cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evan Miller <Evan.Mil...@citrix.com>
Subject RE: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox).
Date Fri, 08 Jun 2012 19:23:34 GMT
Hi:

I am not doing something quite right yet generating a good
CloudStack API URL.

I still get this same error from the browser when
I try to execute the final url: 

{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable to verify user
credentials"}  }

Here is what my perl script is doing:

Original Command String:
 apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json

Sorted (by field), lower-case Command String:
 apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json

Encoded, sorted, lower-case Command String:
 apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson

SHA1 HEX String:
 9066d795102c0cf8a12322507887122b6b4a6095

SHA1 Base64 Signature (using SHA1 HEX String and Secret Key):
 SvDq03i4Tql9qkXuZwUDi3HfbH4

Final URL:
 http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4

I am generating the SHA1 HEX String like so:
  $digest = sha1_hex ($encode, $secret_key);
using this module:
  use Digest::SHA qw(sha1 sha1_hex sha1_base64);

I am generating the SHA1 Base64 Signature like so:
  $signature = sha1_base64 ($digest, $secret_key);


Curious - Is SHA1 HEX different from HMAC SHA1?


Regards,
Evan

-----Original Message-----
From: Prasanna Santhanam [mailto:prasanna.santhanam@citrix.com] 
Sent: Friday, June 08, 2012 1:20 AM
To: cloudstack-users@incubator.apache.org
Subject: Re: Having trouble getting a CloudStack API URL with api_key and generated signature
to work from the browser (Firefox).

On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote:
> Hi:
> 
> Right now, I am just testing a simple, final API-based url with signature in a browser.

> I am getting the following authentication related error in the browser:
> 
> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : 
> "unable to verify user credentials and/or request signature"}  }
> 
> Here is the final API-based url:
> 
>  
> http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey
> =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT
> nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523
> 537571ee17b1
> 
> Here is how I built that final url:
> 
> Using perl, it is based on the following pieces:
> 
> my $cs_ip = '10.217.5.192';
> my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path = 
> '/client/api?'; my $api_key = 
> '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct
> nute1ot0v7npcus8q'; my $secret_key = 
> 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ
> TzP9eQNOjlZBTReKg';
> 
> The api_key and secret key come from my account (evan) in domain 1. 
> The keys were just generated in a new CloudStack GUI session.
> The evan account has ROOT Domain privileges.
> 
> Then, following directions in the Developer's Guide ...
> 
> The sorted, lower-case command string ($sorted_lc_cmd) is:
> 
> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag
> o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
> 
> 
> I obtained the hex signature in perl as follows:
> 
> 
> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key);
> 
> 
> And, then, put together the final url, as above, with the calculated signature.
> 
> 
> What am I doing wrong or missing?

Before you obtain the hmac SHA-1 you need to url encode the request url stripping it off reserved
characters like "+, !, $" etc. Then you perform the HMAC on the resultant string. This then
is passed through a base64 encoder to obtain the signature. It looks like you missed this
step. Can you base64 encode the hmac result and give it a shot?



--
Prasanna.,


Mime
View raw message