> On April 16, 2014, 7:50 a.m., Rohit Yadav wrote:
> > If it's backward compatible and works fine, let's merge. LGTM
>
> Yichi Lu wrote:
> Rohit:
> As far as I know this will not break the backward compatibility. For API
> calls, the signature version and expiration time is consumed by
> server/src/com/cloud/api/ApiServer.java::verifyRequest() like this:
> String signatureVersion = null;
> String expires = null;
>
> for (final String paramName : parameterNames) {
> // parameters come as name/value pairs in the form
> String/String[]
> final String paramValue =
> ((String[])requestParameters.get(paramName))[0];
>
> if (ApiConstants.SIGNATURE.equalsIgnoreCase(paramName)) {
> signature = paramValue;
> } else {
> if (ApiConstants.API_KEY.equalsIgnoreCase(paramName))
> {
> apiKey = paramValue;
> } else if
> (ApiConstants.SIGNATURE_VERSION.equalsIgnoreCase(paramName)) {
> signatureVersion = paramValue;
> } else if
> (ApiConstants.EXPIRES.equalsIgnoreCase(paramName)) {
> expires = paramValue;
> }
>
> if (unsignedRequest == null) {
> unsignedRequest = paramName + "=" +
> URLEncoder.encode(paramValue, UTF_8).replaceAll("\\+", "%20");
> } else {
> unsignedRequest = unsignedRequest + "&" +
> paramName + "=" + URLEncoder.encode(paramValue, UTF_8).replaceAll("\\+",
> "%20");
> }
> }
> }
>
> // if api/secret key are passed to the parameters
> if ((signature == null) || (apiKey == null)) {
> s_logger.debug("Expired session, missing signature, or
> missing apiKey -- ignoring request. Signature: " + signature + ", apiKey: " +
> apiKey);
> return false; // no signature, bad request
> }
>
> Date expiresTS = null;
> // FIXME: Hard coded signature, why not have an enum
> if ("3".equals(signatureVersion)) {
> // New signature authentication. Check for expire
> parameter and its validity
> if (expires == null) {
> s_logger.debug("Missing Expires parameter -- ignoring
> request. Signature: " + signature + ", apiKey: " + apiKey);
> return false;
> }
> synchronized (DateFormatToUse) {
> try {
> expiresTS = DateFormatToUse.parse(expires);
> } catch (final ParseException pe) {
> s_logger.debug("Incorrect date format for Expires
> parameter", pe);
> return false;
> }
> }
> final Date now = new Date(System.currentTimeMillis());
> if (expiresTS.before(now)) {
> s_logger.debug("Request expired -- ignoring ...sig: "
> + signature + ", apiKey: " + apiKey);
> return false;
> }
> }
>
> So expires will be checked only if an api call uses the key
> signatureversion, and its value == 3. Otherwise the key expires will just be
> ignored.
>
> Yichi
Alright, I see. Will merge your commit on cloudmonkey's repo. Thanks for your
patch.
- Rohit
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20390/#review40515
-----------------------------------------------------------
On April 15, 2014, 10:28 p.m., Yichi Lu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/20390/
> -----------------------------------------------------------
>
> (Updated April 15, 2014, 10:28 p.m.)
>
>
> Review request for cloudstack, Chiradeep Vittal and Rohit Yadav.
>
>
> Repository: cloudstack-cloudmonkey
>
>
> Description
> -------
>
> use signature version 3 for cloudmonkey api calls, with 600 seconds
> expiration time as default. The expiration time is configurable via
> .cloudmonkey/config
>
>
> Diffs
> -----
>
> cloudmonkey/cloudmonkey.py b465bec
> cloudmonkey/config.py 2f91608
> cloudmonkey/requester.py b06e1fc
>
> Diff: https://reviews.apache.org/r/20390/diff/
>
>
> Testing
> -------
>
> for 600 seconds expiration time and CST:
> now: 2014-04-15T16:36:46+0000 , expires: 2014-04-15T21:46:46+0000
>
>
> Thanks,
>
> Yichi Lu
>
>
