Search in sources :

Example 1 with AccessRequest

use of org.forgerock.openam.radius.common.AccessRequest in project OpenAM by OpenRock.

the class RadiusConn method createAccessRequest.

/**
     * Generates an access request packet.
     *
     * @return the access request packet.
     * @throws NoSuchAlgorithmException
     */
private AccessRequest createAccessRequest() throws NoSuchAlgorithmException {
    RequestAuthenticator ra = new RequestAuthenticator(random, secret);
    AccessRequest req = new AccessRequest(getIdentifier(), ra);
    return req;
}
Also used : RequestAuthenticator(org.forgerock.openam.radius.common.RequestAuthenticator) AccessRequest(org.forgerock.openam.radius.common.AccessRequest)

Example 2 with AccessRequest

use of org.forgerock.openam.radius.common.AccessRequest in project OpenAM by OpenRock.

the class OpenAMAuthHandlerTest method handle.

/**
     * Test the following method;.
     *
     * @see org.forgerock.openam.radius.server.spi.handlers.OpenAMAuthHandler#handle
     * @throws RadiusProcessingException - should not happen.
     * @throws AuthLoginException - should not happen.
     * @throws IOException - should not happen.
     */
@Test(enabled = true)
public void handle() throws RadiusProcessingException, AuthLoginException, IOException {
    // given
    final Callback pagePropCallback = new PagePropertiesCallback("test_module", null, null, 0, null, false, null);
    final Callback nameCallback = new NameCallback("Username:");
    final Callback pwCallback = new PasswordCallback("pw_prompt", false);
    final Callback[] callbacks = new Callback[] { pagePropCallback, nameCallback, pwCallback };
    final String testRealm = "test_realm";
    final String testChain = "test_chain";
    final String cacheKey = "cache_key";
    final Properties props = new Properties();
    props.setProperty("realm", testRealm);
    props.setProperty("chain", testChain);
    final Status status = mock(Status.class);
    final AuthContext authContext = mock(AuthContext.class);
    when(authContext.getStatus()).thenReturn(AuthContext.Status.SUCCESS);
    when(status.toString()).thenReturn("success");
    when(authContext.hasMoreRequirements()).thenReturn(true, false);
    when(authContext.getRequirements(true)).thenReturn(callbacks);
    // Context and context holder
    final ContextHolder holder = mock(ContextHolder.class);
    final OpenAMAuthFactory ctxHolderFactory = mock(OpenAMAuthFactory.class);
    when(holder.getCacheKey()).thenReturn(cacheKey);
    when(holder.getAuthContext()).thenReturn(authContext);
    when(holder.getAuthPhase()).thenReturn(AuthPhase.STARTING, AuthPhase.GATHERING_INPUT, AuthPhase.FINALIZING);
    when(holder.getCallbacks()).thenReturn(callbacks, callbacks, (Callback[]) null);
    when(holder.getIdxOfCurrentCallback()).thenReturn(1, 2);
    final ContextHolderCache ctxHolderCache = mock(ContextHolderCache.class);
    when(ctxHolderCache.createCachedContextHolder()).thenReturn(holder);
    when(ctxHolderCache.get(isA(String.class))).thenReturn(holder);
    EventBus eventBus = new EventBus();
    final OpenAMAuthHandler handler = new OpenAMAuthHandler(ctxHolderFactory, ctxHolderCache, eventBus);
    handler.init(props);
    final Authenticator authenticator = mock(Authenticator.class);
    when(authenticator.getOctets()).thenReturn("authenticator".getBytes());
    // final StateAttribute mockStateAttribute = new StateAttribute("1");
