Hi:
I am not doing something quite right yet generating a good
CloudStack API URL.
I still get this same error from the browser when
I try to execute the final url:
{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable to
verify user credentials"} }
Here is what my perl script is doing:
Original Command String:
apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json
Sorted (by field), lower-case Command String:
apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
Encoded, sorted, lower-case Command String:
apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson
SHA1 HEX String:
9066d795102c0cf8a12322507887122b6b4a6095
SHA1 Base64 Signature (using SHA1 HEX String and Secret Key):
SvDq03i4Tql9qkXuZwUDi3HfbH4
Final URL:
http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4
I am generating the SHA1 HEX String like so:
$digest = sha1_hex ($encode, $secret_key);
using this module:
use Digest::SHA qw(sha1 sha1_hex sha1_base64);
I am generating the SHA1 Base64 Signature like so:
$signature = sha1_base64 ($digest, $secret_key);
Curious - Is SHA1 HEX different from HMAC SHA1?
Regards,
Evan
-----Original Message-----
From: Prasanna Santhanam [mailto:[email protected]]
Sent: Friday, June 08, 2012 1:20 AM
To: [email protected]
Subject: Re: Having trouble getting a CloudStack API URL with api_key and
generated signature to work from the browser (Firefox).
On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote:
> Hi:
>
> Right now, I am just testing a simple, final API-based url with signature in
> a browser.
> I am getting the following authentication related error in the browser:
>
> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" :
> "unable to verify user credentials and/or request signature"} }
>
> Here is the final API-based url:
>
>
> http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey
> =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT
> nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523
> 537571ee17b1
>
> Here is how I built that final url:
>
> Using perl, it is based on the following pieces:
>
> my $cs_ip = '10.217.5.192';
> my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path =
> '/client/api?'; my $api_key =
> '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct
> nute1ot0v7npcus8q'; my $secret_key =
> 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ
> TzP9eQNOjlZBTReKg';
>
> The api_key and secret key come from my account (evan) in domain 1.
> The keys were just generated in a new CloudStack GUI session.
> The evan account has ROOT Domain privileges.
>
> Then, following directions in the Developer's Guide ...
>
> The sorted, lower-case command string ($sorted_lc_cmd) is:
>
> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag
> o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json
>
>
> I obtained the hex signature in perl as follows:
>
>
> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key);
>
>
> And, then, put together the final url, as above, with the calculated
> signature.
>
>
> What am I doing wrong or missing?
Before you obtain the hmac SHA-1 you need to url encode the request url
stripping it off reserved characters like "+, !, $" etc. Then you perform the
HMAC on the resultant string. This then is passed through a base64 encoder to
obtain the signature. It looks like you missed this step. Can you base64 encode
the hmac result and give it a shot?
--
Prasanna.,
