Search in sources :

Example 1 with NASPortAttribute

use of org.forgerock.openam.radius.common.packet.NASPortAttribute in project OpenAM by OpenRock.

the class TestPacket method testSerializingRfc2865Section7dot1Example.

/**
     * Test to ensure conformity with <a href="https://tools.ietf.org/html/rfc2865#section-7.1">IETF RFC 2865 section
     * 7.1</a>
     */
@Test
public void testSerializingRfc2865Section7dot1Example() {
    // what we should end up with
    final String res = "01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb " + "98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d " + "93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8 " + "01 10 05 06 00 00 00 03";
    final AccessRequest accessReq = new AccessRequest();
    accessReq.setIdentifier((short) 0);
    accessReq.addAttribute(new UserNameAttribute("nemo"));
    final String authenticatorBytes = "0f 40 3f 94 73 97 80 57 bd 83 d5 cb 98 f4 22 7a";
    final byte[] aBytes = Utils.toByteArray(authenticatorBytes);
    final RequestAuthenticator authenticator = new RequestAuthenticator(aBytes);
    accessReq.setAuthenticator(authenticator);
    accessReq.addAttribute(new UserPasswordAttribute(authenticator, Rfc2865Examples.secret, Rfc2865Examples.password));
    try {
        final InetAddress address = InetAddress.getByAddress(new byte[] { (byte) 192, (byte) 168, 1, 16 });
        accessReq.addAttribute(new NASIPAddressAttribute(address));
    } catch (final UnknownHostException e) {
        // ignore since it won't happen given valid address
        e.printStackTrace();
    }
    accessReq.addAttribute(new NASPortAttribute(3));
    final byte[] bytes = accessReq.getOctets();
    final ByteBuffer pktBfr = ByteBuffer.wrap(bytes);
    final String spaceHex = Utils.toSpacedHex(pktBfr);
    Assert.assertEquals(spaceHex, res, "output sequence of AccessRequest should have matched");
}
Also used : UnknownHostException(java.net.UnknownHostException) NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute) NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute) InetAddress(java.net.InetAddress) ByteBuffer(java.nio.ByteBuffer) Test(org.testng.annotations.Test)

Example 2 with NASPortAttribute

use of org.forgerock.openam.radius.common.packet.NASPortAttribute in project OpenAM by OpenRock.

the class TestPacketFactory method testRfc2865Sec7dot1Example.

/**
     * Test to ensure conformity with <a href="https://tools.ietf.org/html/rfc2865#section-7.1">IETF RFC 2865 section
     * 7.1</a>
     *
     * @throws UnknownHostException
     */
@Test
public void testRfc2865Sec7dot1Example() throws UnknownHostException {
    final String hex = "01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb" + "98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d" + "93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8" + "01 10 05 06 00 00 00 03";
    final ByteBuffer bfr = Utils.toBuffer(hex);
    dumpBfr(bfr);
    final Packet pkt = PacketFactory.toPacket(bfr);
    Assert.assertNotNull(pkt.getAuthenticator(), "authenticator should be defined");
    Assert.assertEquals(pkt.getType(), PacketType.ACCESS_REQUEST, "Incorrect type code");
    Assert.assertEquals(pkt.getIdentifier(), 0, "packet identifier should have been 0");
    Assert.assertEquals(pkt.getAttributeSet().size(), 4, "packet attributes contained");
    Assert.assertEquals(pkt.getAttributeAt(0).getClass().getSimpleName(), UserNameAttribute.class.getSimpleName(), "0 attribute");
    Assert.assertEquals(((UserNameAttribute) pkt.getAttributeAt(0)).getName(), "nemo", "user name");
    Assert.assertEquals(pkt.getAttributeAt(1).getClass().getSimpleName(), UserPasswordAttribute.class.getSimpleName(), "1 attribute");
    Assert.assertEquals(pkt.getAttributeAt(2).getClass().getSimpleName(), NASIPAddressAttribute.class.getSimpleName(), "2 attribute");
    Assert.assertEquals(((NASIPAddressAttribute) pkt.getAttributeAt(2)).getIpAddress(), InetAddress.getByAddress(new byte[] { (byte) 192, (byte) 168, 1, 16 }), "NAS IP address");
    Assert.assertEquals(pkt.getAttributeAt(3).getClass().getSimpleName(), NASPortAttribute.class.getSimpleName(), "3 attribute");
    Assert.assertEquals(((NASPortAttribute) pkt.getAttributeAt(3)).getPort(), 3, "NAS port");
}
Also used : NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute) NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute) ByteBuffer(java.nio.ByteBuffer) Test(org.testng.annotations.Test)

Example 3 with NASPortAttribute

use of org.forgerock.openam.radius.common.packet.NASPortAttribute in project OpenAM by OpenRock.

the class RadiusConn method authenticate.

