Changes in Amazon CloudFront presigning from version 1 to version 2 - Amazon SDK for Java 2.x
High-level changesAPI changes
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Changes in Amazon CloudFront presigning from version 1 to version 2

This topic details the changes in the Amazon CloudFront from version 1 (v1) to version 2 (v2).

High-level changes

Change v1 v2

Maven dependencies

 
<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>com.amazonaws</groupId>
            <artifactId>aws-java-sdk-bom</artifactId>
            <version>1.12.5871</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>
<dependencies>
    <dependency>  
        <groupId>com.amazonaws</groupId>
        <artifactId>cloudfront</artifactId>
    </dependency>
</dependencies>
 
<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>software.amazon.awssdk</groupId>
            <artifactId>bom</artifactId>
            <version>2.21.212</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>
<dependencies>
    <dependency>
        <groupId>software.amazon.awssdk</groupId>
        <artifactId>cloudfront</artifactId>
    </dependency>
</dependencies>
Package name com.amazonaws.services.cloudfront software.amazon.awssdk.services.cloudfront
Class names

CloudFrontUrlSigner

CloudFrontCookieSigner

CloudFrontUtilities

SignedUrl

CannedSignerRequest

CustomSignerRequest

1 Latest version. 2 Latest version.

API changes

Behavior v1 v2
Build a canned request Arguments are passed directly to the API. 
CannedSignerRequest cannedRequest =
      CannedSignerRequest.builder()
                         .resourceUrl(resourceUrl)
                         .privateKey(privateKey)
                         .keyPairId(keyPairId)
                         .expirationDate(expirationDate)
                         .build();
Build a custom request Arguments are passed directly to the API. 
CustomSignerRequest customRequest =
      CustomSignerRequest.builder()
                         .resourceUrl(resourceUrl)
                         .privateKey(keyFile)
                         .keyPairId(keyPairId)
                         .expirationDate(expirationDate)
                         .activeDate(activeDate)
                         .ipRange(ipRange)
                         .build();
Generate a signed URL (canned) 
String signedUrl =
  CloudFrontUrlSigner.getSignedURLWithCannedPolicy(
    resourceUrl, keyPairId, privateKey, expirationDate);
 
CloudFrontUtilities cloudFrontUtilities =
    CloudFrontUtilities.create();

SignedUrl signedUrl =        
    cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedRequest);

String url = signedUrl.url();
Generate a signed cookie (custom) 
CookiesForCustomPolicy cookies =
    CloudFrontCookieSigner.getCookiesForCustomPolicy(
        resourceUrl, privateKey, keyPairId, expirationDate, 
        activeDate, ipRange);

CloudFrontUtilities cloudFrontUtilities =
    CloudFrontUtilities.create();

CookiesForCustomPolicy cookies =
     cloudFrontUtilities.getCookiesForCustomPolicy(customRequest);

Refactored cookie headers in v2

In Java v1, the Java SDK delivers cookie headers as a Map.Entry<String, String>.

Map.Entry<String, String> signatureMap = cookies.getSignature();
String signatureKey = signatureMap.getKey(); // "CloudFront-Signature"
String signatureValue = signatureMap.getValue(); // "[SIGNATURE_VALUE]"

The Java v2 SDK delivers the entire header as a single String.

String signatureHeaderValue = cookies.signatureHeaderValue(); // "CloudFront-Signature=[SIGNATURE_VALUE]"