use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class ServerPacketCodec method decode.
@Override
protected void decode(ChannelHandlerContext ctx, DatagramPacket msg, List<Object> out) {
final InetSocketAddress remoteAddress = msg.sender();
try {
final RadiusRequest request = fromDatagram(dictionary, msg);
String secret = secretProvider.getSharedSecret(remoteAddress, request);
if (secret == null) {
logger.warn("Ignoring packet from {}, shared secret lookup failed", remoteAddress);
return;
}
logger.debug("Received request from {} - {}", remoteAddress, request);
// log first before errors may be thrown
out.add(new RequestCtx(request.decodeRequest(secret), new RadiusEndpoint(remoteAddress, secret)));
} catch (RadiusPacketException e) {
logger.warn("Could not deserialize packet: {}", e.getMessage());
}
}
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class MessageAuthSupport method verifyMessageAuth.
default void verifyMessageAuth(String sharedSecret, byte[] requestAuth) throws RadiusPacketException {
final List<RadiusAttribute> msgAuthAttr = filterAttributes(MESSAGE_AUTHENTICATOR);
if (msgAuthAttr.isEmpty())
return;
if (msgAuthAttr.size() > 1)
throw new RadiusPacketException("Message-Authenticator check failed - should have at most one count, has " + msgAuthAttr.size());
final byte[] messageAuth = msgAuthAttr.get(0).getValue();
if (messageAuth.length != 16)
throw new RadiusPacketException("Message-Authenticator check failed - must be 16 octets, actual " + messageAuth.length);
if (!Arrays.equals(messageAuth, computeMessageAuth(this, sharedSecret, requestAuth))) {
// find attributes that should be encoded but aren't
final boolean decodedAlready = getAttributes().stream().filter(a -> a.getAttributeTemplate().map(AttributeTemplate::encryptEnabled).orElse(false)).anyMatch(a -> !a.isEncoded());
if (decodedAlready)
msgAuthLogger.info("Skipping Message-Authenticator check - attributes have been decrypted already");
else
throw new RadiusPacketException("Message-Authenticator check failed");
}
}
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class ClientDatagramCodec method decode.
@Override
protected void decode(ChannelHandlerContext ctx, DatagramPacket msg, List<Object> out) {
final InetSocketAddress remoteAddress = msg.sender();
if (remoteAddress == null) {
logger.warn("Ignoring response, remoteAddress is null");
return;
}
try {
RadiusResponse response = fromDatagram(dictionary, msg);
logger.debug("Received packet from {} - {}", remoteAddress, response);
out.add(response);
} catch (RadiusPacketException e) {
logger.warn("Could not deserialize packet: {}", e.getMessage());
}
}
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class BaseCodec method decode.
/**
* Decodes the passed encoded attribute data and returns the cleartext form as bytes
*
* @param data data to decrypt, excl. type/length/tag
* @param requestAuth packet authenticator
* @param sharedSecret shared secret
* @return decrypted data
* @throws RadiusPacketException errors decoding attribute data
*/
public byte[] decode(byte[] data, byte[] requestAuth, String sharedSecret) throws RadiusPacketException {
Objects.requireNonNull(data);
Objects.requireNonNull(requestAuth);
Objects.requireNonNull(sharedSecret);
if (requestAuth.length != 16)
throw new RadiusPacketException("Request Authenticator must be 16 octets");
return decodeData(data, requestAuth, sharedSecret.getBytes(UTF_8));
}
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class TunnelPasswordCodec method decodeData.
@Override
protected byte[] decodeData(byte[] encodedData, byte[] auth, byte[] secret) throws RadiusPacketException {
final int strLen = encodedData.length - 2;
if (strLen < 16)
throw new RadiusPacketException("Malformed attribute while decoding with RFC2868 Tunnel-Password method - " + "string must be at least 16 octets, actual: " + strLen);
if (strLen % 16 != 0)
throw new RadiusPacketException("Malformed attribute while decoding with RFC2865 Tunnel-Password method - " + "string octets must be multiple of 16, actual: " + strLen);
final byte[] encodedStr = Arrays.copyOfRange(encodedData, 2, encodedData.length);
final byte[] salt = Arrays.copyOfRange(encodedData, 0, 2);
byte[] c = ByteBuffer.allocate(18).put(auth).put(salt).array();
final ByteBuf plaintext = Unpooled.buffer(encodedStr.length, encodedStr.length);
for (int i = 0; i < strLen; i += 16) {
plaintext.writeBytes(xor16(encodedStr, i, md5(secret, c)));
c = Arrays.copyOfRange(encodedStr, i, i + 16);
}
// first
final byte len = plaintext.readByte();
return plaintext.writerIndex(// strip padding
len + 1).copy().array();
}
Aggregations