[one-users] REST EC2

Charles Rodamilans charlesrodamilans at gmail.com
Tue Apr 17 08:28:54 PDT 2012


Hi,

i tried to use ec2 interface with opennebula 3.2, but I have problem.

Ec2 tools work well.

[oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
oneadmin    i-74                        running     192.168.0.22    small

oneadmin    i-75                        running     192.168.0.20    small

oneadmin    i-76                        running     192.168.0.21    small



I use the java code, bellow, to generate url. It works well in amazon ec2 (
ec2.amazonaws.com), but  is not working in opennebula.

[oneadmin at lahpc_cloud_server ~]$ curl "
http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D
"
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>



I tried with others users (serveradmin and clouduser), but problem is the
same.



[oneadmin at lahpc_cloud_server ~]$ oneuser list
  ID GROUP    NAME            AUTH
      PASSWORD
   0 oneadmin oneadmin        core
b8c388d2e366b7835bcd9fe565fb67a17f84302f
   1 oneadmin serveradmin     server_c
96b438cf52a49348d0fbe773ff2c119bb4707994
  22 ec2      clouduser       public
b8c388d2e366b7835bcd9fe565fb67a17f84302f

[oneadmin at lahpc_cloud_server ~]$ curl "
http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D
"
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>

[oneadmin at lahpc_cloud_server ~]$ curl "
http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D
"
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>


What is the problem? Any suggestion?

Thanks,

Charles Rodamilans



import java.util.Map;


import org.junit.Test;


public class SignedRequestsTest {


 @Test

public void signed() {

SignedRequests signed = new SignedRequests( "oneadmin", "password");

// SignedRequests signed = new SignedRequests( "serveradmin", "password");

// SignedRequests signed = new SignedRequests( "clouduser", "password");

 Map<String, String> params = new java.util.HashMap<String, String>();

params.put("Action", "DescribeInstances");

params.put("SignatureMethod", "HmacSHA256");

params.put("SignatureVersion", "2");

params.put("Version", "2010-06-15");

 String url = signed.sign(params);

 System.out.println(url);

}

}





/*

 * Code Reference

 *
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html

 */


import java.io.UnsupportedEncodingException;

import java.net.URLEncoder;

import java.security.InvalidKeyException;

import java.security.NoSuchAlgorithmException;

import java.text.DateFormat;

import java.text.SimpleDateFormat;

import java.util.Calendar;

import java.util.Iterator;

import java.util.Map;

import java.util.SortedMap;

import java.util.TimeZone;

import java.util.TreeMap;


import javax.crypto.Mac;

import javax.crypto.spec.SecretKeySpec;


import org.apache.commons.codec.binary.Base64;


import com.lahpc.cloud.essential.HTTPVerb;


public class SignedRequests {

private static final String UTF8_CHARSET = "UTF-8";

private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";

private static final String REQUEST_URI = "/";

/**

 * @uml.property  name="requestMethod"

 * @uml.associationEnd  multiplicity="(1 1)"

 */

private HTTPVerb requestMethod = HTTPVerb.GET;



 /**

 * @uml.property  name="endpoint"

 */

// private String endpoint = "ec2.amazonaws.com"; // must be lowercase

private String endpoint = "localhost:4567"; // must be lowercase

/**

 * @uml.property  name="awsAccessKeyId"

 */

private String awsAccessKeyId;

/**

 * @uml.property  name="awsSecretKey"

 */

private String awsSecretKey;


 /**

 * @uml.property  name="secretKeySpec"

 * @uml.associationEnd  multiplicity="(1 1)"

 */

private SecretKeySpec secretKeySpec = null;

/**

 * @uml.property  name="mac"

 * @uml.associationEnd  multiplicity="(1 1)"

 */

private Mac mac = null;

 public SignedRequests(String awsAccessKeyId, String awsSecretKey)

{

this.setAwsAccessKeyId(awsAccessKeyId);

this.setAwsSecretKey(awsSecretKey);

setDefault();

