Audit with Partial TFN
The TFT Router calculates SHA-1 hashes based on a partial TFN, which is initially set to “8”. The message below is posted by the TFT Router after it receives the copyAtSequence value from the TSS. The same audit URL (“/tft-audit”) is used, but the JSON portion has an extra parameter for this step of the audit. The following is an example POST that indicates a hash has been calculated by the TFT Router:
POST /tft-audit HTTP/1.0
Content-Type: application/json
Content-Length: <num>
{
"id":"user",
"pwd":"password",
"partialTfn":"8", // 8 means the entire DB was hashed (8xx.xxx.xxxx)
"sha1":"8cb2237d0679ca88db6464eac60da96345513964"
}
The above message corresponds to step 8 of the “Description of a Successful Audit” section. Note that during failure scenarios, when the partialTfn is the full 10 digits, the above message includes the tspid instead of the sha1 hash -- the partialTfn-with-10-digit scenario is described later in this document.
| Audit Request Partial TFN Field Descriptions | ||
| Field | Range | Comments |
| /tft-audit | the URL | An audit request. |
| id | alpha-numeric, 10..256 chars | A minimum of 10 characters is required for security purposes, but up to 256 is allowed. |
| pwd | printable char, 10..256 chars | A minimum of 10 characters is required for security purposes, but up to 256 is allowed. |
| partialTfn | printable char, 1..10 chars, always starting with “8” and having more digits (up to 10 total) for failure scenarios. All chars are ‘0’..‘9’. | Indicates the scope of what was hashed. A single “8” means all 8xx numbers were part of this hash. For failure scenarios, an example of “800555” means that the hash is for any TFN starting with “800555”. See the failure scenario discussion for more details. |
| sha1 | printable hexadecimal string always 40 characters in length. | A SHA-1 hash looks something like this: “8cb2237d0679ca88db6464eac60da96345513964” Refer to the Hash Algorithm discussion in this document for more details on the sha1 hash. |
The following response is for the recoverable failure case. As indicated earlier, if the SHA-1 hash did not match, the TSS attempts to detect more specifically what has failed so that it can correct the issue. Therefore, a response similar to the following occurs when the hashes do not match:
// HTTP header omitted for brevity
{
"partialTfn": "80" // an example, the TSS is asking to audit 80 now
}
Lastly, if a partialTfn from the TSS (the above message) contains all 10 digits, then the TFT Router responds with the TSPID of that TFN instead of a sha1 hash -- since providing the TSPID allows the TSS to correct any discrepancy by adding new events to the download queue. Therefore, the TFT Router issues the following POST after the TSS provides a partialTfn with a full 10-digit TFN:
POST /tft-audit HTTP/1.0
Content-Type: application/json
Content-Length: <num>
{
"id":"user",
"pwd":"password",
"partialTfn":"8005551212", // The TFT Router responding to a full TFN
"tspid":"12345" // if the 10-digit TFN is not present then provide ""
// note: there is no sha1 in the 10-digit partialTfn case
}
Disclaimer: Any images in this article are intended to be used as a guide for educational purposes only and they may differ slightly from the Production Environment.