Hi Jens
first of all, thanks for your reply.
The idea is the following:
Let's suppose to have the following RPC
struct EmployInfo {
1: string name,
2: string surname,
3: i32 age,
4: i64 hireDate
}
oneway void registerEmploy {
1: i32 Id,
2: EmployInfo employInfo,
3: string integrityTag
}
the sender before calling the registerEmploy function computes the integrityTag.
The integrity tag is computed as secretFunc(message_str) where the
message_str is obtained as:
message_str = String.valueOf(Id)+serializer.toString(employInfo)
where serializer is defined as:
Tserializer serializer = new TSerializer(new TSimpleJSONProtocol.Factory())
The receiver before elaborating the requestId and employInfo data
shall check the integrity re-computing the integrity tag using the
same secretFunc(message_str) used by the sender. The receiver needs
also to compute the message_str. It applies the same mechanism used by
the sender. In case the integrity tag matches we can assume that the
data are ok.
I want to leverage on TJSONProtocol to convert the structured data in
JSON string. But I have some doubts that this solution is portable
across the different programming languages. I have scenario where
sender and receiver use different programming languages
Best Regards
Il giorno mar 9 mag 2023 alle ore 21:18 Jens Geyer
<jensge...@hotmail.com> ha scritto:
>
> Hi Fabio,
>
> > Is it correct to assume that the JSON string resulting from conversion
> > is always the same (assuming to have the same input data) across
> > different programming languages?
>
> in theory ... probably, depends. I can think of cases where the
> resulting data might be different, including the compatibility case
> where we have a new version of embedded data with default values or the
> like. So I would not really bet on it.
>
> But what puzzles me most is this. As I understand it, the idea is
>
> - Alice serializes data to JSON
> - Alice stores the data into some envelope and puts an SHA-256 along
> with it, say:
>
> struct Envelope {
> 1 : string data // Thrift JSON data
> 2 : binary check // SHA-256 hash on data
> }
>
> - Bob reads the data and validates the checksum
> - Bob deserializes data from JSON (or whatever else the format is)
>
> Questions:
> -> Why could Bob need to write the exact same data again?
> -> And if that is really necessary, why can't Bob just calculate the
> SHA-256 again?
>
> I probably overlook something here ...
>
> Have fun,
> JensG
>
>
>
>
> Am 09.05.2023 um 10:22 schrieb Fabio Ronca:
> > Hi there,
> >
> > I have a question about the Tserializer and the TJSONProtocol offered by
> > Thrift.
> > I'm using Thrift to implement a RPC between applications written in
> > different programming languages.
> > I need to add new functionality in my solution implementing an
> > integrity check on the data exchanged between client and server.
> >
> > The idea is to compute an integrity on the data (defined in the IDL
> > Thrift) exchanged between sender and clients.
> > The integrity tag will be computed by the sender and re-compute by the
> > receiver. To ensure the integrity the tag computed by the receiver
> > shall match with the one received from the sender.
> >
> > For structured data types, I want to leverage on the Tserializer based
> > on TJSONProtocol to obtain a JSON string (representing the data to
> > protect) to provide as input to the algorithm for integrity
> > calculation.
> >
> > Is it correct to assume that the JSON string resulting from conversion
> > is always the same (assuming to have the same input data) across
> > different programming languages?
> > I mean, can I assume that the behaviour of TSerializer (based on
> > TJSONProtocol) is the same across the different implementations of
> > Thrift libraries available for the different programming languages?
> >
> > Thanks in advance
> > Best Regards
