cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Evan Miller <Evan.Mil...@citrix.com>
Subject RE: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox).
Date Sat, 09 Jun 2012 02:08:03 GMT
Hi Alena:

-----Original Message-----
From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com] 
Sent: Friday, June 08, 2012 3:56 PM
To: cloudstack-users@incubator.apache.org
Subject: Re: Having trouble getting a CloudStack API URL with api_key and generated signature
to work from the browser (Firefox).

On 6/8/12 12:23 PM, "Evan Miller" <Evan.Miller@citrix.com> wrote:

>Hi:
>
>I am not doing something quite right yet generating a good
>CloudStack API URL.
>
>I still get this same error from the browser when
>I try to execute the final url:
>
>{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>"unable to verify user credentials"}  }
>
>Here is what my perl script is doing:
>
>Original Command String:
> 
>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yC
>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>
>Sorted (by field), lower-case Command String:
> 
>apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1yc
>ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>
>Encoded, sorted, lower-case Command String:
> 
>apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1
>ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson

Here is the problem - you have to encode just parameter values, not the
parameters themselves and definitely not "=" and "&" special chars.

You can look at the java code sample I wrote for the dev bootcamp, here is
the link in the source tree:

http://git.cloud.com/cgit/cloudstack-oss/tree/test/src/com/cloud/test/demo/Demo.java?h=3.0.x


- Begin -

I don't really know Java, but I did see your numbered steps
at the bottom.

I still get an error for the final url:

{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable to verify user
credentials and/or request signature"}  }

Here is what I tried ... continuing in perl.
I encoded just the parameters (not the field values).
The parameters didn't really require any encoding.
No special characters, but I did it anyway.
So, after encoding, the parameters didn't change.
I did encode the signature before appending to the
final url.

Here's the flow ...

Original Command String:
 apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json

Command String with Encoded Parameters:
 apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json

Sorted (by field), lower-case, encoded Command String:
 apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json

SHA1 HEX String:
 f8d4d96dd59c3bd562dc32586539fa9162c5ed70

SHA1 Base64 Signature (using SHA1 HEX String):
 3wOrhy/SstxN+NbdoT8h/bkla2E

Encoded Signature:
 3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E

Final URL:
 http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&response=json&signature=3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E

Does the syntax of the final url, at least, look right?

If so, then there must be something wrong with the signature.

Regards,
Evan

- End -


-Alena.

>
>SHA1 HEX String:
> 9066d795102c0cf8a12322507887122b6b4a6095
>
>SHA1 Base64 Signature (using SHA1 HEX String and Secret Key):
> SvDq03i4Tql9qkXuZwUDi3HfbH4
>
>Final URL:
> 
>http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_
>GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0
>v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4
>
>I am generating the SHA1 HEX String like so:
>  $digest = sha1_hex ($encode, $secret_key);
>using this module:
>  use Digest::SHA qw(sha1 sha1_hex sha1_base64);
>
>I am generating the SHA1 Base64 Signature like so:
>  $signature = sha1_base64 ($digest, $secret_key);
>
>
>Curious - Is SHA1 HEX different from HMAC SHA1?
>
>
>Regards,
>Evan
>
>-----Original Message-----
>From: Prasanna Santhanam [mailto:prasanna.santhanam@citrix.com]
>Sent: Friday, June 08, 2012 1:20 AM
>To: cloudstack-users@incubator.apache.org
>Subject: Re: Having trouble getting a CloudStack API URL with api_key and
>generated signature to work from the browser (Firefox).
>
>On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote:
>> Hi:
>> 
>> Right now, I am just testing a simple, final API-based url with
>>signature in a browser.
>> I am getting the following authentication related error in the browser:
>> 
>> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>> "unable to verify user credentials and/or request signature"}  }
>> 
>> Here is the final API-based url:
>> 
>>  
>> http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey
>> =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT
>> nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523
>> 537571ee17b1
>> 
>> Here is how I built that final url:
>> 
>> Using perl, it is based on the following pieces:
>> 
>> my $cs_ip = '10.217.5.192';
>> my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path =
>> '/client/api?'; my $api_key =
>> '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct
>> nute1ot0v7npcus8q'; my $secret_key =
>> 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ
>> TzP9eQNOjlZBTReKg';
>> 
>> The api_key and secret key come from my account (evan) in domain 1.
>> The keys were just generated in a new CloudStack GUI session.
>> The evan account has ROOT Domain privileges.
>> 
>> Then, following directions in the Developer's Guide ...
>> 
>> The sorted, lower-case command string ($sorted_lc_cmd) is:
>> 
>> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag
>> o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>> 
>> 
>> I obtained the hex signature in perl as follows:
>> 
>> 
>> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key);
>> 
>> 
>> And, then, put together the final url, as above, with the calculated
>>signature.
>> 
>> 
>> What am I doing wrong or missing?
>
>Before you obtain the hmac SHA-1 you need to url encode the request url
>stripping it off reserved characters like "+, !, $" etc. Then you perform
>the HMAC on the resultant string. This then is passed through a base64
>encoder to obtain the signature. It looks like you missed this step. Can
>you base64 encode the hmac result and give it a shot?
>
>
>
>--
>Prasanna.,
>
>



Mime
View raw message