Hi Charles, Are you using the plain password for the awsSecretKey? If so, use the sha1 hashed version instead. You can retrieve it from the oneuser show output.
Hope this helps On 19 April 2012 13:54, Charles Rodamilans <[email protected]> wrote: > Yes. I encode the password in String url = signed.sign(params); > > You can see &Signature parameter in url. > > Em 17 de abril de 2012 12:53, Olivier Sallou <[email protected]> > escreveu: > >> Did you encode the password in the url? >> >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit : >> >> Hi, >> >> i tried to use ec2 interface with opennebula 3.2, but I have problem. >> >> Ec2 tools work well. >> >> [oneadmin@lahpc_cloud_server ~]$ econe-describe-instances >> oneadmin i-74 running 192.168.0.22 small >> >> oneadmin i-75 running 192.168.0.20 small >> >> oneadmin i-76 running 192.168.0.21 small >> >> >> >> I use the java code, bellow, to generate url. It works well in amazon ec2 >> (ec2.amazonaws.com), but is not working in opennebula. >> >> [oneadmin@lahpc_cloud_server ~]$ curl >> "http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D" >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >> >> >> >> I tried with others users (serveradmin and clouduser), but problem is the >> same. >> >> >> >> [oneadmin@lahpc_cloud_server ~]$ oneuser list >> ID GROUP NAME AUTH >> PASSWORD >> 0 oneadmin oneadmin core >> b8c388d2e366b7835bcd9fe565fb67a17f84302f >> 1 oneadmin serveradmin server_c >> 96b438cf52a49348d0fbe773ff2c119bb4707994 >> 22 ec2 clouduser public >> b8c388d2e366b7835bcd9fe565fb67a17f84302f >> >> [oneadmin@lahpc_cloud_server ~]$ curl >> "http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D" >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >> >> [oneadmin@lahpc_cloud_server ~]$ curl >> "http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D" >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >> >> >> What is the problem? Any suggestion? >> >> Thanks, >> >> Charles Rodamilans >> >> >> >> import java.util.Map; >> >> >> import org.junit.Test; >> >> >> public class SignedRequestsTest { >> >> >> @Test >> >> public void signed() { >> >> SignedRequests signed = new SignedRequests( "oneadmin", "password"); >> >> // SignedRequests signed = new SignedRequests( "serveradmin", "password"); >> >> // SignedRequests signed = new SignedRequests( "clouduser", "password"); >> >> >> Map<String, String> params = new java.util.HashMap<String, String>(); >> >> params.put("Action", "DescribeInstances"); >> >> params.put("SignatureMethod", "HmacSHA256"); >> >> params.put("SignatureVersion", "2"); >> >> params.put("Version", "2010-06-15"); >> >> String url = signed.sign(params); >> >> System.out.println(url); >> >> } >> >> } >> >> >> >> >> >> /* >> >> * Code Reference >> >> >> * http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html >> >> */ >> >> >> import java.io.UnsupportedEncodingException; >> >> import java.net.URLEncoder; >> >> import java.security.InvalidKeyException; >> >> import java.security.NoSuchAlgorithmException; >> >> import java.text.DateFormat; >> >> import java.text.SimpleDateFormat; >> >> import java.util.Calendar; >> >> import java.util.Iterator; >> >> import java.util.Map; >> >> import java.util.SortedMap; >> >> import java.util.TimeZone; >> >> import java.util.TreeMap; >> >> >> import javax.crypto.Mac; >> >> import javax.crypto.spec.SecretKeySpec; >> >> >> import org.apache.commons.codec.binary.Base64; >> >> >> import com.lahpc.cloud.essential.HTTPVerb; >> >> >> public class SignedRequests { >> >> private static final String UTF8_CHARSET = "UTF-8"; >> >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; >> >> private static final String REQUEST_URI = "/"; >> >> /** >> >> * @uml.property name="requestMethod" >> >> * @uml.associationEnd multiplicity="(1 1)" >> >> */ >> >> private HTTPVerb requestMethod = HTTPVerb.GET; >> >> >> >> /** >> >> * @uml.property name="endpoint" >> >> */ >> >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase >> >> private String endpoint = "localhost:4567"; // must be lowercase >> >> /** >> >> * @uml.property name="awsAccessKeyId" >> >> */ >> >> private String awsAccessKeyId; >> >> /** >> >> * @uml.property name="awsSecretKey" >> >> */ >> >> private String awsSecretKey; >> >> >> /** >> >> * @uml.property name="secretKeySpec" >> >> * @uml.associationEnd multiplicity="(1 1)" >> >> */ >> >> private SecretKeySpec secretKeySpec = null; >> >> /** >> >> * @uml.property name="mac" >> >> * @uml.associationEnd multiplicity="(1 1)" >> >> */ >> >> private Mac mac = null; >> >> public SignedRequests(String awsAccessKeyId, String