cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Simons <>
Subject bug in CLOUDSTACK-6784: partially implemented "typeInfo" breaks signing
Date Thu, 05 Jun 2014 14:01:43 GMT
Hey folks,

I had a fun day trying to follow

I¹m on the master branch. I believe that the recent change

Causes that marvin-from-scratch process to fail, resulting in the server
complaining with messages like

  INFO  ... User signature: iuEkBp/8gHlaZjZflOr/gNLvly0= is not equaled to
computed signature: 7V3jl71SYNDHIbx4VTZDds7mQaA=

Which causes all marvin tests to fail. The reason is that the python
message digest calculation is using the whole typeInfo hash, i.e. In python

it considers the unencoded request to be (for example)


whereas on the java side

somehow the typeInfo is collapsed, so it¹s unencoded request looks
something like


And so the digests don¹t match. With the patch below to filter out type
info from digest calculation, marvin tests work for me, though with many
warnings like

  WARN Š Received unknown parameters for command addRegion. Unknown
parameters : typeinfo

Obviously that's a pretty horrible patch and it should not be appliedŠI
don¹t know enough about the codebase yet to suggest what the right fix
would be. (My best guess for why this problem wasn¹t caught earlier/yet is
that it requires re-generating the api code and then re-installing the
marvin package before it becomes a problem.)

SoŠmy best suggestion for now (based on pretty limited understanding)
would be to move the typeInfo support to a feature branch until it¹s also
fully implemented server-side?




diff --git a/server/src/com/cloud/api/
index cd1f81a..2a888ad 100755
--- a/server/src/com/cloud/api/
+++ b/server/src/com/cloud/api/
@@ -827,6 +827,10 @@ public class ApiServer extends ManagerBase implements
HttpRequestHandler, ApiSer
                         expires = paramValue;
+                    if ("typeInfo".equals(paramName)) {
+                        continue;
+                    }
                     if (unsignedRequest == null) {
                         unsignedRequest = paramName + "=" +
URLEncoder.encode(paramValue, UTF_8).replaceAll("\\+", "%20");
                     } else {
diff --git a/tools/marvin/marvin/
index c49edf3..aa044b5 100644
--- a/tools/marvin/marvin/
+++ b/tools/marvin/marvin/
@@ -145,8 +145,10 @@ class CSConnection(object):
                 ).replace("+", "%20")]
-            ) for r in params]
+            ) for r in params if r[0] != "typeInfo"]
signature = base64.encodestring(
             self.securityKey, hash_str, hashlib.sha1).digest()).strip()
         return signature

View raw message