1. send eap failure message when access denied;
2. change current state from unauthenticated to started when receiving eapol start message
Change-Id: I3d1a978a0f784f1bae41cebb51aed58f3f4742fe
diff --git a/src/main/java/org/opencord/aaa/AaaManager.java b/src/main/java/org/opencord/aaa/AaaManager.java
index 2aedc5f..2c02f69 100755
--- a/src/main/java/org/opencord/aaa/AaaManager.java
+++ b/src/main/java/org/opencord/aaa/AaaManager.java
@@ -462,10 +462,10 @@
break;
case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
//send an EAPOL - Success to the supplicant.
- byte[] eapMessage =
+ byte[] eapMessageSuccess =
radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
eapPayload = new EAP();
- eapPayload = (EAP) eapPayload.deserialize(eapMessage, 0, eapMessage.length);
+ eapPayload = (EAP) eapPayload.deserialize(eapMessageSuccess, 0, eapMessageSuccess.length);
eth = buildEapolResponse(stateMachine.supplicantAddress(),
MacAddress.valueOf(nasMacAddress),
stateMachine.vlanId(),
@@ -477,6 +477,17 @@
break;
case RADIUS.RADIUS_CODE_ACCESS_REJECT:
stateMachine.denyAccess();
+ //send an EAPOL - Failure to the supplicant.
+ byte[] eapMessageFailure =
+ radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
+ eapPayload = new EAP();
+ eapPayload = (EAP) eapPayload.deserialize(eapMessageFailure, 0, eapMessageFailure.length);
+ eth = buildEapolResponse(stateMachine.supplicantAddress(),
+ MacAddress.valueOf(nasMacAddress),
+ stateMachine.vlanId(),
+ EAPOL.EAPOL_PACKET,
+ eapPayload);
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint());
break;
default:
log.warn("Unknown RADIUS message received with code: {}", radiusPacket.getCode());
diff --git a/src/main/java/org/opencord/aaa/StateMachine.java b/src/main/java/org/opencord/aaa/StateMachine.java
index 1caf835..323313f 100644
--- a/src/main/java/org/opencord/aaa/StateMachine.java
+++ b/src/main/java/org/opencord/aaa/StateMachine.java
@@ -80,7 +80,7 @@
input
----------------------------------------------------------------------------------------------------
- START STARTED | _ | _ | STARTED | _
+ START STARTED | _ | _ | STARTED | STARTED
REQUEST_ACCESS _ | PENDING | _ | _ | _
@@ -100,7 +100,7 @@
private int[] authorizedTransition =
{STATE_STARTED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_IDLE};
private int[] unauthorizedTransition =
- {STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_IDLE};
+ {STATE_STARTED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_IDLE};
//THE TRANSITION TABLE
private int[][] transition =
@@ -522,6 +522,10 @@
private final Logger log = getLogger(getClass());
private String name = "UNAUTHORIZED_STATE";
+ public void start() {
+ log.info("Moving from UNAUTHORIZED state to STARTED state.");
+ }
+
public void logoff() {
log.info("Moving from UNAUTHORIZED state to IDLE state.");
}
diff --git a/src/test/java/org/opencord/aaa/StateMachineTest.java b/src/test/java/org/opencord/aaa/StateMachineTest.java
index 6626537..f87d72f 100644
--- a/src/test/java/org/opencord/aaa/StateMachineTest.java
+++ b/src/test/java/org/opencord/aaa/StateMachineTest.java
@@ -201,16 +201,16 @@
stateMachine.denyAccess();
stateMachine.start();
- assertEquals(stateMachine.state(), StateMachine.STATE_UNAUTHORIZED);
+ assertEquals(stateMachine.state(), StateMachine.STATE_STARTED);
stateMachine.requestAccess();
- assertEquals(stateMachine.state(), StateMachine.STATE_UNAUTHORIZED);
+ assertEquals(stateMachine.state(), StateMachine.STATE_PENDING);
stateMachine.authorizeAccess();
- assertEquals(stateMachine.state(), StateMachine.STATE_UNAUTHORIZED);
+ assertEquals(stateMachine.state(), StateMachine.STATE_AUTHORIZED);
stateMachine.denyAccess();
- assertEquals(stateMachine.state(), StateMachine.STATE_UNAUTHORIZED);
+ assertEquals(stateMachine.state(), StateMachine.STATE_AUTHORIZED);
stateMachine.logoff();
assertEquals(stateMachine.state(), StateMachine.STATE_IDLE);