本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用 Java 建立 URL 簽章
除了下列程式碼範例之外,您還可以使用 [適用於 Java 的 AWS SDK (版本 1) 中的`CloudFrontUrlSigner`公用程式類別](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloudfront/CloudFrontUrlSigner.html)來建立 [CloudFront 簽章URLs](private-content-signed-urls.md)。
如需更多範例,請參閱 *AWS SDK 程式碼範例程式碼庫*中的[使用 AWS SDK 建立簽章URLs 和 Cookie](https://docs.aws.amazon.com/code-library/latest/ug/cloudfront_example_cloudfront_CloudFrontUtilities_section.html)。
**備註**
建立簽署 URL 只是[透過 CloudFront 提供私有內容](PrivateContent.md)程序的一個環節。如需有關整個程序的詳細資訊,請參閱 [使用已簽署 URL](private-content-signed-urls.md)。
在`Signature.getInstance`通話中,請注意 `SHA1withRSA`可以取代為 `SHA256withRSA`。
**Example Java 政策和簽章加密方法**
```
package org.example;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities;
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import software.amazon.awssdk.services.cloudfront.url.SignedUrl;
public class Main {
public static void main(String[] args) throws Exception {
CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create();
Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS);
String resourceUrl = "https://a1b2c3d4e5f6g7.cloudfront.net";
String keyPairId = "K1UA3WV15I7JSD";
CannedSignerRequest cannedRequest = CannedSignerRequest.builder()
.resourceUrl(resourceUrl)
.privateKey(new java.io.File("/path/to/private_key.pem").toPath())
.keyPairId(keyPairId)
.expirationDate(expirationDate)
.build();
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedRequest);
String url = signedUrl.url();
System.out.println(url);
}
}
```
**Example 在 Java 中使用 SHA256 的固定政策簽署範例**
```
package org.example;
import java.io.File;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
String resourceUrl = "https://a1b2c3d4e5f6g7.cloudfront.net/myfile.html";
String keyPairId = "K1UA3WV15I7JSD";
Instant expiration = Instant.now().plus(7, ChronoUnit.DAYS);
PrivateKey privateKey = loadPrivateKey("/path/to/private_key.der");
System.out.println(createSignedUrl(resourceUrl, keyPairId, privateKey, expiration, "SHA1"));
System.out.println(createSignedUrl(resourceUrl, keyPairId, privateKey, expiration, "SHA256"));
}
static String createSignedUrl(String resourceUrl, String keyPairId,
PrivateKey privateKey, Instant expiration,
String hashAlgorithm) throws Exception {
long epochSeconds = expiration.getEpochSecond();
String policy = "{\"Statement\":[{\"Resource\":\"" + resourceUrl
+ "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + epochSeconds + "}}}]}";
String jcaAlgorithm = hashAlgorithm.equals("SHA256") ? "SHA256withRSA" : "SHA1withRSA";
Signature sig = Signature.getInstance(jcaAlgorithm);
sig.initSign(privateKey);
sig.update(policy.getBytes("UTF-8"));
String signature = base64UrlEncode(sig.sign());
String url = resourceUrl
+ (resourceUrl.contains("?") ? "&" : "?")
+ "Expires=" + epochSeconds
+ "&Signature=" + signature
+ "&Key-Pair-Id=" + keyPairId;
if (hashAlgorithm.equals("SHA256")) {
url += "&Hash-Algorithm=SHA256";
}
return url;
}
static String base64UrlEncode(byte[] bytes) {
return Base64.getEncoder().encodeToString(bytes)
.replace('+', '-')
.replace('=', '_')
.replace('/', '~');
}
static PrivateKey loadPrivateKey(String path) throws Exception {
byte[] keyBytes = Files.readAllBytes(new File(path).toPath());
return KeyFactory.getInstance("RSA")
.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
}
}
```
另請參閱:
+ [使用 Perl 建立 URL 簽章](CreateURLPerl.md)
+ [使用 PHP 建立 URL 簽章](CreateURL_PHP.md)
+ [使用 C\$1 和 .NET 架構建立 URL 簽章](CreateSignatureInCSharp.md)