ÿØÿà JFIF    ÿÛ „  ( %!1"%)+...383-7(-.+  -%%--------+------------/----------------------------ÿÀ  ¶" ÿÄ     ÿÄ @    !1AQaq‘¡"±ÁÑð2’BRráS‚ñ3b¢CT²Ò #cÿÄ    ÿÄ '   1!AQ2a"‘±#ÿÚ   ? ò(/p‘—–¢·,M|¯G»R£üešT. ôŸEoCFñ‡ 4ÔkåóxR|µÁ¨ÓDà!Ç´µ˜‡p ÍQ‹§!þž^õWsŒy  åÁ§$á«%ºq˜™JyyË0y«^Ϗ -3ÃÏËÈ£Æ\P’ä„s&•‹Üs üô'àWt¹pñCp$bÚF`·7.^)¾!)ÒÙ˜–ÅÏš^h¾ø³·ìe±ŒaeÖ—Í,e=B}Jéߦ$$½—šÙÜCC¯¶è8β–Åkèwx LÉngT±æ¹£Ócœ¿Í/©Éÿ ‰ÚCÒ­mq;Tt¶–}0"zÖPcd1š­¤tˆ„ÐÓâqú[™öUCŠ2޿د­É(¸ßúçšmW,Ò ºf‹Ån™ÄLêÁ8üÁkÁ€L¥ÍuJ1œôrÂSŒÓöt!7EUíïb)AËi¬â-ÙHk8òÁiXYwÅ)O^"ÇØriÛô{»wRUKÙÏÚlÓ¬€‚’שT ] ªb—ÊîKC^×M“xùäñz¬zJ× {4[¹M'IÆeH1LCWÕ]œûº WDæà°OÅ‚¹c²ÞuA–rL`HšpCez‡V’— Ž‚Ë„–ñ­'µR0ÕÖ=À:±G»C\nÆÉ5*¢ †3šhQ4ýÒi$Õ1"Ü]¢p-q3zcQ$ªö¨¥æf›‘»´ÝÚHá„e²JÇ–iÊ:·à¬Øc5Åk»Laª*wi [0Ówk ¦a¦0Õ²ÅÅ‚T¸’³q:Æ<¹ú Ò˜Æ}2VE•Ѐp¡Ô3Úº …h³^LJºçì¥Ánó|˜ÖˆÎˆ+« ¦dø‘Mº–d\ªDðÛ„Ì×LÝ——Ð9Ç|•FèçVm™¨€™3õS–9Äå¢<̉Ìm¢±`·º˜&Z²ž Ë®D«¶»6™‰©­HÈ Àá«h­i³04æ’hxœi3ï¨(ÓL·†‹¶ËpŒ ƒÜÒ? :õdsÀ –3æÓ·Üjâ¬9—]8n¼&]I F£¼…ì–—Œ0v°LǐÅfÛ2TÖ’aµ˜N@ÖBSÏ^à´4-±°b×nÈÈœÆD=KdŒø…ÄÈK,›ÖR§fjü$^ÔÎ!„6^ s:Üun\ôkCÞò÷<—Lúl Í›G¹ÀPá¼Nc¡šÒ…ÙWͳœ±vÊáЄ×9‹P‰cEØ‘™›µŸP<×g1 º©Ø¬wiÁ^l5× I/';Ë+´Z‡ÓÄFÕp[Èð’ HÄ ó 9¬Dl4“é±Ï”V=^Hð;žLädÉa‚°Ë,#/Ž~²BÔÛ QãñQtIeórVB,ÏÂf‹4#Μc‹É3ZIÖ Œ¢¥·üxa‡Ãçè„jŠ[5 Ä!U?,3žÎ×…ðdÓ÷háŠA‰ìÄ4÷ÃÜZÃE{‰®+W\ZÍE[‰»µk»MÝ­`¢©†˜ÃV‹-f¢¡†¢a«eŠ%«Y¨©q%jâd,Ôq`) ¤¦…šˆ ¦E>0Ùb²t–Ÿ  ÷jsςҒKÈcø(é›;k(’#ôŒQ ™C> õ³M9óºÆµ¤çâ;uÀ)5>RÔ¸fÓ~Ȧ—’-$fe«"FâUˆÊwµPÏu w+"åÉó¨6s™Û9(À¨ù©hE°½†n`m~“@©›p!Vkhµ Á1šbEqqÊ@ºèl›2 –Yã%‘‚hÛ{a¶‡ÅÞM²¬çL34®Çl]®‹ŽØŒm'RÜe35æöˆ­Á­ cP9šeÁköo´L³Ì=p8]”‡B¶,šº|ɏdzXˆØk*ÇÚ{#ñ‰pã(€¶‡9ý'šÜ³½¯kƒ†Â’ëSOƒ•Å®H6+a¢µˆ‹Y¨b˜b+XˆÖ!°u!¢"µˆˆn2ˆ Å0Ä`Å Ô®c(ÓÜGº•Ä»Œ âWî%q.áÐÄ÷î%umÍ£+ÜQ,Vn¦-GphU¸¢X­&,Gt ·K¢ÅÅ·¥RÄÊÉbKn N­R2g$VµÕó Qr#–ÓZUÏð0ÎtÙÀœz ëöo“Îk¯n„T°"SÞ+³/…€½"ižãO%Í%&Δâ‘ËØ´IˆÓ°Ë‰ÞM3.™yçÁzit›`4C`k¢¼á!álÄï sÂ[×!¤l¾æo"ƒIÔ'@ªu)3›ô®“@Z à¾] üœ'‡4¸PÞkÁ-qÄH‰ÓÍBd´ÿ —¹°ÄA&ÊUC„öz‚‚RæŠtf¬>˜ÑidšEçÑL÷áý¡V±h§­c¿¥¨ƒ@g¼…Ýö^ÞËc.ž„æ“I[ ª+·zÐÒÚ,½Ð»¶€C›7jk$๖€Ž¾ÅÙpp¶ÍþéΤ ½ØÎŒq ñpæžÅ¥#Øâ49ÃÂK^MYV“,¶Éz_òæ:…;Õ«¦I3âJ£¤û5$7Èxün\â]Êe¯(Ÿ&Ž‹¶2<6Ćf× æ¢ƱqWı[(ÙÂŽç‚T7¨@ÈÉÍß‚ïÙ"&3TYlGށ†)†#5ŠA©^T2ÆÁ†)©†©†¤yGXÁ†©"†)©¼ÅV WS†#©]R–r‹q5ÕbâWþBh¯u+ªÅÄ×ü„nÑ^êkªÁj‰jeœWˆÕÕ`µDµ2Ì+Ä µDµµ5Ô{¤Þ0RF’H÷AÛ<ÊÁ§ ƈæ0Ñ£ê4 öÚµ[¬/1²€â<-¬šö²r×0o×w ´xÐÒË„ g01¬„åEM蛇Ã\6µE›‘fÙO k÷CºnÓ1`iîÒ² áÂ!ÑLÄÿ ³¬\õ*:M=Ç»c‹2[‰ØsÕLò\ŒK L^™üÄN\¶#» Ç\……ßïIœÉ$¸ÎñÍ®ÔHÇ Ûí/´>Li”„†g^$ 7NÍÑÑ2M2ªNg=k½Ð}Ÿl6‡ —JWˆ”ÞéT·+µ¦üÂFè¢Vs6ýÆ4»2+2IÝ9ô9®ÇGÙÇ1+Ä8;*Õ§ž½D*îÑWÚçá3Ma¤·ˆ¥t}š²Ü…Q+Æüµ8HíS”üxGéÁˆ¦Ël„éÈ 5 µÄƒ6äÜ(kIš¯S†fÖ&¸®×v|Äyˆ*禌Éù@7-®Ä[]ÎÖ¿ê`º…=:…žJVnݳvðÖKE¼‚ »mà ÷f®:Ë ™–4rð¡4` ܹçž~‹C=œ…¾Ïj|VDtK.ƒ"9 Ï ­–éXá³6WÒïIL-Ї Ç CookieSigner.php000064400000004371152267572730007663 0ustar00 true, 'https' => true, ]; /** * @param $keyPairId string ID of the key pair * @param $privateKey string Path to the private key used for signing * * @throws \RuntimeException if the openssl extension is missing * @throws \InvalidArgumentException if the private key cannot be found. */ public function __construct($keyPairId, $privateKey) { $this->signer = new