/**
     * Authenticates the username and password against the remote servers.
     *
     * @param name     the username.
     * @param password the password.
     * @throws IOException              if there is a problem.
     * @throws NoSuchAlgorithmException if there is a problem.
     * @throws RejectException          if there is a problem.
     * @throws ChallengeException       if there is a problem.
     */
public void authenticate(String name, String password) throws IOException, NoSuchAlgorithmException, RejectException, ChallengeException {
    AccessRequest req = createAccessRequest();
    req.addAttribute(new UserNameAttribute(name));
    req.addAttribute(new UserPasswordAttribute(req.getAuthenticator(), secret, password));
    req.addAttribute(new NASIPAddressAttribute(InetAddress.getLocalHost()));
    req.addAttribute(new NASPortAttribute(socket.getLocalPort()));
    sendPacket(req);
}
Also used : AccessRequest(org.forgerock.openam.radius.common.AccessRequest) UserNameAttribute(org.forgerock.openam.radius.common.UserNameAttribute) NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute) NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute) UserPasswordAttribute(org.forgerock.openam.radius.common.UserPasswordAttribute)

Example 4 with NASPortAttribute

use of org.forgerock.openam.radius.common.packet.NASPortAttribute in project OpenAM by OpenRock.

the class RadiusConn method replyChallenge.

/**
     * Sends an access-request to the server in response to a challenge request.
     *
     * @param name     the username.
     * @param password the password.
     * @param ce       the challenge exception providing access to the original challenge response.
     * @throws IOException              if there is a problem.
     * @throws NoSuchAlgorithmException if there is a problem.
     * @throws RejectException          if there is a problem.
     * @throws ChallengeException       if there is a problem.
     */
public void replyChallenge(String name, String password, ChallengeException ce) throws IOException, NoSuchAlgorithmException, RejectException, ChallengeException {
    StateAttribute state = (StateAttribute) ce.getAttributeSet().getAttributeByType(AttributeType.STATE);
    if (state == null) {
        throw new IOException("State not found in challenge");
    }
    AccessRequest req = createAccessRequest();
    // needed in challenge
    req.addAttribute(state);
    if (name != null) {
        req.addAttribute(new UserNameAttribute(name));
    }
    req.addAttribute(new UserPasswordAttribute(req.getAuthenticator(), secret, password));
    req.addAttribute(new NASIPAddressAttribute(InetAddress.getLocalHost()));
    req.addAttribute(new NASPortAttribute(socket.getLocalPort()));
    sendPacket(req);
}
Also used : StateAttribute(org.forgerock.openam.radius.common.StateAttribute) AccessRequest(org.forgerock.openam.radius.common.AccessRequest) UserNameAttribute(org.forgerock.openam.radius.common.UserNameAttribute) NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute) IOException(java.io.IOException) NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute) UserPasswordAttribute(org.forgerock.openam.radius.common.UserPasswordAttribute)

Example 5 with NASPortAttribute

use of org.forgerock.openam.radius.common.packet.NASPortAttribute in project OpenAM by OpenRock.

the class ConsoleClient method run.

