/// <exception cref="System.IO.IOException"/>
private void VerifyConnection(Uri url, string msgToEncode, string encHash)
{
// Validate response code
int rc = connection.GetResponseCode();
if (rc != HttpURLConnection.HttpOk)
{
throw new IOException("Got invalid response code " + rc + " from " + url + ": " +
connection.GetResponseMessage());
}
// get the shuffle version
if (!ShuffleHeader.DefaultHttpHeaderName.Equals(connection.GetHeaderField(ShuffleHeader
.HttpHeaderName)) || !ShuffleHeader.DefaultHttpHeaderVersion.Equals(connection.GetHeaderField
(ShuffleHeader.HttpHeaderVersion)))
{
throw new IOException("Incompatible shuffle response version");
}
// get the replyHash which is HMac of the encHash we sent to the server
string replyHash = connection.GetHeaderField(SecureShuffleUtils.HttpHeaderReplyUrlHash
);
if (replyHash == null)
{
throw new IOException("security validation of TT Map output failed");
}
Log.Debug("url=" + msgToEncode + ";encHash=" + encHash + ";replyHash=" + replyHash
);
// verify that replyHash is HMac of encHash
SecureShuffleUtils.VerifyReply(replyHash, encHash, shuffleSecretKey);
Log.Info("for url=" + msgToEncode + " sent hash and received reply");
}
/// <exception cref="System.IO.IOException"/>
protected internal virtual void VerifyRequest(string appid, ChannelHandlerContext
ctx, HttpRequest request, HttpResponse response, Uri requestUri)
{
SecretKey tokenSecret = this._enclosing.secretManager.RetrieveTokenSecret(appid);
if (null == tokenSecret)
{
ShuffleHandler.Log.Info("Request for unknown token " + appid);
throw new IOException("could not find jobid");
}
// string to encrypt
string enc_str = SecureShuffleUtils.BuildMsgFrom(requestUri);
// hash from the fetcher
string urlHashStr = request.GetHeader(SecureShuffleUtils.HttpHeaderUrlHash);
if (urlHashStr == null)
{
ShuffleHandler.Log.Info("Missing header hash for " + appid);
throw new IOException("fetcher cannot be authenticated");
}
if (ShuffleHandler.Log.IsDebugEnabled())
{
int len = urlHashStr.Length;
ShuffleHandler.Log.Debug("verifying request. enc_str=" + enc_str + "; hash=..." +
Sharpen.Runtime.Substring(urlHashStr, len - len / 2, len - 1));
}
// verify - throws exception
SecureShuffleUtils.VerifyReply(urlHashStr, enc_str, tokenSecret);
// verification passed - encode the reply
string reply = SecureShuffleUtils.GenerateHash(Sharpen.Runtime.GetBytesForString(
urlHashStr, Charsets.Utf8), tokenSecret);
response.SetHeader(SecureShuffleUtils.HttpHeaderReplyUrlHash, reply);
// Put shuffle version into http header
response.SetHeader(ShuffleHeader.HttpHeaderName, ShuffleHeader.DefaultHttpHeaderName
);
response.SetHeader(ShuffleHeader.HttpHeaderVersion, ShuffleHeader.DefaultHttpHeaderVersion
);
if (ShuffleHandler.Log.IsDebugEnabled())
{
int len = reply.Length;
ShuffleHandler.Log.Debug("Fetcher request verfied. enc_str=" + enc_str + ";reply="
+ Sharpen.Runtime.Substring(reply, len - len / 2, len - 1));
}
}