Signer($keyPairId, $privateKey); } /** * Create a signed Amazon CloudFront Cookie. * * @param string $url URL to sign (can include query string * and wildcards). Not required * when passing a custom $policy. * @param string|integer|null $expires UTC Unix timestamp used when signing * with a canned policy. Not required * when passing a custom $policy. * @param string $policy JSON policy. Use this option when * creating a signed cookie for a custom * policy. * * @return array The authenticated cookie parameters * @throws \InvalidArgumentException if the URL provided is invalid * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html */ public function getSignedCookie($url = null, $expires = null, $policy = null) { if ($url) { $this->validateUrl($url); } $cookieParameters = []; $signature = $this->signer->getSignature($url, $expires, $policy); foreach ($signature as $key => $value) { $cookieParameters["CloudFront-$key"] = $value; } return $cookieParameters; } private function validateUrl($url) { $scheme = str_replace('*', '', explode('://', $url)[0]); if (empty(self::$schemes[strtolower($scheme)])) { throw new \InvalidArgumentException('Invalid or missing URI scheme'); } } } Exception/CloudFrontException.php000064400000000315152267572730013170 0ustar00signer = new Signer($keyPairId, $privateKey); } /** * Create a signed Amazon CloudFront URL. * * Keep in mind that URLs meant for use in media/flash players may have * different requirements for URL formats (e.g. some require that the * extension be removed, some require the file name to be prefixed * - mp4:, some require you to add "/cfx/st" into your URL). * * @param string $url URL to sign (can include query * string string and wildcards) * @param string|integer|null $expires UTC Unix timestamp used when signing * with a canned policy. Not required * when passing a custom $policy. * @param string $policy JSON policy. Use this option when * creating a signed URL for a custom * policy. * * @return string The file URL with authentication parameters * @throws \InvalidArgumentException if the URL provided is invalid * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WorkingWithStreamingDistributions.html */ public function getSignedUrl($url, $expires = null, $policy = null) { // Determine the scheme of the url $urlSections = explode('://', $url); if (count($urlSections) < 2) { throw new \InvalidArgumentException("Invalid URL: {$url}"); } // Get the real scheme by removing wildcards from the scheme $scheme = str_replace('*', '', $urlSections[0]); $uri = new Uri($scheme . '://' . $urlSections[1]); $query = Psr7\Query::parse($uri->getQuery(), PHP_QUERY_RFC3986); $signature = $this->signer->getSignature( $this->createResource($scheme, (string) $uri), $expires, $policy ); $uri = $uri->withQuery( http_build_query($query + $signature, '', '&', PHP_QUERY_RFC3986) ); return $scheme === 'rtmp' ? $this->createRtmpUrl($uri) : (string) $uri; } private function createRtmpUrl(UriInterface $uri) { // Use a relative URL when creating Flash player URLs $result = ltrim($uri->getPath(), '/'); if ($query = $uri->getQuery()) { $result .