Oracle® Enterprise Manager Ops Center Cloud Infrastructure API and CLI Reference Guide 12c Release 1 (12.1.1.0.0) Part Number E25150-03 |
|
|
PDF · Mobi · ePub |
This appendix provides an example for generating requests to the Web Service using the WebUtil application. The appendix includes:
This section provides a description of the information contained in a typical request to the Web Service. This section describes both types of requests:
The following URL shows the information required in a typical AKM request to the Web Service API:
https://USER:PASSWORD@HOST/akm/?REQUEST_DATA
Name | Description |
---|---|
USER | Cloud user name |
PASSWORD | Cloud user password |
HOST | IP address or fully qualified hostname |
REQUEST_DATA | The request data is made of a series of name=value parameters separated by "&" |
The parameters required as part of the REQUEST_DATA depend on the value used for the AKM action. However, there are a set of common parameters required for every AKM request.
The following table shows the common required parameters for the REQUEST_DATA in every AKM request:
Name | Description |
---|---|
Action | One of the akm action. See, for a complete list of akm actions. |
Version | 1 |
Timestamp | Timestamp in milliseconds since 1st of January 1970. |
Expires | Expiry date in milliseconds since 1st of January 1970, must be greater than the timestamp field above. A 300000ms difference between the 2 values should be more than enough. |
See RegisterAccessKeyRequest, DescribeAccessKeysRequest, DeleteAccessKeyRequest, and DescribeAccountsRequest for a complete description and extra parameters that can be used for the AKM actions.
The following URL shows the information required in a typical IAAS request using the Web Service API:
https://HOST/iaas/?REQUEST_IAAS_DATA&SIGNATURE_BLOCK
Name | Description |
---|---|
HOST | IP address or fully qualified hostname of Ops Center |
REQUEST_IAAS_DATA | The request data is made of a series of name=value parameters separated by "&" |
SIGNATURE_BLOCK | The signature block is a series of name=value parameters separated by "&" |
The parameters required as part of the REQUEST_IAAS_DATA depend on the value used for the IAAS action. However, there are a set of common parameters required for every IAAS request.
The following table shows the common required parameters for the REQUEST_IAAS_DATA in every IAAS request:
Name | Description |
---|---|
Action | One of the IAAS actions. See, for a complete list of the IAAS actions. |
Version | 1 |
Timestamp | Timestamp in milliseconds since 1st of January 1970 |
Expires | Expiry date in milliseconds since 1st of January 1970, must be greater than the timestamp field above. A 300000ms difference between the 2 values should be more than enough. |
accessKeyId | The value returned by the akm RegisterAccessKey action. |
See List of Actions, for a complete list of IAAS actions and extra parameters that can be used.
The signature block consists of signing some IAAS data with a private key so the web service can authenticate the request. The web server should be able to verify the signature with the public key which has been registered with the RegisterAccessKey action.
The following table shows the series of name=value parameters that conform the SIGNATURE_BLOCK. These parameter are separated by "&":
Name | Description |
---|---|
SignatureVersion | 1 |
SignatureMethod | SHA512withRSA (This is the only method supported) |
Signature | Encoded Hash value of the data to be signed. |
See "IAAS Data Used for Signature", for a complete description of the Signature field.
Example A-2 An Example of SIGNATURE_BLOCK
SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
To generate the encoded hash value of the SIGNATURE_BLOCK for a IAAS request, the following data is used, this data needs to be signed and base64 encoded:
Name | Description |
---|---|
Http Request type | POST. |
HostName | IP address or fully qualified hostname of Ops Center) |
Base URL of the Web service | iaas |
REQUEST_IAAS_DATA | The request data is made of a series of name=value parameters separated by "&". See also REQUEST_IAAS_DATA. |
Example A-3 Example of the IAAS data to sign
Note that there is a "\n"
between every field.
