Refactor AAA app in preparation for clustered operation.
* Add formal API for accessing auth state information rather than directly
looking up static maps.
* Move static maps in StateMachine to non-static maps in AaaManager
* Manage identifier space used for requests/replies better
* Refactored state machine timeout mechansim
Change-Id: Ie53c3a66ac1619e10607d9926b71747a333317f3
diff --git a/app/src/test/java/org/opencord/aaa/impl/AaaIntegrationTest.java b/app/src/test/java/org/opencord/aaa/impl/AaaIntegrationTest.java
index 0275b13..b6c9fe8 100644
--- a/app/src/test/java/org/opencord/aaa/impl/AaaIntegrationTest.java
+++ b/app/src/test/java/org/opencord/aaa/impl/AaaIntegrationTest.java
@@ -113,8 +113,7 @@
// State machine should have been created by now
- StateMachine stateMachine =
- StateMachine.lookupStateMachineBySessionId(SESSION_ID);
+ StateMachine stateMachine = aaa.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
diff --git a/app/src/test/java/org/opencord/aaa/impl/AaaManagerTest.java b/app/src/test/java/org/opencord/aaa/impl/AaaManagerTest.java
index 1b4257d..d50be7d 100644
--- a/app/src/test/java/org/opencord/aaa/impl/AaaManagerTest.java
+++ b/app/src/test/java/org/opencord/aaa/impl/AaaManagerTest.java
@@ -15,7 +15,6 @@
*/
package org.opencord.aaa.impl;
-import com.google.common.base.Charsets;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -37,13 +36,13 @@
import org.onosproject.net.packet.InboundPacket;
import org.opencord.aaa.AaaConfig;
-import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.UnknownHostException;
import static com.google.common.base.Preconditions.checkState;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
+import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertThat;
/**
@@ -111,50 +110,6 @@
}
/**
- * Constructs an Ethernet packet containing a RADIUS challenge
- * packet.
- *
- * @param challengeCode code to use in challenge packet
- * @param challengeType type to use in challenge packet
- * @return Ethernet packet
- */
- private RADIUS constructRadiusCodeAccessChallengePacket(byte challengeCode, byte challengeType) {
-
- String challenge = "12345678901234567";
-
- EAP eap = new EAP(challengeType, (byte) 4, challengeType,
- challenge.getBytes(Charsets.US_ASCII));
- eap.setIdentifier((byte) 4);
-
- RADIUS radius = new RADIUS();
- radius.setCode(challengeCode);
- radius.setIdentifier((byte) 4);
- radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
- challenge.getBytes(Charsets.US_ASCII));
-
- radius.setPayload(eap);
- radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE,
- eap.serialize());
- radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH,
- aaaManager.radiusSecret.getBytes());
- return radius;
- }
-
- public static void injectEventDispatcher(Object manager, EventDeliveryService svc) {
- Class mc = manager.getClass();
- for (Field f : mc.getSuperclass().getDeclaredFields()) {
- if (f.getType().equals(EventDeliveryService.class)) {
- try {
- TestUtils.setField(manager, f.getName(), svc);
- } catch (TestUtils.TestUtilsException e) {
- throw new IllegalArgumentException("Unable to inject reference", e);
- }
- break;
- }
- }
- }
-
- /**
* Sets up the services required by the AAA application.
*/
@Before
@@ -217,7 +172,7 @@
* @throws DeserializationException if packed deserialization fails.
