[one-users] REST EC2

Charles Rodamilans charlesrodamilans at gmail.com
Thu Apr 19 06:54:59 PDT 2012


Yes. I encode the password in String url = signed.sign(params);

 You can see &Signature parameter in url.

Em 17 de abril de 2012 12:53, Olivier Sallou <olivier.sallou at irisa.fr>escreveu:

>  Did you encode the password in the url?
>
> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
>
> Hi,
>
>  i tried to use ec2 interface with opennebula 3.2, but I have problem.
>
>  Ec2 tools work well.
>
>  [oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
> oneadmin    i-74                        running     192.168.0.22    small
>
> oneadmin    i-75                        running     192.168.0.20    small
>
> oneadmin    i-76                        running     192.168.0.21    small
>
>
>
>  I use the java code, bellow, to generate url. It works well in amazon
> ec2 (ec2.amazonaws.com), but  is not working in opennebula.
>
>   [oneadmin at lahpc_cloud_server ~]$ curl "
> http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D
> "
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
>
>
>  I tried with others users (serveradmin and clouduser), but problem is
> the same.
>
>
>
>  [oneadmin at lahpc_cloud_server ~]$ oneuser list
>    ID GROUP    NAME            AUTH
>         PASSWORD
>    0 oneadmin oneadmin        core
> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>    1 oneadmin serveradmin     server_c
> 96b438cf52a49348d0fbe773ff2c119bb4707994
>   22 ec2      clouduser       public
> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>
>  [oneadmin at lahpc_cloud_server ~]$ curl "
> http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D
> "
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
>   [oneadmin at lahpc_cloud_server ~]$ curl "
> http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D
> "
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
>
>  What is the problem? Any suggestion?
>
>  Thanks,
>
>  Charles Rodamilans
>
>
>
>   import java.util.Map;
>
>
>  import org.junit.Test;
>
>
>  public class SignedRequestsTest {
>
>
>  @Test
>
> public void signed() {
>
> SignedRequests signed = new SignedRequests( "oneadmin", "password");
>
> // SignedRequests signed = new SignedRequests( "serveradmin", "password");
>
> // SignedRequests signed = new SignedRequests( "clouduser", "password");
>
>  Map<String, String> params = new java.util.HashMap<String, String>();
>
> params.put("Action", "DescribeInstances");
>
> params.put("SignatureMethod", "HmacSHA256");
>
> params.put("SignatureVersion", "2");
>
> params.put("Version", "2010-06-15");
>
>  String url = signed.sign(params);
>
>  System.out.println(url);
>
> }
>
> }
>
>
>
>
>
>  /*
>
>  * Code Reference
>
>  *
> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
>
>  */
>
>
>  import java.io.UnsupportedEncodingException;
>
> import java.net.URLEncoder;
>
> import java.security.InvalidKeyException;
>
> import java.security.NoSuchAlgorithmException;
>
> import java.text.DateFormat;
>
> import java.text.SimpleDateFormat;
>
> import java.util.Calendar;
>
> import java.util.Iterator;
>
> import java.util.Map;
>
> import java.util.SortedMap;
>
> import java.util.TimeZone;
>
> import java.util.TreeMap;
>
>
>  import javax.crypto.Mac;
>
> import javax.crypto.spec.SecretKeySpec;
>
>
>  import org.apache.commons.codec.binary.Base64;
>
>
>  import com.lahpc.cloud.essential.HTTPVerb;
>
>
>  public class SignedRequests {
>
> private static final String UTF8_CHARSET = "UTF-8";
>
> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
>
> private static final String REQUEST_URI = "/";
>
> /**
>
>  * @uml.property  name="requestMethod"
>
>  * @uml.associationEnd  multiplicity="(1 1)"
>
>  */
>
> private HTTPVerb requestMethod = HTTPVerb.GET;
>
>
>
>  /**
>
>  * @uml.property  name="endpoint"
>
>  */
>
> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase
>
> private String endpoint = "localhost:4567"; // must be lowercase
>
> /**
>
>  * @uml.property  name="awsAccessKeyId"
>
>  */
>
> private String awsAccessKeyId;
>
> /**
>
>  * @uml.property  name="awsSecretKey"
>
>  */
>
> private String awsSecretKey;
>
>
>  /**
>
>  * @uml.property  name="secretKeySpec"
>
>  * @uml.associationEnd  multiplicity="(1 1)"
>
>  */
>
> private SecretKeySpec secretKeySpec = null;
>
> /**
>
>  * @uml.property  name="mac"
>
>  * @uml.associationEnd  multiplicity="(1 1)"
>
>  */
>
> private Mac mac = null;
>
>  public SignedRequests(String awsAccessKeyId, String awsSecretKey)
>
> {
>
> this.setAwsAccessKeyId(awsAccessKeyId);
>
> this.setAwsSecretKey(awsSecretKey);
>
> setDefault();
>
> }
>
>
>  private void setDefault() {
>
>
>  try
>
> {
>
> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
>
> secretKeySpec =
>
> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
>
> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
>
> mac.init(secretKeySpec);
>
> } catch (UnsupportedEncodingException e) {
>
> e.printStackTrace();
>
> } catch (NoSuchAlgorithmException e) {
>
> e.printStackTrace();
>
> } catch (InvalidKeyException e) {
>
> e.printStackTrace();
>
> }
>
> }
>
>
>  public String sign(Map<String, String> params) {
>
> params.put("AWSAccessKeyId", awsAccessKeyId);
>
> params.put("Timestamp", timestamp());
>
>
>  SortedMap<String, String> sortedParamMap =
>
> new TreeMap<String, String>(params);
>
> String canonicalQS = canonicalize(sortedParamMap);
>
> String toSign =
>
> requestMethod.toString() + "\n"
>
> + endpoint + "\n"
>
> + REQUEST_URI + "\n"
>
> + canonicalQS;
>
>
>  String hmac = hmac(toSign);
>
> String sig = percentEncodeRfc3986(hmac);
>
> // String url = "https://" + endpoint + REQUEST_URI + "?" +
>
> // canonicalQS + "&Signature=" + sig;
>
> String url = "http://" + endpoint + REQUEST_URI + "?" +
>
> canonicalQS + "&Signature=" + sig;
>
>
>    return url;
>
> }
>
>
>  private String hmac(String stringToSign) {
>
> String signature = null;
>
> byte[] data;
>
> byte[] rawHmac;
>
> try {
>
> data = stringToSign.getBytes(UTF8_CHARSET);
>
> rawHmac = mac.doFinal(data);
>
> Base64 encoder = new Base64();
>
> signature = new String(encoder.encode(rawHmac));
>
> } catch (UnsupportedEncodingException e) {
>
> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
>
> }
>
> return signature;
>
> }
>
>
>  private String timestamp() {
>
> String timestamp = null;
>
> Calendar cal = Calendar.getInstance();
>
> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
>
> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
>
> timestamp = dfm.format(cal.getTime());
>
> return timestamp;
>
> }
>
>
>  private String canonicalize(SortedMap<String, String> sortedParamMap)
>
> {
>
> if (sortedParamMap.isEmpty()) {
>
> return "";
>
> }
>
>
>  StringBuffer buffer = new StringBuffer();
>
> Iterator<Map.Entry<String, String>> iter =
>
> sortedParamMap.entrySet().iterator();
>
>
>  while (iter.hasNext()) {
>
> Map.Entry<String, String> kvpair = iter.next();
>
> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
>
> buffer.append("=");
>
> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
>
> if (iter.hasNext()) {
>
> buffer.append("&");
>
> }
>
> }
>
> String cannoical = buffer.toString();
>
> return cannoical;
>
> }
>
>
>  private String percentEncodeRfc3986(String s) {
>
> String out;
>
> try {
>
> out = URLEncoder.encode(s, UTF8_CHARSET)
>
> .replace("+", "%20")
>
> .replace("*", "%2A")
>
> .replace("%7E", "~");
>
> } catch (UnsupportedEncodingException e) {
>
> out = s;
>
> }
>
> return out;
>
> }
>
>
>  /**
>
>  * @param verb
>
>  * @uml.property  name="requestMethod"
>
>  */
>
> public void setRequestMethod(HTTPVerb verb )
>
> {
>
> this.requestMethod = verb;
>
> }
>
>
>  /**
>
>  * @return
>
>  * @uml.property  name="requestMethod"
>
>  */
>
> public HTTPVerb getRequestMethod()
>
> {
>
> return requestMethod;
>
> }
>
>
>  /**
>
>  * @param keyId
>
>  * @uml.property  name="awsAccessKeyId"
>
>  */
>
> public void setAwsAccessKeyId(String keyId)
>
> {
>
> this.awsAccessKeyId = keyId;
>
> }
>
>
>  /**
>
>  * @return
>
>  * @uml.property  name="awsAccessKeyId"
>
>  */
>
> public String getAwsAccessKeyId()
>
> {
>
> return this.awsAccessKeyId;
>
> }
>
>
>  /**
>
>  * @param secretKey
>
>  * @uml.property  name="awsSecretKey"
>
>  */
>
> public void setAwsSecretKey (String secretKey)
>
> {
>
> this.awsSecretKey = secretKey;
>
> }
>
>
>  /**
>
>  * @return
>
>  * @uml.property  name="awsSecretKey"
>
>  */
>
> public String getAwsSecretKey ()
>
> {
>
> return this.awsSecretKey;
>
> }
>
>
>
>  }
>
>
>
> _______________________________________________
> Users mailing listUsers at lists.opennebula.orghttp://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> --
> Olivier Sallou
> IRISA / University of Rennes 1
> Campus de Beaulieu, 35000 RENNES - FRANCE
> Tel: 02.99.84.71.95
>
> gpg key id: 4096R/326D8438  (keyring.debian.org)
> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120419/fa592997/attachment-0003.htm>


More information about the Users mailing list