cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prasanna Santhanam <prasanna.santha...@citrix.com>
Subject Re: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox).
Date Fri, 08 Jun 2012 08:19:51 GMT
On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote:
> Hi:
> 
> Right now, I am just testing a simple, final API-based url with signature in a browser.

> I am getting the following authentication related error in the browser:
> 
> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable to verify
user credentials and/or request signature"}  }
> 
> Here is the final API-based url:
> 
>  http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523537571ee17b1
> 
> Here is how I built that final url:
> 
> Using perl, it is based on the following pieces:
> 
> my $cs_ip = '10.217.5.192';
> my $base_url = 'http://' . "$cs_ip" . ':8080'; 
> my $api_path = '/client/api?'; 
> my $api_key = '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q';
> my $secret_key = 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQTzP9eQNOjlZBTReKg';
> 
> The api_key and secret key come from my account (evan) in domain 1. 
> The keys were just generated in a new CloudStack GUI session.
> The evan account has ROOT Domain privileges.
> 
> Then, following directions in the Developer's Guide ...
> 
> The sorted, lower-case command string ($sorted_lc_cmd) is:
> 
> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
> 
> 
> I obtained the hex signature in perl as follows:
> 
> 
> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key);
> 
> 
> And, then, put together the final url, as above, with the calculated signature.
> 
> 
> What am I doing wrong or missing?

Before you obtain the hmac SHA-1 you need to url encode the request
url stripping it off reserved characters like "+, !, $" etc. Then you
perform the HMAC on the resultant string. This then is passed through
a base64 encoder to obtain the signature. It looks like you missed
this step. Can you base64 encode the hmac result and give it a shot?



-- 
Prasanna.,


Mime
View raw message