[one-users] REST EC2

Olivier Sallou olivier.sallou at irisa.fr
Tue Apr 17 08:53:32 PDT 2012


Did you encode the password in the url?

Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
> Hi,
>
> i tried to use ec2 interface with opennebula 3.2, but I have problem.
>
> Ec2 tools work well.
>
> [oneadmin at lahpc_cloud_server ~]$ econe-describe-instances 
> oneadmin    i-74                        running     192.168.0.22  
>  small     
> oneadmin    i-75                        running     192.168.0.20  
>  small     
> oneadmin    i-76                        running     192.168.0.21  
>  small     
>
>
> I use the java code, bellow, to generate url. It works well in amazon
> ec2 (ec2.amazonaws.com <http://ec2.amazonaws.com>), but  is not
> working in opennebula. 
>
> [oneadmin at lahpc_cloud_server ~]$ curl
> "http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D
> <http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D>"
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
>
>
> I tried with others users (serveradmin and clouduser), but problem is
> the same.
>
>
>
> [oneadmin at lahpc_cloud_server ~]$ oneuser list
>   ID GROUP    NAME            AUTH                                    
>           PASSWORD
>    0 oneadmin oneadmin        core              
> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>    1 oneadmin serveradmin     server_c          
> 96b438cf52a49348d0fbe773ff2c119bb4707994
>   22 ec2      clouduser       public            
> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>
> [oneadmin at lahpc_cloud_server ~]$ curl
> "http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D
> <http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D>"
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
> [oneadmin at lahpc_cloud_server ~]$ curl
> "http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D
> <http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D>"
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
>
> What is the problem? Any suggestion?
>
> Thanks,
>
> Charles Rodamilans
>
>
>
> import java.util.Map;
>
>
> import org.junit.Test;
>
>
> public class SignedRequestsTest {
>
>
> @Test
>
> public void signed() {
>
> SignedRequests signed = new SignedRequests( "oneadmin", "password");
>
> //SignedRequests signed = new SignedRequests( "serveradmin", "password");
>
> //SignedRequests signed = new SignedRequests( "clouduser", "password");
>
>
> Map<String, String> params = new java.util.HashMap<String, String>();
>
> params.put("Action", "DescribeInstances");
>
> params.put("SignatureMethod", "HmacSHA256");
>
> params.put("SignatureVersion", "2");
>
> params.put("Version", "2010-06-15");
>
> String url = signed.sign(params);
>
> System.out.println(url);
>
> }
>
> }
>
>
>
>
>
> /*
>
>  * Code Reference
>
>  * http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
>
>  */
>
>
> import java.io.UnsupportedEncodingException;
>
> import java.net.URLEncoder;
>
> import java.security.InvalidKeyException;
>
> import java.security.NoSuchAlgorithmException;
>
> import java.text.DateFormat;
>
> import java.text.SimpleDateFormat;
>
> import java.util.Calendar;
>
> import java.util.Iterator;
>
> import java.util.Map;
>
> import java.util.SortedMap;
>
> import java.util.TimeZone;
>
> import java.util.TreeMap;
>
>
> import javax.crypto.Mac;
>
> import javax.crypto.spec.SecretKeySpec;
>
>
> import org.apache.commons.codec.binary.Base64;
>
>
> import com.lahpc.cloud.essential.HTTPVerb;
>
>
> public class SignedRequests {
>
> privatestaticfinalString UTF8_CHARSET= "UTF-8";
>
> privatestaticfinalString HMAC_SHA256_ALGORITHM= "HmacSHA256";
>
> privatestaticfinalString REQUEST_URI= "/";
>
> /**
>
> * @uml.property  name="requestMethod"
>
> * @uml.associationEnd  multiplicity="(1 1)"
>
> */
>
> private HTTPVerb requestMethod = HTTPVerb.GET;
>
>
>
> /**
>
> * @uml.property  name="endpoint"
>
> */
>
> //private String endpoint = "ec2.amazonaws.com
> <http://ec2.amazonaws.com>"; // must be lowercase
>
> privateString endpoint= "localhost:4567"; // must be lowercase
>
> /**
>
> * @uml.property  name="awsAccessKeyId"
>
> */
>
> privateString awsAccessKeyId; 
>
> /**
>
> * @uml.property  name="awsSecretKey"
>
> */
>
> privateString awsSecretKey; 
>
>
> /**
>
> * @uml.property  name="secretKeySpec"
>
> * @uml.associationEnd  multiplicity="(1 1)"
>
> */
>
> private SecretKeySpec secretKeySpec = null;
>
> /**
>
> * @uml.property  name="mac"