}


 private void setDefault() {


 try

{

byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);

secretKeySpec =

new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);

mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);

mac.init(secretKeySpec);

} catch (UnsupportedEncodingException e) {

e.printStackTrace();

} catch (NoSuchAlgorithmException e) {

e.printStackTrace();

} catch (InvalidKeyException e) {

e.printStackTrace();

}

}


 public String sign(Map<String, String> params) {

params.put("AWSAccessKeyId", awsAccessKeyId);

params.put("Timestamp", timestamp());


 SortedMap<String, String> sortedParamMap =

new TreeMap<String, String>(params);

String canonicalQS = canonicalize(sortedParamMap);

String toSign =

requestMethod.toString() + "\n"

+ endpoint + "\n"

+ REQUEST_URI + "\n"

+ canonicalQS;


 String hmac = hmac(toSign);

String sig = percentEncodeRfc3986(hmac);

// String url = "https://" + endpoint + REQUEST_URI + "?" +

// canonicalQS + "&Signature=" + sig;

String url = "http://" + endpoint + REQUEST_URI + "?" +

canonicalQS + "&Signature=" + sig;


   return url;

}


 private String hmac(String stringToSign) {

String signature = null;

byte[] data;

byte[] rawHmac;

try {

data = stringToSign.getBytes(UTF8_CHARSET);

rawHmac = mac.doFinal(data);

Base64 encoder = new Base64();

signature = new String(encoder.encode(rawHmac));

} catch (UnsupportedEncodingException e) {

throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);

}

return signature;

}


 private String timestamp() {

String timestamp = null;

Calendar cal = Calendar.getInstance();

DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");

dfm.setTimeZone(TimeZone.getTimeZone("GMT"));

timestamp = dfm.format(cal.getTime());

return timestamp;

}


 private String canonicalize(SortedMap<String, String> sortedParamMap)

{

if (sortedParamMap.isEmpty()) {

return "";

}


 StringBuffer buffer = new StringBuffer();

Iterator<Map.Entry<String, String>> iter =

sortedParamMap.entrySet().iterator();


 while (iter.hasNext()) {

Map.Entry<String, String> kvpair = iter.next();

buffer.append(percentEncodeRfc3986(kvpair.getKey()));

buffer.append("=");

buffer.append(percentEncodeRfc3986(kvpair.getValue()));

if (iter.hasNext()) {

buffer.append("&");

}

}

String cannoical = buffer.toString();

return cannoical;

}


 private String percentEncodeRfc3986(String s) {

String out;

try {

out = URLEncoder.encode(s, UTF8_CHARSET)

.replace("+", "%20")

.replace("*", "%2A")

.replace("%7E", "~");

} catch (UnsupportedEncodingException e) {

out = s;

}

return out;

}


 /**

 * @param verb

 * @uml.property  name="requestMethod"

 */

public void setRequestMethod(HTTPVerb verb )

{

this.requestMethod = verb;

}


 /**

 * @return

 * @uml.property  name="requestMethod"

 */

public HTTPVerb getRequestMethod()

{

return requestMethod;

}


 /**

 * @param keyId

 * @uml.property  name="awsAccessKeyId"

 */

public void setAwsAccessKeyId(String keyId)

{

this.awsAccessKeyId = keyId;

}


 /**

 * @return

 * @uml.property  name="awsAccessKeyId"

 */

public String getAwsAccessKeyId()

{

return this.awsAccessKeyId;

}


 /**

 * @param secretKey

 * @uml.property  name="awsSecretKey"

 */

public void setAwsSecretKey (String secretKey)

{

this.awsSecretKey = secretKey;

}


 /**

 * @return

 * @uml.property  name="awsSecretKey"

 */

public String getAwsSecretKey ()

{

return this.awsSecretKey;

}



}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120417/6838cd85/attachment-0001.htm>


More information about the Users mailing list