[one-users] REST EC2
Charles Rodamilans
charlesrodamilans at gmail.com
Fri Apr 20 06:50:24 PDT 2012
Hi Daniel,
it was the problem. Thanks for help.
Charles Rodamilans
Em 19 de abril de 2012 11:08, Daniel Molina <dmolina at opennebula.org>escreveu:
> Hi Charles,
>
> Are you using the plain password for the awsSecretKey? If so, use the
> sha1 hashed version instead. You can retrieve it from the oneuser show
> output.
>
> Hope this helps
>
> On 19 April 2012 13:54, Charles Rodamilans <charlesrodamilans at gmail.com>
> wrote:
> > Yes. I encode the password in String url = signed.sign(params);
> >
> > You can see &Signature parameter in url.
> >
> > Em 17 de abril de 2012 12:53, Olivier Sallou <olivier.sallou at irisa.fr>
> > escreveu:
> >
> >> Did you encode the password in the url?
> >>
> >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
> >>
> >> Hi,
> >>
> >> i tried to use ec2 interface with opennebula 3.2, but I have problem.
> >>
> >> Ec2 tools work well.
> >>
> >> [oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
> >> oneadmin i-74 running 192.168.0.22
> small
> >>
> >> oneadmin i-75 running 192.168.0.20
> small
> >>
> >> oneadmin i-76 running 192.168.0.21
> small
> >>
> >>
> >>
> >> I use the java code, bellow, to generate url. It works well in amazon
> ec2
> >> (ec2.amazonaws.com), but is not working in opennebula.
> >>
> >> [oneadmin at lahpc_cloud_server ~]$ curl
> >> "
> http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D
> "
> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
> >>
> >>
> >>
> >> I tried with others users (serveradmin and clouduser), but problem is
> the
> >> same.
> >>
> >>
> >>
> >> [oneadmin at lahpc_cloud_server ~]$ oneuser list
> >> ID GROUP NAME AUTH
> >> PASSWORD
> >> 0 oneadmin oneadmin core
> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f
> >> 1 oneadmin serveradmin server_c
> >> 96b438cf52a49348d0fbe773ff2c119bb4707994
> >> 22 ec2 clouduser public
> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f
> >>
> >> [oneadmin at lahpc_cloud_server ~]$ curl
> >> "
> http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D
> "
> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
> >>
> >> [oneadmin at lahpc_cloud_server ~]$ curl
> >> "
> http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D
> "
> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
> >>
> >>
> >> What is the problem? Any suggestion?
> >>
> >> Thanks,
> >>
> >> Charles Rodamilans
> >>
> >>
> >>
> >> import java.util.Map;
> >>
> >>
> >> import org.junit.Test;
> >>
> >>
> >> public class SignedRequestsTest {
> >>
> >>
> >> @Test
> >>
> >> public void signed() {
> >>
> >> SignedRequests signed = new SignedRequests( "oneadmin", "password");
> >>
> >> // SignedRequests signed = new SignedRequests( "serveradmin",
> "password");
> >>
> >> // SignedRequests signed = new SignedRequests( "clouduser", "password");
> >>
> >>
> >> Map<String, String> params = new java.util.HashMap<String, String>();
> >>
> >> params.put("Action", "DescribeInstances");
> >>
> >> params.put("SignatureMethod", "HmacSHA256");
> >>
> >> params.put("SignatureVersion", "2");
> >>
> >> params.put("Version", "2010-06-15");
> >>
> >> String url = signed.sign(params);
> >>
> >> System.out.println(url);
> >>
> >> }
> >>
> >> }
> >>
> >>
> >>
> >>
> >>
> >> /*
> >>
> >> * Code Reference
> >>
> >>
> >> *
> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
> >>
> >> */
> >>
> >>
> >> import java.io.UnsupportedEncodingException;
> >>
> >> import java.net.URLEncoder;
> >>
> >> import java.security.InvalidKeyException;
> >>
> >> import java.security.NoSuchAlgorithmException;
> >>
> >> import java.text.DateFormat;
> >>
> >> import java.text.SimpleDateFormat;
> >>
> >> import java.util.Calendar;
> >>
> >> import java.util.Iterator;
> >>
> >> import java.util.Map;
> >>
> >> import java.util.SortedMap;
> >>
> >> import java.util.TimeZone;
> >>
> >> import java.util.TreeMap;
> >>
> >>
> >> import javax.crypto.Mac;
> >>
> >> import javax.crypto.spec.SecretKeySpec;
> >>
> >>
> >> import org.apache.commons.codec.binary.Base64;
> >>
> >>
> >> import com.lahpc.cloud.essential.HTTPVerb;
> >>
> >>
> >> public class SignedRequests {
> >>
> >> private static final String UTF8_CHARSET = "UTF-8";
> >>
> >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
> >>
> >> private static final String REQUEST_URI = "/";
> >>
> >> /**
> >>
> >> * @uml.property name="requestMethod"
> >>
> >> * @uml.associationEnd multiplicity="(1 1)"
> >>
> >> */
> >>
> >> private HTTPVerb requestMethod = HTTPVerb.GET;
> >>
> >>
> >>
> >> /**
> >>
> >> * @uml.property name="endpoint"
> >>
> >> */
> >>
> >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase
> >>
> >> private String endpoint = "localhost:4567"; // must be lowercase
> >>
> >> /**
> >>
> >> * @uml.property name="awsAccessKeyId"
> >>
> >> */
> >>
> >> private String awsAccessKeyId;
> >>
> >> /**
> >>
> >> * @uml.property name="awsSecretKey"
> >>
> >> */
> >>
> >> private String awsSecretKey;
> >>
> >>
> >> /**
> >>
> >> * @uml.property name="secretKeySpec"
> >>
> >> * @uml.associationEnd multiplicity="(1 1)"
> >>
> >> */
> >>
> >> private SecretKeySpec secretKeySpec = null;
> >>
> >> /**
> >>
> >> * @uml.property name="mac"
> >>
> >> * @uml.associationEnd multiplicity="(1 1)"
> >>
> >> */
> >>
> >> private Mac mac = null;
> >>
> >> public SignedRequests(String awsAccessKeyId, String awsSecretKey)
> >>
> >> {
> >>
> >> this.setAwsAccessKeyId(awsAccessKeyId);
> >>
> >> this.setAwsSecretKey(awsSecretKey);
> >>
> >> setDefault();
> >>
> >> }
> >>
> >>
> >> private void setDefault() {
> >>
> >>
> >> try
> >>
> >> {
> >>
> >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
> >>
> >> secretKeySpec =
> >>
> >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
> >>
> >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
> >>
> >> mac.init(secretKeySpec);
> >>
> >> } catch (UnsupportedEncodingException e) {
> >>
> >> e.printStackTrace();
> >>
> >> } catch (NoSuchAlgorithmException e) {
> >>
> >> e.printStackTrace();
> >>
> >> } catch (InvalidKeyException e) {
> >>
> >> e.printStackTrace();
> >>
> >> }
> >>
> >> }
> >>
> >>
> >> public String sign(Map<String, String> params) {
> >>
> >> params.put("AWSAccessKeyId", awsAccessKeyId);
> >>
> >> params.put("Timestamp", timestamp());
> >>
> >>
> >> SortedMap<String, String> sortedParamMap =
> >>
> >> new TreeMap<String, String>(params);
> >>
> >> String canonicalQS = canonicalize(sortedParamMap);
> >>
> >> String toSign =
> >>
> >> requestMethod.toString() + "\n"
> >>
> >> + endpoint + "\n"
> >>
> >> + REQUEST_URI + "\n"
> >>
> >> + canonicalQS;
> >>
> >>
> >> String hmac = hmac(toSign);
> >>
> >> String sig = percentEncodeRfc3986(hmac);
> >>
> >> // String url = "https://" + endpoint + REQUEST_URI + "?" +
> >>
> >> // canonicalQS + "&Signature=" + sig;
> >>
> >> String url = "http://" + endpoint + REQUEST_URI + "?" +
> >>
> >> canonicalQS + "&Signature=" + sig;
> >>
> >>
> >> return url;
> >>
> >> }
> >>
> >>
> >> private String hmac(String stringToSign) {
> >>
> >> String signature = null;
> >>
> >> byte[] data;
> >>
> >> byte[] rawHmac;
> >>
> >> try {
> >>
> >> data = stringToSign.getBytes(UTF8_CHARSET);
> >>
> >> rawHmac = mac.doFinal(data);
> >>
> >> Base64 encoder = new Base64();
