Hi, I agree with Prasanna. You have to strip off the reserved characters and encode the URL using Base64 class to generate the signature . You can have a look at this working code added by me longtime back on the wiki for generating the signature.You can run this code by simply creating a Java project either in Netbeans /Eclipse IDE and you need to include 1)cloud-commons-httpclient-3.0.1 jar and 2)usercloud.properties.txt file from where the code takes the input parameters (host url, api key etc)
http://wiki.cloudstack.org/display/~rajeshb/Generating+the+Signature+through+code Hope this helps. Regards, Pranav -----Original Message----- From: Evan Miller [mailto:evan.mil...@citrix.com] Sent: Saturday, June 09, 2012 12:54 AM To: cloudstack-users@incubator.apache.org Subject: RE: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox). Hi: I am not doing something quite right yet generating a good CloudStack API URL. I still get this same error from the browser when I try to execute the final url: { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : "unable to verify user credentials"} } Here is what my perl script is doing: Original Command String: apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json Sorted (by field), lower-case Command String: apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json Encoded, sorted, lower-case Command String: apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson SHA1 HEX String: 9066d795102c0cf8a12322507887122b6b4a6095 SHA1 Base64 Signature (using SHA1 HEX String and Secret Key): SvDq03i4Tql9qkXuZwUDi3HfbH4 Final URL: http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4 I am generating the SHA1 HEX String like so: $digest = sha1_hex ($encode, $secret_key); using this module: use Digest::SHA qw(sha1 sha1_hex sha1_base64); I am generating the SHA1 Base64 Signature like so: $signature = sha1_base64 ($digest, $secret_key); Curious - Is SHA1 HEX different from HMAC SHA1? Regards, Evan -----Original Message----- From: Prasanna Santhanam [mailto:prasanna.santha...@citrix.com] Sent: Friday, June 08, 2012 1:20 AM To: cloudstack-users@incubator.apache.org Subject: Re: Having trouble getting a CloudStack API URL with api_key and generated signature to work from the browser (Firefox). On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote: > Hi: > > Right now, I am just testing a simple, final API-based url with signature in > a browser. > I am getting the following authentication related error in the browser: > > { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : > "unable to verify user credentials and/or request signature"} } > > Here is the final API-based url: > > > http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey > =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT > nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523 > 537571ee17b1 > > Here is how I built that final url: > > Using perl, it is based on the following pieces: > > my $cs_ip = '10.217.5.192'; > my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path = > '/client/api?'; my $api_key = > '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct > nute1ot0v7npcus8q'; my $secret_key = > 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ > TzP9eQNOjlZBTReKg'; > > The api_key and secret key come from my account (evan) in domain 1. > The keys were just generated in a new CloudStack GUI session. > The evan account has ROOT Domain privileges. > > Then, following directions in the Developer's Guide ... > > The sorted, lower-case command string ($sorted_lc_cmd) is: > > apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag > o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json > > > I obtained the hex signature in perl as follows: > > > $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key); > > > And, then, put together the final url, as above, with the calculated > signature. > > > What am I doing wrong or missing? Before you obtain the hmac SHA-1 you need to url encode the request url stripping it off reserved characters like "+, !, $" etc. Then you perform the HMAC on the resultant string. This then is passed through a base64 encoder to obtain the signature. It looks like you missed this step. Can you base64 encode the hmac result and give it a shot? -- Prasanna.,