>
> * @uml.associationEnd  multiplicity="(1 1)"
>
> */
>
> privateMac mac= null;
>
> public SignedRequests(String awsAccessKeyId, String awsSecretKey)
>
> {
>
> this.setAwsAccessKeyId(awsAccessKeyId);
>
> this.setAwsSecretKey(awsSecretKey);
>
> setDefault();
>
> }
>
>
> private void setDefault() {
>
>
> try
>
> {
>
> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
>
> secretKeySpec=
>
> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
>
> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
>
> mac.init(secretKeySpec);
>
> } catch (UnsupportedEncodingException e) {
>
> e.printStackTrace();
>
> } catch (NoSuchAlgorithmException e) {
>
> e.printStackTrace();
>
> } catch (InvalidKeyException e) {
>
> e.printStackTrace();
>
> }
>
> }
>
>
> public String sign(Map<String, String> params) {
>
> params.put("AWSAccessKeyId", awsAccessKeyId);
>
> params.put("Timestamp", timestamp());
>
>
> SortedMap<String, String> sortedParamMap =
>
> new TreeMap<String, String>(params);
>
> String canonicalQS = canonicalize(sortedParamMap);
>
> String toSign =
>
> requestMethod.toString() + "\n"
>
> + endpoint + "\n"
>
> + REQUEST_URI+ "\n"
>
> + canonicalQS;
>
>
> String hmac = hmac(toSign);
>
> String sig = percentEncodeRfc3986(hmac);
>
> //String url = "https://" + endpoint + REQUEST_URI + "?" +
>
> //canonicalQS + "&Signature=" + sig;
>
> String url = "http://" + endpoint + REQUEST_URI + "?" +
>
> canonicalQS + "&Signature=" + sig;
>
>
> return url;
>
> }
>
>
> private String hmac(String stringToSign) {
>
> String signature = null;
>
> byte[] data;
>
> byte[] rawHmac;
>
> try {
>
> data = stringToSign.getBytes(UTF8_CHARSET);
>
> rawHmac = mac.doFinal(data);
>
> Base64 encoder = new Base64();
>
> signature = new String(encoder.encode(rawHmac));
>
> } catch (UnsupportedEncodingException e) {
>
> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
>
> }
>
> return signature;
>
> }
>
>
> private String timestamp() {
>
> String timestamp = null;
>
> Calendar cal = Calendar.getInstance();
>
> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
>
> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
>
> timestamp = dfm.format(cal.getTime());
>
> return timestamp;
>
> }
>
>
> private String canonicalize(SortedMap<String, String> sortedParamMap)
>
> {
>
> if (sortedParamMap.isEmpty()) {
>
> return"";
>
> }
>
>
> StringBuffer buffer = new StringBuffer();
>
> Iterator<Map.Entry<String, String>> iter =
>
> sortedParamMap.entrySet().iterator();
>
>
> while (iter.hasNext()) {
>
> Map.Entry<String, String> kvpair = iter.next();
>
> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
>
> buffer.append("=");
>
> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
>
> if (iter.hasNext()) {
>
> buffer.append("&");
>
> }
>
> }
>
> String cannoical = buffer.toString();
>
> return cannoical;
>
> }
>
>
> private String percentEncodeRfc3986(String s) {
>
> String out;
>
> try {
>
> out = URLEncoder.encode(s, UTF8_CHARSET)
>
> .replace("+", "%20")
>
> .replace("*", "%2A")
>
> .replace("%7E", "~");
>
> } catch (UnsupportedEncodingException e) {
>
> out = s;
>
> }
>
> return out;
>
> }
>
>
> /**
>
> * @param verb
>
> * @uml.property  name="requestMethod"
>
> */
>
> public void setRequestMethod(HTTPVerb verb )
>
> {
>
> this.requestMethod= verb;
>
> }
>
>
> /**
>
> * @return
>
> * @uml.property  name="requestMethod"
>
> */
>
> public HTTPVerb getRequestMethod()
>
> {
>
> returnrequestMethod;
>
> }
>
>
> /**
>
> * @param keyId
>
> * @uml.property  name="awsAccessKeyId"
>
> */
>
> public void setAwsAccessKeyId(String keyId)
>
> {
>
> this.awsAccessKeyId= keyId;
>
> }
>
>
> /**
>
> * @return
>
> * @uml.property  name="awsAccessKeyId"
>
> */
>
> public String getAwsAccessKeyId()
>
> {
>
> returnthis.awsAccessKeyId;
>
> }
>
>
> /**
>
> * @param secretKey
>
> * @uml.property  name="awsSecretKey"
>
> */
>
> public void setAwsSecretKey (String secretKey)
>
> {
>
> this.awsSecretKey = secretKey;
>
> }
>
>
> /**
>
> * @return
>
> * @uml.property  name="awsSecretKey"
>
> */
>
> public String getAwsSecretKey ()
>
> {
>
> returnthis.awsSecretKey;
>
> }
>
>
>
> }
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

-- 
Olivier Sallou
IRISA / University of Rennes 1
Campus de Beaulieu, 35000 RENNES - FRANCE
Tel: 02.99.84.71.95

gpg key id: 4096R/326D8438  (keyring.debian.org)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120417/3f6d7bc7/attachment-0003.htm>


More information about the Users mailing list