On 6/8/12 7:08 PM, "Evan Miller" <evan.mil...@citrix.com> wrote:
>Hi Alena: > >-----Original Message----- >From: Alena Prokharchyk [mailto:alena.prokharc...@citrix.com] >Sent: Friday, June 08, 2012 3:56 PM >To: cloudstack-users@incubator.apache.org >Subject: Re: Having trouble getting a CloudStack API URL with api_key and >generated signature to work from the browser (Firefox). > >On 6/8/12 12:23 PM, "Evan Miller" <evan.mil...@citrix.com> wrote: > >>Hi: >> >>I am not doing something quite right yet generating a good >>CloudStack API URL. >> >>I still get this same error from the browser when >>I try to execute the final url: >> >>{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : >>"unable to verify user credentials"} } >> >>Here is what my perl script is doing: >> >>Original Command String: >> >>apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1y >>C >>CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json >> >>Sorted (by field), lower-case Command String: >> >>apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1y >>c >>ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json >> >>Encoded, sorted, lower-case Command String: >> >>apikey%3D8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago >>1 >>ycctnute1ot0v7npcus8q%26command%3Dlistvirtualmachines%26response%3Djson > >Here is the problem - you have to encode just parameter values, not the >parameters themselves and definitely not "=" and "&" special chars. > >You can look at the java code sample I wrote for the dev bootcamp, here is >the link in the source tree: > >http://git.cloud.com/cgit/cloudstack-oss/tree/test/src/com/cloud/test/demo >/Demo.java?h=3.0.x > > >- Begin - > >I don't really know Java, but I did see your numbered steps >at the bottom. > >I still get an error for the final url: > >{ "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : >"unable to verify user credentials and/or request signature"} } > >Here is what I tried ... continuing in perl. >I encoded just the parameters (not the field values). >The parameters didn't really require any encoding. >No special characters, but I did it anyway. >So, after encoding, the parameters didn't change. >I did encode the signature before appending to the >final url. > >Here's the flow ... > >Original Command String: > >apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yC >CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json > >Command String with Encoded Parameters: > >apiKey=8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yC >CTnUtE1oT0v7npCuS8Q&command=listVirtualMachines&response=json > >Sorted (by field), lower-case, encoded Command String: > >apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1yc >ctnute1ot0v7npcus8q&command=listvirtualmachines&response=json > >SHA1 HEX String: > f8d4d96dd59c3bd562dc32586539fa9162c5ed70 > >SHA1 Base64 Signature (using SHA1 HEX String): > 3wOrhy/SstxN+NbdoT8h/bkla2E > >Encoded Signature: > 3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E > >Final URL: > >http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v_ >GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT0 >v7npCuS8Q&response=json&signature=3wOrhy%2FSstxN%2BNbdoT8h%2Fbkla2E > >Does the syntax of the final url, at least, look right? > >If so, then there must be something wrong with the signature. > >Regards, >Evan The syntax looks right to me. -Alena. > >- End - > > >-Alena. > >> >>SHA1 HEX String: >> 9066d795102c0cf8a12322507887122b6b4a6095 >> >>SHA1 Base64 Signature (using SHA1 HEX String and Secret Key): >> SvDq03i4Tql9qkXuZwUDi3HfbH4 >> >>Final URL: >> >>http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey=8v >>_ >>GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCTnUtE1oT >>0 >>v7npCuS8Q&response=json&signature=SvDq03i4Tql9qkXuZwUDi3HfbH4 >> >>I am generating the SHA1 HEX String like so: >> $digest = sha1_hex ($encode, $secret_key); >>using this module: >> use Digest::SHA qw(sha1 sha1_hex sha1_base64); >> >>I am generating the SHA1 Base64 Signature like so: >> $signature = sha1_base64 ($digest, $secret_key); >> >> >>Curious - Is SHA1 HEX different from HMAC SHA1? >> >> >>Regards, >>Evan >> >>-----Original Message----- >>From: Prasanna Santhanam [mailto:prasanna.santha...@citrix.com] >>Sent: Friday, June 08, 2012 1:20 AM >>To: cloudstack-users@incubator.apache.org >>Subject: Re: Having trouble getting a CloudStack API URL with api_key and >>generated signature to work from the browser (Firefox). >> >>On Thu, Jun 07, 2012 at 10:38:20PM -0400, Evan Miller wrote: >>> Hi: >>> >>> Right now, I am just testing a simple, final API-based url with >>>signature in a browser. >>> I am getting the following authentication related error in the browser: >>> >>> { "listvirtualmachinesresponse" : {"errorcode" : 401, "errortext" : >>> "unable to verify user credentials and/or request signature"} } >>> >>> Here is the final API-based url: >>> >>> >>> http://10.217.5.192:8080/client/api?command=listVirtualMachines&apiKey >>> =8v_GEvJJgDjbbHIBmlle4yyHKseQhRefztnv4UP2fU3K9y12TH7lscsn6-7SEaGO1yCCT >>> nUtE1oT0v7npCuS8Q&response=json&signature=1ca7bc1bbc67b8f578c7d094c523 >>> 537571ee17b1 >>> >>> Here is how I built that final url: >>> >>> Using perl, it is based on the following pieces: >>> >>> my $cs_ip = '10.217.5.192'; >>> my $base_url = 'http://' . "$cs_ip" . ':8080'; my $api_path = >>> '/client/api?'; my $api_key = >>> '8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seago1ycct >>> nute1ot0v7npcus8q'; my $secret_key = >>> 'kNd2VxlXxCXwyJGlidr0ZcmcqXSH2refwxZTStD6If4vJu4QmJPOIui0rgr88mDI6DuGQ >>> TzP9eQNOjlZBTReKg'; >>> >>> The api_key and secret key come from my account (evan) in domain 1. >>> The keys were just generated in a new CloudStack GUI session. >>> The evan account has ROOT Domain privileges. >>> >>> Then, following directions in the Developer's Guide ... >>> >>> The sorted, lower-case command string ($sorted_lc_cmd) is: >>> >>> apikey=8v_gevjjgdjbbhibmlle4yyhkseqhrefztnv4up2fu3k9y12th7lscsn6-7seag >>> o1ycctnute1ot0v7npcus8q&command=listvirtualmachines&response=json >>> >>> >>> I obtained the hex signature in perl as follows: >>> >>> >>> $signature = hmac_sha1_hex ($sorted_lc_cmd, $secret_key); >>> >>> >>> And, then, put together the final url, as above, with the calculated >>>signature. >>> >>> >>> What am I doing wrong or missing? >> >>Before you obtain the hmac SHA-1 you need to url encode the request url >>stripping it off reserved characters like "+, !, $" etc. Then you perform >>the HMAC on the resultant string. This then is passed through a base64 >>encoder to obtain the signature. It looks like you missed this step. Can >>you base64 encode the hmac result and give it a shot? >> >> >> >>-- >>Prasanna., >> >> > > >
