    // Munge the policy
    $json_policy = str_replace('\/', '/', json_encode($raw_policy));
    $json_policy = $this->util->decode_uhex($json_policy);
    $encoded_policy = strtr(base64_encode($json_policy), '+=/', '-_~');

    // Generate the signature
    openssl_sign($json_policy, $signature, $this->private_key);
    $signature = strtr(base64_encode($signature), '+=/', '-_~');

    return $scheme . '://' . $distribution_hostname . '/'
        . str_replace(array('%3F', '%3D', '%26', '%2F'), array('?', '=', '&', '/'), rawurlencode($filename))
        . $conjunction
        . ($expiration_key === 'Expires' ? ($expiration_key . '=' . $expires) : ($expiration_key . '=' . $encoded_policy))
        . '&Key-Pair-Id=' . $this->key_pair_id
        . '&Signature=' . $signature;
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback