[one-users] REST EC2
Daniel Molina
dmolina at opennebula.org
Thu Apr 19 07:08:46 PDT 2012
Hi Charles,
Are you using the plain password for the awsSecretKey? If so, use the
sha1 hashed version instead. You can retrieve it from the oneuser show
output.
Hope this helps
On 19 April 2012 13:54, Charles Rodamilans <charlesrodamilans at gmail.com> wrote:
> Yes. I encode the password in String url = signed.sign(params);
>
> You can see &Signature parameter in url.
>
> Em 17 de abril de 2012 12:53, Olivier Sallou <olivier.sallou at irisa.fr>
> escreveu:
>
>> Did you encode the password in the url?
>>
>> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
>>
>> Hi,
>>
>> i tried to use ec2 interface with opennebula 3.2, but I have problem.
>>
>> Ec2 tools work well.
>>
>> [oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
>> oneadmin i-74 running 192.168.0.22 small
>>
>> oneadmin i-75 running 192.168.0.20 small
>>
>> oneadmin i-76 running 192.168.0.21 small
>>
>>
>>
>> I use the java code, bellow, to generate url. It works well in amazon ec2
>> (ec2.amazonaws.com), but is not working in opennebula.
>>
>> [oneadmin at lahpc_cloud_server ~]$ curl
>> "http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D"
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>
>>
>>
>> I tried with others users (serveradmin and clouduser), but problem is the
>> same.
>>
>>
>>
>> [oneadmin at lahpc_cloud_server ~]$ oneuser list
>> ID GROUP NAME AUTH
>> PASSWORD
>> 0 oneadmin oneadmin core
>> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>> 1 oneadmin serveradmin server_c
>> 96b438cf52a49348d0fbe773ff2c119bb4707994
>> 22 ec2 clouduser public
>> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>>
>> [oneadmin at lahpc_cloud_server ~]$ curl
>> "http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D"
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>
>> [oneadmin at lahpc_cloud_server ~]$ curl
>> "http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D"
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>
>>
>> What is the problem? Any suggestion?
>>
>> Thanks,
>>
>> Charles Rodamilans
>>
>>
>>
>> import java.util.Map;
>>
>>
>> import org.junit.Test;
>>
>>
>> public class SignedRequestsTest {
>>
>>
>> @Test
>>
>> public void signed() {
>>
>> SignedRequests signed = new SignedRequests( "oneadmin", "password");
>>
>> // SignedRequests signed = new SignedRequests( "serveradmin", "password");
>>
>> // SignedRequests signed = new SignedRequests( "clouduser", "password");
>>
>>
>> Map<String, String> params = new java.util.HashMap<String, String>();
>>
>> params.put("Action", "DescribeInstances");
>>
>> params.put("SignatureMethod", "HmacSHA256");
>>
>> params.put("SignatureVersion", "2");
>>
>> params.put("Version", "2010-06-15");
>>
>> String url = signed.sign(params);
>>
>> System.out.println(url);
>>
>> }
>>
>> }
>>
>>
>>
>>
>>
>> /*
>>
>> * Code Reference
>>
>>
>> * http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
>>
>> */
>>
>>
>> import java.io.UnsupportedEncodingException;
>>
>> import java.net.URLEncoder;
>>
>> import java.security.InvalidKeyException;
>>
>> import java.security.NoSuchAlgorithmException;
>>
>> import java.text.DateFormat;
>>
>> import java.text.SimpleDateFormat;
>>
>> import java.util.Calendar;
>>
>> import java.util.Iterator;
>>
>> import java.util.Map;
>>
>> import java.util.SortedMap;
>>
>> import java.util.TimeZone;
>>
>> import java.util.TreeMap;
>>
>>
>> import javax.crypto.Mac;
>>
>> import javax.crypto.spec.SecretKeySpec;
>>
>>
>> import org.apache.commons.codec.binary.Base64;
>>
>>
>> import com.lahpc.cloud.essential.HTTPVerb;
>>
>>
>> public class SignedRequests {
>>
>> private static final String UTF8_CHARSET = "UTF-8";
>>
>> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
>>
>> private static final String REQUEST_URI = "/";
>>
>> /**
>>
>> * @uml.property name="requestMethod"
>>
>> * @uml.associationEnd multiplicity="(1 1)"
>>
>> */
>>
>> private HTTPVerb requestMethod = HTTPVerb.GET;
>>
>>
>>
>> /**
>>
>> * @uml.property name="endpoint"
>>
>> */
>>
>> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase
>>
>> private String endpoint = "localhost:4567"; // must be lowercase
>>
>> /**
>>
>> * @uml.property name="awsAccessKeyId"
>>
>> */
>>
>> private String awsAccessKeyId;
>>
>> /**
>>
>> * @uml.property name="awsSecretKey"
>>
>> */
>>
>> private String awsSecretKey;
>>
>>
>> /**
>>
>> * @uml.property name="secretKeySpec"
>>
>> * @uml.associationEnd multiplicity="(1 1)"
>>
>> */
>>
>> private SecretKeySpec secretKeySpec = null;
>>
>> /**
>>
>> * @uml.property name="mac"
>>
>> * @uml.associationEnd multiplicity="(1 1)"
>>
>> */
>>
