# Copyright 2018 Google, Inc # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # [START cloudcdn_sign_url] def signed_url url:, key_name:, key:, expiration: # url = "URL of the endpoint served by Cloud CDN" # key_name = "Name of the signing key added to the Google Cloud Storage bucket or service" # key = "Signing key as urlsafe base64 encoded string" # expiration = Ruby Time object with expiration time require "base64" require "openssl" require "time" # Decode the URL safe base64 encode key decoded_key = Base64.urlsafe_decode64 key # Get UTC time in seconds expiration_utc = expiration.utc.to_i # Determine which separator makes sense given a URL separator = "?" separator = "&" if url.include? "?" # Concatenate url with expected query parameters Expires and KeyName url = "#{url}#{separator}Expires=#{expiration_utc}&KeyName=#{key_name}" # Sign the url using the key and url safe base64 encode the signature signature = OpenSSL::HMAC.digest "SHA1", decoded_key, url encoded_signature = Base64.urlsafe_encode64 signature # Concatenate the URL and encoded signature signed_url = "#{url}&Signature=#{encoded_signature}" end # [END cloudcdn_sign_url] if $PROGRAM_NAME == __FILE__ if ARGV.count == 4 puts signed_url url: ARGV.shift, key_name: ARGV.shift, key: ARGV.shift, expiration: Time.now + ARGV.shift.to_i else puts <<~USAGE Usage: bundle exec ruby sign_url.rb <url> <key_name> <key> <expires_in> Arguments: url - URL of the endpoint served by Cloud CDN key_name - Name of the signing key added to the Google Cloud Storage bucket or service key - Signing key as a urlsafe base64 encoded string expires_in - Expire signed URL in number of seconds from current time USAGE end end