Hi everybody,

I found a lot of detailed examples online on how to sign an Amazon CloudFront URL for private content. Unfortunately, whenever I implement these examples my URL doesn't seem to work. The resource path is correct because I can download the file when it is set for world read, but the URL doesn't work when set just for authorized users. The PHP code I am using is below. If anybody has any insights as to what I might be doing wrong (I'm guessing it is something obvious that I am just not seeing right now), it would be greatly appreciated.

function urlCloudFront($resource) {
    $AWS_CF_KEY = 'APKA...';
    $priv_key = file_get_contents(path_to_pem_file);
    $pkeyid = openssl_get_privatekey($priv_key);
    $expires = strtotime("+ 3 hours");

    $policy_str = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';
    $policy_str = trim( preg_replace( '/\s+/', '', $policy_str ) );

    $res = openssl_sign($policy_str, $signature, $pkeyid, OPENSSL_ALGO_SHA1);
    $signature_base64 = (base64_encode($signature));
    $repl = array('+' => '-','=' => '_','/' => '~');
    $signature_base64 = strtr($signature_base64,$repl);
    $url = $resource . '?Expires=' .$expires. '&Signature=' . $signature_base64 . '&Key-Pair-Id='. $AWS_CF_KEY;

    print '<p><A href="' .$url. '">Download VIDA (CloudFrount)</A>';
}

urlCloudFront("http://mydistcloud.cloudfront.net/mydir/myfile.tar.gz");

Thanks.