         | Did this page help you? Yes No Tell us about it... |
Create a URL Signature Using PHP
Any web server that runs PHP can use the PHP demo code to create policy statements and signatures for CloudFront streaming private distributions. The sample creates a functioning web page with signed URL links that play a video stream using CloudFront streaming. To get the sample, download Signature Code for Video Streaming in PHP.
![[Note]](http://docs.amazonwebservices.com/docs-common/images/note.png) | Note |
|---|---|
Creating a URL signature is just one part of the process of serving private content using a signed URL. For more information about the entire process, see How to Serve Private Content Using a Signed URL. |
In the following code segment, the function rsa_sha1_sign hashes the policy
and encrypts the result. The arguments required are a policy statement, an
out parameter to contain the signature, and the private key for your AWS account or for a trusted AWS account that you specify.
Next, the url_safe_base64_encode function creates a URL-safe version of the
signature.
Example RSA SHA1 Encryption in PHP
function rsa_sha1_sign($policy, $private_key_filename) {
$signature = "";
// load the private key
$fp = fopen($private_key_filename, "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$pkeyid = openssl_get_privatekey($priv_key);
// compute signature
openssl_sign($policy, $signature, $pkeyid);
// free the key from memory
openssl_free_key($pkeyid);
return $signature;
}
function url_safe_base64_encode($value) {
$encoded = base64_encode($value);
// replace unsafe characters +, = and / with
// the safe characters -, _ and ~
return str_replace(
array('+', '=', '/'),
array('-', '_', '~'),
$encoded);
}The following code constructs a canned policy statement needed for creating the signature. For more information about canned policies, see Canned Policy.
Example Canned Signing Function in PHP
function get_canned_policy_stream_name($video_path, $private_key_filename, $key_pair_id, $expires) {
// this policy is well known by CloudFront, but you still need to sign it,
// since it contains your parameters
$canned_policy = '{"Statement":[{"Resource":"' . $video_path . '","Condition":{"DateLessThan":{"AWS:EpochTime":'. $expires . '}}}]}';
// the policy contains characters that cannot be part of a URL,
// so we Base64 encode it
$encoded_policy = url_safe_base64_encode($canned_policy);
// sign the original policy, not the encoded version
$signature = rsa_sha1_sign($canned_policy, $private_key_filename);
// make the signature safe to be included in a url
$encoded_signature = url_safe_base64_encode($signature);
// combine the above into a stream name
$stream_name = create_stream_name($video_path, null, $encoded_signature, $key_pair_id, $expires);
// url-encode the query string characters to work around a flash player bug
return encode_query_params($stream_name);
}The following code constructs a custom policy statement needed for creating the signature. For more information about custom policies, see Canned Policy.
Example Custom Signing Function in PHP
function get_custom_policy_stream_name($video_path, $private_key_filename, $key_pair_id, $policy) {
// the policy contains characters that cannot be part of a URL, so we Base64 encode it
$encoded_policy = url_safe_base64_encode($policy);
// sign the original policy, not the encoded version
$signature = rsa_sha1_sign($policy, $private_key_filename);
// make the signature safe to be included in a url
$encoded_signature = url_safe_base64_encode($signature);
// combine the above into a stream name
$stream_name = create_stream_name($video_path, $encoded_policy, $encoded_signature, $key_pair_id, null);
// url-encode the query string characters to work around a flash player bug
return encode_query_params($stream_name);
}For more information about OpenSSL implementation of RSA encryption, see The Open Source Toolkit for SSL/TLS.
See also