POST <EnterpriseControllerHostname> /iaas/ Action= DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299
Example A-4 Java representation of the data to sign
Note that there is a "\n"
between every field.
StringBuilder message = new StringBuilder();Message.setLength(0);message.append("POST").append("\n");message.append("<EnterpriseControllerHostname>") .append("\n");message.append("/iaas/").append("\n");message.append("Action= DescribeVnets&Version=1&Timestamp=1330954619299&Expires=1330954919299&accessKeyId=AK_1").append("\n");
See A Web Service Client Example, for an example of generating IAAS request with signed data.
Request to the Web Service API are simple web POST or GET operations. Once a AKM or IAAS request is dynamically generated, static technology is used to send the request. This section mentions the use of the web browser and WGET.
To use the web browser to send a request to the Web service API, enter the complete request in the address bar of the browser.
The following URL is an example of a complete AKM request. The request should be entered in the address bar as a one line command:
https://<username>:<password>@<EnterpriseControllerHostname>/akm/? Action= DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299
To use WGET, it is necessary to use the --no-check-certificate
option.
The following is an example of sending a request using WGET with the same AKM request used previously:
wget https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action= DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299 --nocheck-certificate
A public and private RSA keys are required for signing the required IAAS data so that the web service can authenticate the request.
Before creating a public key a private key must be created. A private key can be created executing the following command:
openssl genrsa -out privatekey.pem 2048
The private key is stored in the privatekey.pem
file and this file is used to create the public key. Once the public key is registered with the RegisterAccessKey action, this private key can be used to sign IAAS data.
To use WebTuil to sign IAAS data, the private key must be stored in DER format, this can be achieved by using the following command:
openssl pkcs8 -topk8 -inform PEM -outform DER -in privatekey.pem -nocrypt > privatekey.DER
The private key is stored in privatekey.DER
file.
WebUtil is a simple java application that generates the signature for an IAAS request to the Web Service API. WebUtil uses the SHA512withRSA method and base64 encode to signed the required data.
The following is the code of the WebUtil application. When building the application with the javac
compiler it is possible that 2 warnings are being displayed.
/* * Copyright (c) 2007, 2012 Oracle and/or its affiliates. All rights reserved. * Use is subject to license terms. */ import java.io.*; import java.nio.charset.Charset; import java.security.*; import java.security.spec.PKCS8EncodedKeySpec; import java.security.interfaces.RSAPrivateKey; public class WebUtil { final static String UTF_8_ENCODER = "UTF-8"; private static final Charset CHARSET_ENCODING_UTF_8 = Charset.forName("UTF-8"); private static final long IAAS_REQUEST_TIMEOUT_MS = 300000; //default expiry time is 5 minutes public static void main(String[] args) { if(args.length<=0) { WebUtil.usage(); } String argument=new String(args[0]); if(argument.compareTo("signature") ==0 && args.length != 6){ WebUtil.usage(); } if(argument.compareTo("template") == 0 && args.length != 2){ WebUtil.usage(); } try{ if(argument.compareTo("template") == 0){ WebUtil.generateTemplate(args[1]); } if(argument.compareTo("signature") ==0 && args.length == 6){ WebUtil.signDataToFile(args[1],args[2],args[3],args[4],args[5]); } }catch (Exception e){ System.err.println("Caught exception " + e.toString()); } } static void usage(){ System.out.println("Usage: WebUtil template destinationFile"); System.out.println("Usage: WebUtil signature privateKeyDER HTTP_TYPE HOST_IP DATA_TO_SIGN signatureData"); System.out.println("Usage: HTTP_TYPE: POST or GET\n HOST_IP=ip address of OC \n DATA_TO_SIGN:without Timestamp and Expire but needs to have the access key id \n signatureData:filename to store the signature"); System.exit(0); } static void generateTemplate(String filename)throws Exception { StringBuilder message = new