This appendix provides an example for generating requests to the Web service of the cloud infrastructure API described in Chapter 4, "Cloud Infrastructure API Reference".
This example uses the WebUtil application for generating the requests. The appendix includes the following topics:
This section provides a description of the information contained in a typical request to the Web service. This section describes both types of requests:
The following URL shows the information required in a typical access key management (AKM) request to the Web service:
https://USER:PASSWORD@HOST/akm/?REQUEST_DATA
Name | Description |
---|---|
USER | Cloud user name |
PASSWORD | Cloud user password |
HOST | IP address or fully qualified host name |
REQUEST_DATA | The request data is made of a series of name=value parameters separated by an ampersand (&). |
The parameters required as part of the REQUEST_DATA depend on the value used for the AKM action. However, a set of common parameters is required for every AKM request.
The following table shows the required parameters for the REQUEST_DATA in every AKM request. Example A-1 shows how these parameters appear in a complete request.
Name | Description |
---|---|
Action | One of the AKM actions. See RegisterAccessKeyRequest, DescribeAccessKeysRequest, DeleteAccessKeyRequest, and DescribeAccountsRequest actions for a complete description and extra parameters for each AKM action. |
Version | 1 |
Timestamp | Timestamp in milliseconds since January 1, 1970 |
Expires | Expiry date in milliseconds (ms) since January 1, 1970 must be greater than the timestamp field. A 300000 ms difference between the two values must be enough. |
The following URL shows the information required in a typical infrastructure as a service (IAAS) request to the Web service:
https://HOST/iaas/?REQUEST_IAAS_DATA&SIGNATURE_BLOCK
Name | Description |
---|---|
HOST | IP address or fully qualified host name |
REQUEST_IAAS_DATA | The request IAAS data is a series of name=value parameters separated by an ampersand (&). |
SIGNATURE_BLOCK | The signature block is a series of name=value parameters separated by an ampersand (&). |
The parameters required as part of the REQUEST_IAAS_DATA depend on the value used for the IAAS action. However, a set of common parameters is required for every IAAS request.
The following table shows the common required parameters for the REQUEST_IAAS_DATA in every IAAS request. Example A-2 show how these parameter appears in a complete specification for REQUEST_IAAS_DATA.
Name | Description |
---|---|
Action | One of the IAAS actions. See "List of Actions" on page , for a complete list of IAAS actions and extra parameters for each IAAS action. |
Version | 1 |
Timestamp | Timestamp in milliseconds since January 1, 1970 |
Expires | Expiry date in milliseconds (ms) since January 1, 1970 must be greater than the timestamp field. A 300000 ms difference between the two values must be enough. |
accessKeyId | The value returned by the AKM RegisterAccessKeyRequest action. |
The signature block consists of signing some IAAS data with a private key so that the Web service can authenticate the request. The Web server should be able to verify the signature with the public key registered with the RegisterAccessKeyRequest action.
The following table shows the series of name=value parameters that conform the specification for the SIGNATURE_BLOCK. These parameters are separated by the ampersand(&). Example A-3 shows a complete specification for a SIGNATURE_BLOCK sample.
Name | Description |
---|---|
SignatureVersion | 1 |
SignatureMethod | SHA512withRSA. This is the only method supported. |
Signature | Encoded Hash value of the data to be signed. See "IAAS Data Used for Signature" for a complete description of the Signature field. |
Example A-3 Sample SIGNATURE_BLOCK Specification
SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
The following table shows the required information to generate the encoded hash value of the signature for an IAAS request. This data needs to be signed and base64 encoded. Example A-4 shows a complete data set of the IAAS data used for generating a signature. Example A-5 shows a Java representation of the IAAS data to sign.
Name | Description |
---|---|
Http Request type | POST |
HostName | IP address or fully qualified host name |
Base URL of the Web service | iaas |
REQUEST_IAAS_DATA | The request data is made of a series of name=value parameters separated by an ampersand (&). See also "REQUEST_IAAS_DATA Specification". |
Example A-4 Example of the IAAS Data to Sign
A"\n"
is required between every field.
POST <EnterpriseControllerHostname> /iaas/ Action= DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299
Example A-5 Java Representation of the Data to Sign
StringBuilder message = new StringBuilder();Message.setLength(0);message.append("POST").append("\n");message.append("<EnterpriseControllerHostname>") .append("\n");message.append("/iaas/").append("\n");message.append("Action= DescribeVnets&Version=1&Timestamp=1330954619299&Expires=1330954919299&accessKeyId=AK_1").append("\n");
See "Examples of Web Service Requests", for an example of generating an IAAS requests with signed data.
