Return-Path: X-Original-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 738E9C25F for ; Sat, 9 Jun 2012 00:34:50 +0000 (UTC) Received: (qmail 25144 invoked by uid 500); 9 Jun 2012 00:34:50 -0000 Delivered-To: apmail-incubator-cloudstack-users-archive@incubator.apache.org Received: (qmail 25100 invoked by uid 500); 9 Jun 2012 00:34:50 -0000 Mailing-List: contact cloudstack-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-users@incubator.apache.org Delivered-To: mailing list cloudstack-users@incubator.apache.org Received: (qmail 25092 invoked by uid 99); 9 Jun 2012 00:34:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jun 2012 00:34:50 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=NORMAL_HTTP_TO_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of pranav.saxena@citrix.com designates 203.166.19.134 as permitted sender) Received: from [203.166.19.134] (HELO SMTP.CITRIX.COM.AU) (203.166.19.134) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 09 Jun 2012 00:34:43 +0000 X-IronPort-AV: E=Sophos;i="4.75,740,1330905600"; d="scan'208";a="11671452" Received: from banpmailmx01.citrite.net ([10.103.128.73]) by SYDPIPO01.CITRIX.COM.AU with ESMTP/TLS/RC4-MD5; 09 Jun 2012 00:34:18 +0000 Received: from BANPMAILBOX01.citrite.net ([10.103.128.72]) by BANPMAILMX01.citrite.net ([10.103.128.73]) with mapi; Sat, 9 Jun 2012 06:04:17 +0530 From: Pranav Saxena To: "cloudstack-users@incubator.apache.org" CC: Evan Miller Date: Sat, 9 Jun 2012 06:03:42 +0530 Subject: RE: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox). Thread-Topic: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox). Thread-Index: Ac1FT5EMeEEWxrOzT+iYWOUdYbcRlgAW1Q+QAAq7ruA= Message-ID: <67EF18FDCA335F489B366120481AB6C5EE39EFFECE@BANPMAILBOX01.citrite.net> References: <93099572B72EB341B81A644E134F240B011CF7695DC6@SJCPMAILBOX01.citrite.net> <20120608081951.GD3038@cloud.com> <93099572B72EB341B81A644E134F240B011CF7695E9C@SJCPMAILBOX01.citrite.net> In-Reply-To: <93099572B72EB341B81A644E134F240B011CF7695E9C@SJCPMAILBOX01.citrite.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Hi, I agree with Prasanna. You have to strip off the reserved characters and e= ncode the URL using Base64 class to generate the signature . You can have a= look at this working code added by me longtime back on the wiki for genera= ting the signature.You can run this code by simply creating a Java project = either in Netbeans /Eclipse IDE and you need to include 1)cloud-commons-htt= pclient-3.0.1 jar and 2)usercloud.properties.txt file from where the code t= akes the input parameters (host url, api key etc)=20 http://wiki.cloudstack.org/display/~rajeshb/Generating+the+Signature+throug= h+code Hope this helps.=20 Regards, Pranav -----Original Message----- From: Evan Miller [mailto:Evan.Miller@citrix.com]=20 Sent: Saturday, June 09, 2012 12:54 AM To: cloudstack-users@incubator.apache.org Subject: RE: Having trouble getting a CloudStack API URL with api_key and g= enerated signature to work from the browser (Firefox). Hi: I am not doing something quite right yet generating a good CloudStack API U= RL. I still get this same error from the browser when I try to execute the fina= l url:=20 { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable= to verify user credentials"} } Here is what my perl script is doing: Original Command String: apiKey=3D8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1= yCCTnUtE1oT0v7npCuS8Q&command=3DlistVirtualMachines&response=3Djson Sorted (by field), lower-case Command String: apikey=3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1= ycctnute1ot0v7npcus8q&command=3Dlistvirtualmachines&response=3Djson Encoded, sorted, lower-case Command String: apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1= ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson SHA1 HEX String: 9066d795102c0cf8a12322507887122b6b4a6095 SHA1 Base64 Signature (using SHA1 HEX String and Secret Key): SvDq03i4Tql9qkXuZwUDi3HfbH4 Final URL: http://10.217.5.192:8080/client/api?command=3DlistVirtualMachines&apiKey= =3D8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUt= E1oT0v7npCuS8Q&response=3Djson&signature=3DSvDq03i4Tql9qkXuZwUDi3HfbH4 I am generating the SHA1 HEX String like so: $digest =3D sha1_hex ($encode, $secret_key); using this module: use Digest::SHA qw(sha1 sha1_hex sha1_base64); I am generating the SHA1 Base64 Signature like so: $signature =3D sha1_base64 ($digest, $secret_key); Curious - Is SHA1 HEX different from HMAC SHA1? Regards, Evan -----Original Message----- From: Prasanna Santhanam [mailto:prasanna.santhanam@citrix.com] Sent: Friday, June 08, 2012 1:20 AM To: cloudstack-users@incubator.apache.org Subject: Re: Having trouble getting a CloudStack API URL with api_key and g= enerated signature to work from the browser (Firefox). On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote: > Hi: >=20 > Right now, I am just testing a simple, final API-based url with signature= in a browser.=20 > I am getting the following authentication related error in the browser: >=20 > { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :=20 > "unable to verify user credentials and/or request signature"} } >=20 > Here is the final API-based url: >=20 > =20 > http://10.217.5.192:8080/client/api?command=3DlistVirtualMachines&apiKey > =3D8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT > nUtE1oT0v7npCuS8Q&response=3Djson&signature=3D1ca7bc1bbc67b8f578c7d094c52= 3 > 537571ee17b1 >=20 > Here is how I built that final url: >=20 > Using perl, it is based on the following pieces: >=20 > my $cs_ip =3D '10.217.5.192'; > my $base_url =3D 'http://' . "$cs_ip" . ':8080'; my $api_path =3D=20 > '/client/api?'; my $api_key =3D=20 > '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct > nute1ot0v7npcus8q'; my $secret_key =3D > 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ > TzP9eQNOjlZBTReKg'; >=20 > The api_key and secret key come from my account (evan) in domain 1.=20 > The keys were just generated in a new CloudStack GUI session. > The evan account has ROOT Domain privileges. >=20 > Then, following directions in the Developer's Guide ... >=20 > The sorted, lower-case command string ($sorted_lc_cmd) is: >=20 > apikey=3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag > o1ycctnute1ot0v7npcus8q&command=3Dlistvirtualmachines&response=3Djson >=20 >=20 > I obtained the hex signature in perl as follows: >=20 >=20 > $signature =3D hmac_sha1_hex ($sorted_lc_cmd, $secret_key); >=20 >=20 > And, then, put together the final url, as above, with the calculated sign= ature. >=20 >=20 > What am I doing wrong or missing? Before you obtain the hmac SHA-1 you need to url encode the request url str= ipping it off reserved characters like "+, !, $" etc. Then you perform the = HMAC on the resultant string. This then is passed through a base64 encoder = to obtain the signature. It looks like you missed this step. Can you base64= encode the hmac result and give it a shot? -- Prasanna.,