List of usage examples for com.amazonaws.services.cloudfront.model DefaultCacheBehavior setTrustedSigners
public void setTrustedSigners(TrustedSigners trustedSigners)
A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content.
From source file:org.duracloud.s3task.streaminghls.EnableHlsTaskRunner.java
License:Apache License
public String performTask(String taskParameters) { EnableStreamingTaskParameters taskParams = EnableStreamingTaskParameters.deserialize(taskParameters); String spaceId = taskParams.getSpaceId(); boolean secure = taskParams.isSecure(); List<String> allowedOrigins = taskParams.getAllowedOrigins(); log.info("Performing " + TASK_NAME + " task on space " + spaceId + ". Secure streaming set to " + secure); // Will throw if bucket does not exist String bucketName = unwrappedS3Provider.getBucketName(spaceId); String domainName = null;/*from w w w.j av a2s . c om*/ String distId = null; String oaIdentityId = getOriginAccessId(); EnableStreamingTaskResult taskResult = new EnableStreamingTaskResult(); DistributionSummary existingDist = getExistingDistribution(bucketName); if (existingDist != null) { // There is an existing distribution // Ensure that this is not an attempt to change the security type // of this existing distribution boolean existingSecure = !existingDist.getDefaultCacheBehavior().getTrustedSigners().getItems() .isEmpty(); if ((secure && !existingSecure) || (!secure && existingSecure)) { throw new UnsupportedTaskException(TASK_NAME, "The space " + spaceId + " is already configured to stream as " + (secure ? "OPEN" : "SECURE") + " and cannot be updated to stream as " + (secure ? "SECURE" : "OPEN") + ". To do this, you must first execute the " + StorageTaskConstants.DELETE_HLS_TASK_NAME + " task."); } distId = existingDist.getId(); if (!existingDist.isEnabled()) { // Distribution is disabled, enable it setDistributionState(distId, true); } domainName = existingDist.getDomainName(); } else { // No existing distribution, need to create one // Create S3 Origin S3OriginConfig s3OriginConfig = new S3OriginConfig() .withOriginAccessIdentity(S3_ORIGIN_OAI_PREFIX + oaIdentityId); Origin s3Origin = new Origin().withDomainName(bucketName + S3_ORIGIN_SUFFIX) .withS3OriginConfig(s3OriginConfig).withId("S3-" + bucketName); // Only include trusted signers on secure distributions TrustedSigners signers = new TrustedSigners(); if (secure) { signers.setItems(Collections.singletonList(cfAccountId)); signers.setEnabled(true); signers.setQuantity(1); } else { signers.setEnabled(false); signers.setQuantity(0); } DefaultCacheBehavior defaultCacheBehavior = new DefaultCacheBehavior(); defaultCacheBehavior.setTrustedSigners(signers); defaultCacheBehavior.setViewerProtocolPolicy(ViewerProtocolPolicy.RedirectToHttps); // Forwarding headers to support CORS, see: // https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-cors defaultCacheBehavior.setAllowedMethods( new AllowedMethods().withItems(Method.GET, Method.HEAD, Method.OPTIONS).withQuantity(3)); defaultCacheBehavior.setForwardedValues(new ForwardedValues().withQueryString(false) .withCookies(new CookiePreference().withForward(ItemSelection.None)) .withHeaders(new Headers() .withItems("Origin", "Access-Control-Request-Headers", "Access-Control-Request-Method") .withQuantity(3))); // Setting other cache behaviors required by the client defaultCacheBehavior.setMinTTL(0l); defaultCacheBehavior.setTargetOriginId(s3Origin.getId()); // Create origins list Origins origins; CacheBehaviors cacheBehaviors = new CacheBehaviors(); if (secure) { // Create Origin to allow signed cookies to be set through a CloudFront call CustomOriginConfig cookiesOriginConfig = new CustomOriginConfig() .withOriginProtocolPolicy(OriginProtocolPolicy.HttpsOnly).withHTTPPort(80) .withHTTPSPort(443); String getCookiesPath = "/durastore/aux"; String cookiesOriginId = "Custom origin - " + dcHost + getCookiesPath; Origin cookiesOrigin = new