Requests to the Web service are simple HTTP POST or GET operations. After a AKM or IAAS request is dynamically generated, static technology is used to send the request.
This section mentions the use of the Web browser and the WGET utility as the static technology to send requests to the Web service.
To use the Web browser to send a request to the Web service, enter the complete request in the address bar of the browser.
The following URL is an example of a complete AKM request. The request should be entered in the address bar as a one-line command:
https://<username>:<password>@<EnterpriseControllerHostname>/akm/? Action= DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299
To use WGET utility, it is necessary to use the --no-check-certificate
option.
The following is an example of sending a request using WGET with the same AKM request used previously:
wget https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action= DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299 --nocheck-certificate
Both public and private RSA keys are required for signing the required IAAS data so that the Web service can authenticate the request.
A private key must exist before you can create a public key. To create a private keys use the following command:
openssl genrsa -out privatekey.pem 2048
The private key is stored in the privatekey.pem file. This file is used to create the public key. After the public key is registered with the RegisterAccessKeyRequest action, this private key can be used to sign the IAAS data.
If the WebUtil application is used to sign the IAAS data, then the private key must be stored in DER format. You can use the following command:
openssl pkcs8 -topk8 -inform PEM -outform DER -in privatekey.pem -nocrypt > privatekey.DER
The private key is stored in the privatekey.DER file.
To create a public key use the following command:
openssl rsa -in privatekey.pem -pubout -out publickey.pem
The public key is stored in the publickey.pem file. After the public key is registered using the RegisterAccessKeyRequest action, the Web server can verify the signed data with the public key.
WebUtil is a simple Java application that generates the signature for an IAAS request to the Web service. WebUtil uses the SHA512withRSA method and base64 encoding to sign the required data.
The following is the code of the WebUtil application. You can build the application with the javac
compiler; it is possible that two warnings are displayed when building the application.
/* * Copyright (c) 2007, 2012 Oracle and/or its affiliates. All rights reserved. * Use is subject to license terms. */ import java.io.*; import java.nio.charset.Charset; import java.security.*; import java.security.spec.PKCS8EncodedKeySpec; import java.security.interfaces.RSAPrivateKey; public class WebUtil { final static String UTF_8_ENCODER = "UTF-8"; private static final Charset CHARSET_ENCODING_UTF_8 = Charset.forName("UTF-8"); private static final long IAAS_REQUEST_TIMEOUT_MS = 300000; //default expiry time is 5 minutes public static void main(String[] args) { if(args.length<=0) { WebUtil.usage(); } String argument=new String(args[0]); if(argument.compareTo("signature") ==0 && args.length != 6){ WebUtil.usage(); } if(argument.compareTo("template") == 0 && args.length != 2){ WebUtil.usage(); } try{ if(argument.compareTo("template") == 0){ WebUtil.generateTemplate(args[1]); } if(argument.compareTo("signature") ==0 && args.length == 6){ WebUtil.signDataToFile(args[1],args[2],args[3],args[4],args[5]); } }catch (Exception e){ System.err.println("Caught exception " + e.toString()); } } static void usage(){ System.out.println("Usage: WebUtil template destinationFile"); System.out.println("Usage: WebUtil signature privateKeyDER HTTP_TYPE HOST_IP DATA_TO_SIGN signatureData"); System.out.println("Usage: HTTP_TYPE: POST or GET\n HOST_IP=ip address of OC \n DATA_TO_SIGN:without Timestamp and Expire but needs to have the access key id \n signatureData:filename to store the signature"); System.exit(0); } static void generateTemplate(String filename)throws Exception { StringBuilder message = new StringBuilder(); message.setLength(0); message.append("POST").append("\n"); message.append("10.169.79.76").append("\n"); message.append("/iaas/").append("\n"); message.append("Action=DescribeVnets&Version=1"); message.append("&Timestamp=1330797956376"); message.append("&Expires=1330798256376"); message.append("&AccessKeyId=AK_1"); message.append("\n"); FileOutputStream iaas = new FileOutputStream(filename); iaas.write(message.toString().getBytes(CHARSET_ENCODING_UTF_8)); iaas.close(); } static void signDataToFile(String keyPrivFile, String httpType, String host, String dataRequest,String signedDataFile) throws Exception { long tsnow = System.currentTimeMillis(); long tsexpires = tsnow + IAAS_REQUEST_TIMEOUT_MS; String tNow=Long.toString(tsnow); String