Example 1 with RadiusPacketException
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class ServerPacketCodec method decode.
@Override
protected void decode(ChannelHandlerContext ctx, DatagramPacket msg, List<Object> out) {
final InetSocketAddress remoteAddress = msg.sender();
try {
final RadiusRequest request = fromDatagram(dictionary, msg);
String secret = secretProvider.getSharedSecret(remoteAddress, request);
if (secret == null) {
logger.warn("Ignoring packet from {}, shared secret lookup failed", remoteAddress);
return;
}
logger.debug("Received request from {} - {}", remoteAddress, request);
// log first before errors may be thrown
out.add(new RequestCtx(request.decodeRequest(secret), new RadiusEndpoint(remoteAddress, secret)));
} catch (RadiusPacketException e) {
logger.warn("Could not deserialize packet: {}", e.getMessage());
}
}
Also used :
RadiusPacketException(org.tinyradius.core.RadiusPacketException)
RadiusEndpoint(org.tinyradius.io.RadiusEndpoint)
InetSocketAddress(java.net.InetSocketAddress)
RadiusRequest(org.tinyradius.core.packet.request.RadiusRequest)
RequestCtx(org.tinyradius.io.server.RequestCtx)
Example 2 with RadiusPacketException
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class MessageAuthSupport method verifyMessageAuth.
default void verifyMessageAuth(String sharedSecret, byte[] requestAuth) throws RadiusPacketException {
final List<RadiusAttribute> msgAuthAttr = filterAttributes(MESSAGE_AUTHENTICATOR);
if (msgAuthAttr.isEmpty())
return;
if (msgAuthAttr.size() > 1)
throw new RadiusPacketException("Message-Authenticator check failed - should have at most one count, has " + msgAuthAttr.size());
final byte[] messageAuth = msgAuthAttr.get(0).getValue();
if (messageAuth.length != 16)
throw new RadiusPacketException("Message-Authenticator check failed - must be 16 octets, actual " + messageAuth.length);
if (!Arrays.equals(messageAuth, computeMessageAuth(this, sharedSecret, requestAuth))) {
// find attributes that should be encoded but aren't
final boolean decodedAlready = getAttributes().stream().filter(a -> a.getAttributeTemplate().map(AttributeTemplate::encryptEnabled).orElse(false)).anyMatch(a -> !a.isEncoded());
if (decodedAlready)
msgAuthLogger.info("Skipping Message-Authenticator check - attributes have been decrypted already");
else
throw new RadiusPacketException("Message-Authenticator check failed");
}
}
Also used :
RadiusAttribute(org.tinyradius.core.attribute.type.RadiusAttribute)
AttributeTemplate(org.tinyradius.core.attribute.AttributeTemplate)
Arrays(java.util.Arrays)
Mac(javax.crypto.Mac)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
ByteBuffer(java.nio.ByteBuffer)
Unpooled(io.netty.buffer.Unpooled)
RadiusAttribute(org.tinyradius.core.attribute.type.RadiusAttribute)
Objects(java.util.Objects)
List(java.util.List)
Logger(org.apache.logging.log4j.Logger)
ByteBuf(io.netty.buffer.ByteBuf)
RadiusPacket(org.tinyradius.core.packet.RadiusPacket)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LogManager(org.apache.logging.log4j.LogManager)
RadiusPacketException(org.tinyradius.core.RadiusPacketException)
RadiusPacketException(org.tinyradius.core.RadiusPacketException)
Example 3 with RadiusPacketException
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class ClientDatagramCodec method decode.
@Override
protected void decode(ChannelHandlerContext ctx, DatagramPacket msg, List<Object> out) {
final InetSocketAddress remoteAddress = msg.sender();
if (remoteAddress == null) {
logger.warn("Ignoring response, remoteAddress is null");
return;
}
try {
RadiusResponse response = fromDatagram(dictionary, msg);
logger.debug("Received packet from {} - {}", remoteAddress, response);
out.add(response);
} catch (RadiusPacketException e) {
logger.warn("Could not deserialize packet: {}", e.getMessage());
}
}
Also used :
RadiusResponse(org.tinyradius.core.packet.response.RadiusResponse)
RadiusPacketException(org.tinyradius.core.RadiusPacketException)
InetSocketAddress(java.net.InetSocketAddress)
Example 4 with RadiusPacketException
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class BaseCodec method decode.
