Hi Charles,

Are you using the plain password for the awsSecretKey? If so, use the
sha1 hashed version instead. You can retrieve it from the oneuser show
output.

Hope this helps

On 19 April 2012 13:54, Charles Rodamilans <[email protected]> wrote:
> Yes. I encode the password in String url = signed.sign(params);
>
>  You can see &Signature parameter in url.
>
> Em 17 de abril de 2012 12:53, Olivier Sallou <[email protected]>
> escreveu:
>
>> Did you encode the password in the url?
>>
>> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
>>
>> Hi,
>>
>> i tried to use ec2 interface with opennebula 3.2, but I have problem.
>>
>> Ec2 tools work well.
>>
>> [oneadmin@lahpc_cloud_server ~]$ econe-describe-instances
>> oneadmin    i-74                        running     192.168.0.22    small
>>
>> oneadmin    i-75                        running     192.168.0.20    small
>>
>> oneadmin    i-76                        running     192.168.0.21    small
>>
>>
>>
>> I use the java code, bellow, to generate url. It works well in amazon ec2
>> (ec2.amazonaws.com), but  is not working in opennebula.
>>
>> [oneadmin@lahpc_cloud_server ~]$ curl
>> "http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D";
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>
>>
>>
>> I tried with others users (serveradmin and clouduser), but problem is the
>> same.
>>
>>
>>
>> [oneadmin@lahpc_cloud_server ~]$ oneuser list
>>   ID GROUP    NAME            AUTH
>>       PASSWORD
>>    0 oneadmin oneadmin        core
>> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>>    1 oneadmin serveradmin     server_c
>> 96b438cf52a49348d0fbe773ff2c119bb4707994
>>   22 ec2      clouduser       public
>> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>>
>> [oneadmin@lahpc_cloud_server ~]$ curl
>> "http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D";
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>
>> [oneadmin@lahpc_cloud_server ~]$ curl
>> "http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D";
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>
>>
>> What is the problem? Any suggestion?
>>
>> Thanks,
>>
>> Charles Rodamilans
>>
>>
>>
>> import java.util.Map;
>>
>>
>> import org.junit.Test;
>>
>>
>> public class SignedRequestsTest {
>>
>>
>> @Test
>>
>> public void signed() {
>>
>> SignedRequests signed = new SignedRequests( "oneadmin", "password");
>>
>> // SignedRequests signed = new SignedRequests( "serveradmin", "password");
>>
>> // SignedRequests signed = new SignedRequests( "clouduser", "password");
>>
>>
>> Map<String, String> params = new java.util.HashMap<String, String>();
>>
>> params.put("Action", "DescribeInstances");
>>
>> params.put("SignatureMethod", "HmacSHA256");
>>
>> params.put("SignatureVersion", "2");
>>
>> params.put("Version", "2010-06-15");
>>
>> String url = signed.sign(params);
>>
>> System.out.println(url);
>>
>> }
>>
>> }
>>
>>
>>
>>
>>
>> /*
>>
>>  * Code Reference
>>
>>
>>  * http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
>>
>>  */
>>
>>
>> import java.io.UnsupportedEncodingException;
>>
>> import java.net.URLEncoder;
>>
>> import java.security.InvalidKeyException;
>>
>> import java.security.NoSuchAlgorithmException;
>>
>> import java.text.DateFormat;
>>
>> import java.text.SimpleDateFormat;
>>
>> import java.util.Calendar;
>>
>> import java.util.Iterator;
>>
>> import java.util.Map;
>>
>> import java.util.SortedMap;
>>
>> import java.util.TimeZone;
>>
>> import java.util.TreeMap;
>>
>>
>> import javax.crypto.Mac;
>>
>> import javax.crypto.spec.SecretKeySpec;
>>
>>
>> import org.apache.commons.codec.binary.Base64;
>>
>>
>> import com.lahpc.cloud.essential.HTTPVerb;
>>
>>
>> public class SignedRequests {
>>
>> private static final String UTF8_CHARSET = "UTF-8";
>>
>> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
>>
>> private static final String REQUEST_URI = "/";
>>
>> /**
>>
>> * @uml.property  name="requestMethod"
>>
>> * @uml.associationEnd  multiplicity="(1 1)"
>>
>> */
>>
>> private HTTPVerb requestMethod = HTTPVerb.GET;
>>
>>
>>
>> /**
>>
>> * @uml.property  name="endpoint"
>>
>> */
>>
>> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase
>>
>> private String endpoint = "localhost:4567"; // must be lowercase
>>
>> /**
>>
>> * @uml.property  name="awsAccessKeyId"
>>
>> */
>>
>> private String awsAccessKeyId;
>>
>> /**
>>
>> * @uml.property  name="awsSecretKey"
>>
>> */
>>
>> private String awsSecretKey;
>>
>>
>> /**
>>
>> * @uml.property  name="secretKeySpec"
>>
>> * @uml.associationEnd  multiplicity="(1 1)"
>>
>> */
>>
>> private SecretKeySpec secretKeySpec = null;
>>
>> /**
>>
>> * @uml.property  name="mac"
>>
>> * @uml.associationEnd  multiplicity="(1 1)"
>>
>> */
>>
>> private Mac mac = null;
>>
>> public SignedRequests(String awsAccessKeyId, String awsSecretKey)
>>
>> {
>>
>> this.setAwsAccessKeyId(awsAccessKeyId);
>>
>> this.setAwsSecretKey(awsSecretKey);
>>