> >>
> >> signature = new String(encoder.encode(rawHmac));
> >>
> >> } catch (UnsupportedEncodingException e) {
> >>
> >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
> >>
> >> }
> >>
> >> return signature;
> >>
> >> }
> >>
> >>
> >> private String timestamp() {
> >>
> >> String timestamp = null;
> >>
> >> Calendar cal = Calendar.getInstance();
> >>
> >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
> >>
> >> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
> >>
> >> timestamp = dfm.format(cal.getTime());
> >>
> >> return timestamp;
> >>
> >> }
> >>
> >>
> >> private String canonicalize(SortedMap<String, String> sortedParamMap)
> >>
> >> {
> >>
> >> if (sortedParamMap.isEmpty()) {
> >>
> >> return "";
> >>
> >> }
> >>
> >>
> >> StringBuffer buffer = new StringBuffer();
> >>
> >> Iterator<Map.Entry<String, String>> iter =
> >>
> >> sortedParamMap.entrySet().iterator();
> >>
> >>
> >> while (iter.hasNext()) {
> >>
> >> Map.Entry<String, String> kvpair = iter.next();
> >>
> >> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
> >>
> >> buffer.append("=");
> >>
> >> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
> >>
> >> if (iter.hasNext()) {
> >>
> >> buffer.append("&");
> >>
> >> }
> >>
> >> }
> >>
> >> String cannoical = buffer.toString();
> >>
> >> return cannoical;
> >>
> >> }
> >>
> >>
> >> private String percentEncodeRfc3986(String s) {
> >>
> >> String out;
> >>
> >> try {
> >>
> >> out = URLEncoder.encode(s, UTF8_CHARSET)
> >>
> >> .replace("+", "%20")
> >>
> >> .replace("*", "%2A")
> >>
> >> .replace("%7E", "~");
> >>
> >> } catch (UnsupportedEncodingException e) {
> >>
> >> out = s;
> >>
> >> }
> >>
> >> return out;
> >>
> >> }
> >>
> >>
> >> /**
> >>
> >> * @param verb
> >>
> >> * @uml.property name="requestMethod"
> >>
> >> */
> >>
> >> public void setRequestMethod(HTTPVerb verb )
> >>
> >> {
> >>
> >> this.requestMethod = verb;
> >>
> >> }
> >>
> >>
> >> /**
> >>
> >> * @return
> >>
> >> * @uml.property name="requestMethod"
> >>
> >> */
> >>
> >> public HTTPVerb getRequestMethod()
> >>
> >> {
> >>
> >> return requestMethod;
> >>
> >> }
> >>
> >>
> >> /**
> >>
> >> * @param keyId
> >>
> >> * @uml.property name="awsAccessKeyId"
> >>
> >> */
> >>
> >> public void setAwsAccessKeyId(String keyId)
> >>
> >> {
> >>
> >> this.awsAccessKeyId = keyId;
> >>
> >> }
> >>
> >>
> >> /**
> >>
> >> * @return
> >>
> >> * @uml.property name="awsAccessKeyId"
> >>
> >> */
> >>
> >> public String getAwsAccessKeyId()
> >>
> >> {
> >>
> >> return this.awsAccessKeyId;
> >>
> >> }
> >>
> >>
> >> /**
> >>
> >> * @param secretKey
> >>
> >> * @uml.property name="awsSecretKey"
> >>
> >> */
> >>
> >> public void setAwsSecretKey (String secretKey)
> >>
> >> {
> >>
> >> this.awsSecretKey = secretKey;
> >>
> >> }
> >>
> >>
> >> /**
> >>
> >> * @return
> >>
> >> * @uml.property name="awsSecretKey"
> >>
> >> */
> >>
> >> public String getAwsSecretKey ()
> >>
> >> {
> >>
> >> return this.awsSecretKey;
> >>
> >> }
> >>
> >>
> >>
> >> }
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >>
> >> --
> >> Olivier Sallou
> >> IRISA / University of Rennes 1
> >> Campus de Beaulieu, 35000 RENNES - FRANCE
> >> Tel: 02.99.84.71.95
> >>
> >> gpg key id: 4096R/326D8438 (keyring.debian.org)
> >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opennebula.org
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
>
>
>
> --
> Daniel Molina
> Project Engineer
> OpenNebula - The Open Source Solution for Data Center Virtualization
> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120420/32185e53/attachment-0002.htm>
More information about the Users
mailing list