tEXPIRE=Long.toString(tsexpires); StringBuilder message = new StringBuilder(); message.setLength(0); message.append(httpType).append("\n"); message.append(host).append("\n"); message.append("/iaas/").append("\n"); message.append(dataRequest); message.append("&Timestamp="); message.append(tNow); message.append("&Expires="); message.append(tEXPIRE); message.append("\n"); StringBuilder iaasmessage = new StringBuilder(); iaasmessage.append("https://").append(host); iaasmessage.append("/iaas/?").append(dataRequest); iaasmessage.append("&Timestamp="); iaasmessage.append(tNow); iaasmessage.append("&Expires="); iaasmessage.append(tEXPIRE); iaasmessage.append("&SignatureMethod=SHA512withRSA&SignatureVersion=1"); iaasmessage.append("&Signature="); String messageStr = message.toString(); /* Read private keyfile DER */ FileInputStream in = new FileInputStream( keyPrivFile); FileInputStream keyfis = new FileInputStream(keyPrivFile); byte[] encKey = new byte[keyfis.available()]; keyfis.read(encKey); keyfis.close(); PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(encKey); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey privKey = keyFactory.generatePrivate(privKeySpec); Signature rsa = Signature.getInstance("SHA512withRSA"); rsa.initSign(privKey); rsa.update(messageStr.getBytes(CHARSET_ENCODING_UTF_8)); /* Now that all the data to be signed has been read in, generate a signature for it */ byte[] realSig = rsa.sign(); /* base64 encode the signed data */ String signatureUrlEncoded = getBase64Encoder().encode(realSig); /* Copy data to file */ FileOutputStream iaas = new FileOutputStream(signedDataFile); iaas.write(signatureUrlEncoded.getBytes(CHARSET_ENCODING_UTF_8)); iaas.close(); /* copy part of request to request file */ FileOutputStream iaasreq = new FileOutputStream("iaasPartRequest"); iaasreq.write(iaasmessage.toString().getBytes(CHARSET_ENCODING_UTF_8)); iaasreq.close(); } /** * @return a new base 64 encoder */ public static sun.misc.BASE64Encoder getBase64Encoder() { /* * This helper method was introduced to minimize the warnings about * using a Sun proprietary API. Use full package names to avoid * warning on import statement. */ return new sun.misc.BASE64Encoder(); } }
WebUtil application requires an access key for the account. See "Creating an Access Key" for information about how to create the access key.
After the access key is created, the IAAS data must be defined, as explained in "IAAS Data Used for Signature".
The following is an example of the IAAS data for viewing vNets information:
POST <EnterpriseControllerHostname> Action=DescribeVnets&Version=1&accessKeyId=AK_1&Timestamp=12333333&Expires=13333444
To generate the signature and base64 encoding, use the WebUtil by running the following command:
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&accessKeyId=AK_1" signedData
WebUtil generates and stores the signed data in the signedData file:
Content of the signedData file: bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
WebUtil also generates the iaasPartRequest file with the following information:
https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&Timestamp=1331058169938&Expires=1331058469938&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
To generate the complete HTTP request, append the content of the signedData file to the iaasPartRequest file as a single-line command. After that, the HTTP request can be sent, see "Sending a Web Service Request".
This section presents an example for creating requests to the Web service that allows a cloud user to perform actions for an account. This section includes:
An access key is created for an account. The registered access key is needed to perform any IAAS action in the account.
For this example, the following information is used to create the access key:
USER: clouduser
PASSWORD: <password>
HOST: 10.16.79.70
To create an access key:
Create a private RSA key stored as a DER file.
Run the following command to create a private RSA key file:
openssl genrsa -out privatekey.pem 2048
Run the following command to store the private key as DER:
openssl pcks8 -topk8 -inform PEM -outform DER -in privatekey.pem -nocrypt > privatekey.DER
Create a public RSA key base on the privateRSA key. Run the following command:
openssl rsa -in privatekey.pem -pubout -out publickey.pem
The openssl public key generated must be similar to the following:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufVdjdp0MmOLbNypLVMW Xfmhusawid4Wg4n4FZewSmoBEYA8f8wIA0SI87Shi7RtMcWsEoXvNNHA0wcJoA1R jyVLsI3rtrq0c0k7AxQSwb4UK/rSXW1NXxMh/mE7b3gdA6d9VuwIPnZJ5ZFQUZCL yhaAotLCdACrzbgzYXdqt+rstutT1AVkE2UAMcm5O3KnIoObZKb8JtepSt74A9Rg VBkcCBjmKGfLNOL1KlZconkITm85TWKRaGRFuASxdl2ZrD723ZNb66X/a9ebxTMr 6vVeskcaZpPlHzvgMOpiyDGwRvxn9yM5WB83zFDGT26Lihn/bKzLJXa+F2YNkLrT JQIDAQAB -----END PUBLIC KEY-----
Display the account attributes for a cloud user.