Origin().withDomainName(dcHost).withOriginPath(getCookiesPath) .withId(cookiesOriginId).withCustomOriginConfig(cookiesOriginConfig); origins = new Origins().withItems(s3Origin, cookiesOrigin).withQuantity(2); // Create behavior for cookies origin CookiePreference cookiePreference = new CookiePreference().withForward(ItemSelection.All); CacheBehavior cookiesCacheBehavior = new CacheBehavior().withPathPattern("/cookies") .withTargetOriginId(cookiesOriginId) .withViewerProtocolPolicy(ViewerProtocolPolicy.RedirectToHttps) .withAllowedMethods(new AllowedMethods().withItems(Method.GET, Method.HEAD).withQuantity(2)) .withForwardedValues( new ForwardedValues().withQueryString(true).withCookies(cookiePreference)) .withTrustedSigners(new TrustedSigners().withEnabled(false).withQuantity(0)).withMinTTL(0l); cacheBehaviors = cacheBehaviors.withItems(cookiesCacheBehavior).withQuantity(1); } else { origins = new Origins().withItems(s3Origin).withQuantity(1); } // Build distribution DistributionConfig distributionConfig = new DistributionConfig() .withCallerReference("" + System.currentTimeMillis()).withOrigins(origins).withEnabled(true) .withComment("HLS streaming for space: " + spaceId) .withDefaultCacheBehavior(defaultCacheBehavior); if (secure) { distributionConfig.setCacheBehaviors(cacheBehaviors); } Distribution dist = cfClient.createDistribution(new CreateDistributionRequest(distributionConfig)) .getDistribution(); domainName = dist.getDomainName(); } // Set bucket policy to accept origin access identity setBucketAccessPolicy(bucketName, oaIdentityId); // Set CORS policy on bucket setCorsPolicy(bucketName, allowedOrigins, dcHost); // Update bucket tags to include streaming host Map<String, String> spaceProps = s3Provider.getSpaceProperties(spaceId); spaceProps.put(HLS_STREAMING_HOST_PROP, domainName); spaceProps.put(HLS_STREAMING_TYPE_PROP, secure ? STREAMING_TYPE.SECURE.name() : STREAMING_TYPE.OPEN.name()); unwrappedS3Provider.setNewSpaceProperties(spaceId, spaceProps); taskResult.setResult(TASK_NAME + " task completed successfully"); // Return results taskResult.setStreamingHost(domainName); String toReturn = taskResult.serialize(); log.info("Result of " + TASK_NAME + " task: " + toReturn); return toReturn; }
From source file:org.duracloud.s3task.streaminghls.HlsTaskRunnerTestBase.java
License:Apache License
/** * Used when expecting a valid distribution as a result of the * listDistributions call./*from ww w. ja v a2s . c o m*/ * * @param secure defines if the returned distribution is secure or open * @param listCallsExpected the number of times the call to list distributions will * be called in order to retrieve the entire list */ protected void cfClientExpectValidDistribution(AmazonCloudFrontClient cfClient, boolean secure, int listCallsExpected) { Origin s3Origin = new Origin().withDomainName(bucketName + S3_ORIGIN_SUFFIX); DistributionSummary distSummary = new DistributionSummary().withId("id").withStatus("status") .withDomainName(domainName).withEnabled(true).withOrigins(new Origins().withItems(s3Origin)); TrustedSigners trustedSigners = new TrustedSigners().withQuantity(0); if (secure) { trustedSigners = new TrustedSigners().withQuantity(1).withItems("trusted-signer-item"); } DefaultCacheBehavior defaultCacheBehavior = new DefaultCacheBehavior(); defaultCacheBehavior.setTrustedSigners(trustedSigners); distSummary.setDefaultCacheBehavior(defaultCacheBehavior); for (int i = 0; i < listCallsExpected; i++) { boolean truncated = false; if ((listCallsExpected - i) > 1) { truncated = true; } List<DistributionSummary> distSummaries = new ArrayList(); distSummaries.add(distSummary); ListDistributionsResult distSummaryResult = new ListDistributionsResult() .withDistributionList(new DistributionList().withItems(distSummaries).withIsTruncated(truncated) .withNextMarker("marker")); EasyMock.expect(cfClient.listDistributions(EasyMock.isA(ListDistributionsRequest.class))) .andReturn(distSummaryResult); } }