Uncategorized

Amazon API

Monday, August 10th, 2009

Every request to the Amazon API needs to be signed by using HMAC-SHA signatures. The request needs a signature and a timestamp. “A signature is created by using the request type, domain, the URI, and a sorted string of every parameter in the request (except the Signature parameter itself) with the following format <parameter>=<value>&. Once properly formatted, you create a base64-encoded HMAC_SHA256 signature using your AWS secret key.” Amazon API [1]

The timestamp needs to be in YYYY-MM-DDThh:mm:ssZ Format.

Examples can be found in the Amazon API Docs [2]. For the encryption I used the as3crypto lib [3] and a solution of Brendon Wilson [4].

[1] http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?HMACAuth_ItemsRequired.html

[2] http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?rest-signature.html

[3] http://code.google.com/p/as3crypto/

[4] http://www.brendonwilson.com/

the final function:

public function aws_signed_request(p : Array):void{
var public_key : String = "Your Access Key ID";
var private_key : String = "Your Secret Access Key:";

var requestBytes:ByteArray = new ByteArray();

var hmacc:HMAC = new HMAC(new SHA256());
var keyBytes:ByteArray = new ByteArray();
var hmacBytes:ByteArray;
var encoder:Base64Encoder = new Base64Encoder();
var formatter:DateFormatter = new DateFormatter();
var now:Date = new Date();
var string_to_sign : String = "";
var timestamp : String;
var method : String = "GET";
var host : String = "ecs.amazonaws.com";
var uri : String = "/onca/xml";
var pattern:RegExp = /%7E/gi;
var signature : String;
var params : Array = new Array();

// Do not change the order of following commands
params["AWSAccessKeyId"] = public_key;

for(var i:int = 0; i params[p[i]] = p[(i+1)];
}

// creating Timestamp
formatter.formatString = "YYYY-MM-DDTHH:NN:SSZ";
now.setTime(now.getTime() + (now.getTimezoneOffset() * 60 * 1000));
timestamp = formatter.format(now);

params["Version"] = "2009-03-31";
params["Timestamp"] = timestamp;
params["Service"] = "AWSECommerceService";

params.sort();

// cannonicalized_query
var can_query : Array = new Array();
for( var key in params ) {
key = escape(key.replace(pattern, "~"));
params[key] = escape(params[key].replace(pattern, "~"));
can_query.push(key + "=" + params[key]);
}

var fin_query : String = "";

// implode the query
for(var i:int = 0; i fin_query += can_query[i];
if(i != (can_query.length-1))
fin_query += "&";
}

string_to_sign = method + " " + host + " " + uri + "\n" + fin_query;

requestBytes.writeUTFBytes(string_to_sign);
keyBytes.writeUTFBytes(private_key);
hmacBytes = hmacc.compute(keyBytes, requestBytes);
encoder.encodeBytes(hmacBytes);
encoder.toString();
signature = encoder.toString() + encoder.toString();
signature = escape(signature.replace(pattern, "~"));
var request : String = "http://" + host+uri+"?"+fin_query+"&Signature="+signature;

somaLoader.add(request, null, SomaLoader.TYPE_XML);
somaLoader.addEventListener(SomaLoaderEvent.COMPLETE, responseReceived);
somaLoader.start();

}

Posted in AS3, Uncategorized | No Comments »

FireVox screen reader

Tuesday, August 4th, 2009

FireVox is a free opensource screen reader and keyboard navigation plug-in for the Firefox. It’s available to download for Windows, Mac and Linux.

http://firevox.clcworld.net/

Tags: , , , ,
Posted in Uncategorized | No Comments »

Django : another web framework

Thursday, July 16th, 2009

This time it’s Python-based, and takes the scaffolding metaphor to a new height (no pun intended) by including a lot of auto-build stuff and encouraging developers to build-by-exception all of the time whilst remembering the key elements of the DRY idiom. Take a look.

Designed and built from the ground up to work in a “fast-paced online news operation” the framework allows quick and easy development of web applications, without compromising on the amount of control that a developer has over the code. Major “we like this” points are:

1. built-in URL design with no limitations from the framework

2. template language to separate your view code from the model and controller code

3. super caching to speed up application performance

4. free cherries with each application

5. automatic admin interfaces – out of the box, once you define your data. Don’t waste time in building yet another admin interface

6. multi-language and internationalisation ready

* The cherries are not free, nor do they exist.

Posted in Uncategorized | No Comments »