Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 32A60C33D for ; Fri, 8 Jun 2012 08:20:23 +0000 (UTC) Received: (qmail 78699 invoked by uid 500); 8 Jun 2012 08:20:22 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 78499 invoked by uid 500); 8 Jun 2012 08:20:22 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 78477 invoked by uid 99); 8 Jun 2012 08:20:22 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jun 2012 08:20:22 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=NORMAL_HTTP_TO_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Prasanna.Santhanam@citrix.com designates 203.166.19.134 as permitted sender) Received: from [203.166.19.134] (HELO SMTP.CITRIX.COM.AU) (203.166.19.134) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jun 2012 08:20:15 +0000 X-IronPort-AV: E=Sophos;i="4.75,736,1330905600"; d="scan'208";a="11663823" Received: from banpmailmx02.citrite.net ([10.103.128.74]) by SYDPIPO01.CITRIX.COM.AU with ESMTP/TLS/RC4-MD5; 08 Jun 2012 08:19:52 +0000 Received: from citrix.com (10.146.0.130) by BANPMAILMX02.citrite.net (10.103.128.74) with Microsoft SMTP Server id 8.3.213.0; Fri, 8 Jun 2012 13:49:51 +0530 Date: Fri, 8 Jun 2012 13:49:51 +0530 From: Prasanna Santhanam To: "cloudstack-users@incubator.apache.org" Subject: Re: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox). Message-ID: <20120608081951.GD3038@cloud.com> Mail-Followup-To: "cloudstack-users@incubator.apache.org" References: <93099572B72EB341B81A644E134F240B011CF7695DC6@SJCPMAILBOX01.citrite.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <93099572B72EB341B81A644E134F240B011CF7695DC6@SJCPMAILBOX01.citrite.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Checked: Checked by ClamAV on apache.org On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote: > Hi: > > Right now, I am just testing a simple, final API-based url with signature in a browser. > I am getting the following authentication related error in the browser: > > { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable to verify user credentials and/or request signature"} } > > Here is the final API-based url: > > http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523537571ee17b1 > > Here is how I built that final url: > > Using perl, it is based on the following pieces: > > my $cs_ip = '10.217.5.192'; > my $base_url = 'http://' . "$cs_ip" . ':8080'; > my $api_path = '/client/api?'; > my $api_key = '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q'; > my $secret_key = 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQTzP9eQNOjlZBTReKg'; > > The api_key and secret key come from my account (evan) in domain 1. > The keys were just generated in a new CloudStack GUI session. > The evan account has ROOT Domain privileges. > > Then, following directions in the Developer's Guide ... > > The sorted, lower-case command string ($sorted_lc_cmd) is: > > apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json > > > I obtained the hex signature in perl as follows: > > > $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key); > > > And, then, put together the final url, as above, with the calculated signature. > > > What am I doing wrong or missing? Before you obtain the hmac SHA-1 you need to url encode the request url stripping it off reserved characters like "+, !, $" etc. Then you perform the HMAC on the resultant string. This then is passed through a base64 encoder to obtain the signature. It looks like you missed this step. Can you base64 encode the hmac result and give it a shot? -- Prasanna.,