/**
     * Calls the server in a thread.
     */
@Override
public void run() {
    try {
        final DatagramChannel chan = DatagramChannel.open();
        // request id
        short reqId = 1;
        final SecureRandom random = new SecureRandom();
        final InetSocketAddress serverAddr = new InetSocketAddress(this.host, this.port);
        final NASIPAddressAttribute nasAddr = new NASIPAddressAttribute(InetAddress.getLocalHost());
        final NASPortAttribute nasPort = new NASPortAttribute(chan.socket().getLocalPort());
        StateAttribute state = null;
        // String username = "boydmr"; // TODO: restore
        final String username = getUserInputFor("Username", null);
        // String passwordOrAnswer = "password"; // TODO: restore
        String passwordOrAnswer = getUserInputFor("Password", null);
        System.out.println();
        boolean finished = false;
        // ready for writing
        final ByteBuffer bufIn = ByteBuffer.allocate(4096);
        while (!finished) {
            final RequestAuthenticator reqAuthR = new RequestAuthenticator(random, this.secret);
            final AccessRequest req = new AccessRequest(reqId++, reqAuthR);
            req.addAttribute(new UserNameAttribute(username));
            req.addAttribute(new UserPasswordAttribute(req.getAuthenticator(), this.secret, passwordOrAnswer));
            req.addAttribute(nasAddr);
            req.addAttribute(nasPort);
            if (state != null) {
                req.addAttribute(state);
            }
            final ByteBuffer reqBuf = ByteBuffer.wrap(req.getOctets());
            if (logTraffic) {
                System.out.println("Packet To " + host + ":" + port);
                System.out.println(RadiusRequestContext.getPacketRepresentation(req));
            }
            chan.send(reqBuf, serverAddr);
            // now handle responses possibly sending additional requests
            chan.receive(bufIn);
            // prepare buffer for reading out
            bufIn.flip();
            final Packet res = PacketFactory.toPacket(bufIn);
            // prepare buffer for next response
            bufIn.clear();
            if (logTraffic) {
                System.out.println("Packet From " + host + ":" + port);
                System.out.println(RadiusRequestContext.getPacketRepresentation(res));
            }
            if (res instanceof AccessReject) {
                System.out.println("---> Sorry. Not Authenticated.");
                System.out.println();
                finished = true;
            } else if (res instanceof AccessAccept) {
                System.out.println("---> SUCCESS! You've Authenticated!");
                System.out.println();
                finished = true;
            } else if (res instanceof AccessChallenge) {
                final AccessChallenge chng = (AccessChallenge) res;
                state = (StateAttribute) getAttribute(StateAttribute.class, res);
                final ReplyMessageAttribute msg = (ReplyMessageAttribute) getAttribute(ReplyMessageAttribute.class, res);
                String message = null;
                if (msg != null) {
                    message = msg.getMessage();
                }
                passwordOrAnswer = getUserInputFor("Answer", message);
                System.out.println();
            }
        }
    } catch (final Exception e) {
        e.printStackTrace();
    }
}
Also used : StateAttribute(org.forgerock.openam.radius.common.StateAttribute) Packet(org.forgerock.openam.radius.common.Packet) RequestAuthenticator(org.forgerock.openam.radius.common.RequestAuthenticator) AccessRequest(org.forgerock.openam.radius.common.AccessRequest) InetSocketAddress(java.net.InetSocketAddress) DatagramChannel(java.nio.channels.DatagramChannel) SecureRandom(java.security.SecureRandom) NASIPAddressAttribute(org.forgerock.openam.radius.common.packet.NASIPAddressAttribute) ByteBuffer(java.nio.ByteBuffer) IOException(java.io.IOException) ReplyMessageAttribute(org.forgerock.openam.radius.common.ReplyMessageAttribute) UserNameAttribute(org.forgerock.openam.radius.common.UserNameAttribute) AccessReject(org.forgerock.openam.radius.common.AccessReject) NASPortAttribute(org.forgerock.openam.radius.common.packet.NASPortAttribute) AccessChallenge(org.forgerock.openam.radius.common.AccessChallenge) UserPasswordAttribute(org.forgerock.openam.radius.common.UserPasswordAttribute) AccessAccept(org.forgerock.openam.radius.common.AccessAccept)

Aggregations

NASIPAddressAttribute (org.forgerock.openam.radius.common.packet.NASIPAddressAttribute)5 NASPortAttribute (org.forgerock.openam.radius.common.packet.NASPortAttribute)5 ByteBuffer (java.nio.ByteBuffer)3 AccessRequest (org.forgerock.openam.radius.common.AccessRequest)3 UserNameAttribute (org.forgerock.openam.radius.common.UserNameAttribute)3 UserPasswordAttribute (org.forgerock.openam.radius.common.UserPasswordAttribute)3 IOException (java.io.IOException)2 StateAttribute (org.forgerock.openam.radius.common.StateAttribute)2 Test (org.testng.annotations.Test)2 InetAddress (java.net.InetAddress)1 InetSocketAddress (java.net.InetSocketAddress)1 UnknownHostException (java.net.UnknownHostException)1 DatagramChannel (java.nio.channels.DatagramChannel)1 SecureRandom (java.security.SecureRandom)1 AccessAccept (org.forgerock.openam.radius.common.AccessAccept)1 AccessChallenge (org.forgerock.openam.radius.common.AccessChallenge)1 AccessReject (org.forgerock.openam.radius.common.AccessReject)1 Packet (org.forgerock.openam.radius.common.Packet)1 ReplyMessageAttribute (org.forgerock.openam.radius.common.ReplyMessageAttribute)1 RequestAuthenticator (org.forgerock.openam.radius.common.RequestAuthenticator)1