cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Kent <phillip.k...@xmlsoup.com>
Subject API verification failure for asterisk character - signature hash conflict?
Date Wed, 16 Dec 2015 16:41:42 GMT
Hello all,

I have run into an odd error and wondered if it's a known problem.

This is only observed for CloudStack v4.3.2 as that is the only one I have
access to.

The failure happens when I include a '*' (asterisk) in an API call.

For example, I call 'updateNetwork' and change the vaue of displaytext.

I'll do that in Cloudmonkey and show the URL string that is generated. I
have X'd out the API endpoint, and in any case it doesn't relate to the
observed problem as the confict occurs in the signature generation....

> update network id=d4626cb1-5a70-4fa1-94f7-e9db93bc26c1 displaytext='*'

URL:
https://XXXXXXXXXXXXXXXX?signatureversion=3&apiKey=KphWuXMkIhYIEYtIncnZNVZxIBIqjy3PaLXoLzfOLFHvyW_AWK29lcQoZDrI8bBAzXivyVHRxGUU6fbK5Ji2gw&region=europe&expires=2015-12-16T17%3A55%3A02%2B0000&id=d4626cb1-5a70-4fa1-94f7-e9db93bc26c1&command=updateNetwork&signature=SnoxC9OhRnOew%2FSi3WDKSGyeH9E%3D&displaytext=%2A&response=json
Error 401 Authentication error
errorcode = 401
errortext = unable to verify user credentials and/or request signature
uuidList:

If I try that call using a string for displaytext that doesn't contain an
asterisk, it always works (so far as I tested).

I tested the Python-generated signature against the Java-based generator
that is used inside Cloudstack
(cloudstack/test/src/com/cloud/test/utils/SignRequest.java). If I take the
command string generated by Cloudmonkey and pass that through the Java code
then I get a DIFFERENT signature and I tested that signature will pass the
CloudStack verification.

Can anyone reproduce this problem in their own CloudStack implementation?

Thanks, Phillip.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message