cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anantha Kasetty <Anantha.Kase...@citrix.com>
Subject Re: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox).
Date Sat, 09 Jun 2012 13:52:07 GMT
Had to dust up my long forgotten Perl skills,  here is a sample program

use URI::Escape;
use Digest::SHA qw(hmac_sha1_base64);

sub hmac_digest {
    my $uri = shift @_;
    my $key = shift @_;

    $digest = hmac_sha1_base64($uri, $key);

    #@#$%! perl does not pad the output of base64

    while (length($digest) % 4) {
        $digest .= '=';
    }   
    return $digest;
}

sub escape_hash {
    my %hash = @_; 
    my @pairs;
    
    for my $key (sort keys %hash) {
        push @pairs, join "=", map { uri_escape($_) } lc($key),
lc($hash{$key});
    }   
    return join "&", @pairs;
}

my $secret_key = 
'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQTzP9e
QNOjlZBTReKg' ;


my $uri = escape_hash(
'apikey'=>'8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago
1ycctnute1ot0v7npcus8q',
                       'command'=>'listZones',
                       'response'=>'json');

$signature = uri_escape(hmac_digest($uri, $secret_key));

$uri .= "&signature=$signature";
print "$uri\n";



Let me know if this works for you.



regards,
Anantha Kasetty 











On 6/8/12 8:40 PM, "Alena Prokharchyk" <Alena.Prokharchyk@citrix.com>
wrote:

>On 6/8/12 7:08 PM, "Evan Miller" <Evan.Miller@citrix.com> wrote:
>
>>Hi Alena:
>>
>>-----Original Message-----
>>From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
>>Sent: Friday, June 08, 2012 3:56 PM
>>To: cloudstack-users@incubator.apache.org
>>Subject: Re: Having trouble getting a CloudStack API URL with api_key and
>>generated signature to work from the browser (Firefox).
>>
>>On 6/8/12 12:23 PM, "Evan Miller" <Evan.Miller@citrix.com> wrote:
>>
>>>Hi:
>>>
>>>I am not doing something quite right yet generating a good
>>>CloudStack API URL.
>>>
>>>I still get this same error from the browser when
>>>I try to execute the final url:
>>>
>>>{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>>>"unable to verify user credentials"}  }
>>>
>>>Here is what my perl script is doing:
>>>
>>>Original Command String:
>>> 
>>>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1
>>>y
>>>C
>>>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>>>
>>>Sorted (by field), lower-case Command String:
>>> 
>>>apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1
>>>y
>>>c
>>>ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>>>
>>>Encoded, sorted, lower-case Command String:
>>> 
>>>apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag
>>>o
>>>1
>>>ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson
>>
>>Here is the problem - you have to encode just parameter values, not the
>>parameters themselves and definitely not "=" and "&" special chars.
>>
>>You can look at the java code sample I wrote for the dev bootcamp, here
>>is
>>the link in the source tree:
>>
>>http://git.cloud.com/cgit/cloudstack-oss/tree/test/src/com/cloud/test/dem
>>o
>>/Demo.java?h=3.0.x
>>
>>
>>- Begin -
>>
>>I don't really know Java, but I did see your numbered steps
>>at the bottom.
>>
>>I still get an error for the final url:
>>
>>{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>>"unable to verify user credentials and/or request signature"}  }
>>
>>Here is what I tried ... continuing in perl.
>>I encoded just the parameters (not the field values).
>>The parameters didn't really require any encoding.
>>No special characters, but I did it anyway.
>>So, after encoding, the parameters didn't change.
>>I did encode the signature before appending to the
>>final url.
>>
>>Here's the flow ...
>>
>>Original Command String:
>> 
>>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1y
>>C
>>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>>
>>Command String with Encoded Parameters:
>> 
>>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1y
>>C
>>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
>>
>>Sorted (by field), lower-case, encoded Command String:
>> 
>>apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1y
>>c
>>ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>>
>>SHA1 HEX String:
>> f8d4d96dd59c3bd562dc32586539fa9162c5ed70
>>
>>SHA1 Base64 Signature (using SHA1 HEX String):
>> 3wOrhy/SstxN+NbdoT8h/bkla2E
>>
>>Encoded Signature:
>> 3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E
>>
>>Final URL:
>> 
>>http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v
>>_
>>GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT
>>0
>>v7npCuS8Q&response=json&signature=3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E
>>
>>Does the syntax of the final url, at least, look right?
>>
>>If so, then there must be something wrong with the signature.
>>
>>Regards,
>>Evan
>
>
>
>The syntax looks right to me.
>
>-Alena.
>
>>
>>- End -
>>
>>
>>-Alena.
>>
>>>
>>>SHA1 HEX String:
>>> 9066d795102c0cf8a12322507887122b6b4a6095
>>>
>>>SHA1 Base64 Signature (using SHA1 HEX String and Secret Key):
>>> SvDq03i4Tql9qkXuZwUDi3HfbH4
>>>
>>>Final URL:
>>> 
>>>http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8
>>>v
>>>_
>>>GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1o
>>>T
>>>0
>>>v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4
>>>
>>>I am generating the SHA1 HEX String like so:
>>>  $digest = sha1_hex ($encode, $secret_key);
>>>using this module:
>>>  use Digest::SHA qw(sha1 sha1_hex sha1_base64);
>>>
>>>I am generating the SHA1 Base64 Signature like so:
>>>  $signature = sha1_base64 ($digest, $secret_key);
>>>
>>>
>>>Curious - Is SHA1 HEX different from HMAC SHA1?
>>>
>>>
>>>Regards,
>>>Evan
>>>
>>>-----Original Message-----
>>>From: Prasanna Santhanam [mailto:prasanna.santhanam@citrix.com]
>>>Sent: Friday, June 08, 2012 1:20 AM
>>>To: cloudstack-users@incubator.apache.org
>>>Subject: Re: Having trouble getting a CloudStack API URL with api_key
>>>and
>>>generated signature to work from the browser (Firefox).
>>>
>>>On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote:
>>>> Hi:
>>>> 
>>>> Right now, I am just testing a simple, final API-based url with
>>>>signature in a browser.
>>>> I am getting the following authentication related error in the
>>>>browser:
>>>> 
>>>> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
>>>> "unable to verify user credentials and/or request signature"}  }
>>>> 
>>>> Here is the final API-based url:
>>>> 
>>>>  
>>>> http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey
>>>> =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT
>>>> nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523
>>>> 537571ee17b1
>>>> 
>>>> Here is how I built that final url:
>>>> 
>>>> Using perl, it is based on the following pieces:
>>>> 
>>>> my $cs_ip = '10.217.5.192';
>>>> my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path =
>>>> '/client/api?'; my $api_key =
>>>> '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct
>>>> nute1ot0v7npcus8q'; my $secret_key =
>>>> 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ
>>>> TzP9eQNOjlZBTReKg';
>>>> 
>>>> The api_key and secret key come from my account (evan) in domain 1.
>>>> The keys were just generated in a new CloudStack GUI session.
>>>> The evan account has ROOT Domain privileges.
>>>> 
>>>> Then, following directions in the Developer's Guide ...
>>>> 
>>>> The sorted, lower-case command string ($sorted_lc_cmd) is:
>>>> 
>>>> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag
>>>> o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>>>> 
>>>> 
>>>> I obtained the hex signature in perl as follows:
>>>> 
>>>> 
>>>> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key);
>>>> 
>>>> 
>>>> And, then, put together the final url, as above, with the calculated
>>>>signature.
>>>> 
>>>> 
>>>> What am I doing wrong or missing?
>>>
>>>Before you obtain the hmac SHA-1 you need to url encode the request url
>>>stripping it off reserved characters like "+, !, $" etc. Then you
>>>perform
>>>the HMAC on the resultant string. This then is passed through a base64
>>>encoder to obtain the signature. It looks like you missed this step. Can
>>>you base64 encode the hmac result and give it a shot?
>>>
>>>
>>>
>>>--
>>>Prasanna.,
>>>
>>>
>>
>>
>>
>
>


Mime
View raw message