added CloudCDN url signing samples (#1020)

Author: daniel-sanche

cdn/signed-urls/README.md

@@ -0,0 +1,9 @@
+# Google Cloud CDN - Signing URLs
+Java implementation of  [`gcloud alpha compute sign-url`](https://cloud.google.com/sdk/gcloud/reference/alpha/compute/sign-url)
+- uses a private key to create a time-sensitive URL that can be used to access a private Cloud CDN endpoint
+- requires [random 128-bit key](https://cloud.google.com/cdn/docs/signed-urls#creatingkeys) encoded as base64 and [uploaded to a backend bucket](https://cloud.google.com/sdk/gcloud/reference/alpha/compute/backend-buckets/add-signed-url-key)
+
+## Getting Started
+
+1. [Download](https://maven.apache.org/download.cgi) and [install](https://maven.apache.org/install.html)  maven to handle the project's dependencies
+2. run `mvn clean verify` to build the project and run the tests

cdn/signed-urls/pom.xml

@@ -0,0 +1,37 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>com.google.cdn</groupId>
+  <artifactId>signedurls</artifactId>
+  <version>1.0</version>
+  <packaging>jar</packaging>
+
+  <!--
+  The parent pom defines common style checks and testing strategies for our samples.
+  Removing or replacing it should not affect the execution of the samples in anyway.
+  -->
+  <parent>
+    <groupId>com.google.cloud.samples</groupId>
+    <artifactId>shared-configuration</artifactId>
+    <version>1.0.8</version>
+  </parent>
+
+  <name>signedurls</name>
+  <url>http://maven.apache.org</url>
+
+  <properties>
+    <maven.compiler.target>1.8</maven.compiler.target>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.12</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+</project>

cdn/signed-urls/src/main/java/com/google/cdn/SignedUrls.java

@@ -0,0 +1,91 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.cdn;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import java.util.Calendar;
+import java.util.Date;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Samples to create a signed URL for a Cloud CDN endpoint
+ */
+public class SignedUrls {
+
+  // [START signUrl]
+  /**
+   * Creates a signed URL for a Cloud CDN endpoint with the given key
+   * URL must start with http:// or https://, and must contain a forward
+   * slash (/) after the hostname.
+   * @param url the Cloud CDN endpoint to sign
+   * @param key url signing key uploaded to the backend service/bucket, as a 16-byte array
+   * @param keyName the name of the signing key added to the back end bucket or service
+   * @param expirationTime the date that the signed URL expires
+   * @return a properly formatted signed URL
+   * @throws InvalidKeyException when there is an error generating the signature for the input key
+   * @throws NoSuchAlgorithmException when HmacSHA1 algorithm is not available in the environment
+   */
+  public static String signUrl(String url,
+                               byte[] key,
+                               String keyName,
+                               Date expirationTime)
+          throws InvalidKeyException, NoSuchAlgorithmException {
+
+    final long unixTime = expirationTime.getTime() / 1000;
+
+    String urlToSign = url
+                        + (url.contains("?") ? "&" : "?")
+                        + "Expires=" + unixTime
+                        + "&KeyName=" + keyName;
+
+    String encoded = SignedUrls.getSignature(key, urlToSign);
+    return urlToSign + "&Signature=" + encoded;
+  }
+
+  public static String getSignature(byte[] privateKey, String input)
+      throws InvalidKeyException, NoSuchAlgorithmException {
+
+    final String algorithm = "HmacSHA1";
+    final int offset = 0;
+    Key key = new SecretKeySpec(privateKey, offset, privateKey.length, algorithm);
+    Mac mac = Mac.getInstance(algorithm);
+    mac.init(key);
+    return  Base64.getUrlEncoder().encodeToString(mac.doFinal(input.getBytes()));
+  }
+  // [END signUrl]
+
+  public static void main(String[] args) throws Exception {
+    Calendar cal = Calendar.getInstance();
+    cal.setTime(new Date());
+    cal.add(Calendar.DATE, 1);
+    Date tomorrow = cal.getTime();
+
+    //read the key as a base 64 url-safe encoded string, then convert to byte array
+    final String keyPath = "/path/to/key";
+    String base64String = new String(Files.readAllBytes(Paths.get(keyPath)));
+    byte[] keyBytes = Base64.getUrlDecoder().decode(base64String);
+
+    String result = signUrl("http://example.com/", keyBytes, "YOUR-KEY-NAME", tomorrow);
+    System.out.println(result);
+  }
+}

cdn/signed-urls/src/test/java/com/google/cdn/SignedUrlsTest.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package com.google.cdn;
+
+import static com.google.cdn.SignedUrls.signUrl;
+import static junit.framework.TestCase.assertEquals;
+
+import java.util.Base64;
+import java.util.Date;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Test SignedUrls samples
+ */
+@RunWith(JUnit4.class)
+@SuppressWarnings("checkstyle:abbreviationaswordinname")
+public class SignedUrlsTest {
+  private static long TIMESTAMP = 1518135754;
+  private static Date EXPIRATION = new Date(TIMESTAMP * 1000);
+  private static byte[] KEY_BYTES = Base64.getUrlDecoder().decode("aaaaaaaaaaaaaaaaaaaaaa==");
+  private static String KEY_NAME = "my-key";
+  private static String BASE_URL = "https://www.example.com/";
+
+  @Test
+  public void testUrlPath() throws Exception {
+    String result = signUrl(BASE_URL + "foo", KEY_BYTES, KEY_NAME, EXPIRATION);
+    final String expected = "https://www.example.com/foo?Expires=1518135754&KeyName=my-key&Signature=vUfG4yv47dyns1j9e_OI6_5meuA=";
+    assertEquals(result, expected);
+  }
+
+  @Test
+  public void testUrlParams() throws Exception {
+    String result = signUrl(BASE_URL + "?param=true", KEY_BYTES, KEY_NAME, EXPIRATION);
+    final String expected = "https://www.example.com/?param=true&Expires=1518135754&KeyName=my-key&Signature=6TijW8OMX3gcMI5Kqs8ESiPY97c=";
+    assertEquals(result, expected);
+  }
+
+
+  @Test
+  public void testStandard() throws Exception {
+    String result = signUrl(BASE_URL, KEY_BYTES, KEY_NAME, EXPIRATION);
+    final String expected = "https://www.example.com/?Expires=1518135754&KeyName=my-key&Signature=4D0AbT4y0O7ZCzCUcAtPOJDkl2g=";
+    assertEquals(result, expected);
+  }
+}

pom.xml

@@ -45,6 +45,7 @@
         <module>bigquery/datatransfer/cloud-client</module>
         <module>bigquery/rest</module>
 
+        <module>cdn/signed-urls</module>
         <module>cloud-tasks</module>
         <module>compute</module>
         <module>container-registry/container-analysis</module>