You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by sl...@apache.org on 2012/06/20 21:50:25 UTC
git commit: Bug CS-12441: Fixing rest auth by generating QueryString
to validate signature
Updated Branches:
refs/heads/master 27265597b -> cb403b1c9
Bug CS-12441: Fixing rest auth by generating QueryString to validate signature
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/cb403b1c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/cb403b1c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/cb403b1c
Branch: refs/heads/master
Commit: cb403b1c97bcf224cc8684257777eb9e4485c84a
Parents: 2726559
Author: Sam Robertson <sa...@cloud.com>
Authored: Wed Jun 20 12:50:15 2012 -0700
Committer: Sam Robertson <sa...@cloud.com>
Committed: Wed Jun 20 12:50:15 2012 -0700
----------------------------------------------------------------------
.../com/cloud/bridge/service/EC2RestServlet.java | 46 ++++++++++----
1 files changed, 33 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/cb403b1c/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
----------------------------------------------------------------------
diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
index 075a92f..74eb639 100644
--- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
+++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
@@ -23,6 +23,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
+import java.net.URLEncoder;
import java.security.KeyStore;
import java.security.SignatureException;
import java.security.cert.Certificate;
@@ -178,7 +179,7 @@ public class EC2RestServlet extends HttpServlet {
}
String keystore = EC2Prop.getProperty( "keystore" );
keystorePassword = EC2Prop.getProperty( "keystorePass" );
- wsdlVersion = EC2Prop.getProperty( "WSDLVersion", "2009-11-30" );
+ wsdlVersion = EC2Prop.getProperty( "WSDLVersion", "2010-11-15" );
version = EC2Prop.getProperty( "cloudbridgeVersion", "UNKNOWN VERSION" );
String installedPath = System.getenv("CATALINA_HOME");
@@ -1706,18 +1707,37 @@ public class EC2RestServlet extends HttpServlet {
// [C] Verify the signature
// -> getting the query-string in this way maintains its URL encoding
- EC2RestAuth restAuth = new EC2RestAuth();
- restAuth.setHostHeader( request.getHeader( "Host" ));
- String requestUri = request.getRequestURI();
-
- //If forwarded from another basepath:
- String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri");
- if(forwardedPath!=null){
- requestUri=forwardedPath;
- }
- restAuth.setHTTPRequestURI( requestUri);
- restAuth.setQueryString( request.getQueryString());
-
+ EC2RestAuth restAuth = new EC2RestAuth();
+ restAuth.setHostHeader( request.getHeader( "Host" ));
+ String requestUri = request.getRequestURI();
+
+ // If forwarded from another basepath:
+ String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri");
+ if(forwardedPath!=null){
+ requestUri=forwardedPath;
+ }
+ restAuth.setHTTPRequestURI( requestUri);
+
+ String queryString = request.getQueryString();
+ // getQueryString returns null (does it ever NOT return null for these),
+ // we need to construct queryString to avoid changing the auth code...
+ if (queryString == null) {
+ // construct our idea of a queryString with parameters!
+ Enumeration<?> params = request.getParameterNames();
+ if (params != null) {
+ while(params.hasMoreElements()) {
+ String paramName = (String) params.nextElement();
+ // exclude the signature string obviously. ;)
+ if (paramName.equalsIgnoreCase("Signature")) continue;
+ if (queryString == null)
+ queryString = paramName + "=" + request.getParameter(paramName);
+ else
+ queryString = queryString + "&" + paramName + "=" + URLEncoder.encode(request.getParameter(paramName), "UTF-8");
+ }
+ }
+ }
+ restAuth.setQueryString(queryString);
+
if ( restAuth.verifySignature( request.getMethod(), cloudSecretKey, signature, sigMethod )) {
UserContext.current().initContext( cloudAccessKey, cloudSecretKey, cloudAccessKey, "REST request", null );
return true;