cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alena Prokharchyk <Alena.Prokharc...@citrix.com>
Subject Re: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox).
Date Sat, 09 Jun 2012 03:40:54 GMT
On 6/8/12 7:08 PM, "Evan Miller" <Evan.Miller@citrix.com> wrote:

>Hi Alena:
>
>-----Original Message-----
>From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
>Sent: Friday, June 08, 2012 3:56 PM
>To: cloudstack-users@incubator.apache.org
>Subject: Re: Having trouble getting a CloudStack API URL with api_key and
>generated signature to work from the browser (Firefox).
>
>On 6/8/12 12:23 PM, "Evan Miller" <Evan.Miller@citrix.com> wrote:
>
>>Hi:
>>
>>I am not doing something quite right yet generating a good
>>CloudStack API URL.
>>
>>I still get this same error from the browser when
>>I try to execute the final url:
>>
>>{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>>"unable to verify user credentials"}  }
>>
>>Here is what my perl script is doing:
>>
>>Original Command String:
>> 
>>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1y
>>C
>>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>>
>>Sorted (by field), lower-case Command String:
>> 
>>apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1y
>>c
>>ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>>
>>Encoded, sorted, lower-case Command String:
>> 
>>apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago
>>1
>>ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson
>
>Here is the problem - you have to encode just parameter values, not the
>parameters themselves and definitely not "=" and "&" special chars.
>
>You can look at the java code sample I wrote for the dev bootcamp, here is
>the link in the source tree:
>
>http://git.cloud.com/cgit/cloudstack-oss/tree/test/src/com/cloud/test/demo
>/Demo.java?h=3.0.x
>
>
>- Begin -
>
>I don't really know Java, but I did see your numbered steps
>at the bottom.
>
>I still get an error for the final url:
>
>{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>"unable to verify user credentials and/or request signature"}  }
>
>Here is what I tried ... continuing in perl.
>I encoded just the parameters (not the field values).
>The parameters didn't really require any encoding.
>No special characters, but I did it anyway.
>So, after encoding, the parameters didn't change.
>I did encode the signature before appending to the
>final url.
>
>Here's the flow ...
>
>Original Command String:
> 
>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yC
>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>
>Command String with Encoded Parameters:
> 
>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yC
>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>
>Sorted (by field), lower-case, encoded Command String:
> 
>apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1yc
>ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>
>SHA1 HEX String:
> f8d4d96dd59c3bd562dc32586539fa9162c5ed70
>
>SHA1 Base64 Signature (using SHA1 HEX String):
> 3wOrhy/SstxN+NbdoT8h/bkla2E
>
>Encoded Signature:
> 3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E
>
>Final URL:
> 
>http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_
>GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0
>v7npCuS8Q&response=json&signature=3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E
>
>Does the syntax of the final url, at least, look right?
>
>If so, then there must be something wrong with the signature.
>
>Regards,
>Evan



The syntax looks right to me.

-Alena.

>
>- End -
>
>
>-Alena.
>
>>
>>SHA1 HEX String:
>> 9066d795102c0cf8a12322507887122b6b4a6095
>>
>>SHA1 Base64 Signature (using SHA1 HEX String and Secret Key):
>> SvDq03i4Tql9qkXuZwUDi3HfbH4
>>
>>Final URL:
>> 
>>http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v
>>_
>>GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT
>>0
>>v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4
>>
>>I am generating the SHA1 HEX String like so:
>>  $digest = sha1_hex ($encode, $secret_key);
>>using this module:
>>  use Digest::SHA qw(sha1 sha1_hex sha1_base64);
>>
>>I am generating the SHA1 Base64 Signature like so:
>>  $signature = sha1_base64 ($digest, $secret_key);
>>
>>
>>Curious - Is SHA1 HEX different from HMAC SHA1?
>>
>>
>>Regards,
>>Evan
>>
>>-----Original Message-----
>>From: Prasanna Santhanam [mailto:prasanna.santhanam@citrix.com]
>>Sent: Friday, June 08, 2012 1:20 AM
>>To: cloudstack-users@incubator.apache.org
>>Subject: Re: Having trouble getting a CloudStack API URL with api_key and
>>generated signature to work from the browser (Firefox).
>>
>>On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote:
>>> Hi:
>>> 
>>> Right now, I am just testing a simple, final API-based url with
>>>signature in a browser.
>>> I am getting the following authentication related error in the browser:
>>> 
>>> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>>> "unable to verify user credentials and/or request signature"}  }
>>> 
>>> Here is the final API-based url:
>>> 
>>>  
>>> http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey
>>> =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT
>>> nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523
>>> 537571ee17b1
>>> 
>>> Here is how I built that final url:
>>> 
>>> Using perl, it is based on the following pieces:
>>> 
>>> my $cs_ip = '10.217.5.192';
>>> my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path =
>>> '/client/api?'; my $api_key =
>>> '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct
>>> nute1ot0v7npcus8q'; my $secret_key =
>>> 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ
>>> TzP9eQNOjlZBTReKg';
>>> 
>>> The api_key and secret key come from my account (evan) in domain 1.
>>> The keys were just generated in a new CloudStack GUI session.
>>> The evan account has ROOT Domain privileges.
>>> 
>>> Then, following directions in the Developer's Guide ...
>>> 
>>> The sorted, lower-case command string ($sorted_lc_cmd) is:
>>> 
>>> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag
>>> o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>>> 
>>> 
>>> I obtained the hex signature in perl as follows:
>>> 
>>> 
>>> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key);
>>> 
>>> 
>>> And, then, put together the final url, as above, with the calculated
>>>signature.
>>> 
>>> 
>>> What am I doing wrong or missing?
>>
>>Before you obtain the hmac SHA-1 you need to url encode the request url
>>stripping it off reserved characters like "+, !, $" etc. Then you perform
>>the HMAC on the resultant string. This then is passed through a base64
>>encoder to obtain the signature. It looks like you missed this step. Can
>>you base64 encode the hmac result and give it a shot?
>>
>>
>>
>>--
>>Prasanna.,
>>
>>
>
>
>



Mime
View raw message