Package org.tinyradius.packet.request

Class AccessRequest

java.lang.Object

org.tinyradius.packet.BaseRadiusPacket

org.tinyradius.packet.request.RadiusRequest

org.tinyradius.packet.request.AccessRequest

All Implemented Interfaces:

AttributeHolder, NestedAttributeHolder, RadiusPacket, MessageAuthSupport<AccessRequest>

Direct Known Subclasses:

AccessRequestChap, AccessRequestEap, AccessRequestPap

public abstract class AccessRequest
extends RadiusRequest
implements MessageAuthSupport<AccessRequest>

This class represents an Access-Request Radius packet.

Field Summary

Fields

Modifier and Type	Field	Description
protected static java.util.Set<java.lang.Byte>	AUTH_ATTRS
static byte	CHAP_PASSWORD
static byte	EAP_MESSAGE
protected static org.apache.logging.log4j.Logger	logger
protected static java.security.SecureRandom	RANDOM
static byte	USER_NAME
static byte	USER_PASSWORD

Fields inherited from interface org.tinyradius.packet.util.MessageAuthSupport

MESSAGE_AUTHENTICATOR

Fields inherited from interface org.tinyradius.packet.RadiusPacket

HEADER_LENGTH

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AccessRequest(Dictionary dictionary, byte identifier, byte[] authenticator, java.util.List<RadiusAttribute> attributes)

Method Summary

Modifier and Type	Method	Description
abstract AccessRequest	copy()
static AccessRequest	create(Dictionary dictionary, byte identifier, byte[] authenticator, java.util.List<RadiusAttribute> attributes)	Create new AccessRequest, tries to identify auth protocol from attributes.
protected abstract AccessRequest	encodeAuthMechanism(java.lang.String sharedSecret, byte[] newAuth)	Create copy of AccessRequest with new authenticator and encoded attributes
AccessRequest	encodeRequest(java.lang.String sharedSecret)	AccessRequest overrides this method to generate a randomized authenticator (RFC 2865) and encode required attributes (e.g.
protected byte[]	random16bytes()
protected abstract void	verifyAuthMechanism(java.lang.String sharedSecret)	Verify packet for specific auth protocols
void	verifyRequest(java.lang.String sharedSecret)	AccessRequest cannot verify authenticator as they contain random bytes.

Methods inherited from class org.tinyradius.packet.BaseRadiusPacket

createHashedAuthenticator, equals, getAttributes, getAuthenticator, getChildVendorId, getDictionary, getId, getMd5Digest, getType, hashCode, toString, verifyPacketAuth

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.tinyradius.attribute.util.AttributeHolder

addAttribute, addAttribute, getAttribute, getAttribute, getAttributeBytes, getAttributeMap, getAttributes, getAttributes, getAttributeString, getChildVendorId, lookupAttributeType, removeAttributes, removeLastAttribute

Methods inherited from interface org.tinyradius.packet.util.MessageAuthSupport

calcMessageAuthInput, computeMessageAuth, encodeMessageAuth, verifyMessageAuth

Methods inherited from interface org.tinyradius.attribute.util.NestedAttributeHolder

addAttribute, getAttribute, getAttributes, getAttributes, getVendorSpecificAttributes, removeAttribute, removeAttributes, removeSubAttribute

Methods inherited from interface org.tinyradius.packet.RadiusPacket

getAttributes, getAuthenticator, getDictionary, getId, getType

Field Details

logger

protected static final org.apache.logging.log4j.Logger logger

RANDOM

protected static final java.security.SecureRandom RANDOM

USER_PASSWORD

public static final byte USER_PASSWORD

See Also:

Constant Field Values

CHAP_PASSWORD

public static final byte CHAP_PASSWORD

See Also:

Constant Field Values

EAP_MESSAGE

public static final byte EAP_MESSAGE

See Also:

Constant Field Values

AUTH_ATTRS

protected static final java.util.Set<java.lang.Byte> AUTH_ATTRS

USER_NAME

public static final byte USER_NAME

See Also:

Constant Field Values

Constructor Details

AccessRequest

protected AccessRequest(Dictionary dictionary, byte identifier, byte[] authenticator, java.util.List<RadiusAttribute> attributes)

Parameters:

dictionary - custom dictionary to use

identifier - packet identifier

authenticator - authenticator for packet, nullable

attributes - list of attributes for packet

Method Details

encodeAuthMechanism

protected abstract AccessRequest encodeAuthMechanism(java.lang.String sharedSecret, byte[] newAuth) throws RadiusPacketException

Create copy of AccessRequest with new authenticator and encoded attributes

Parameters:

sharedSecret - shared secret that secures the communication with the other Radius server/client

newAuth - authenticator to use to encode PAP password, nullable if using different auth protocol

Returns:

RadiusPacket with new authenticator and encoded attributes

Throws:

RadiusPacketException - if invalid or missing attributes

copy

public abstract AccessRequest copy()

Specified by:

copy in interface MessageAuthSupport<AccessRequest>

Specified by:

copy in interface RadiusPacket

Overrides:

copy in class RadiusRequest

Returns:

AccessRequest implementation copy including intermediate/transient values and passwords

encodeRequest

public AccessRequest encodeRequest(java.lang.String sharedSecret) throws RadiusPacketException

AccessRequest overrides this method to generate a randomized authenticator (RFC 2865) and encode required attributes (e.g. User-Password).

Overrides:

encodeRequest in class RadiusRequest

Parameters:

sharedSecret - shared secret that secures the communication with the other Radius server/client

Returns:

RadiusPacket with new authenticator and encoded attributes

Throws:

RadiusPacketException - if invalid or missing attributes

verifyAuthMechanism

protected abstract void verifyAuthMechanism(java.lang.String sharedSecret) throws RadiusPacketException

Verify packet for specific auth protocols

Parameters:

sharedSecret - shared secret

Throws:

RadiusPacketException - if invalid or missing attributes

verifyRequest

public void verifyRequest(java.lang.String sharedSecret) throws RadiusPacketException

AccessRequest cannot verify authenticator as they contain random bytes.

It can, however, check the User-Password/Challenge attributes are present and attempt decryption, depending on auth protocol.

Overrides:

verifyRequest in class RadiusRequest

Parameters:

sharedSecret - shared secret, only applicable for PAP

Throws:

RadiusPacketException - if authenticator check fails

create

public static AccessRequest create(Dictionary dictionary, byte identifier, byte[] authenticator, java.util.List<RadiusAttribute> attributes)

Create new AccessRequest, tries to identify auth protocol from attributes.

Parameters:

dictionary - custom dictionary to use

identifier - packet identifier

authenticator - authenticator for packet, nullable

attributes - list of attributes for packet, should not be empty or a stub AccessRequest will be returned

Returns:

AccessRequest auth mechanism-specific implementation

random16bytes

protected byte[] random16bytes()