Updated Branches: refs/heads/master 27265597b -> cb403b1c9
Bug CS-12441: Fixing rest auth by generating QueryString to validate signature Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/cb403b1c Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/cb403b1c Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/cb403b1c Branch: refs/heads/master Commit: cb403b1c97bcf224cc8684257777eb9e4485c84a Parents: 2726559 Author: Sam Robertson <[email protected]> Authored: Wed Jun 20 12:50:15 2012 -0700 Committer: Sam Robertson <[email protected]> Committed: Wed Jun 20 12:50:15 2012 -0700 ---------------------------------------------------------------------- .../com/cloud/bridge/service/EC2RestServlet.java | 46 ++++++++++---- 1 files changed, 33 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/cb403b1c/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java ---------------------------------------------------------------------- diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index 075a92f..74eb639 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@ -23,6 +23,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStream; import java.io.OutputStreamWriter; +import java.net.URLEncoder; import java.security.KeyStore; import java.security.SignatureException; import java.security.cert.Certificate; @@ -178,7 +179,7 @@ public class EC2RestServlet extends HttpServlet { } String keystore = EC2Prop.getProperty( "keystore" ); keystorePassword = EC2Prop.getProperty( "keystorePass" ); - wsdlVersion = EC2Prop.getProperty( "WSDLVersion", "2009-11-30" ); + wsdlVersion = EC2Prop.getProperty( "WSDLVersion", "2010-11-15" ); version = EC2Prop.getProperty( "cloudbridgeVersion", "UNKNOWN VERSION" ); String installedPath = System.getenv("CATALINA_HOME"); @@ -1706,18 +1707,37 @@ public class EC2RestServlet extends HttpServlet { // [C] Verify the signature // -> getting the query-string in this way maintains its URL encoding - EC2RestAuth restAuth = new EC2RestAuth(); - restAuth.setHostHeader( request.getHeader( "Host" )); - String requestUri = request.getRequestURI(); - - //If forwarded from another basepath: - String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri"); - if(forwardedPath!=null){ - requestUri=forwardedPath; - } - restAuth.setHTTPRequestURI( requestUri); - restAuth.setQueryString( request.getQueryString()); - + EC2RestAuth restAuth = new EC2RestAuth(); + restAuth.setHostHeader( request.getHeader( "Host" )); + String requestUri = request.getRequestURI(); + + // If forwarded from another basepath: + String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri"); + if(forwardedPath!=null){ + requestUri=forwardedPath; + } + restAuth.setHTTPRequestURI( requestUri); + + String queryString = request.getQueryString(); + // getQueryString returns null (does it ever NOT return null for these), + // we need to construct queryString to avoid changing the auth code... + if (queryString == null) { + // construct our idea of a queryString with parameters! + Enumeration<?> params = request.getParameterNames(); + if (params != null) { + while(params.hasMoreElements()) { + String paramName = (String) params.nextElement(); + // exclude the signature string obviously. ;) + if (paramName.equalsIgnoreCase("Signature")) continue; + if (queryString == null) + queryString = paramName + "=" + request.getParameter(paramName); + else + queryString = queryString + "&" + paramName + "=" + URLEncoder.encode(request.getParameter(paramName), "UTF-8"); + } + } + } + restAuth.setQueryString(queryString); + if ( restAuth.verifySignature( request.getMethod(), cloudSecretKey, signature, sigMethod )) { UserContext.current().initContext( cloudAccessKey, cloudSecretKey, cloudAccessKey, "REST request", null ); return true;
