You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by 梶原 直之 <na...@inte.co.jp> on 2012/07/10 06:36:52 UTC

Bug on cloudapis.py

Hello, All

I found a bug in “cloudapis.py” on 3.0.2.
While calculating the results of Signature API request to cloudtool,
listAsyncJobs API startdate Signature error occur. 
The result of the assumption could not be obtained.

Cloudtool had been encrypted with the URL-encoded from HmacSHA1. 
While request parameter key gets generated, the cloudtool lowercased and requested. 
Therefore, the cloudtood would not work properly.

Was this bug already fixed?

Thank you!

patch----------
--- cloudapis.py.org	2012-05-07 13:58:37.000000000 +0900
+++ cloudapis.py	2012-07-09 21:08:36.217474743 +0900
@@ -51,9 +51,9 @@
         requests.sort(key=lambda x: str.lower(x[0]))
         
         requestUrl = "&".join(["=".join([request[0], urllib.quote_plus(str(request[1]))]) for request in requests])
-        hashStr = "&".join(["=".join([str.lower(request[0]), urllib.quote_plus(str.lower(str(request[1])))]) for request in requests])
+        hashStr = "&".join(["=".join([request[0], urllib.quote_plus(str(request[1]))]) for request in requests])
 
-        sig = urllib.quote_plus(base64.encodestring(hmac.new(self.securityKey, hashStr, hashlib.sha1).digest()).strip())
+        sig = urllib.quote_plus(base64.encodestring(hmac.new(self.securityKey, str.lower(hashStr), hashlib.sha1).digest()).strip())
 
         requestUrl += "&signature=%s"%sig
         return requestUrl
@@ -68,9 +68,9 @@
         requests.sort(key=lambda x: str.lower(x[0]))
         
         requestUrl = "&".join(["=".join([request[0], urllib.quote_plus(str(request[1]))]) for request in requests])
-        hashStr = "&".join(["=".join([str.lower(request[0]), urllib.quote_plus(str.lower(str(request[1])))]) for request in requests])
+        hashStr = "&".join(["=".join([request[0], urllib.quote_plus(str(request[1]))]) for request in requests])
 
-        sig = urllib.quote_plus(base64.encodestring(hmac.new(self.securityKey, hashStr, hashlib.sha1).digest()).strip())
+        sig = urllib.quote_plus(base64.encodestring(hmac.new(self.securityKey, str.lower(hashStr), hashlib.sha1).digest()).strip())
 
         requestUrl += "&signature=%s"%sig

----------patch


-- Helped by CloudStack Japanese user group core member --

--
Naoyuki Kajihara

Intelligence Business Solutions

1-4-4 Yanagibashi Taito-ku
Tokyo-to Japan  111-0052
Phone: +81 3 6385 6103
FAX: +81 3 6385 6104

http://ibs.inte.co.jp/