    final UserPasswordAttribute mockUserPasswordAttribute = new UserPasswordAttribute(authenticator, "secret", "testPassword");
    final UserNameAttribute mockUsernameAttribute = new UserNameAttribute("testUser");
    final AttributeSet mockAttrSet = mock(AttributeSet.class);
    when(mockAttrSet.size()).thenReturn(2);
    // when(mockAttrSet.getAttributeAt(0)).thenReturn(mockStateAttribute);
    when(mockAttrSet.getAttributeAt(0)).thenReturn(mockUserPasswordAttribute);
    when(mockAttrSet.getAttributeAt(1)).thenReturn(mockUsernameAttribute);
    final AccessRequest mockRequestPacket = mock(AccessRequest.class);
    when(mockRequestPacket.getAttributeSet()).thenReturn(mockAttrSet);
    RadiusRequestContext reqCtx = mock(RadiusRequestContext.class);
    when(reqCtx.getRequestAuthenticator()).thenReturn((mock(Authenticator.class)));
    when(reqCtx.getClientSecret()).thenReturn("victoria");
    RadiusResponse response = new RadiusResponse();
    Packet mockPacket = mock(Packet.class);
    when(mockPacket.getIdentifier()).thenReturn((short) 1);
    RadiusRequest request = mock(RadiusRequest.class);
    when(request.getRequestPacket()).thenReturn(mockPacket);
    UserNameAttribute userName = mock(UserNameAttribute.class);
    when(userName.getName()).thenReturn("Fred");
    UserPasswordAttribute userPassword = mock(UserPasswordAttribute.class);
    when(userPassword.extractPassword(isA(Authenticator.class), isA(String.class))).thenReturn("password");
    when(request.getAttribute(UserPasswordAttribute.class)).thenReturn(userPassword);
    when(request.getAttribute(UserNameAttribute.class)).thenReturn(userName);
    String password = userPassword.extractPassword(reqCtx.getRequestAuthenticator(), reqCtx.getClientSecret());
    assertThat(password).isNotNull();
    // when
    handler.handle(request, response, reqCtx);
    // then
    verify(authContext, times(1)).login(AuthContext.IndexType.SERVICE, testChain);
    verify(ctxHolderFactory, times(1)).getAuthContext(testRealm);
    verify(holder, times(3)).getCallbacks();
    verify(holder, times(1)).setAuthPhase(ContextHolder.AuthPhase.TERMINATED);
    verify(authContext, times(1)).logout();
}
Also used : Status(com.sun.identity.authentication.AuthContext.Status) Packet(org.forgerock.openam.radius.common.Packet) OpenAMAuthFactory(org.forgerock.openam.radius.server.spi.handlers.amhandler.OpenAMAuthFactory) PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback) AccessRequest(org.forgerock.openam.radius.common.AccessRequest) AuthContext(com.sun.identity.authentication.AuthContext) EventBus(org.forgerock.guava.common.eventbus.EventBus) Properties(java.util.Properties) RadiusRequest(org.forgerock.openam.radius.server.RadiusRequest) RadiusResponse(org.forgerock.openam.radius.server.RadiusResponse) PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) ContextHolder(org.forgerock.openam.radius.server.spi.handlers.amhandler.ContextHolder) ContextHolderCache(org.forgerock.openam.radius.server.spi.handlers.amhandler.ContextHolderCache) AttributeSet(org.forgerock.openam.radius.common.AttributeSet) RadiusRequestContext(org.forgerock.openam.radius.server.RadiusRequestContext) UserNameAttribute(org.forgerock.openam.radius.common.UserNameAttribute) PasswordCallback(javax.security.auth.callback.PasswordCallback) Authenticator(org.forgerock.openam.radius.common.Authenticator) UserPasswordAttribute(org.forgerock.openam.radius.common.UserPasswordAttribute) Test(org.testng.annotations.Test)