>> setDefault();
>>
>> }
>>
>>
>> private void setDefault() {
>>
>>
>> try
>>
>> {
>>
>> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
>>
>> secretKeySpec =
>>
>> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
>>
>> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
>>
>> mac.init(secretKeySpec);
>>
>> } catch (UnsupportedEncodingException e) {
>>
>> e.printStackTrace();
>>
>> } catch (NoSuchAlgorithmException e) {
>>
>> e.printStackTrace();
>>
>> } catch (InvalidKeyException e) {
>>
>> e.printStackTrace();
>>
>> }
>>
>> }
>>
>>
>> public String sign(Map<String, String> params) {
>>
>> params.put("AWSAccessKeyId", awsAccessKeyId);
>>
>> params.put("Timestamp", timestamp());
>>
>>
>> SortedMap<String, String> sortedParamMap =
>>
>> new TreeMap<String, String>(params);
>>
>> String canonicalQS = canonicalize(sortedParamMap);
>>
>> String toSign =
>>
>> requestMethod.toString() + "\n"
>>
>> + endpoint + "\n"
>>
>> + REQUEST_URI + "\n"
>>
>> + canonicalQS;
>>
>>
>> String hmac = hmac(toSign);
>>
>> String sig = percentEncodeRfc3986(hmac);
>>
>> // String url = "https://"; + endpoint + REQUEST_URI + "?" +
>>
>> // canonicalQS + "&Signature=" + sig;
>>
>> String url = "http://"; + endpoint + REQUEST_URI + "?" +
>>
>> canonicalQS + "&Signature=" + sig;
>>
>>
>> return url;
>>
>> }
>>
>>
>> private String hmac(String stringToSign) {
>>
>> String signature = null;
>>
>> byte[] data;
>>
>> byte[] rawHmac;
>>
>> try {
>>
>> data = stringToSign.getBytes(UTF8_CHARSET);
>>
>> rawHmac = mac.doFinal(data);
>>
>> Base64 encoder = new Base64();
>>
>> signature = new String(encoder.encode(rawHmac));
>>
>> } catch (UnsupportedEncodingException e) {
>>
>> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
>>
>> }
>>
>> return signature;
>>
>> }
>>
>>
>> private String timestamp() {
>>
>> String timestamp = null;
>>
>> Calendar cal = Calendar.getInstance();
>>
>> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
>>
>> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
>>
>> timestamp = dfm.format(cal.getTime());
>>
>> return timestamp;
>>
>> }
>>
>>
>> private String canonicalize(SortedMap<String, String> sortedParamMap)
>>
>> {
>>
>> if (sortedParamMap.isEmpty()) {
>>
>> return "";
>>
>> }
>>
>>
>> StringBuffer buffer = new StringBuffer();
>>
>> Iterator<Map.Entry<String, String>> iter =
>>
>> sortedParamMap.entrySet().iterator();
>>
>>
>> while (iter.hasNext()) {
>>
>> Map.Entry<String, String> kvpair = iter.next();
>>
>> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
>>
>> buffer.append("=");
>>
>> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
>>
>> if (iter.hasNext()) {
>>
>> buffer.append("&");
>>
>> }
>>
>> }
>>
>> String cannoical = buffer.toString();
>>
>> return cannoical;
>>
>> }
>>
>>
>> private String percentEncodeRfc3986(String s) {
>>
>> String out;
>>
>> try {
>>
>> out = URLEncoder.encode(s, UTF8_CHARSET)
>>
>> .replace("+", "%20")
>>
>> .replace("*", "%2A")
>>
>> .replace("%7E", "~");
>>
>> } catch (UnsupportedEncodingException e) {
>>
>> out = s;
>>
>> }
>>
>> return out;
>>
>> }
>>
>>
>> /**
>>
>> * @param verb
>>
>> * @uml.property  name="requestMethod"
>>
>> */
>>
>> public void setRequestMethod(HTTPVerb verb )
>>
>> {
>>
>> this.requestMethod = verb;
>>
>> }
>>
>>
>> /**
>>
>> * @return
>>
>> * @uml.property  name="requestMethod"
>>
>> */
>>
>> public HTTPVerb getRequestMethod()
>>
>> {
>>
>> return requestMethod;
>>
>> }
>>
>>
>> /**
>>
>> * @param keyId
>>
>> * @uml.property  name="awsAccessKeyId"
>>
>> */
>>
>> public void setAwsAccessKeyId(String keyId)
>>
>> {
>>
>> this.awsAccessKeyId = keyId;
>>
>> }
>>
>>
>> /**
>>
>> * @return
>>
>> * @uml.property  name="awsAccessKeyId"
>>
>> */
>>
>> public String getAwsAccessKeyId()
>>
>> {
>>
>> return this.awsAccessKeyId;
>>
>> }
>>
>>
>> /**
>>
>> * @param secretKey
>>
>> * @uml.property  name="awsSecretKey"
>>
>> */
>>
>> public void setAwsSecretKey (String secretKey)
>>
>> {
>>
>> this.awsSecretKey = secretKey;
>>
>> }
>>
>>
>> /**
>>
>> * @return
>>
>> * @uml.property  name="awsSecretKey"
>>
>> */
>>
>> public String getAwsSecretKey ()
>>
>> {
>>
>> return this.awsSecretKey;
>>
>> }
>>
>>
>>
>> }
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> [email protected]
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>> --
>> Olivier Sallou
>> IRISA / University of Rennes 1
>> Campus de Beaulieu, 35000 RENNES - FRANCE
>> Tel: 02.99.84.71.95
>>
>> gpg key id: 4096R/326D8438  (keyring.debian.org)
>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>
>>
>> _______________________________________________
>> Users mailing list
>> [email protected]
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
> _______________________________________________
> Users mailing list
> [email protected]
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | [email protected] | @OpenNebula
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Reply via email to