*/
@Test
- public void testAuthentication() throws Exception {
+ public void testAuthentication() throws Exception {
// (1) Supplicant start up
@@ -229,10 +184,12 @@
// (2) Supplicant identify
- Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 3, null);
+ Ethernet identifyPacket = constructSupplicantIdentifyPacket(null,
+ EAP.ATTR_IDENTITY, (byte) 3, null);
sendPacket(identifyPacket);
RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
+ byte reqId = radiusIdentifyPacket.getIdentifier();
checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
@@ -248,15 +205,15 @@
// State machine should have been created by now
- StateMachine stateMachine =
- StateMachine.lookupStateMachineBySessionId(SESSION_ID);
+ StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (3) RADIUS MD5 challenge
RADIUS radiusCodeAccessChallengePacket =
- constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
+ constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5,
+ reqId, aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
@@ -274,7 +231,8 @@
RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
- assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
+ //assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
+ reqId = responseMd5RadiusPacket.getIdentifier();
assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
// State machine should be in pending state
@@ -285,7 +243,8 @@
// (5) RADIUS Success
RADIUS successPacket =
- constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
+ constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT,
+ EAP.SUCCESS, reqId, aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket((successPacket));
Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
@@ -295,7 +254,21 @@
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
+ }
+ @Test
+ public void testRemoveAuthentication() {
+ Ethernet startPacket = constructSupplicantStartPacket();
+ sendPacket(startPacket);
+
+ StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
+
+ assertThat(stateMachine, notNullValue());
+ assertThat(stateMachine.state(), is(StateMachine.STATE_STARTED));
+
+ aaaManager.removeAuthenticationStateByMac(stateMachine.supplicantAddress());
+
+ assertThat(aaaManager.getStateMachine(SESSION_ID), nullValue());
}
/**
diff --git a/app/src/test/java/org/opencord/aaa/impl/AaaStatisticsTest.java b/app/src/test/java/org/opencord/aaa/impl/AaaStatisticsTest.java
index 5c9f657..2f67ba0 100644
--- a/app/src/test/java/org/opencord/aaa/impl/AaaStatisticsTest.java
+++ b/app/src/test/java/org/opencord/aaa/impl/AaaStatisticsTest.java
@@ -15,7 +15,6 @@
*/
package org.opencord.aaa.impl;
-import com.google.common.base.Charsets;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -42,7 +41,6 @@
import org.opencord.aaa.AaaConfig;
import org.slf4j.Logger;
-import java.lang.reflect.Field;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
@@ -69,19 +67,19 @@
private AaaSupplicantMachineStatsManager aaaSupplicantStatsManager;
class AaaManagerWithoutRadiusServer extends AaaManager {
- protected void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) {
- super.sendRadiusPacket(radiusPacket, inPkt);
- aaaManager.aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier());
- savePacket(radiusPacket);
- }
+ protected void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) {
+ super.sendRadiusPacket(radiusPacket, inPkt);
+ aaaManager.aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier());
+ savePacket(radiusPacket);
+ }
- // changed the configuration of parent method to protected
- protected void configureRadiusCommunication() {
- PacketService pktService = new MockPacketService();
- ApplicationId appId = new CoreServiceAdapter().registerApplication("org.opencord.aaa");
- aaaManager.impl = new TestSocketBasedRadiusCommunicator(appId, pktService, aaaManager);
- }
- }
+ // changed the configuration of parent method to protected
+ protected void configureRadiusCommunication() {
+ PacketService pktService = new MockPacketService();
+ ApplicationId appId = new CoreServiceAdapter().registerApplication("org.opencord.aaa");
+ aaaManager.impl = new TestSocketBasedRadiusCommunicator(appId, pktService, aaaManager);
+ }
+ }
/**
* Mocks the AAAConfig class to force usage of an unroutable address for the
@@ -90,13 +88,13 @@
static class MockAaaConfig extends AaaConfig {
@Override
public InetAddress radiusIp() {
- try {
+ try {
return InetAddress.getByName(BAD_IP_ADDRESS);
- } catch (UnknownHostException ex) {
+ } catch (UnknownHostException ex) {
throw new IllegalStateException(ex);
- }
+ }
}
- }
+ }
/**
* Mocks the network config registry.
@@ -107,77 +105,32 @@
public <S, C extends Config<S>> C getConfig(S subject, Class<C> configClass) {
AaaConfig aaaConfig = new MockAaaConfig();
return (C) aaaConfig;
- }
+ }
}
public static class TestEventDispatcher extends DefaultEventSinkRegistry implements EventDeliveryService {
- @Override
- @SuppressWarnings("unchecked")
- public synchronized void post(Event event) {
- EventSink sink = getSink(event.getClass());
- checkState(sink != null, "No sink for event %s", event);
- sink.process(event);
- }
+ @Override
+ @SuppressWarnings("unchecked")
+ public synchronized void post(Event event) {
+ EventSink sink = getSink(event.getClass());
+ checkState(sink != null, "No sink for event %s", event);
+ sink.process(event);
+ }
- @Override
- public void setDispatchTimeLimit(long millis) {
- }
+ @Override
+ public void setDispatchTimeLimit(long millis) {
+ }
- @Override
- public long getDispatchTimeLimit() {
- return 0;
- }
- }
-
- /**
- * Constructs an Ethernet packet containing a RADIUS challenge packet.
- *
- * @param challengeCode
- * code to use in challenge packet
- * @param challengeType
- * type to use in challenge packet
- * @return Ethernet packet
- */
- private RADIUS constructRadiusCodeAccessChallengePacket(byte challengeCode, byte challengeType) {
-
- String challenge = "12345678901234567";
-
- EAP eap = new EAP(challengeType, (byte) 4, challengeType,
- challenge.getBytes(Charsets.US_ASCII));
- eap.setIdentifier((byte) 4);
-
- RADIUS radius = new RADIUS();
- radius.setCode(challengeCode);
- radius.setIdentifier((byte) 4);
- radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
- challenge.getBytes(Charsets.US_ASCII));
-
- radius.setPayload(eap);
- radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE,
- eap.serialize());
- radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH,
- aaaManager.radiusSecret.getBytes());
- return radius;
- }
-
- public static void injectEventDispatcher(Object manager, EventDeliveryService svc) {
- Class mc = manager.getClass();
- for (Field f : mc.getSuperclass().getDeclaredFields()) {
- if (f.getType().equals(EventDeliveryService.class)) {
- try {
- TestUtils.setField(manager, f.getName(), svc);
- } catch (TestUtils.TestUtilsException e) {
- throw new IllegalArgumentException("Unable to inject reference", e);
- }
- break;
- }
- }
+ @Override
+ public long getDispatchTimeLimit() {
+ return 0;
+ }
}
-/**
- * Set up the services required by the AAA application.
- */
+ /**
+ * Set up the services required by the AAA application.
+ */
@Before
public void setUp() {
aaaManager = new AaaManagerWithoutRadiusServer();
@@ -200,46 +153,44 @@
aaaManager.activate(new AaaTestBase.MockComponentContext());
}
-/**
- * Tear down the AAA application.
- */
-@After
-public void tearDown() {
- aaaManager.deactivate(new AaaTestBase.MockComponentContext());
-}
+ /**
+ * Tear down the AAA application.
+ */
+ @After
+ public void tearDown() {
+ aaaManager.deactivate(new AaaTestBase.MockComponentContext());
+ }
-/**
- * Extracts the RADIUS packet from a packet sent by the supplicant.
- *
- * @param radius
- * RADIUS packet sent by the supplicant
- * @throws DeserializationException
- * if deserialization of the packet contents fails.
- */
-private void checkRadiusPacketFromSupplicant(RADIUS radius) throws DeserializationException {
- assertThat(radius, notNullValue());
- EAP eap = radius.decapsulateMessage();
- assertThat(eap, notNullValue());
-}
+ /**
+ * Extracts the RADIUS packet from a packet sent by the supplicant.
+ *
+ * @param radius RADIUS packet sent by the supplicant
+ * @throws DeserializationException if deserialization of the packet contents fails.
+ */
+ private void checkRadiusPacketFromSupplicant(RADIUS radius) throws DeserializationException {
+ assertThat(radius, notNullValue());
+ EAP eap = radius.decapsulateMessage();
+ assertThat(eap, notNullValue());
+ }
-/**
- * Fetches the sent packet at the given index. The requested packet must be the
- * last packet on the list.
- *
- * @param index
- * index into sent packets array
- * @return packet
- */
-private BasePacket fetchPacket(int index) {
- BasePacket packet = savedPackets.get(index);
- assertThat(packet, notNullValue());
- return packet;
-}
+ /**
+ * Fetches the sent packet at the given index. The requested packet must be the
+ * last packet on the list.
+ *
+ * @param index index into sent packets array
+ * @return packet
+ */
+ private BasePacket fetchPacket(int index) {
+ BasePacket packet = savedPackets.get(index);
+ assertThat(packet, notNullValue());
+ return packet;
+ }
- /** Tests the authentication path through the AAA application.
- * And counts the aaa Stats for successful transmission.
- * @throws DeserializationException
- * if packed deserialization fails.
+ /**
+ * Tests the authentication path through the AAA application.
+ * And counts the aaa Stats for successful transmission.
+ *
+ * @throws DeserializationException if packed deserialization fails.
*/
@Test
public void testAaaStatisticsForAcceptedPackets() throws Exception {
@@ -263,19 +214,20 @@
assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
is("testuser"));
IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET,
- radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
+ radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
// State machine should have been created by now
- StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
+ StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (3) RADIUS MD5 challenge
- RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
- RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
+ RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
+ RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, radiusIdentifyPacket.getIdentifier(),
+ aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
@@ -283,14 +235,14 @@
// (4) Supplicant MD5 response
- Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
- stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
- sendPacket(md5RadiusPacket);
+ Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
+ stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
+ sendPacket(md5RadiusPacket);
RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
- assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
+ //assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
// State machine should be in pending state
@@ -301,7 +253,8 @@
// (5) RADIUS Success
RADIUS successPacket =
- constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
+ constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS,
+ responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket((successPacket));
Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
@@ -324,16 +277,15 @@
assertNotEquals(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), ZERO);
- assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingRequests(), ZERO);
// Counts the aaa Statistics count and displays in the log
countAaaStatistics();
}
- /** Tests the count for defected packets.
+ /**
+ * Tests the count for defected packets.
*
- * @throws DeserializationException
- * if packed deserialization fails.
+ * @throws DeserializationException if packed deserialization fails.