Create and send an AKM request using the DescribeAccountsRequest action. The appropriate hostname, cloud user, timestamp, and expires information must be provided:
https://<username>:<password>@<EnterpriseControllerHostname>/akm/? Action=DescribeAccounts&Version=1&Timestamp=1330954619299&Expires=1330954919299
Verify the account ID from the result returned from the previous AKM request. In this example, the account ID is ACC-0162da5a-5d25-4096-af59-3dd1de27cfad
<result xsi:type="DescribeAccountsResult" requestId="803"> <items> <account>ACC-0162da5a-5d25-4096-af59-3dd1de27cfad</account> <name>acc1</name> </items> <forUser><username></forUser> </result>
Create the access key for a cloud user account.
Register the public key created in step 2 by using the RegisterAccessKey action. Ensure that the data is represented as a single line. The following URL shows the HTTPS request to create an access key. The account used is the one from the DescribeAccount action used in step 3:
https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action=RegisterAccessKey&Version=1&Timestamp=1330975344&Expires=1333975344&account=ACC-0162da5a-5d25-4096-af59-3dd1de27cfad&publicKey=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufVdjdp0MmOLbNypLVMWXfmhusawid4Wg4n4FZewSmoBEYA8f8wIA0SI87Shi7RtMcWsEoXvNNHA0wcJoA1RjyVLsI3rtrq0c0k7AxQSwb4UK/rSXW1NXxMh/mE7b3gdA6d9VuwIPnZJ5ZFQUZCLyhaAotLCdACrzbgzYXdqt+rstutT1AVkE2UAMcm5O3KnIoObZKb8JtepSt74A9RgVBkcCBjmKGfLNOL1KlZconkITm85TWKRaGRFuASxdl2ZrD723ZNb66X/a9ebxTMr6vVeskcaZpPlHzvgMOpiyDGwRvxn9yM5WB83zFDGT26Lihn/bKzLJXa+F2YNkLrTJQIDAQAB
Verify the access key ID that was generated. The access key ID is part of the results returned from the RegisterAccessKey action. This access key ID is used for all IAAS requests for the account to authenticate the cloud user to the account. In this examples, the access key ID is AK_1.
<result xsi:type="RegisterAccessKeyResult" requestId="1013"> <accessKeyId>AK_1</accessKeyId> </result>
The following actions are explained in this section:
To execute these actions using the Web service, the access key ID and private key file obtained from the previous step.
To view attributes of all available virtual networks for an account:
Define the data to be signed by using the DescribeVnets action.
Action=DescribeVnets&Version=1&AccessKeyId=AK_1
Sign the data by using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&accessKeyId=AK_1" signedData
Get the signed data that is stored in the iaasPartRequest and signedData files.
Content of the iaasPartRequest file: https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&Timestamp=1331058169938&Expires=1331058469938&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of the signedData file: bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
Append the signature to get the complete IAAS request, as show in the following example:
https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&Timestamp=1331058169938&Expires=1331058469938&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=bj8GfJCqvPZZPU2JoWAGzZdCF+N767rQejILMQwNdgKLfoGGqAwDPRYMr/ghUoBc6RB3nKYgAyPdmtCfhzRGTqECgUWy0jCrE99+utGeeJ0/XRQ9LxyYeBgzjO3lHP+hFhUo+gUtQaSYPhUHH7eTkxg/CrolMxibglypJM/rIf90yEqSeqhphQt7hWxlT0DNAy6/cZt8isT/Tu8V7ZFjBFkEpLfN97bIOJ2vIIpOeetmftuw4ObtqjbUp6+7dpVkhhCQnX0MAIDj+mjorEOzcwK+F1pYuzES0fjaW0MowG+cA/9gttDjg7r5H29i3qbbjIlvAt6fk1HPpSxQTSTOTg==
Note:
The complete request to the Web service must be created as a single-line request.Send the complete IAAS request using the browser or the WGET utility. The result returned is similar to the following output:
<result xsi:type="DescribeVnetsResult" requestId="102"> <items> <id>VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d</id> <name>10.169.69.0/24</name> <description>OVM Discovered Network</description> <status>OK</status> <ipAddress>10.169.69.0/24</ipAddress> </items> </result>
To use the virtual networks IDs to specify which virtual networks to display for an account:
Define the data to be signed by using the DescribeVnets action.
Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d
Sign the data by using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d" signedData
Get the signed data that is stored in the iaasPartRequest and signedData files.
Content of the iaasPartRequest file: https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d&Timestamp=1331058449900&Expires=1331058749900&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of the signedData file: B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Append the signature to get the complete IAAS request, as show in the following example:
https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&ids.1=VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d&Timestamp=1331058449900&Expires=1331058749900&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Note:
The complete request to the Web service must be created as a single-line request.Send the complete IAAS request using the browser or WGET utility. The result returned is similar to the following output:
<result xsi:type="DescribeVnetsResult" requestId="107"> <items> <id>VNET-6c774d08-d0a7-493b-9fa1-c93a80702f8d</id> <name>10.169.69.0/24</name> <description>OVM Discovered Network</description> <status>OK</status> <ipAddress>10.169.69.0/24</ipAddress> </items> </result>
To specify which virtual networks to display by using the name of the virtual network as filter:
Define the data to be signed by using the DescribeVnets action:
Action=DescribeVnets&Version=1&AccessKeyId=AK_1&filters.1.filterValue=privatevnet1&filters.1.filterName=name
Sign the data by using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=DescribeVnets&Version=1&AccessKeyId=AK_1&filters.1.filterValue=privatevnet1&filters.1.filterName=name" signedData
Get the signed data that is stored in the iaasPartRequest and signedData files.
Content of the iaasPartRequest file: https://<EnterpriseControllerHostname>/iaas/?Action=DescribeVnets&Version=1&AccessKeyId=AK_1&filters.1.filterValue=privatevnet1&filters.1.filterName=name&Timestamp=1331058887344&Expires=1331059187344&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of the signedData file: B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Append the signature to get the complete IAAS request, as show in the following example:
https://<EnterpriseControllerHostname>/iaas/?Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi&Timestamp=1331058639019&Expires=1331058939019&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Note:
The complete request to the Web service must be created as a single-line request.Send the complete IAAS request using the browser or wget. The result returned is similar to the following output:
<result xsi:type="DescribeVnetsResult" requestId="111"><items><id>VNET-8028fbfa-9e6f-4494-82c5-b35367340240</id><name>privatevnet1</name><description>privatevnet1</description><status>OK</status><ipAddress>192.168.0.0/24</ipAddress></items></result>
To create a private virtual network for an account:
Define the data to be signed by the using DescribeVnets action.
Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi
Sign the data by using the WebUtil application.
java WebUtil signature privatekey.DER "POST" "<EnterpriseControllerHostname>" "Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi" signedData
Get the signed data that is stored in the iaasPartRequest and signedData files.
Content of the iaasPartRequest file: https://<EnterpriseControllerHostname>/iaas/?Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi&Timestamp=1331058639019&Expires=1331058939019&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=
Content of the signedData file: B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Append the signature to get the complete IAAS request, as show in the following example:
https://<EnterpriseControllerHostname>/iaas/?Action=CreateVnet&Version=1&AccessKeyId=AK_1&name=privatevnetWebApi&Timestamp=1331058639019&Expires=1331058939019&SignatureMethod=SHA512withRSA&SignatureVersion=1&Signature=B15A5WdQkIwTrlR/NDXbn1RFwWyBFAQFtZTfZ1jH8ftkRgvfwU93nxukpw23sHBdRvhzLuhyW2LWm90EIhZHd3H2x9s8D1wCAUFTsSAZoPuIlW40qn0sf9VTEXOlqwnxfray6eSGCcpHQWXaA+TjpCitzguoPmHa3LjGKECnbNuqJS15L8VuVfE6otaxyTBzmhH7iI7pBC8gcpomnDZhxZkAFaVT0TFf88epbJal5Yl6aTpptjlUNEz6jDhuV2Qaa3bI5OqnJc0PJgCkhuKU7un8us1JVEk/nf/or5RCBMmPGAluuILIfYBEe/euVUy7wQ00eyKPRuplZkORmVbFLg==
Note:
The complete request to the Web service must be created as a single-line request.Send the complete IAAS request using the browser or WGET utility. The result returned is similar to the following output:
<result xsi:type="CreateVnetResult" requestId="109"><vnetId>VNET-7e33ee2e-d0f9-4b39-b8c9-32b8c8bfed87</vnetId></result>