Search in sources :

Example 1 with ChallengeException

use of com.sun.identity.authentication.modules.radius.client.ChallengeException in project OpenAM by OpenRock.

the class RADIUS method process.

/**
     * Takes an array of submitted <code>Callback</code>, process them and decide the order of next state to go. Return
     * STATE_SUCCEED if the login is successful, return STATE_FAILED if the LoginModule should be ignored.
     *
     * @param callbacks
     *            an array of <code>Callback</code> for this Login state
     * @param state
     *            order of state. State order starts with 1.
     * @return int order of next state. Return STATE_SUCCEED if authentication is successful, return STATE_FAILED if the
     *         LoginModule should be ignored.
     * @throws AuthLoginException if the user fails authentication or some anomalous condition occurs
     */
@Override
public int process(Callback[] callbacks, int state) throws AuthLoginException {
    String tmpPasswd = null;
    String sState;
    switch(state) {
        case ISAuthConstants.LOGIN_START:
            try {
                radiusConn = new RadiusConn(primaryServers, secondaryServers, sharedSecret, iTimeOut, healthCheckInterval);
            } catch (SocketException se) {
                debug.error("RADIUS login failure; Socket Exception se == ", se);
                shutdown();
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusNoServer", null);
            } catch (Exception e) {
                debug.error("RADIUS login failure; Can't connect to RADIUS server", e);
                shutdown();
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusNoServer", null);
            }
            if (callbacks != null && callbacks.length == 0) {
                username = (String) sharedState.get(getUserKey());
                tmpPasswd = (String) sharedState.get(getPwdKey());
                if (username == null || tmpPasswd == null) {
                    return ISAuthConstants.LOGIN_START;
                }
                getCredentialsFromSharedState = true;
            } else {
                username = ((NameCallback) callbacks[0]).getName();
                tmpPasswd = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
                if (debug.messageEnabled()) {
                    debug.message("username: " + username);
                }
            }
            storeUsernamePasswd(username, tmpPasswd);
            try {
                succeeded = false;
                radiusConn.authenticate(username, tmpPasswd);
            } catch (RejectException re) {
                if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
                    getCredentialsFromSharedState = false;
                    return ISAuthConstants.LOGIN_START;
                }
                if (debug.messageEnabled()) {
                    debug.message("Radius login request rejected", re);
                }
                shutdown();
                setFailureID(username);
                throw new InvalidPasswordException(AM_AUTH_RADIUS, "RadiusLoginFailed", null, username, re);
            } catch (IOException ioe) {
                if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
                    getCredentialsFromSharedState = false;
                    return ISAuthConstants.LOGIN_START;
                }
                debug.error("Radius request IOException", ioe);
                shutdown();
                setFailureID(username);
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
            } catch (java.security.NoSuchAlgorithmException ne) {
                if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
                    getCredentialsFromSharedState = false;
                    return ISAuthConstants.LOGIN_START;
                }
                debug.error("Radius No Such Algorithm Exception", ne);
                shutdown();
                setFailureID(username);
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
            } catch (ChallengeException ce) {
                if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
                    getCredentialsFromSharedState = false;
                    return ISAuthConstants.LOGIN_START;
                }
                cException = ce;
                sState = ce.getState();
                if (sState == null) {
                    debug.error("Radius failure - no state returned in challenge");
                    shutdown();
                    setFailureID(username);
                    throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusAuth", null);
                }
                challengeID = ce.getReplyMessage();
                if (debug.messageEnabled()) {
                    debug.message("Server challenge with " + "challengeID: " + challengeID);
                }
                setDynamicText(2);
                return ISAuthConstants.LOGIN_CHALLENGE;
            } catch (Exception e) {
                if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
                    getCredentialsFromSharedState = false;
                    return ISAuthConstants.LOGIN_START;
                }
                shutdown();
                setFailureID(username);
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null, e);
            }
            succeeded = true;
            break;
        case ISAuthConstants.LOGIN_CHALLENGE:
            String passwd = getChallengePassword(callbacks);
            if (debug.messageEnabled()) {
                debug.message("reply to challenge--username: " + username);
            }
            try {
                succeeded = false;
                radiusConn.replyChallenge(username, passwd, cException);
            } catch (ChallengeException ce) {
                sState = ce.getState();
                if (sState == null) {
                    debug.error("handle Challenge failure - no state returned");
                    shutdown();
                    setFailureID(username);
                    throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
                }
                resetCallback(2, 0);
                challengeID = ce.getReplyMessage();
                if (debug.messageEnabled()) {
                    debug.message("Server challenge again with challengeID: " + challengeID);
                }
                // save it for next replyChallenge
                cException = ce;
                setDynamicText(2);
                return ISAuthConstants.LOGIN_CHALLENGE;
            } catch (RejectException ex) {
                debug.error("Radius challenge response rejected", ex);
                shutdown();
                setFailureID(username);
                throw new InvalidPasswordException(AM_AUTH_RADIUS, "RadiusLoginFailed", null, username, ex);
            } catch (IOException ioe) {
                debug.error("Radius challenge IOException", ioe);
                shutdown();
                setFailureID(username);
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
            } catch (java.security.NoSuchAlgorithmException ex) {
                debug.error("Radius No Such Algorithm Exception", ex);
                shutdown();
                setFailureID(username);
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
            } catch (Exception e) {
                debug.error("RADIUS challenge Authentication Failed ", e);
                shutdown();
                setFailureID(username);
                throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
            }
            succeeded = true;
            break;
        default:
            debug.error("RADIUS Authentication Failed - invalid state" + state);
            shutdown();
            succeeded = false;
            setFailureID(username);
            throw new AuthLoginException(AM_AUTH_RADIUS, "RadiusLoginFailed", null);
    }
    if (succeeded) {
        if (debug.messageEnabled()) {
            debug.message("RADIUS authentication successful");
        }
        if (username != null) {
            StringTokenizer usernameToken = new StringTokenizer(username, ",");
            userTokenId = usernameToken.nextToken();
        }
        if (debug.messageEnabled()) {
            debug.message("userTokenID: " + userTokenId);
        }
        shutdown();
        return ISAuthConstants.LOGIN_SUCCEED;
    } else {
        if (debug.messageEnabled()) {
            debug.message("RADIUS authentication to be ignored");
        }
        return ISAuthConstants.LOGIN_IGNORE;
    }
}
Also used : SocketException(java.net.SocketException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) RejectException(com.sun.identity.authentication.modules.radius.client.RejectException) IOException(java.io.IOException) RadiusConn(com.sun.identity.authentication.modules.radius.client.RadiusConn) IOException(java.io.IOException) ChallengeException(com.sun.identity.authentication.modules.radius.client.ChallengeException) SocketException(java.net.SocketException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException) RejectException(com.sun.identity.authentication.modules.radius.client.RejectException) ChallengeException(com.sun.identity.authentication.modules.radius.client.ChallengeException) StringTokenizer(java.util.StringTokenizer) PasswordCallback(javax.security.auth.callback.PasswordCallback) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)

Aggregations

ChallengeException (com.sun.identity.authentication.modules.radius.client.ChallengeException)1 RadiusConn (com.sun.identity.authentication.modules.radius.client.RadiusConn)1 RejectException (com.sun.identity.authentication.modules.radius.client.RejectException)1 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1 InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)1 IOException (java.io.IOException)1 SocketException (java.net.SocketException)1 StringTokenizer (java.util.StringTokenizer)1 PasswordCallback (javax.security.auth.callback.PasswordCallback)1