Example 3 with AccessRequest

use of org.forgerock.openam.radius.common.AccessRequest in project OpenAM by OpenRock.

the class RadiusRequestTest method getRequestPacket.

/**
     * Test the <code>RadiusRequest#getRequestPacket</code> method.
     *
     * @see org.forgerock.openam.radius.server.RadiusRequest#getRequestPacket
     */
@Test
public void getRequestPacket() {
    // Given
    AccessRequest packet = new AccessRequest((short) 1, mock(Authenticator.class));
    RadiusRequest request = new RadiusRequest(packet);
    // When
    Packet returned = request.getRequestPacket();
    // Then
    assertThat(returned).isSameAs(packet);
}
Also used : Packet(org.forgerock.openam.radius.common.Packet) AccessRequest(org.forgerock.openam.radius.common.AccessRequest) Authenticator(org.forgerock.openam.radius.common.Authenticator) Test(org.testng.annotations.Test)

Example 4 with AccessRequest

use of org.forgerock.openam.radius.common.AccessRequest in project OpenAM by OpenRock.

the class RadiusRequestTest method getRequestId.

/**
     * Test the <code>RadiusRequest#getRequestId</code> method.
     *
     * @see org.forgerock.openam.radius.server.RadiusRequest#getRequestId
     */
@Test
public void getRequestId() {
    // Given
    AccessRequest packet = new AccessRequest((short) 1, mock(Authenticator.class));
    RadiusRequest request = new RadiusRequest(packet);
    // Then
    String reqId = request.getRequestId();
    String reqId2 = request.getRequestId();
    assertThat(reqId2).isEqualTo(reqId);
}
Also used : AccessRequest(org.forgerock.openam.radius.common.AccessRequest) Authenticator(org.forgerock.openam.radius.common.Authenticator) Test(org.testng.annotations.Test)

Example 5 with AccessRequest

use of org.forgerock.openam.radius.common.AccessRequest in project OpenAM by OpenRock.

the class RadiusRequestHandler method run.

@Override
public void run() {
    try {
        LOG.message("Entering RadiusRequestHandler.run();");
        final Packet requestPacket = getValidPacket(buffer);
        if (requestPacket == null) {
            LOG.message("Leaving RadiusRequestHandler.run(); no requestPacket");
            return;
        }
        // grab the items from the request that we'll need in the RadiusResponseHandler at send time
        requestContext.setRequestId(requestPacket.getIdentifier());
        requestContext.setRequestAuthenticator(requestPacket.getAuthenticator());
        final AccessRequest accessRequest = createAccessRequest(requestPacket);
        if (accessRequest == null) {
            LOG.message("Leaving RadiusRequestHandler.run(); Packet received was not an AccessRequest packet.");
            return;
        }
        // Instantiate an instance of the AccessRequestHandler class specified in the configuration for this
        // client.
        final AccessRequestHandler accessRequestHandler = accessRequestHandlerFactory.getAccessRequestHandler(requestContext);
        if (accessRequestHandler == null) {
            LOG.message("Leaving RadiusRequestHandler.run(); Could not obtain Access Request Handler.");
            return;
        }
        final RadiusRequest request = new RadiusRequest(accessRequest);
        final RadiusResponse response = new RadiusResponse();
        try {
            // The handler will form the response.
            accessRequestHandler.handle(request, response, requestContext);
            postHandledEvent(request, response, requestContext);
            // Send the response to the client.
            Packet responsePacket = response.getResponsePacket();
            requestContext.send(responsePacket);
            resultHandler.handleResult(response);
        } catch (final RadiusProcessingException rre) {
            // So the processing of the request failed. Is the error recoverable or does the RADIUS server
            // need to shutdown?
            handleResponseException(rre, requestContext);
        }
    } catch (final Exception t) {
        final StringBuilder sb = new StringBuilder("Exception occured while handling radius request for RADIUS client '").append(getClientName()).append("'. Rejecting access.");
        LOG.error(sb.toString(), t);
        this.sendAccessReject(requestContext);
        return;
    }
}
Also used : Packet(org.forgerock.openam.radius.common.Packet) AccessRequest(org.forgerock.openam.radius.common.AccessRequest) AccessRequestHandler(org.forgerock.openam.radius.server.spi.AccessRequestHandler)

Aggregations

AccessRequest (org.forgerock.openam.radius.common.AccessRequest)10 UserNameAttribute (org.forgerock.openam.radius.common.UserNameAttribute)6 Test (org.testng.annotations.Test)5 Authenticator (org.forgerock.openam.radius.common.Authenticator)4 Packet (org.forgerock.openam.radius.common.Packet)4 UserPasswordAttribute (org.forgerock.openam.radius.common.UserPasswordAttribute)4 NASIPAddressAttribute (org.forgerock.openam.radius.common.packet.NASIPAddressAttribute)3 NASPortAttribute (org.forgerock.openam.radius.common.packet.NASPortAttribute)3 IOException (java.io.IOException)2 RequestAuthenticator (org.forgerock.openam.radius.common.RequestAuthenticator)2 StateAttribute (org.forgerock.openam.radius.common.StateAttribute)2 AuthContext (com.sun.identity.authentication.AuthContext)1 Status (com.sun.identity.authentication.AuthContext.Status)1 PagePropertiesCallback (com.sun.identity.authentication.spi.PagePropertiesCallback)1 InetSocketAddress (java.net.InetSocketAddress)1 ByteBuffer (java.nio.ByteBuffer)1 DatagramChannel (java.nio.channels.DatagramChannel)1 SecureRandom (java.security.SecureRandom)1 Properties (java.util.Properties)1 Callback (javax.security.auth.callback.Callback)1