[one-users] REST EC2
Charles Rodamilans
charlesrodamilans at gmail.com
Tue Apr 17 08:28:54 PDT 2012
Hi,
i tried to use ec2 interface with opennebula 3.2, but I have problem.
Ec2 tools work well.
[oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
oneadmin i-74 running 192.168.0.22 small
oneadmin i-75 running 192.168.0.20 small
oneadmin i-76 running 192.168.0.21 small
I use the java code, bellow, to generate url. It works well in amazon ec2 (
ec2.amazonaws.com), but is not working in opennebula.
[oneadmin at lahpc_cloud_server ~]$ curl "
http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D
"
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
I tried with others users (serveradmin and clouduser), but problem is the
same.
[oneadmin at lahpc_cloud_server ~]$ oneuser list
ID GROUP NAME AUTH
PASSWORD
0 oneadmin oneadmin core
b8c388d2e366b7835bcd9fe565fb67a17f84302f
1 oneadmin serveradmin server_c
96b438cf52a49348d0fbe773ff2c119bb4707994
22 ec2 clouduser public
b8c388d2e366b7835bcd9fe565fb67a17f84302f
[oneadmin at lahpc_cloud_server ~]$ curl "
http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D
"
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
[oneadmin at lahpc_cloud_server ~]$ curl "
http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D
"
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
What is the problem? Any suggestion?
Thanks,
Charles Rodamilans
import java.util.Map;
import org.junit.Test;
public class SignedRequestsTest {
@Test
public void signed() {
SignedRequests signed = new SignedRequests( "oneadmin", "password");
// SignedRequests signed = new SignedRequests( "serveradmin", "password");
// SignedRequests signed = new SignedRequests( "clouduser", "password");
Map<String, String> params = new java.util.HashMap<String, String>();
params.put("Action", "DescribeInstances");
params.put("SignatureMethod", "HmacSHA256");
params.put("SignatureVersion", "2");
params.put("Version", "2010-06-15");
String url = signed.sign(params);
System.out.println(url);
}
}
/*
* Code Reference
*
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
*/
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Iterator;
import java.util.Map;
import java.util.SortedMap;
import java.util.TimeZone;
import java.util.TreeMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import com.lahpc.cloud.essential.HTTPVerb;
public class SignedRequests {
private static final String UTF8_CHARSET = "UTF-8";
private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
private static final String REQUEST_URI = "/";
/**
* @uml.property name="requestMethod"
* @uml.associationEnd multiplicity="(1 1)"
*/
private HTTPVerb requestMethod = HTTPVerb.GET;
/**
* @uml.property name="endpoint"
*/
// private String endpoint = "ec2.amazonaws.com"; // must be lowercase
private String endpoint = "localhost:4567"; // must be lowercase
/**
* @uml.property name="awsAccessKeyId"
*/
private String awsAccessKeyId;
/**
* @uml.property name="awsSecretKey"
*/
private String awsSecretKey;
/**
* @uml.property name="secretKeySpec"
* @uml.associationEnd multiplicity="(1 1)"
*/
private SecretKeySpec secretKeySpec = null;
/**
* @uml.property name="mac"
* @uml.associationEnd multiplicity="(1 1)"
*/
private Mac mac = null;
public SignedRequests(String awsAccessKeyId, String awsSecretKey)
{
this.setAwsAccessKeyId(awsAccessKeyId);
this.setAwsSecretKey(awsSecretKey);
setDefault();
}
private void setDefault() {
try
{
byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
secretKeySpec =
new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(secretKeySpec);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
}
public String sign(Map<String, String> params) {
params.put("AWSAccessKeyId", awsAccessKeyId);
params.put("Timestamp", timestamp());
SortedMap<String, String> sortedParamMap =
new TreeMap<String, String>(params);
String canonicalQS = canonicalize(sortedParamMap);
String toSign =
requestMethod.toString() + "\n"
+ endpoint + "\n"
+ REQUEST_URI + "\n"
+ canonicalQS;
String hmac = hmac(toSign);
String sig = percentEncodeRfc3986(hmac);
// String url = "https://" + endpoint + REQUEST_URI + "?" +
// canonicalQS + "&Signature=" + sig;
String url = "http://" + endpoint + REQUEST_URI + "?" +
canonicalQS + "&Signature=" + sig;
return url;
}
private String hmac(String stringToSign) {
String signature = null;
byte[] data;
byte[] rawHmac;
try {
data = stringToSign.getBytes(UTF8_CHARSET);
rawHmac = mac.doFinal(data);
Base64 encoder = new Base64();
signature = new String(encoder.encode(rawHmac));
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
}
return signature;
}
private String timestamp() {
String timestamp = null;
Calendar cal = Calendar.getInstance();
DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
timestamp = dfm.format(cal.getTime());
return timestamp;
}
private String canonicalize(SortedMap<String, String> sortedParamMap)
{
if (sortedParamMap.isEmpty()) {
return "";
}
StringBuffer buffer = new StringBuffer();
Iterator<Map.Entry<String, String>> iter =
sortedParamMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry<String, String> kvpair = iter.next();
buffer.append(percentEncodeRfc3986(kvpair.getKey()));
buffer.append("=");
buffer.append(percentEncodeRfc3986(kvpair.getValue()));
if (iter.hasNext()) {
buffer.append("&");
}
}
String cannoical = buffer.toString();
return cannoical;
}
private String percentEncodeRfc3986(String s) {
String out;
try {
out = URLEncoder.encode(s, UTF8_CHARSET)
.replace("+", "%20")
.replace("*", "%2A")
.replace("%7E", "~");
} catch (UnsupportedEncodingException e) {
out = s;
}
return out;
}
/**
* @param verb
* @uml.property name="requestMethod"
*/
public void setRequestMethod(HTTPVerb verb )
{
this.requestMethod = verb;
}
/**
* @return
* @uml.property name="requestMethod"
*/
public HTTPVerb getRequestMethod()
{
return requestMethod;
}
/**
* @param keyId
* @uml.property name="awsAccessKeyId"
*/
public void setAwsAccessKeyId(String keyId)
{
this.awsAccessKeyId = keyId;
}
/**
* @return
* @uml.property name="awsAccessKeyId"
*/
public String getAwsAccessKeyId()
{
return this.awsAccessKeyId;
}
/**
* @param secretKey
* @uml.property name="awsSecretKey"
*/
public void setAwsSecretKey (String secretKey)
{
this.awsSecretKey = secretKey;
}
/**
* @return
* @uml.property name="awsSecretKey"
*/
public String getAwsSecretKey ()
{
return this.awsSecretKey;
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120417/6838cd85/attachment-0002.htm>
More information about the Users
mailing list