Permalink
Browse files

intermediate

  • Loading branch information...
decker
decker committed Aug 5, 2009
1 parent 1749a71 commit dfcc84d8d877567cf4ef8d11300e47b07db4485d
@@ -38,7 +38,7 @@
<appender name="console" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
- <param name="Threshold" value="WARN"/>
+ <param name="Threshold" value="INFO"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="[%c{1}:%t] %m%n"/>
</layout>
@@ -13,13 +13,6 @@ public class INTERNAL extends EucalyptusMessage {
}
}
-public class AddClusterType extends ClusterMessage {
- String name;
- String host;
- int port;
-}
-public class AddClusterResponseType extends ClusterMessage {}
-
public class ClusterStateType extends EucalyptusMessage{
String name;
String host;
@@ -1,7 +1,7 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
-import edu.ucsb.eucalyptus.msgs.EucalyptusData
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
+import edu.ucsb.eucalyptus.msgs.EucalyptusData;
import edu.ucsb.eucalyptus.msgs.EucalyptusMessage;
public class VmAddressMessage extends EucalyptusMessage{}
@@ -1,6 +1,6 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
public class BlockVolumeMessage extends EucalyptusMessage {}
public class BlockSnapshotMessage extends EucalyptusMessage {}
@@ -1,7 +1,7 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpEmbedded
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
+import edu.ucsb.eucalyptus.annotation.HttpEmbedded;
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
public class VmControlMessage extends EucalyptusMessage {}
/** *******************************************************************************/
@@ -1,8 +1,8 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
-import edu.ucsb.eucalyptus.msgs.EucalyptusMessage
-import edu.ucsb.eucalyptus.msgs.BlockDeviceMappingItemType
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
+import edu.ucsb.eucalyptus.msgs.EucalyptusMessage;
+import edu.ucsb.eucalyptus.msgs.BlockDeviceMappingItemType;
public class VmImageMessage extends EucalyptusMessage {}
/** *******************************************************************************/
@@ -1,6 +1,6 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
public class VmKeyPairMessage extends EucalyptusMessage {}
/** *******************************************************************************/
@@ -1,8 +1,15 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
public class ClusterMessage extends EucalyptusMessage{}
+public class AddClusterType extends ClusterMessage {
+ String name;
+ String host;
+ int port;
+}
+public class AddClusterResponseType extends ClusterMessage {}
+
/** *******************************************************************************/
public class DescribeAvailabilityZonesType extends ClusterMessage { //** added 2008-02-01 **/
@HttpParameterMapping (parameter = "ZoneName")
@@ -1,7 +1,7 @@
package edu.ucsb.eucalyptus.msgs
-import edu.ucsb.eucalyptus.annotation.HttpEmbedded
-import edu.ucsb.eucalyptus.annotation.HttpParameterMapping
+import edu.ucsb.eucalyptus.annotation.HttpEmbedded;
+import edu.ucsb.eucalyptus.annotation.HttpParameterMapping;
public class VmSecurityMessage extends EucalyptusMessage{}
/** *******************************************************************************/
@@ -8,6 +8,8 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.net.URLCodec;
import org.bouncycastle.util.encoders.UrlBase64;
import org.jboss.netty.handler.codec.http.DefaultHttpRequest;
import org.jboss.netty.handler.codec.http.HttpMethod;
@@ -19,7 +21,7 @@
private final HttpMethod method;
private final String uri;
- private final String servicePath;
+ private String servicePath;
private String query;
private final Map<String,String> parameters;
private String restNamespace;
@@ -29,15 +31,17 @@ public MappingHttpRequest( HttpVersion httpVersion, HttpMethod method, String ur
this.method = method;
this.uri = uri;
try {
- URL url = new URL( "http://hi.com" + uri );
+ URL url = new URL( "http://eucalyptus" + uri );
this.servicePath = url.getPath( );
this.parameters = new HashMap<String, String>( );
- this.query = url.toURI( ).getQuery( );
+ this.query = this.query == url.toURI( ).getQuery( ) ? this.query : new URLCodec().decode( url.toURI( ).getQuery( ) ).replaceAll( " ", "+" );