= '?' . $query; } return $result; } /** * @param $scheme * @param $url * * @return string */ private function createResource($scheme, $url) { switch ($scheme) { case 'http': case 'http*': case 'https': return $url; case 'rtmp': $parts = parse_url($url); $pathParts = pathinfo($parts['path']); $resource = ltrim( $pathParts['dirname'] . '/' . $pathParts['basename'], '/' ); // Add a query string if present. if (isset($parts['query'])) { $resource .= "?{$parts['query']}"; } return $resource; } throw new \InvalidArgumentException("Invalid URI scheme: {$scheme}. " . "Scheme must be one of: http, https, or rtmp"); } } Signer.php000064400000011765152267572730006536 0ustar00keyPairId = $keyPairId; if (!$this->pkHandle = openssl_pkey_get_private($privateKey, $passphrase)) { if (!file_exists($privateKey)) { throw new \InvalidArgumentException("PK file not found: $privateKey"); } $this->pkHandle = openssl_pkey_get_private("file://$privateKey", $passphrase); if (!$this->pkHandle) { $errorMessages = []; while(($newMessage = openssl_error_string()) !== false){ $errorMessages[] = $newMessage; } throw new \InvalidArgumentException(implode("\n",$errorMessages)); } } } public function __destruct() { if (PHP_MAJOR_VERSION < 8) { $this->pkHandle && openssl_pkey_free($this->pkHandle); } } /** * Create the values used to construct signed URLs and cookies. * * @param string $resource The CloudFront resource to which * this signature will grant access. * Not used when a custom policy is * provided. * @param string|integer|null $expires UTC Unix timestamp used when * signing with a canned policy. * Not required when passing a * custom $policy. * @param string $policy JSON policy. Use this option when * creating a signature for a custom * policy. * * @return array The values needed to construct a signed URL or cookie * @throws \InvalidArgumentException when not provided either a policy or a * resource and a expires * @throws \RuntimeException when generated signature is empty * * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html */ public function getSignature($resource = null, $expires = null, $policy = null) { $signatureHash = []; if ($policy) { $policy = preg_replace('/\s/s', '', $policy); $signatureHash['Policy'] = $this->encode($policy); } elseif ($resource && $expires) { $expires = (int) $expires; // Handle epoch passed as string $policy = $this->createCannedPolicy($resource, $expires); $signatureHash['Expires'] = $expires; } else { throw new \InvalidArgumentException('Either