/**
* Decodes the passed encoded attribute data and returns the cleartext form as bytes
*
* @param data data to decrypt, excl. type/length/tag
* @param requestAuth packet authenticator
* @param sharedSecret shared secret
* @return decrypted data
* @throws RadiusPacketException errors decoding attribute data
*/
public byte[] decode(byte[] data, byte[] requestAuth, String sharedSecret) throws RadiusPacketException {
Objects.requireNonNull(data);
Objects.requireNonNull(requestAuth);
Objects.requireNonNull(sharedSecret);
if (requestAuth.length != 16)
throw new RadiusPacketException("Request Authenticator must be 16 octets");
return decodeData(data, requestAuth, sharedSecret.getBytes(UTF_8));
}
Also used :
RadiusPacketException(org.tinyradius.core.RadiusPacketException)
Example 5 with RadiusPacketException
use of org.tinyradius.core.RadiusPacketException in project tinyradius-netty by globalreachtech.
the class TunnelPasswordCodec method decodeData.
@Override
protected byte[] decodeData(byte[] encodedData, byte[] auth, byte[] secret) throws RadiusPacketException {
final int strLen = encodedData.length - 2;
if (strLen < 16)
throw new RadiusPacketException("Malformed attribute while decoding with RFC2868 Tunnel-Password method - " + "string must be at least 16 octets, actual: " + strLen);
if (strLen % 16 != 0)
throw new RadiusPacketException("Malformed attribute while decoding with RFC2865 Tunnel-Password method - " + "string octets must be multiple of 16, actual: " + strLen);
final byte[] encodedStr = Arrays.copyOfRange(encodedData, 2, encodedData.length);
final byte[] salt = Arrays.copyOfRange(encodedData, 0, 2);
byte[] c = ByteBuffer.allocate(18).put(auth).put(salt).array();
final ByteBuf plaintext = Unpooled.buffer(encodedStr.length, encodedStr.length);
for (int i = 0; i < strLen; i += 16) {
plaintext.writeBytes(xor16(encodedStr, i, md5(secret, c)));
c = Arrays.copyOfRange(encodedStr, i, i + 16);
}
// first
final byte len = plaintext.readByte();
return plaintext.writerIndex(// strip padding
len + 1).copy().array();
}
Also used :
RadiusPacketException(org.tinyradius.core.RadiusPacketException)
ByteBuf(io.netty.buffer.ByteBuf)
Aggregations
RadiusPacketException (org.tinyradius.core.RadiusPacketException)33
Test (org.junit.jupiter.api.Test)18
RadiusRequest (org.tinyradius.core.packet.request.RadiusRequest)10
ByteBuf (io.netty.buffer.ByteBuf)8
InetSocketAddress (java.net.InetSocketAddress)8
RadiusResponse (org.tinyradius.core.packet.response.RadiusResponse)7
TimeoutException (java.util.concurrent.TimeoutException)6
RadiusEndpoint (org.tinyradius.io.RadiusEndpoint)6
RadiusAttribute (org.tinyradius.core.attribute.type.RadiusAttribute)5
DatagramPacket (io.netty.channel.socket.DatagramPacket)4
Arrays (java.util.Arrays)4
List (java.util.List)4
Dictionary (org.tinyradius.core.dictionary.Dictionary)4
Bootstrap (io.netty.bootstrap.Bootstrap)3
ChannelHandlerContext (io.netty.channel.ChannelHandlerContext)3
ChannelOutboundHandlerAdapter (io.netty.channel.ChannelOutboundHandlerAdapter)3
ChannelPromise (io.netty.channel.ChannelPromise)3
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)3
NioDatagramChannel (io.netty.channel.socket.nio.NioDatagramChannel)3
HashedWheelTimer (io.netty.util.HashedWheelTimer)3