this.populateParameters();
} catch ( MalformedURLException e ) {
throw new RuntimeException( e );
} catch ( URISyntaxException e ) {
throw new RuntimeException( e );
+ } catch ( DecoderException e ) {
+ throw new RuntimeException( e );
}
}
@@ -67,12 +71,21 @@ public String getServicePath( ) {
return this.servicePath;
}
+ public void setServicePath( String servicePath ) {
+ this.servicePath = servicePath;
+ }
+
+
public String getQuery( ) {
return this.query;
}
public void setQuery( String query ) {
- this.query = query;
+ try {
+ this.query = new URLCodec().decode( query );
+ } catch ( DecoderException e ) {
+ this.query = query;
+ }
this.populateParameters( );
}
@@ -3,6 +3,7 @@
import java.util.Calendar;
import java.util.Map;
+import org.apache.commons.codec.net.URLCodec;
import org.apache.log4j.Logger;
import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.ChannelPipelineCoverage;
@@ -12,11 +13,13 @@
import com.eucalyptus.ws.MappingHttpRequest;
import com.eucalyptus.ws.server.EucalyptusQueryPipeline.OperationParameter;
import com.eucalyptus.ws.server.EucalyptusQueryPipeline.RequiredQueryParams;
+import com.eucalyptus.ws.util.Hashes;
import com.eucalyptus.ws.util.HmacUtils;
-@ChannelPipelineCoverage("one")
+@ChannelPipelineCoverage( "one" )
public class HmacV2Handler extends MessageStackHandler {
private static Logger LOG = Logger.getLogger( HmacV2Handler.class );
+
public enum SecurityParameter {
AWSAccessKeyId,
Timestamp,
@@ -32,44 +35,50 @@
public void incomingMessage( ChannelHandlerContext ctx, MessageEvent event ) throws Exception {
if ( event.getMessage( ) instanceof MappingHttpRequest ) {
MappingHttpRequest httpRequest = ( MappingHttpRequest ) event.getMessage( );
- Map<String,String> parameters = httpRequest.getParameters( );
+ Map<String, String> parameters = httpRequest.getParameters( );
if ( !parameters.containsKey( SecurityParameter.AWSAccessKeyId.toString( ) ) ) throw new AuthenticationException( "Missing required parameter: " + SecurityParameter.AWSAccessKeyId );
if ( !parameters.containsKey( SecurityParameter.Signature.toString( ) ) ) throw new AuthenticationException( "Missing required parameter: " + SecurityParameter.Signature );
-
- //:: note we remove the sig :://
- String sig = parameters.remove( SecurityParameter.Signature.toString() );
- String queryId = parameters.get( SecurityParameter.AWSAccessKeyId.toString() );
+ // :: note we remove the sig :://
+ String sig = parameters.remove( SecurityParameter.Signature.toString( ) );
+ String queryId = parameters.get( SecurityParameter.AWSAccessKeyId.toString( ) );
String verb = httpRequest.getMethod( ).getName( );
String addr = httpRequest.getServicePath( );
String headerHost = httpRequest.getHeader( "Host" );
String headerPort = "8773";
- if( headerHost != null && headerHost.contains( ":" ) ) {
+ if ( headerHost != null && headerHost.contains( ":" ) ) {
String[] hostTokens = headerHost.split( ":" );
headerHost = hostTokens[0];
- if( hostTokens.length > 1 && hostTokens[1] != null && !"".equals( hostTokens[1] ) ) {
+ if ( hostTokens.length > 1 && hostTokens[1] != null && !"".equals( hostTokens[1] ) ) {
headerPort = hostTokens[1];
}
}
- String canonicalString = HmacUtils.makeV2SubjectString( verb, headerHost, addr, parameters );
- String canonicalStringWithPort = HmacUtils.makeV2SubjectString( verb, headerHost+":"+headerPort, addr, parameters );
-
- //TODO: hook in user key lookup here
- String queryKey = "xhqe5UOv5b_Eplr_anLQ0cdBgwoL96U_IDdzeQ";
-
- String authv2sha256 = HmacUtils.checkSignature256( queryKey, canonicalString );
- String authv2sha256port = HmacUtils.checkSignature256( queryKey, canonicalStringWithPort );
- LOG.info( "VERSION2-SHA256: " + authv2sha256 + " -- " + sig );
- LOG.info( "VERSION2-SHA256-HEADER: " + authv2sha256port + " -- " + sig );
-
- //if ( !authv2sha256.equals( sig ) && !authv2sha256port.equals( sig ) )
- // throw new AuthenticationException( "User authentication failed." );
-
-
- parameters.remove( RequiredQueryParams.SignatureVersion.toString() );
+ // TODO: hook in user key lookup here
+ String secretKey = "e2GKUDmazmBLRlX3lYWi79ptPVzXdjMWqNaARg";
+ String sigVersionString = parameters.get( RequiredQueryParams.SignatureVersion.toString( ) );
+ if ( sigVersionString != null ) {// really, it should never be...
