route/vendor/github.com/aws/aws-sdk-go/service/cloudfront/sign/sign_cookie_example_test.go

package sign

import (
	"fmt"
	"io"
	"math/rand"
	"net/http"
	"time"
)

func examplePEMReader() io.Reader {
	reader, err := generatePEM(randReader, nil)
	if err != nil {
		panic(fmt.Sprintf("Unexpected pem generation err %v", err))
	}

	return reader
}

func ExampleCookieSigner_Sign() {
	origRandReader := randReader
	randReader = newRandomReader(rand.New(rand.NewSource(1)))
	defer func() {
		randReader = origRandReader
	}()

	// Load your private key so it can be used by the CookieSigner
	// To load private key from file use `sign.LoadPEMPrivKeyFile`.
	privKey, err := LoadPEMPrivKey(examplePEMReader())
	if err != nil {
		fmt.Println("failed to load private key", err)
		return
	}

	cookieSigner := NewCookieSigner("keyID", privKey)

	// Use the signer to sign the URL
	cookies, err := cookieSigner.Sign("http://example.com/somepath/*", testSignTime.Add(30*time.Minute))
	if err != nil {
		fmt.Println("failed to sign cookies with policy,", err)
		return
	}

	printExampleCookies(cookies)
	// Output:
	// Cookies:
	// CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2V4YW1wbGUuY29tL3NvbWVwYXRoLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTU4MDB9fX1dfQ__, , , false
	// CloudFront-Signature: o~jvj~CFkvGZB~yYED3elicKZag-CRijy8yD2E5yF1s7VNV7kNeQWC7MDtEcBQ8-eh7Xgjh0wMPQdAVdh09gBObd-hXDpKUyh8YKxogj~oloV~8KOvqE5xzWiKcqjdfJjmT5iEqIui~H1ExYjyKjgir79npmlyYkaJS5s62EQa8_, , , false
	// CloudFront-Key-Pair-Id: keyID, , , false
}

func ExampleCookieSigner_SignWithPolicy() {
	origRandReader := randReader
	randReader = newRandomReader(rand.New(rand.NewSource(1)))
	defer func() {
		randReader = origRandReader
	}()

	// Sign cookie to be valid for 30 minutes from now, expires one hour
	// from now, and restricted to the 192.0.2.0/24 IP address range.
	// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html
	p := &Policy{
		// Only a single policy statement can be used with CloudFront
		// cookie signatures.
		Statements: []Statement{{
			// Read the provided documentation on how to set this correctly,
			// you'll probably want to use wildcards
			Resource: "http://sub.cloudfront.com",
			Condition: Condition{
				// Optional IP source address range
				IPAddress: &IPAddress{SourceIP: "192.0.2.0/24"},
				// Optional date URL is not valid until
				DateGreaterThan: &AWSEpochTime{testSignTime.Add(30 * time.Minute)},
				// Required date the URL will expire after
				DateLessThan: &AWSEpochTime{testSignTime.Add(1 * time.Hour)},
			},
		},
		},
	}

	// Load your private key so it can be used by the CookieSigner
	// To load private key from file use `sign.LoadPEMPrivKeyFile`.
	privKey, err := LoadPEMPrivKey(examplePEMReader())
	if err != nil {
		fmt.Println("failed to load private key", err)
		return
	}

	// Key ID that represents the key pair associated with the private key
	keyID := "privateKeyID"

	// Set credentials to the CookieSigner.
	cookieSigner := NewCookieSigner(keyID, privKey)

	// Avoid adding an Expire or MaxAge. See provided AWS Documentation for
	// more info.
	cookies, err := cookieSigner.SignWithPolicy(p)
	if err != nil {
		fmt.Println("failed to sign cookies with policy,", err)
		return
	}

	printExampleCookies(cookies)
	// Output:
	// Cookies:
	// CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL3N1Yi5jbG91ZGZyb250LmNvbSIsIkNvbmRpdGlvbiI6eyJJcEFkZHJlc3MiOnsiQVdTOlNvdXJjZUlwIjoiMTkyLjAuMi4wLzI0In0sIkRhdGVHcmVhdGVyVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk1ODAwfSwiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTc2MDB9fX1dfQ__, , , false
	// CloudFront-Signature: JaWdcbr98colrDAhOpkyxqCZev2IAxURu1RKKo1wS~sI5XdNXWYbZJs2FdpbJ475ZvmhZ1-r4ENUqBXAlRfPfOc21Hm4~24jRmPTO3512D4uuJHrPVxSfgeGuFeigfCGWAqyfYYH1DsFl5JQDpzetsNI3ZhGRkQb8V-oYFanddg_, , , false
	// CloudFront-Key-Pair-Id: privateKeyID, , , false
}

func ExampleCookieOptions() {
	origRandReader := randReader
	randReader = newRandomReader(rand.New(rand.NewSource(1)))
	defer func() {
		randReader = origRandReader
	}()

	// Load your private key so it can be used by the CookieSigner
	// To load private key from file use `sign.LoadPEMPrivKeyFile`.
	privKey, err := LoadPEMPrivKey(examplePEMReader())
	if err != nil {
		fmt.Println("failed to load private key", err)
		return
	}

	// Create the CookieSigner with options set. These options can be set
	// directly with cookieSigner.Opts. These values can be overridden on
	// individual Sign and SignWithProfile calls.
	cookieSigner := NewCookieSigner("keyID", privKey, func(o *CookieOptions) {
		//provide an optional struct fields to specify other options
		o.Path = "/"

		// http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html
		o.Domain = ".cNameAssociatedWithMyDistribution.com"

		// Make sure your app/site can handle https payloads, otherwise
		// set this to false.
		o.Secure = true
	})

	// Use the signer to sign the URL
	cookies, err := cookieSigner.Sign("http*://*", testSignTime.Add(30*time.Minute), func(o *CookieOptions) {
		o.Path = "/mypath/"
	})
	if err != nil {
		fmt.Println("failed to sign cookies with policy,", err)
		return
	}

	printExampleCookies(cookies)
	// Output:
	// Cookies:
	// CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cCo6Ly8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk1ODAwfX19XX0_, /mypath/, .cNameAssociatedWithMyDistribution.com, true
	// CloudFront-Signature: Yco06vgowwvSYgTSY9XbXpBcTlUlqpyyYXgRhus3nfnC74A7oQ~fMBH0we-rGxvph8ZyHnTxC5ubbPKSzo3EHUm2IcQeEo4p6WCgZZMzCuLlkpeMKhMAkCqX7rmUfkXhTslBHe~ylcmaZqo-hdnOiWrXk2U974ZQbbt5cOjwQG0_, /mypath/, .cNameAssociatedWithMyDistribution.com, true
	// CloudFront-Key-Pair-Id: keyID, /mypath/, .cNameAssociatedWithMyDistribution.com, true
}

func printExampleCookies(cookies []*http.Cookie) {
	fmt.Println("Cookies:")
	for _, c := range cookies {
		fmt.Printf("%s: %s, %s, %s, %t\n", c.Name, c.Value, c.Path, c.Domain, c.Secure)
	}
}