/// <summary>
/// Returns signed cookies that provides tailored access to private content based on an access time window and an ip range.
/// </summary>
/// <param name="resourceUrlOrPath">
/// The URL or path for resource within a distribution.
/// </param>
/// <param name="privateKey">Your private key file. RSA private key (.pem) are supported.</param>
/// <param name="keyPairId">The key pair id corresponding to the private key file given.</param>
/// <param name="expiresOn">The expiration date till which content can be accessed using the generated cookies.</param>
/// <param name="activeFrom">The date from which content can be accessed using the generated cookies.</param>
/// <param name="ipRange">The allowed IP address range of the client making the GET request, in CIDR form (e.g. 192.168.0.1/24).</param>
/// <returns>The signed cookies.</returns>
public static CookiesForCustomPolicy GetCookiesForCustomPolicy(string resourceUrlOrPath,
TextReader privateKey,
string keyPairId,
DateTime expiresOn,
DateTime activeFrom,
string ipRange)
{
var cookies = new CookiesForCustomPolicy();
var policy = AmazonCloudFrontUrlSigner.BuildPolicyForSignedUrl(resourceUrlOrPath, expiresOn,
ipRange, activeFrom);
var base64EncodedPolicy = AmazonCloudFrontUrlSigner.MakeStringUrlSafe(policy);
cookies.Policy = new KeyValuePair <string, string>(PolicyKey, base64EncodedPolicy);
RSAParameters rsaParameters = AmazonCloudFrontUrlSigner.ConvertPEMToRSAParameters(privateKey);
byte[] signatureBytes = AmazonCloudFrontUrlSigner.SignWithSha1RSA(
UTF8Encoding.UTF8.GetBytes(policy), rsaParameters);
string urlSafeSignature = AmazonCloudFrontUrlSigner.MakeBytesUrlSafe(signatureBytes);
cookies.Signature = new KeyValuePair <string, string>(SignatureKey, urlSafeSignature);
cookies.KeyPairId = new KeyValuePair <string, string>(KeyPairIdKey, keyPairId);
return(cookies);
}