You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by sl...@apache.org on 2012/06/20 21:50:25 UTC
git commit: Bug CS-12441: Fixing rest auth by generating QueryString to validate signature

Updated Branches:
  refs/heads/master 27265597b -> cb403b1c9


Bug CS-12441: Fixing rest auth by generating QueryString to validate signature


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/cb403b1c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/cb403b1c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/cb403b1c

Branch: refs/heads/master
Commit: cb403b1c97bcf224cc8684257777eb9e4485c84a
Parents: 2726559
Author: Sam Robertson <sa...@cloud.com>
Authored: Wed Jun 20 12:50:15 2012 -0700
Committer: Sam Robertson <sa...@cloud.com>
Committed: Wed Jun 20 12:50:15 2012 -0700

----------------------------------------------------------------------
 .../com/cloud/bridge/service/EC2RestServlet.java   |   46 ++++++++++----
 1 files changed, 33 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/cb403b1c/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
----------------------------------------------------------------------
diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
index 075a92f..74eb639 100644
--- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
+++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java
@@ -23,6 +23,7 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStream;
 import java.io.OutputStreamWriter;
+import java.net.URLEncoder;
 import java.security.KeyStore;
 import java.security.SignatureException;
 import java.security.cert.Certificate;
@@ -178,7 +179,7 @@ public class EC2RestServlet extends HttpServlet {
 		   }
 	       String keystore  = EC2Prop.getProperty( "keystore" );
 	       keystorePassword = EC2Prop.getProperty( "keystorePass" );
-	   	   wsdlVersion      = EC2Prop.getProperty( "WSDLVersion", "2009-11-30" );
+	   	   wsdlVersion      = EC2Prop.getProperty( "WSDLVersion", "2010-11-15" );
            version = EC2Prop.getProperty( "cloudbridgeVersion", "UNKNOWN VERSION" );
 	       
 	       String installedPath = System.getenv("CATALINA_HOME");
@@ -1706,18 +1707,37 @@ public class EC2RestServlet extends HttpServlet {
 		
 		// [C] Verify the signature
 		//  -> getting the query-string in this way maintains its URL encoding
-	   	EC2RestAuth restAuth = new EC2RestAuth();
-    	restAuth.setHostHeader( request.getHeader( "Host" ));
-    	String requestUri = request.getRequestURI();
-    	
-    	//If forwarded from another basepath:
-    	String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri");
-    	if(forwardedPath!=null){
-    		requestUri=forwardedPath;
-    	}
-    	restAuth.setHTTPRequestURI( requestUri);
-    	restAuth.setQueryString( request.getQueryString());
-    	
+	    EC2RestAuth restAuth = new EC2RestAuth();
+	    restAuth.setHostHeader( request.getHeader( "Host" ));
+	    String requestUri = request.getRequestURI();
+		
+	    // If forwarded from another basepath:
+	    String forwardedPath = (String) request.getAttribute("javax.servlet.forward.request_uri");
+	    if(forwardedPath!=null){
+	        requestUri=forwardedPath;
+		}
+		restAuth.setHTTPRequestURI( requestUri);
+
+		String queryString = request.getQueryString();
+		// getQueryString returns null (does it ever NOT return null for these), 
+		// we need to construct queryString to avoid changing the auth code...
+		if (queryString == null) {
+		    // construct our idea of a queryString with parameters!
+		    Enumeration<?> params = request.getParameterNames();
+		    if (params != null) {
+                while(params.hasMoreElements()) {
+                    String paramName = (String) params.nextElement();
+                    // exclude the signature string obviously. ;)
+                    if (paramName.equalsIgnoreCase("Signature")) continue;
+                    if (queryString == null) 
+                        queryString = paramName + "=" + request.getParameter(paramName);
+                    else 
+                        queryString = queryString + "&" + paramName + "=" + URLEncoder.encode(request.getParameter(paramName), "UTF-8"); 
+                }
+		    }
+		}
+		restAuth.setQueryString(queryString);
+		
 		if ( restAuth.verifySignature( request.getMethod(), cloudSecretKey, signature, sigMethod )) {
 		     UserContext.current().initContext( cloudAccessKey, cloudSecretKey, cloudAccessKey, "REST request", null );
 		     return true;