+ int sigVersion = Integer.parseInt( sigVersionString );
+ if ( sigVersion == 1 ) {
+ String canonicalString = HmacUtils.makeSubjectString( parameters );
+ LOG.info( "VERSION1-STRING: " + canonicalString );
+ String computedSig = HmacUtils.getSignature( secretKey, canonicalString, Hashes.Mac.HmacSHA1 );
+ LOG.info( "VERSION1-SHA1: " + computedSig + " -- " + sig );
+ if ( !computedSig.equals( sig ) ) throw new AuthenticationException( "User authentication failed." );
+ } else if ( sigVersion == 2 ) {
+ String canonicalString = HmacUtils.makeV2SubjectString( verb, headerHost, addr, parameters );
+ String canonicalStringWithPort = HmacUtils.makeV2SubjectString( verb, headerHost + ":" + headerPort, addr, parameters );
+ String computedSig = HmacUtils.getSignature( secretKey, canonicalString, Hashes.Mac.HmacSHA256 );
+ String computedSigWithPort = HmacUtils.getSignature( secretKey, canonicalStringWithPort, Hashes.Mac.HmacSHA256 );
+ LOG.info( "VERSION2-STRING: " + canonicalString );
+ LOG.info( "VERSION2-SHA256: " + computedSig + " -- " + sig );
+ LOG.info( "VERSION2-STRING-PORT: " + canonicalString );
+ LOG.info( "VERSION2-SHA256-PORT: " + computedSigWithPort + " -- " + sig );
+ if ( !computedSig.equals( sig ) && !computedSigWithPort.equals( sig ) ) throw new AuthenticationException( "User authentication failed." );
+ }
+ }
+ parameters.remove( RequiredQueryParams.SignatureVersion.toString( ) );
parameters.remove( "SignatureMethod" );
-
- //:: find user, remove query key to prepare for marshalling :://
- parameters.remove( SecurityParameter.AWSAccessKeyId.toString() );
+ // :: find user, remove query key to prepare for marshalling :://
+ parameters.remove( SecurityParameter.AWSAccessKeyId.toString( ) );
}
}
@@ -29,8 +29,7 @@
public void incomingMessage( ChannelHandlerContext ctx, MessageEvent event ) throws Exception {
if ( event.getMessage( ) instanceof MappingHttpRequest ) {
MappingHttpRequest httpRequest = ( MappingHttpRequest ) event.getMessage( );
- this.namespace = "http://ec2.amazonaws.com/doc/" + httpRequest.getParameters( ).remove( RequiredQueryParams.Version.toString( ) );
- LOG.error( "Setting namespace="+this.namespace);
+ this.namespace = "http://ec2.amazonaws.com/doc/" + httpRequest.getParameters( ).remove( RequiredQueryParams.Version.toString( ) ) + "/";
// TODO: get real user data here too
httpRequest.setMessage( this.bind( "admin", true, httpRequest ) );
}
@@ -42,7 +41,6 @@ public void incomingMessage( ChannelHandlerContext ctx, MessageEvent event ) thr
public void outgoingMessage( ChannelHandlerContext ctx, MessageEvent event ) throws Exception {
if ( event.getMessage( ) instanceof MappingHttpResponse ) {
MappingHttpResponse httpResponse = ( MappingHttpResponse ) event.getMessage( );
- LOG.error( "Getting namespace="+this.namespace);
Binding binding = BindingManager.getBinding( BindingManager.sanitizeNamespace( this.namespace ) );
ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
if( httpResponse.getMessage( ) instanceof EucalyptusErrorMessageType ) {
@@ -17,38 +17,6 @@
public class EucalyptusQueryPipeline extends FilteredPipeline {
private static Logger LOG = Logger.getLogger( EucalyptusQueryPipeline.class );
- public enum RequiredQueryParams {
- SignatureVersion,
- Version
- }
- public enum OperationParameter {
-
- Operation, Action;
- private static String patterh = buildPattern();
-
- private static String buildPattern()
- {
- StringBuilder s = new StringBuilder();
- for ( OperationParameter op : OperationParameter.values() ) s.append( "(" ).append( op.name() ).append( ")|" );
- s.deleteCharAt( s.length() - 1 );
- return s.toString();
- }
-
- public static String toPattern()
- {
- return patterh;
- }
-
- public static String getParameter( Map<String,String> map )
- {
- for( OperationParameter op : OperationParameter.values() )
- if( map.containsKey( op.toString() ) )
- return map.get( op.toString() );
- return null;
- }
- }
-
-
@Override
protected void addStages( List<UnrollableStage> stages ) {
stages.add( new HmacV2UserAuthenticationStage( ) );
@@ -83,4 +51,36 @@ public String getPipelineName( ) {
return "eucalyptus-query";
}
+ public enum RequiredQueryParams {
+ SignatureVersion,
+ Version
+ }
+
+ public enum OperationParameter {
+
+ Operation, Action;
+ private static String patterh = buildPattern();
+
+ private static String buildPattern()
+ {
+ StringBuilder s = new StringBuilder();
+ for ( OperationParameter op : OperationParameter.values() ) s.append( "(" ).append( op.name() ).append( ")|" );
+ s.deleteCharAt( s.length() - 1 );
+ return s.toString();
+ }
+
+ public static String toPattern()
+ {
+ return patterh;
+ }
+
+ public static String getParameter( Map<String,String> map )
+ {
+ for( OperationParameter op : OperationParameter.values() )
+ if( map.containsKey( op.toString() ) )
+ return map.get( op.toString() );
+ return null;
+ }
+ }
+
}
Oops, something went wrong.

0 comments on commit dfcc84d

Please sign in to comment.