a policy or a resource' . ' and an expiration time must be provided.'); } $signatureHash['Signature'] = $this->encode($this->sign($policy)); $signatureHash['Key-Pair-Id'] = $this->keyPairId; return $signatureHash; } private function createCannedPolicy($resource, $expiration) { return json_encode([ 'Statement' => [ [ 'Resource' => $resource, 'Condition' => [ 'DateLessThan' => ['AWS:EpochTime' => $expiration], ], ], ], ], JSON_UNESCAPED_SLASHES); } private function sign($policy) { $signature = ''; if(!openssl_sign($policy, $signature, $this->pkHandle)) { $errorMessages = []; while(($newMessage = openssl_error_string()) !== false) { $errorMessages[] = $newMessage; } $exceptionMessage = "An error has occurred when signing the policy"; if (count($errorMessages) > 0) { $exceptionMessage = implode("\n", $errorMessages); } throw new \RuntimeException($exceptionMessage); } return $signature; } private function encode($policy) { return strtr(base64_encode($policy), '+=/', '-_~'); } } CloudFrontClient.php000064400000077542152267572730010532 0ustar00getSignedUrl( $options['url'], isset($options['expires']) ? $options['expires'] : null, isset($options['policy']) ? $options['policy'] : null ); } /** * Create a signed Amazon CloudFront cookie. * * This method accepts an array of configuration options: * * - url: (string) URL of the resource being signed (can include query * string and wildcards). For example: http://d111111abcdef8.cloudfront.net/images/horizon.jpg?size=large&license=yes * - policy: (string) JSON policy. Use this option when creating a signed * URL for a custom policy. * - expires: (int) UTC Unix timestamp used when signing with a canned * policy. Not required when passing a custom 'policy' option. * - key_pair_id: (string) The ID of the key pair used to sign CloudFront * URLs for private distributions. * - private_key: (string) The filepath ot the private key used to sign * CloudFront URLs for private distributions. * * @param array $options Array of configuration options used when signing * * @return array Key => value pairs of signed cookies to set * @throws \InvalidArgumentException if url, key_pair_id, or private_key * were not specified. * @link http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/WorkingWithStreamingDistributions.html */ public function getSignedCookie(array $options) { foreach (['key_pair_id', 'private_key'] as $required) { if (!isset($options[$required])) { throw new \InvalidArgumentException("$required is required"); } } $cookieSigner = new CookieSigner( $options['key_pair_id'], $options['private_key'] ); return $cookieSigner->getSignedCookie( isset($options['url']) ? $options['url'] : null, isset($options['expires']) ? $options['expires'] : null, isset($options['policy']) ? $options['policy'] : null ); } }