/// <exception cref="System.IO.IOException"/> private void VerifyConnection(Uri url, string msgToEncode, string encHash) { // Validate response code int rc = connection.GetResponseCode(); if (rc != HttpURLConnection.HttpOk) { throw new IOException("Got invalid response code " + rc + " from " + url + ": " + connection.GetResponseMessage()); } // get the shuffle version if (!ShuffleHeader.DefaultHttpHeaderName.Equals(connection.GetHeaderField(ShuffleHeader .HttpHeaderName)) || !ShuffleHeader.DefaultHttpHeaderVersion.Equals(connection.GetHeaderField (ShuffleHeader.HttpHeaderVersion))) { throw new IOException("Incompatible shuffle response version"); } // get the replyHash which is HMac of the encHash we sent to the server string replyHash = connection.GetHeaderField(SecureShuffleUtils.HttpHeaderReplyUrlHash ); if (replyHash == null) { throw new IOException("security validation of TT Map output failed"); } Log.Debug("url=" + msgToEncode + ";encHash=" + encHash + ";replyHash=" + replyHash ); // verify that replyHash is HMac of encHash SecureShuffleUtils.VerifyReply(replyHash, encHash, shuffleSecretKey); Log.Info("for url=" + msgToEncode + " sent hash and received reply"); }
/// <exception cref="System.IO.IOException"/> protected internal virtual void VerifyRequest(string appid, ChannelHandlerContext ctx, HttpRequest request, HttpResponse response, Uri requestUri) { SecretKey tokenSecret = this._enclosing.secretManager.RetrieveTokenSecret(appid); if (null == tokenSecret) { ShuffleHandler.Log.Info("Request for unknown token " + appid); throw new IOException("could not find jobid"); } // string to encrypt string enc_str = SecureShuffleUtils.BuildMsgFrom(requestUri); // hash from the fetcher string urlHashStr = request.GetHeader(SecureShuffleUtils.HttpHeaderUrlHash); if (urlHashStr == null) { ShuffleHandler.Log.Info("Missing header hash for " + appid); throw new IOException("fetcher cannot be authenticated"); } if (ShuffleHandler.Log.IsDebugEnabled()) { int len = urlHashStr.Length; ShuffleHandler.Log.Debug("verifying request. enc_str=" + enc_str + "; hash=..." + Sharpen.Runtime.Substring(urlHashStr, len - len / 2, len - 1)); } // verify - throws exception SecureShuffleUtils.VerifyReply(urlHashStr, enc_str, tokenSecret); // verification passed - encode the reply string reply = SecureShuffleUtils.GenerateHash(Sharpen.Runtime.GetBytesForString( urlHashStr, Charsets.Utf8), tokenSecret); response.SetHeader(SecureShuffleUtils.HttpHeaderReplyUrlHash, reply); // Put shuffle version into http header response.SetHeader(ShuffleHeader.HttpHeaderName, ShuffleHeader.DefaultHttpHeaderName ); response.SetHeader(ShuffleHeader.HttpHeaderVersion, ShuffleHeader.DefaultHttpHeaderVersion ); if (ShuffleHandler.Log.IsDebugEnabled()) { int len = reply.Length; ShuffleHandler.Log.Debug("Fetcher request verfied. enc_str=" + enc_str + ";reply=" + Sharpen.Runtime.Substring(reply, len - len / 2, len - 1)); } }