cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Yadav" <bhais...@apache.org>
Subject Re: Review Request 20390: CLOUDSTACK-6202: Add signatureversion and expiring datetime to cloudmonkey, make it configurable
Date Thu, 17 Apr 2014 15:26:02 GMT


> On April 16, 2014, 7:50 a.m., Rohit Yadav wrote:
> > If it's backward compatible and works fine, let's merge. LGTM
> 
> Yichi Lu wrote:
>     Rohit:
>     As far as I know this will not break the backward compatibility. For API calls, the
signature version and expiration time is consumed by server/src/com/cloud/api/ApiServer.java::verifyRequest()
like this:
>                 String signatureVersion = null;
>                 String expires = null;
>     
>                 for (final String paramName : parameterNames) {
>                     // parameters come as name/value pairs in the form String/String[]
>                     final String paramValue = ((String[])requestParameters.get(paramName))[0];
>     
>                     if (ApiConstants.SIGNATURE.equalsIgnoreCase(paramName)) {
>                         signature = paramValue;
>                     } else {
>                         if (ApiConstants.API_KEY.equalsIgnoreCase(paramName)) {
>                             apiKey = paramValue;
>                         } else if (ApiConstants.SIGNATURE_VERSION.equalsIgnoreCase(paramName))
{
>                             signatureVersion = paramValue;
>                         } else if (ApiConstants.EXPIRES.equalsIgnoreCase(paramName))
{
>                             expires = paramValue;
>                         }
>     
>                         if (unsignedRequest == null) {
>                             unsignedRequest = paramName + "=" + URLEncoder.encode(paramValue,
UTF_8).replaceAll("\\+", "%20");
>                         } else {
>                             unsignedRequest = unsignedRequest + "&" + paramName +
"=" + URLEncoder.encode(paramValue, UTF_8).replaceAll("\\+", "%20");
>                         }
>                     }
>                 }
>     
>                 // if api/secret key are passed to the parameters
>                 if ((signature == null) || (apiKey == null)) {
>                     s_logger.debug("Expired session, missing signature, or missing apiKey
-- ignoring request. Signature: " + signature + ", apiKey: " + apiKey);
>                     return false; // no signature, bad request
>                 }
>     
>                 Date expiresTS = null;
>                 // FIXME: Hard coded signature, why not have an enum
>                 if ("3".equals(signatureVersion)) {
>                     // New signature authentication. Check for expire parameter and its
validity
>                     if (expires == null) {
>                         s_logger.debug("Missing Expires parameter -- ignoring request.
Signature: " + signature + ", apiKey: " + apiKey);
>                         return false;
>                     }
>                     synchronized (DateFormatToUse) {
>                         try {
>                             expiresTS = DateFormatToUse.parse(expires);
>                         } catch (final ParseException pe) {
>                             s_logger.debug("Incorrect date format for Expires parameter",
pe);
>                             return false;
>                         }
>                     }
>                     final Date now = new Date(System.currentTimeMillis());
>                     if (expiresTS.before(now)) {
>                         s_logger.debug("Request expired -- ignoring ...sig: " + signature
+ ", apiKey: " + apiKey);
>                         return false;
>                     }
>                 }
>     
>     So expires will be checked only if an api call uses the key signatureversion, and
its value == 3. Otherwise the key expires will just be ignored.
>     
>     Yichi

Alright, I see. Will merge your commit on cloudmonkey's repo. Thanks for your patch.


- Rohit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20390/#review40515
-----------------------------------------------------------


On April 15, 2014, 10:28 p.m., Yichi Lu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/20390/
> -----------------------------------------------------------
> 
> (Updated April 15, 2014, 10:28 p.m.)
> 
> 
> Review request for cloudstack, Chiradeep Vittal and Rohit Yadav.
> 
> 
> Repository: cloudstack-cloudmonkey
> 
> 
> Description
> -------
> 
> use signature version 3 for cloudmonkey api calls, with 600 seconds expiration time as
default. The expiration time is configurable via .cloudmonkey/config
> 
> 
> Diffs
> -----
> 
>   cloudmonkey/cloudmonkey.py b465bec 
>   cloudmonkey/config.py 2f91608 
>   cloudmonkey/requester.py b06e1fc 
> 
> Diff: https://reviews.apache.org/r/20390/diff/
> 
> 
> Testing
> -------
> 
> for 600 seconds expiration time and CST:
> now:  2014-04-15T16:36:46+0000 , expires:  2014-04-15T21:46:46+0000
> 
> 
> Thanks,
> 
> Yichi Lu
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message