StringBuilder(); message.setLength(0); message.append("POST").append("\n"); message.append("10.169.79.76").append("\n"); message.append("/iaas/").append("\n"); message.append("Action=DescribeVnets&Version=1"); message.append("&Timestamp=1330797956376"); message.append("&Expires=1330798256376"); message.append("&AccessKeyId=AK_1"); message.append("\n"); FileOutputStream iaas = new FileOutputStream(filename); iaas.write(message.toString().getBytes(CHARSET_ENCODING_UTF_8)); iaas.close(); } static void signDataToFile(String keyPrivFile, String httpType, String host, String dataRequest,String signedDataFile) throws Exception { long tsnow = System.currentTimeMillis(); long tsexpires = tsnow + IAAS_REQUEST_TIMEOUT_MS; String tNow=Long.toString(tsnow); String tEXPIRE=Long.toString(tsexpires); StringBuilder message = new StringBuilder(); message.setLength(0); message.append(httpType).append("\n"); message.append(host).append("\n"); message.append("/iaas/").append("\n"); message.append(dataRequest); message.append("&Timestamp="); message.append(tNow); message.append("&Expires="); message.append(tEXPIRE); message.append("\n"); StringBuilder iaasmessage = new StringBuilder(); iaasmessage.append("https://").append(host); iaasmessage.append("/iaas/?").append(dataRequest); iaasmessage.append("&Timestamp="); iaasmessage.append(tNow); iaasmessage.append("&Expires="); iaasmessage.append(tEXPIRE); iaasmessage.append("&SignatureMethod=SHA512withRSA&SignatureVersion=1"); iaasmessage.append("&Signature="); String messageStr = message.toString(); /* Read private keyfile DER */ FileInputStream in = new FileInputStream( keyPrivFile); FileInputStream keyfis = new FileInputStream(keyPrivFile); byte[] encKey = new byte[keyfis.available()]; keyfis.read(encKey); keyfis.close(); PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(encKey); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey privKey = keyFactory.generatePrivate(privKeySpec); Signature rsa = Signature.getInstance("SHA512withRSA"); rsa.initSign(privKey); rsa.update(messageStr.getBytes(CHARSET_ENCODING_UTF_8)); /* Now that all the data to be signed has been read in, generate a signature for it */ byte[] realSig = rsa.sign(); /* base64 encode the signed data */ String signatureUrlEncoded = getBase64Encoder().encode(realSig); /* Copy data to file */ FileOutputStream iaas = new FileOutputStream(signedDataFile); iaas.write(signatureUrlEncoded.getBytes(CHARSET_ENCODING_UTF_8)); iaas.close(); /* copy part of request to request file */ FileOutputStream iaasreq = new FileOutputStream("iaasPartRequest"); iaasreq.write(iaasmessage.toString().getBytes(CHARSET_ENCODING_UTF_8)); iaasreq.close(); } /** * @return a new base 64 encoder */ public static sun.misc.BASE64Encoder getBase64Encoder() { /* * This helper method was introduced to minimize the warnings about * using a Sun proprietary API. Use full package names to avoid * warning on import statement. */ return new sun.misc.BASE64Encoder(); } }
Before using the WebUtil application an access key for an account needs to be created. See Creating an Access Key for more information.
Once the access key is created, the IAAS data must be defined, see also IAAS Data Used for Signature.
The following is an example of this data for viewing vNets information.:
POST <EnterpriseControllerHostname> Action=DescribeVnets&Version=1&accessKeyId=AK_1&Timestamp=12333333&Expires=13333444
To generate the signature and base64 encoded use the WebUtil by running the following command:
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&accessKeyId=AK_1" signedData
WebUtil generates and stores the signed data in the signedData
file:
Content of signedData
: bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
WebUtil also generates the iaasPartReques
t file with the following information:
https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&Timestamp=1331058169938&Expires=1331058469938&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
To generate the complete HTTP request, append the content of the signedData
file to the iaasPartReques
t file as a single line command. After that, the HTTP request can be sent, see Sending a Web Service Request
This section presents an example for creating requests to the Web service that allows a cloud user to perform actions for an account. This section includes:
An access key is created for an account. The registered access key is needed to perform any IAAS action in the account.
