Repository: tez Updated Branches: refs/heads/master f3256a73c -> e84c1aa7a
TEZ-2008. Add methods to SecureShuffleUtils to verify a reply based on a provided Key. (sseth) Project: http://git-wip-us.apache.org/repos/asf/tez/repo Commit: http://git-wip-us.apache.org/repos/asf/tez/commit/e84c1aa7 Tree: http://git-wip-us.apache.org/repos/asf/tez/tree/e84c1aa7 Diff: http://git-wip-us.apache.org/repos/asf/tez/diff/e84c1aa7 Branch: refs/heads/master Commit: e84c1aa7aacd4933502d183e9e56e9c83a8db499 Parents: f3256a7 Author: Siddharth Seth <[email protected]> Authored: Wed Jan 28 17:43:42 2015 -0800 Committer: Siddharth Seth <[email protected]> Committed: Wed Jan 28 17:43:42 2015 -0800 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../common/security/SecureShuffleUtils.java | 37 +++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tez/blob/e84c1aa7/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 823803d..9e64a0b 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -7,6 +7,7 @@ Release 0.7.0: Unreleased INCOMPATIBLE CHANGES ALL CHANGES: + TEZ-2008. Add methods to SecureShuffleUtils to verify a reply based on a provided Key. TEZ-1995. Build failure against hadoop 2.2. TEZ-1997. Remove synchronization DefaultSorter::isRLENeeded() (Causes sorter to hang indefinitely in large jobs). TEZ-1996. Update Website after 0.6.0 http://git-wip-us.apache.org/repos/asf/tez/blob/e84c1aa7/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/common/security/SecureShuffleUtils.java ---------------------------------------------------------------------- diff --git a/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/common/security/SecureShuffleUtils.java b/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/common/security/SecureShuffleUtils.java index f36d41d..67b8de2 100644 --- a/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/common/security/SecureShuffleUtils.java +++ b/tez-runtime-library/src/main/java/org/apache/tez/runtime/library/common/security/SecureShuffleUtils.java @@ -59,6 +59,21 @@ public class SecureShuffleUtils { } /** + * Verify the message matches the provided hash using the specified key. </p> + * This is only meant to be used when a process needs to verify against multiple different keys + * (ShuffleHandler for instance) + * + * @param hash + * @param msg + * @param key + * @return true when hashes match; false otherwise + */ + private static boolean verifyHash(byte[] hash, byte[] msg, SecretKey key) { + byte[] msg_hash = generateByteHash(msg, key); + return WritableComparator.compareBytes(msg_hash, 0, msg_hash.length, hash, 0, hash.length) == 0; + } + + /** * verify that hash equals to HMacHash(msg) * @param hash * @param msg @@ -81,7 +96,27 @@ public class SecureShuffleUtils { throws IOException { return new String(Base64.encodeBase64(mgr.computeHash(enc_str.getBytes(Charsets.UTF_8))), Charsets.UTF_8); } - + + /** + * Verify that the base64 encoded hash matches the hash generated by making use of the provided + * key on the specified message. </p> + * * This is only meant to be used when a process needs to verify against multiple different keys + * (ShuffleHandler for instance) + * + * @param base64Hash base64 encoded hash + * @param msg the message + * @param key the key to use to generate the hash from the message + * @throws IOException + */ + public static void verifyReply(String base64Hash, String msg, SecretKey key) throws IOException { + byte[] hash = Base64.decodeBase64(base64Hash.getBytes(Charsets.UTF_8)); + boolean res = verifyHash(hash, msg.getBytes(Charsets.UTF_8), key); + + if(res != true) { + throw new IOException("Verification of the hashReply failed"); + } + } + /** * verify that base64Hash is same as HMacHash(msg) * @param base64Hash (Base64 encoded hash)