>> private Mac mac = null;
>>
>> public SignedRequests(String awsAccessKeyId, String awsSecretKey)
>>
>> {
>>
>> this.setAwsAccessKeyId(awsAccessKeyId);
>>
>> this.setAwsSecretKey(awsSecretKey);
>>
>> setDefault();
>>
>> }
>>
>>
>> private void setDefault() {
>>
>>
>> try
>>
>> {
>>
>> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
>>
>> secretKeySpec =
>>
>> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
>>
>> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
>>
>> mac.init(secretKeySpec);
>>
>> } catch (UnsupportedEncodingException e) {
>>
>> e.printStackTrace();
>>
>> } catch (NoSuchAlgorithmException e) {
>>
>> e.printStackTrace();
>>
>> } catch (InvalidKeyException e) {
>>
>> e.printStackTrace();
>>
>> }
>>
>> }
>>
>>
>> public String sign(Map<String, String> params) {
>>
>> params.put("AWSAccessKeyId", awsAccessKeyId);
>>
>> params.put("Timestamp", timestamp());
>>
>>
>> SortedMap<String, String> sortedParamMap =
>>
>> new TreeMap<String, String>(params);
>>
>> String canonicalQS = canonicalize(sortedParamMap);
>>
>> String toSign =
>>
>> requestMethod.toString() + "\n"
>>
>> + endpoint + "\n"
>>
>> + REQUEST_URI + "\n"
>>
>> + canonicalQS;
>>
>>
>> String hmac = hmac(toSign);
>>
>> String sig = percentEncodeRfc3986(hmac);
>>
>> // String url = "https://" + endpoint + REQUEST_URI + "?" +
>>
>> // canonicalQS + "&Signature=" + sig;
>>
>> String url = "http://" + endpoint + REQUEST_URI + "?" +
>>
>> canonicalQS + "&Signature=" + sig;
>>
>>
>> return url;
>>
>> }
>>
>>
>> private String hmac(String stringToSign) {
>>
>> String signature = null;
>>
>> byte[] data;
>>
>> byte[] rawHmac;
>>
>> try {
>>
>> data = stringToSign.getBytes(UTF8_CHARSET);
>>
>> rawHmac = mac.doFinal(data);
>>
>> Base64 encoder = new Base64();
>>
>> signature = new String(encoder.encode(rawHmac));
>>
>> } catch (UnsupportedEncodingException e) {
>>
>> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
>>
>> }
>>
>> return signature;
>>
>> }
>>
>>
>> private String timestamp() {
>>
>> String timestamp = null;
>>
>> Calendar cal = Calendar.getInstance();
>>
>> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
>>
>> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
>>
>> timestamp = dfm.format(cal.getTime());
>>
>> return timestamp;
>>
>> }
>>
>>
>> private String canonicalize(SortedMap<String, String> sortedParamMap)
>>
>> {
>>
>> if (sortedParamMap.isEmpty()) {
>>
>> return "";
>>
>> }
>>
>>
>> StringBuffer buffer = new StringBuffer();
>>
>> Iterator<Map.Entry<String, String>> iter =
>>
>> sortedParamMap.entrySet().iterator();
>>
>>
>> while (iter.hasNext()) {
>>
>> Map.Entry<String, String> kvpair = iter.next();
>>
>> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
>>
>> buffer.append("=");
>>
>> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
>>
>> if (iter.hasNext()) {
>>
>> buffer.append("&");
>>
>> }
>>
>> }
>>
>> String cannoical = buffer.toString();
>>
>> return cannoical;
>>
>> }
>>
>>
>> private String percentEncodeRfc3986(String s) {
>>
>> String out;
>>
>> try {
>>
>> out = URLEncoder.encode(s, UTF8_CHARSET)
>>
>> .replace("+", "%20")
>>
>> .replace("*", "%2A")
>>
>> .replace("%7E", "~");
>>
>> } catch (UnsupportedEncodingException e) {
>>
>> out = s;
>>
>> }
>>
>> return out;
>>
>> }
>>
>>
>> /**
>>
>> * @param verb
>>
>> * @uml.property name="requestMethod"
>>
>> */
>>
>> public void setRequestMethod(HTTPVerb verb )
>>
>> {
>>
>> this.requestMethod = verb;
>>
>> }
>>
>>
>> /**
>>
>> * @return
>>
>> * @uml.property name="requestMethod"
>>
>> */
>>
>> public HTTPVerb getRequestMethod()
>>
>> {
>>
>> return requestMethod;
>>
>> }
>>
>>
>> /**
>>
>> * @param keyId
>>
>> * @uml.property name="awsAccessKeyId"
>>
>> */
>>
>> public void setAwsAccessKeyId(String keyId)
>>
>> {
>>
>> this.awsAccessKeyId = keyId;
>>
>> }
>>
>>
>> /**
>>
>> * @return
>>
>> * @uml.property name="awsAccessKeyId"
>>
>> */
>>
>> public String getAwsAccessKeyId()
>>
>> {
>>
>> return this.awsAccessKeyId;
>>
>> }
>>
>>
>> /**
>>
>> * @param secretKey
>>
>> * @uml.property name="awsSecretKey"
>>
>> */
>>
>> public void setAwsSecretKey (String secretKey)
>>
>> {
>>
>> this.awsSecretKey = secretKey;
>>
>> }
>>
>>
>> /**
>>
>> * @return
>>
>> * @uml.property name="awsSecretKey"
>>
>> */
>>
>> public String getAwsSecretKey ()
>>
>> {
>>
>> return this.awsSecretKey;
>>
>> }
>>
>>
>>
>> }
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>> --
>> Olivier Sallou
>> IRISA / University of Rennes 1
>> Campus de Beaulieu, 35000 RENNES - FRANCE
>> Tel: 02.99.84.71.95
>>
>> gpg key id: 4096R/326D8438 (keyring.debian.org)
>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
More information about the Users
mailing list