For this example the following information is used to create the access key:
USER: clouduser
PASSWORD: <password>
HOST: 10.16.79.70
To create an access key:
Create a private RSA key stored as DER file.
Run the following command to create a private RSA key file:
openssl genrsa -out privatekey.pem 2048
Run the following command to store the private key as DER:
openssl pcks8 -topk8 -inform PEM -outform DER -in privatekey.pem -nocrypt > privatekey.DER
Create a public RSA key base on the privateRSA key. Run the following command:
openssl rsa -in privatekey.pem -pubout -out publickey.pem
The openssl public key generated must be similar to the following:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufVdjdp0MmOLbNypLVMW Xfmhusawid4Wg4n4FZewSmoBEYA8f8wIA0SI87Shi7RtMcWsEoXvNNHA0wcJoA1R jyVLsI3rtrq0c0k7AxQSwb4UK/rSXW1NXxMh/mE7b3gdA6d9VuwIPnZJ5ZFQUZCL yhaAotLCdACrzbgzYXdqt+rstutT1AVkE2UAMcm5O3KnIoObZKb8JtepSt74A9Rg VBkcCBjmKGfLNOL1KlZconkITm85TWKRaGRFuASxdl2ZrD723ZNb66X/a9ebxTMr 6vVeskcaZpPlHzvgMOpiyDGwRvxn9yM5WB83zFDGT26Lihn/bKzLJXa+F2YNkLrT JQIDAQAB -----END PUBLIC KEY-----
Describe accounts for a cloud user.
Create and send an AKM request using the DescribeAccounts action. The appropriate hostname, cloud user, timestamp and expires information must be filled properly:
https://<username>:<password>@<EnterpriseControllerHostname>/akm/? Action=DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299
Choose the account ID from the result returned from the previous AKM request, for example: ACC-0162da5a-5d25-4096-af59-3dd1de27cfad
<result xsi:type="DescribeAccountsResult" requestId="803"> <items> <account>ACC-0162da5a-5d25-4096-af59-3dd1de27cfad</account> <name>acc1</name> </items> <forUser><username></forUser> </result>
Create the access key for a cloud user account.
Register the public key previously created using the RegisterAccessKey action. Ensure that the data is represented as a single line. The following URL shows the https request to create an access key. The account used is the one from the DescribeAccount action used previously:
https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action=RegisterAccessKey&Version=1&Timestamp=1330975344&Expires=1333975344&account=ACC-0162da5a-5d25-4096-af59-3dd1de27cfad&publicKey=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufVdjdp0MmOLbNypLVMWXfmhusawid4Wg4n4FZewSmoBEYA8f8wIA0SI87Shi7RtMcWsEoXvNNHA0wcJoA1RjyVLsI3rtrq0c0k7AxQSwb4UK/rSXW1NXxMh/mE7b3gdA6d9VuwIPnZJ5ZFQUZCLyhaAotLCdACrzbgzYXdqt+rstutT1AVkE2UAMcm5O3KnIoObZKb8JtepSt74A9RgVBkcCBjmKGfLNOL1KlZconkITm85TWKRaGRFuASxdl2ZrD723ZNb66X/a9ebxTMr6vVeskcaZpPlHzvgMOpiyDGwRvxn9yM5WB83zFDGT26Lihn/bKzLJXa+F2YNkLrTJQIDAQAB
Get the access key ID generated. The access key ID is part of the results returned from the RegisterAccessKey action. This access key ID is used for all next IAAS request. For this example: AK_1
<result xsi:type="RegisterAccessKeyResult" requestId="1013"> <accessKeyId>AK_1</accessKeyId> </result>
Executing actions for an account
The following actions are explained in this section:
To execute these actions using the Web Service, the access key ID and private key file obtained from previous steps is used.