awsSecretKey) >> >> { >> >> this.setAwsAccessKeyId(awsAccessKeyId); >> >> this.setAwsSecretKey(awsSecretKey); >> >> setDefault(); >> >> } >> >> >> private void setDefault() { >> >> >> try >> >> { >> >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET); >> >> secretKeySpec = >> >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM); >> >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); >> >> mac.init(secretKeySpec); >> >> } catch (UnsupportedEncodingException e) { >> >> e.printStackTrace(); >> >> } catch (NoSuchAlgorithmException e) { >> >> e.printStackTrace(); >> >> } catch (InvalidKeyException e) { >> >> e.printStackTrace(); >> >> } >> >> } >> >> >> public String sign(Map<String, String> params) { >> >> params.put("AWSAccessKeyId", awsAccessKeyId); >> >> params.put("Timestamp", timestamp()); >> >> >> SortedMap<String, String> sortedParamMap = >> >> new TreeMap<String, String>(params); >> >> String canonicalQS = canonicalize(sortedParamMap); >> >> String toSign = >> >> requestMethod.toString() + "\n" >> >> + endpoint + "\n" >> >> + REQUEST_URI + "\n" >> >> + canonicalQS; >> >> >> String hmac = hmac(toSign); >> >> String sig = percentEncodeRfc3986(hmac); >> >> // String url = "https://" + endpoint + REQUEST_URI + "?" + >> >> // canonicalQS + "&Signature=" + sig; >> >> String url = "http://" + endpoint + REQUEST_URI + "?" + >> >> canonicalQS + "&Signature=" + sig; >> >> >> return url; >> >> } >> >> >> private String hmac(String stringToSign) { >> >> String signature = null; >> >> byte[] data; >> >> byte[] rawHmac; >> >> try { >> >> data = stringToSign.getBytes(UTF8_CHARSET); >> >> rawHmac = mac.doFinal(data); >> >> Base64 encoder = new Base64(); >> >> signature = new String(encoder.encode(rawHmac)); >> >> } catch (UnsupportedEncodingException e) { >> >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e); >> >> } >> >> return signature; >> >> } >> >> >> private String timestamp() { >> >> String timestamp = null; >> >> Calendar cal = Calendar.getInstance(); >> >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); >> >> dfm.setTimeZone(TimeZone.getTimeZone("GMT")); >> >> timestamp = dfm.format(cal.getTime()); >> >> return timestamp; >> >> } >> >> >> private String canonicalize(SortedMap<String, String> sortedParamMap) >> >> { >> >> if (sortedParamMap.isEmpty()) { >> >> return ""; >> >> } >> >> >> StringBuffer buffer = new StringBuffer(); >> >> Iterator<Map.Entry<String, String>> iter = >> >> sortedParamMap.entrySet().iterator(); >> >> >> while (iter.hasNext()) { >> >> Map.Entry<String, String> kvpair = iter.next(); >> >> buffer.append(percentEncodeRfc3986(kvpair.getKey())); >> >> buffer.append("="); >> >> buffer.append(percentEncodeRfc3986(kvpair.getValue())); >> >> if (iter.hasNext()) { >> >> buffer.append("&"); >> >> } >> >> } >> >> String cannoical = buffer.toString(); >> >> return cannoical; >> >> } >> >> >> private String percentEncodeRfc3986(String s) { >> >> String out; >> >> try { >> >> out = URLEncoder.encode(s, UTF8_CHARSET) >> >> .replace("+", "%20") >> >> .replace("*", "%2A") >> >> .replace("%7E", "~"); >> >> } catch (UnsupportedEncodingException e) { >> >> out = s; >> >> } >> >> return out; >> >> } >> >> >> /** >> >> * @param verb >> >> * @uml.property name="requestMethod" >> >> */ >> >> public void setRequestMethod(HTTPVerb verb ) >> >> { >> >> this.requestMethod = verb; >> >> } >> >> >> /** >> >> * @return >> >> * @uml.property name="requestMethod" >> >> */ >> >> public HTTPVerb getRequestMethod() >> >> { >> >> return requestMethod; >> >> } >> >> >> /** >> >> * @param keyId >> >> * @uml.property name="awsAccessKeyId" >> >> */ >> >> public void setAwsAccessKeyId(String keyId) >> >> { >> >> this.awsAccessKeyId = keyId; >> >> } >> >> >> /** >> >> * @return >> >> * @uml.property name="awsAccessKeyId" >> >> */ >> >> public String getAwsAccessKeyId() >> >> { >> >> return this.awsAccessKeyId; >> >> } >> >> >> /** >> >> * @param secretKey >> >> * @uml.property name="awsSecretKey" >> >> */ >> >> public void setAwsSecretKey (String secretKey) >> >> { >> >> this.awsSecretKey = secretKey; >> >> } >> >> >> /** >> >> * @return >> >> * @uml.property name="awsSecretKey" >> >> */ >> >> public String getAwsSecretKey () >> >> { >> >> return this.awsSecretKey; >> >> } >> >> >> >> } >> >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> -- >> Olivier Sallou >> IRISA / University of Rennes 1 >> Campus de Beaulieu, 35000 RENNES - FRANCE >> Tel: 02.99.84.71.95 >> >> gpg key id: 4096R/326D8438 (keyring.debian.org) >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Daniel Molina Project Engineer OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | [email protected] | @OpenNebula _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
