@@ -68,9 +68,87 @@ def sign_url(http://github.com/url,%20key_name,%20base64_key,%20expiration_time):
6868 url = url_to_sign , signature = signature )
6969
7070 print (signed_url )
71+
72+
73+ def sign_url_prefix (url , url_prefix , key_name , base64_key , expiration_time ):
74+ """Gets the Signed URL string for the specified URL prefix and configuration.
75+
76+ Args:
77+ url: URL of request.
78+ url_prefix: URL prefix to sign as a string.
79+ key_name: name of the signing key as a string.
80+ base64_key: signing key as a base64 encoded string.
81+ expiration_time: expiration time as a UTC datetime object.
82+
83+ Returns:
84+ Returns the Signed URL appended with the query parameters based on the
85+ specified URL prefix and configuration.
86+ """
87+ stripped_url = url .strip ()
88+ parsed_url = urllib .parse .urlsplit (stripped_url )
89+ query_params = urllib .parse .parse_qs (
90+ parsed_url .query , keep_blank_values = True )
91+ encoded_url_prefix = base64 .urlsafe_b64encode (
92+ url_prefix .strip ().encode ('utf-8' )).decode ('utf-8' )
93+ epoch = datetime .datetime .utcfromtimestamp (0 )
94+ expiration_timestamp = int ((expiration_time - epoch ).total_seconds ())
95+ decoded_key = base64 .urlsafe_b64decode (base64_key )
96+
97+ policy_pattern = u'URLPrefix={encoded_url_prefix}&Expires={expires}&KeyName={key_name}'
98+ policy = policy_pattern .format (
99+ encoded_url_prefix = encoded_url_prefix ,
100+ expires = expiration_timestamp ,
101+ key_name = key_name )
102+
103+ digest = hmac .new (
104+ decoded_key , policy .encode ('utf-8' ), hashlib .sha1 ).digest ()
105+ signature = base64 .urlsafe_b64encode (digest ).decode ('utf-8' )
106+
107+ signed_url = u'{url}{separator}{policy}&Signature={signature}' .format (
108+ url = stripped_url ,
109+ separator = '&' if query_params else '?' ,
110+ policy = policy ,
111+ signature = signature )
112+
113+ print (signed_url )
71114# [END sign_url]
72115
73116
117+ # [START cdn_sign_cookie]
118+ def sign_cookie (url_prefix , key_name , base64_key , expiration_time ):
119+ """Gets the Signed cookie value for the specified URL prefix and configuration.
120+
121+ Args:
122+ url_prefix: URL prefix to sign as a string.
123+ key_name: name of the signing key as a string.
124+ base64_key: signing key as a base64 encoded string.
125+ expiration_time: expiration time as a UTC datetime object.
126+
127+ Returns:
128+ Returns the Cloud-CDN-Cookie value based on the specified configuration.
129+ """
130+ encoded_url_prefix = base64 .urlsafe_b64encode (
131+ url_prefix .strip ().encode ('utf-8' )).decode ('utf-8' )
132+ epoch = datetime .datetime .utcfromtimestamp (0 )
133+ expiration_timestamp = int ((expiration_time - epoch ).total_seconds ())
134+ decoded_key = base64 .urlsafe_b64decode (base64_key )
135+
136+ policy_pattern = u'URLPrefix={encoded_url_prefix}:Expires={expires}:KeyName={key_name}'
137+ policy = policy_pattern .format (
138+ encoded_url_prefix = encoded_url_prefix ,
139+ expires = expiration_timestamp ,
140+ key_name = key_name )
141+
142+ digest = hmac .new (
143+ decoded_key , policy .encode ('utf-8' ), hashlib .sha1 ).digest ()
144+ signature = base64 .urlsafe_b64encode (digest ).decode ('utf-8' )
145+
146+ signed_policy = u'Cloud-CDN-Cookie={policy}:Signature={signature}' .format (
147+ policy = policy , signature = signature )
148+ print (signed_policy )
149+ # [END cdn_sign_cookie]
150+
151+
74152if __name__ == '__main__' :
75153 parser = argparse .ArgumentParser (
76154 description = __doc__ ,
@@ -94,8 +172,48 @@ def sign_url(http://github.com/url,%20key_name,%20base64_key,%20expiration_time):
94172 type = lambda d : datetime .datetime .utcfromtimestamp (float (d )),
95173 help = 'Expiration time expessed as seconds since the epoch.' )
96174
175+ sign_url_prefix_parser = subparsers .add_parser (
176+ 'sign-url-prefix' ,
177+ help = "Sign a URL prefix to grant temporary authorized access." )
178+ sign_url_prefix_parser .add_argument (
179+ 'url' , help = 'The request URL.' )
180+ sign_url_prefix_parser .add_argument (
181+ 'url_prefix' , help = 'The URL prefix to sign.' )
182+ sign_url_prefix_parser .add_argument (
183+ 'key_name' ,
184+ help = 'Key name for the signing key.' )
185+ sign_url_prefix_parser .add_argument (
186+ 'base64_key' ,
187+ help = 'The base64 encoded signing key.' )
188+ sign_url_prefix_parser .add_argument (
189+ 'expiration_time' ,
190+ type = lambda d : datetime .datetime .utcfromtimestamp (float (d )),
191+ help = 'Expiration time expessed as seconds since the epoch.' )
192+
193+ sign_cookie_parser = subparsers .add_parser (
194+ 'sign-cookie' ,
195+ help = "Generate a signed cookie to grant temporary authorized access." )
196+ sign_cookie_parser .add_argument (
197+ 'url_prefix' , help = 'The URL prefix to sign.' )
198+ sign_cookie_parser .add_argument (
199+ 'key_name' ,
200+ help = 'Key name for the signing key.' )
201+ sign_cookie_parser .add_argument (
202+ 'base64_key' ,
203+ help = 'The base64 encoded signing key.' )
204+ sign_cookie_parser .add_argument (
205+ 'expiration_time' ,
206+ type = lambda d : datetime .datetime .utcfromtimestamp (float (d )),
207+ help = 'Expiration time expessed as seconds since the epoch.' )
208+
97209 args = parser .parse_args ()
98210
99211 if args .command == 'sign-url' :
100212 sign_url (
101213 args .url , args .key_name , args .base64_key , args .expiration_time )
214+ elif args .command == 'sign-url-prefix' :
215+ sign_url_prefix (
216+ args .url , args .url_prefix , args .key_name , args .base64_key , args .expiration_time )
217+ elif args .command == 'sign-cookie' :
218+ sign_cookie (
219+ args .url_prefix , args .key_name , args .base64_key , args .expiration_time )
0 commit comments