Define the data to be signed using DescribeVnets action:
Action=DescribeVnets&Version=1&AccessKeyId=AK_1
Sign the data using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&accessKeyId=AK_1" signedData
Get the signed data stored in iaasPartRequest
and signedData
files.
Content of iaasPartRequest
: https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&Timestamp=1331058169938&Expires=1331058469938&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of signedData
: bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
Append the signature to get the complete IAAS request, for example:
https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&Timestamp=1331058169938&Expires=1331058469938&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
Note:
The complete request to the Web service must be created as single line request.Send the complete IAAS request using the browser or wget. The result returned is similar to:
<result xsi:type="DescribeVnetsResult" requestId="102"> <items> <id>VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d</id> <name>10.169.69.0/24</name> <description>OVM Discovered Network OVM Discovered Network </description> <status>OK</status> <ipAddress>10.169.69.0/24</ipAddress> </items> </result>
Describe vNets filtering by vNet ids
Define the data to be signed using DescribeVnets action:
Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d
Sign the data using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d" signedData
Get the signed data stored in iaasPartRequest
and signedData
files.
Content of iaasPartRequest
: https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d&Timestamp=1331058449900&Expires=1331058749900&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of signedData
: B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Append the signature to get the complete IAAS request, for example:
https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d&Timestamp=1331058449900&Expires=1331058749900&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Note:
The complete request to the Web service must be created as single line request.Send the complete IAAS request using the browser or wget. The result returned is similar to:
<result xsi:type="DescribeVnetsResult" requestId="107"> <items> <id>VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d</id> <name>10.169.69.0/24</name> <description>OVM Discovered Network OVM Discovered Network </description> <status>OK</status> <ipAddress>10.169.69.0/24</ipAddress> </items> </result>
Define the data to be signed using DescribeVnets action:
Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi
Sign the data using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi" signedData
Get the signed data stored in iaasPartRequest
and signedData
files.
Content of iaasPartRequest
: https://<EnterpriseControllerHostname>/iaas/?Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi&Timestamp=1331058639019&Expires=1331058939019&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of signedData
: B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Append the signature to get the complete IAAS request, for example:
https://<EnterpriseControllerHostname>/iaas/?Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi&Timestamp=1331058639019&Expires=1331058939019&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Note:
The complete request to the Web service must be created as single line request.Send the complete IAAS request using the browser or wget. The result returned is similar to:
<result xsi:type="CreateVnetResult" requestId="109"><vnetId>VNET-7e33ee2e-d0f9-4b39-b8c9-32b8c8bfed87</vnetId></result>
Define the data to be signed using DescribeVnets action:
Action=DescribeVnets&Version=1&AccessKeyId=AK_1&filters.1.filterValue=privatevnet1&filters.1.filterName=name
Sign the data using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&AccessKeyId=AK_1&filters.1.filterValue=privatevnet1&filters.1.filterName=name" signedData
Get the signed data stored in iaasPartRequest
and signedData
files.
Content of iaasPartRequest
: https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&filters.1.filterValue=privatevnet1&filters.1.filterName=name&Timestamp=1331058887344&Expires=1331059187344&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of signedData
: B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Append the signature to get the complete IAAS request, for example:
https://<EnterpriseControllerHostname>/iaas/?Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi&Timestamp=1331058639019&Expires=1331058939019&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Note:
The complete request to the Web service must be created as single line request.Send the complete IAAS request using the browser or wget. The result returned is similar to:
<result xsi:type="DescribeVnetsResult" requestId="111"><items><id>VNET-8028fbfa-9e6f-4494-82c5-b35367340240</id><name>privatevnet1</name><description>privatevnet1</description><status>OK</status><ipAddress>192.168.0.0/24</ipAddress></items></result>