# Java를 사용한 URL 서명 생성
다음 코드 예제 외에도 [AWS SDK for Java(버전 1)의 `CloudFrontUrlSigner` 유틸리티 클래스](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloudfront/CloudFrontUrlSigner.html)를 사용하여 [CloudFront 서명 URL](private-content-signed-urls.md)을 만들 수 있습니다.
자세한 예제는 AWS SDK Code Examples Code Library에서 [AWS SDK를 사용하여 서명된 URL 및 쿠키 만들기](https://docs.aws.amazon.com/code-library/latest/ug/cloudfront_example_cloudfront_CloudFrontUtilities_section.html)를 참조합니다.**
**참고**
서명된 URL 생성은 [CloudFront를 통해 프라이빗 콘텐츠를 제공](PrivateContent.md)하는 프로세스의 한 부분에 불과합니다. 전체 프로세스에 대한 자세한 내용은 [서명된 URL 사용](private-content-signed-urls.md)을 참조하세요.
`Signature.getInstance` 직접 호출에서 `SHA1withRSA`를 `SHA256withRSA`로 바꿀 수 있습니다.
**Example Java 정책 및 서명 암호화 메서드**
```
package org.example;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities;
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import software.amazon.awssdk.services.cloudfront.url.SignedUrl;
public class Main {
public static void main(String[] args) throws Exception {
CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create();
Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS);
String resourceUrl = "https://a1b2c3d4e5f6g7.cloudfront.net";
String keyPairId = "K1UA3WV15I7JSD";
CannedSignerRequest cannedRequest = CannedSignerRequest.builder()
.resourceUrl(resourceUrl)
.privateKey(new java.io.File("/path/to/private_key.pem").toPath())
.keyPairId(keyPairId)
.expirationDate(expirationDate)
.build();
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedRequest);
String url = signedUrl.url();
System.out.println(url);
}
}
```
**Example Java에서 SHA256을 사용한 준비된 정책 서명 예제**
```
package org.example;
import java.io.File;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
String resourceUrl = "https://a1b2c3d4e5f6g7.cloudfront.net/myfile.html";
String keyPairId = "K1UA3WV15I7JSD";
Instant expiration = Instant.now().plus(7, ChronoUnit.DAYS);
PrivateKey privateKey = loadPrivateKey("/path/to/private_key.der");
System.out.println(createSignedUrl(resourceUrl, keyPairId, privateKey, expiration, "SHA1"));
System.out.println(createSignedUrl(resourceUrl, keyPairId, privateKey, expiration, "SHA256"));
}
static String createSignedUrl(String resourceUrl, String keyPairId,
PrivateKey privateKey, Instant expiration,
String hashAlgorithm) throws Exception {
long epochSeconds = expiration.getEpochSecond();
String policy = "{\"Statement\":[{\"Resource\":\"" + resourceUrl
+ "\",\"Condition\":{\"DateLessThan\":{\"AWS:EpochTime\":" + epochSeconds + "}}}]}";
String jcaAlgorithm = hashAlgorithm.equals("SHA256") ? "SHA256withRSA" : "SHA1withRSA";
Signature sig = Signature.getInstance(jcaAlgorithm);
sig.initSign(privateKey);
sig.update(policy.getBytes("UTF-8"));
String signature = base64UrlEncode(sig.sign());
String url = resourceUrl
+ (resourceUrl.contains("?") ? "&" : "?")
+ "Expires=" + epochSeconds
+ "&Signature=" + signature
+ "&Key-Pair-Id=" + keyPairId;
if (hashAlgorithm.equals("SHA256")) {
url += "&Hash-Algorithm=SHA256";
}
return url;
}
static String base64UrlEncode(byte[] bytes) {
return Base64.getEncoder().encodeToString(bytes)
.replace('+', '-')
.replace('=', '_')
.replace('/', '~');
}
static PrivateKey loadPrivateKey(String path) throws Exception {
byte[] keyBytes = Files.readAllBytes(new File(path).toPath());
return KeyFactory.getInstance("RSA")
.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
}
}
```
추가 참고:
+ [Perl을 사용한 URL 서명 생성](CreateURLPerl.md)
+ [PHP를 사용한 URL 서명 생성](CreateURL_PHP.md)
+ [C\# 및 .NET Framework를 사용한 URL 서명 생성](CreateSignatureInCSharp.md)