Hi Daniel, it was the problem. Thanks for help.
Charles Rodamilans Em 19 de abril de 2012 11:08, Daniel Molina <[email protected]>escreveu: > Hi Charles, > > Are you using the plain password for the awsSecretKey? If so, use the > sha1 hashed version instead. You can retrieve it from the oneuser show > output. > > Hope this helps > > On 19 April 2012 13:54, Charles Rodamilans <[email protected]> > wrote: > > Yes. I encode the password in String url = signed.sign(params); > > > > You can see &Signature parameter in url. > > > > Em 17 de abril de 2012 12:53, Olivier Sallou <[email protected]> > > escreveu: > > > >> Did you encode the password in the url? > >> > >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit : > >> > >> Hi, > >> > >> i tried to use ec2 interface with opennebula 3.2, but I have problem. > >> > >> Ec2 tools work well. > >> > >> [oneadmin@lahpc_cloud_server ~]$ econe-describe-instances > >> oneadmin i-74 running 192.168.0.22 > small > >> > >> oneadmin i-75 running 192.168.0.20 > small > >> > >> oneadmin i-76 running 192.168.0.21 > small > >> > >> > >> > >> I use the java code, bellow, to generate url. It works well in amazon > ec2 > >> (ec2.amazonaws.com), but is not working in opennebula. > >> > >> [oneadmin@lahpc_cloud_server ~]$ curl > >> " > http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D > " > >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not > >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> > >> > >> > >> > >> I tried with others users (serveradmin and clouduser), but problem is > the > >> same. > >> > >> > >> > >> [oneadmin@lahpc_cloud_server ~]$ oneuser list > >> ID GROUP NAME AUTH > >> PASSWORD > >> 0 oneadmin oneadmin core > >> b8c388d2e366b7835bcd9fe565fb67a17f84302f > >> 1 oneadmin serveradmin server_c > >> 96b438cf52a49348d0fbe773ff2c119bb4707994 > >> 22 ec2 clouduser public > >> b8c388d2e366b7835bcd9fe565fb67a17f84302f > >> > >> [oneadmin@lahpc_cloud_server ~]$ curl > >> " > http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D > " > >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not > >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> > >> > >> [oneadmin@lahpc_cloud_server ~]$ curl > >> " > http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D > " > >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not > >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> > >> > >> > >> What is the problem? Any suggestion? > >> > >> Thanks, > >> > >> Charles Rodamilans > >> > >> > >> > >> import java.util.Map; > >> > >> > >> import org.junit.Test; > >> > >> > >> public class SignedRequestsTest { > >> > >> > >> @Test > >> > >> public void signed() { > >> > >> SignedRequests signed = new SignedRequests( "oneadmin", "password"); > >> > >> // SignedRequests signed = new SignedRequests( "serveradmin", > "password"); > >> > >> // SignedRequests signed = new SignedRequests( "clouduser", "password"); > >> > >> > >> Map<String, String> params = new java.util.HashMap<String, String>(); > >> > >> params.put("Action", "DescribeInstances"); > >> > >> params.put("SignatureMethod", "HmacSHA256"); > >> > >> params.put("SignatureVersion", "2"); > >> > >> params.put("Version", "2010-06-15"); > >> > >> String url = signed.sign(params); > >> > >> System.out.println(url); > >> > >> } > >> > >> } > >> > >> > >> > >> > >> > >> /* > >> > >> * Code Reference > >> > >> > >> * > http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html > >> > >> */ > >> > >> > >> import java.io.UnsupportedEncodingException; > >> > >> import java.net.URLEncoder; > >> > >> import java.security.InvalidKeyException; > >> > >> import java.security.NoSuchAlgorithmException; > >> > >> import java.text.DateFormat; > >> > >> import java.text.SimpleDateFormat; > >> > >> import java.util.Calendar; > >> > >> import java.util.Iterator; > >> > >> import java.util.Map; > >> > >> import java.util.SortedMap; > >> > >> import java.util.TimeZone; > >> > >> import java.util.TreeMap; > >> > >> > >> import javax.crypto.Mac; > >> > >> import javax.crypto.spec.SecretKeySpec; > >> > >> > >> import org.apache.commons.codec.binary.Base64; > >> > >> > >> import com.lahpc.cloud.essential.HTTPVerb; > >> > >> > >> public class SignedRequests { > >> > >> private static final String UTF8_CHARSET = "UTF-8"; > >> > >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; > >> > >> private static final String REQUEST_URI = "/"; > >> > >> /** > >> > >> * @uml.property name="requestMethod" > >> > >> * @uml.associationEnd multiplicity="(1 1)" > >> > >> */ > >> > >> private HTTPVerb requestMethod = HTTPVerb.GET; > >> > >> > >> > >> /** > >> > >> * @uml.property name="endpoint" > >> > >> */ > >> > >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase > >> > >> private String endpoint = "localhost:4567"; // must be lowercase > >> > >> /** > >> > >> * @uml.property name="awsAccessKeyId" > >> > >> */ > >> > >> private String awsAccessKeyId; > >> > >> /** > >> > >> * @uml.property name="awsSecretKey" > >> > >> */ > >> > >> private String awsSecretKey; > >> > >> > >> /** > >> > >> * @uml.property name="secretKeySpec" > >> > >> * @uml.associationEnd multiplicity="(1 1)" > >> > >> */ > >> > >> private SecretKeySpec secretKeySpec = null; > >> > >> /** > >> > >> * @uml.property name="mac" > >> > >> * @uml.associationEnd multiplicity="(1 1)" > >> > >> */ > >> > >> private Mac mac = null; > >> > >> public SignedRequests(String awsAccessKeyId, String awsSecretKey) > >> > >> { > >> > >> this.setAwsAccessKeyId(awsAccessKeyId); > >> > >> this.setAwsSecretKey(awsSecretKey); > >> > >> setDefault(); > >> > >> } > >> > >> > >> private void setDefault() { > >> > >> > >> try > >> > >> { > >> > >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET); > >> > >> secretKeySpec = > >> > >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM); > >> > >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); > >> > >> mac.init(secretKeySpec); > >> > >> } catch (UnsupportedEncodingException e) { > >> > >> e.printStackTrace(); > >> > >> } catch (NoSuchAlgorithmException e) { > >> > >> e.printStackTrace(); > >> > >> } catch (InvalidKeyException e) { > >> > >> e.printStackTrace(); > >> > >> } > >> > >> } > >> > >> > >> public String sign(Map<String, String> params) { > >> > >> params.put("AWSAccessKeyId", awsAccessKeyId); > >> > >> params.put("Timestamp", timestamp()); > >> > >> > >> SortedMap<String, String> sortedParamMap = > >> > >> new TreeMap<String, String>(params); > >> > >> String canonicalQS = canonicalize(sortedParamMap); > >> > >> String toSign = > >> > >> requestMethod.toString() + "\n" > >> > >> + endpoint + "\n" > >> > >> + REQUEST_URI + "\n" > >> > >> + canonicalQS; > >> > >> > >> String hmac = hmac(toSign); > >> > >> String sig = percentEncodeRfc3986(hmac); > >> > >> // String url = "https://" + endpoint + REQUEST_URI + "?" + > >> > >> // canonicalQS + "&Signature=" + sig; > >> > >> String url = "http://" + endpoint + REQUEST_URI + "?" + > >> > >> canonicalQS + "&Signature=" + sig; > >> > >> > >> return url; > >> > >> } > >> > >> > >> private String hmac(String stringToSign) { > >> > >> String signature = null; > >> > >> byte[] data; > >> > >> byte[] rawHmac; > >> > >> try { > >> > >> data = stringToSign.getBytes(UTF8_CHARSET); > >> > >> rawHmac = mac.doFinal(data); > >> > >> Base64 encoder = new Base64(); > >> > >> signature = new String(encoder.encode(rawHmac)); > >> > >> } catch (UnsupportedEncodingException e) { > >> > >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e); > >> > >> } > >> > >> return signature; > >> > >> } > >> > >> > >> private String timestamp() { > >> > >> String timestamp = null; > >> > >> Calendar cal = Calendar.getInstance(); > >> > >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); > >> > >> dfm.setTimeZone(TimeZone.getTimeZone("GMT")); > >> > >> timestamp = dfm.format(cal.getTime()); > >> > >> return timestamp; > >> > >> } > >> > >> > >> private String canonicalize(SortedMap<String, String> sortedParamMap) > >> > >> { > >> > >> if (sortedParamMap.isEmpty()) { > >> > >> return ""; > >> > >> } > >> > >> > >> StringBuffer buffer = new StringBuffer(); > >> > >> Iterator<Map.Entry<String, String>> iter = > >> > >> sortedParamMap.entrySet().iterator(); > >> > >> > >> while (iter.hasNext()) { > >> > >> Map.Entry<String, String> kvpair = iter.next(); > >> > >> buffer.append(percentEncodeRfc3986(kvpair.getKey())); > >> > >> buffer.append("="); > >> > >> buffer.append(percentEncodeRfc3986(kvpair.getValue())); > >> > >> if (iter.hasNext()) { > >> > >> buffer.append("&"); > >> > >> } > >> > >> } > >> > >> String cannoical = buffer.toString(); > >> > >> return cannoical; > >> > >> } > >> > >> > >> private String percentEncodeRfc3986(String s) { > >> > >> String out; > >> > >> try { > >> > >> out = URLEncoder.encode(s, UTF8_CHARSET) > >> > >> .replace("+", "%20") > >> > >> .replace("*", "%2A") > >> > >> .replace("%7E", "~"); > >> > >> } catch (UnsupportedEncodingException e) { > >> > >> out = s; > >> > >> } > >> > >> return out; > >> > >> } > >> > >> > >> /** > >> > >> * @param verb > >> > >> * @uml.property name="requestMethod" > >> > >> */ > >> > >> public void setRequestMethod(HTTPVerb verb ) > >> > >> { > >> > >> this.requestMethod = verb; > >> > >> } > >> > >> > >> /** > >> > >> * @return > >> > >> * @uml.property name="requestMethod" > >> > >> */ > >> > >> public HTTPVerb getRequestMethod() > >> > >> { > >> > >> return requestMethod; > >> > >> } > >> > >> > >> /** > >> > >> * @param keyId > >> > >> * @uml.property name="awsAccessKeyId" > >> > >> */ > >> > >> public void setAwsAccessKeyId(String keyId) > >> > >> { > >> > >> this.awsAccessKeyId = keyId; > >> > >> } > >> > >> > >> /** > >> > >> * @return > >> > >> * @uml.property name="awsAccessKeyId" > >> > >> */ > >> > >> public String getAwsAccessKeyId() > >> > >> { > >> > >> return this.awsAccessKeyId; > >> > >> } > >> > >> > >> /** > >> > >> * @param secretKey > >> > >> * @uml.property name="awsSecretKey" > >> > >> */ > >> > >> public void setAwsSecretKey (String secretKey) > >> > >> { > >> > >> this.awsSecretKey = secretKey; > >> > >> } > >> > >> > >> /** > >> > >> * @return > >> > >> * @uml.property name="awsSecretKey" > >> > >> */ > >> > >> public String getAwsSecretKey () > >> > >> { > >> > >> return this.awsSecretKey; > >> > >> } > >> > >> > >> > >> } > >> > >> > >> > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >> > >> > >> -- > >> Olivier Sallou > >> IRISA / University of Rennes 1 > >> Campus de Beaulieu, 35000 RENNES - FRANCE > >> Tel: 02.99.84.71.95 > >> > >> gpg key id: 4096R/326D8438 (keyring.debian.org) > >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 > >> > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >> > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > -- > Daniel Molina > Project Engineer > OpenNebula - The Open Source Solution for Data Center Virtualization > www.OpenNebula.org | [email protected] | @OpenNebula >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