*/
@Test
public void testAaaStatisticsForDefectivePackets() throws Exception {
@@ -350,16 +302,15 @@
checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
- // Calling the mock test socket based to handle packet
- aaaManager.impl.handlePacketFromServer(null);
// State machine should have been created by now
- StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
+ StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
// (3) RADIUS MD5 challenge
RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
- RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
+ RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, radiusIdentifyPacket.getIdentifier(),
+ aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
@@ -367,13 +318,17 @@
// (4) Supplicant MD5 response
Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
- stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
+ stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
sendPacket(md5RadiusPacket);
aaaManager.aaaStatisticsManager.calculatePacketRoundtripTime();
+
+ RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
+
// (5) RADIUS Rejected
RADIUS rejectedPacket =
- constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_REJECT, EAP.FAILURE);
+ constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_REJECT, EAP.FAILURE,
+ responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket((rejectedPacket));
Ethernet supplicantRejectedPacket = (Ethernet) fetchPacket(4);
@@ -396,15 +351,12 @@
assertNotEquals(aaaStatisticsManager.getAaaStats().getChallengeResponsesRx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getDroppedResponsesRx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx(), ZERO);
- assertNotEquals(aaaStatisticsManager.getAaaStats().getPendingRequests(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getRejectResponsesRx(), ZERO);
- assertNotEquals(aaaStatisticsManager.getAaaStats().getRequestRttMilis(), ZERO);
- assertNotEquals(aaaStatisticsManager.getAaaStats().getUnknownTypeRx(), ZERO);
// Counts the aaa Statistics count
countAaaStatistics();
- }
+ }
/*
* Tests the retransmitted packet and malformed packet count
@@ -436,7 +388,7 @@
// creating malformed packet
final ByteBuffer byteBuffer = ByteBuffer.wrap(startPacket.serialize());
InboundPacket inPacket = new DefaultInboundPacket(connectPoint("1", 1),
- startPacket, byteBuffer);
+ startPacket, byteBuffer);
PacketContext context = new TestPacketContext(127L, inPacket, null, false);
aaaManager.impl.handlePacketFromServer(context);
@@ -456,10 +408,11 @@
countAaaStatistics();
}
- /** Tests the authentication path through the AAA application.
- * And counts the aaa Stats for logoff transactionXZ.
- * @throws DeserializationException
- * if packed deserialization fails.
+ /**
+ * Tests the authentication path through the AAA application.
+ * And counts the aaa Stats for logoff transactionXZ.
+ *
+ * @throws DeserializationException if packed deserialization fails.
*/
@Test
public void testAaaStatisticsForLogoffPackets() throws Exception {
@@ -483,19 +436,21 @@
assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()),
is("testuser"));
IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET,
- radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
+ radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
// State machine should have been created by now
- StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
+ //StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(SESSION_ID);
+ StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (3) RADIUS MD5 challenge
- RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
- RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5);
+ RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(
+ RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5,
+ radiusIdentifyPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
@@ -503,14 +458,13 @@
// (4) Supplicant MD5 response
- Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
- stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
- sendPacket(md5RadiusPacket);
+ Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5,
+ stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
+ sendPacket(md5RadiusPacket);
RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
- assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
// State machine should be in pending state
@@ -521,7 +475,8 @@
// (5) RADIUS Success
RADIUS successPacket =
- constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS);
+ constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS,
+ responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket((successPacket));
Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
@@ -533,8 +488,8 @@
assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
// Supplicant trigger EAP Logoff
- Ethernet loggoffPacket = constructSupplicantLogoffPacket();
- sendPacket(loggoffPacket);
+ Ethernet logoffPacket = constructSupplicantLogoffPacket();
+ sendPacket(logoffPacket);
// State machine should be in logoff state
assertThat(stateMachine, notNullValue());
@@ -547,8 +502,8 @@
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqTrans(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap(), ZERO);
- // Counts the aaa Statistics count
- countAaaStatistics();
+ // Counts the aaa Statistics count
+ countAaaStatistics();
}
@@ -575,16 +530,16 @@
*/
class TestSocketBasedRadiusCommunicator extends SocketBasedRadiusCommunicator {
- TestSocketBasedRadiusCommunicator(ApplicationId appId, PacketService pktService, AaaManager aaaManager) {
- super(appId, pktService, aaaManager);
- }
+ TestSocketBasedRadiusCommunicator(ApplicationId appId, PacketService pktService, AaaManager aaaManager) {
+ super(appId, pktService, aaaManager);
+ }
// Implementation of socketBasedRadiusCommunicator--> run() method
public void handlePacketFromServer(PacketContext context) {
- RADIUS incomingPkt = (RADIUS) fetchPacket(savedPackets.size() - 1);
- try {
- if (context == null) {
+ RADIUS incomingPkt = (RADIUS) fetchPacket(savedPackets.size() - 1);
+ try {
+ if (context == null) {
aaaStatisticsManager.handleRoundtripTime(incomingPkt.getIdentifier());
aaaManager.handleRadiusPacket(incomingPkt);
} else if (null != context) {
@@ -594,14 +549,11 @@
incomingPkt =
RADIUS.deserializer().deserialize(incomingPkt.generateAuthCode(), 0, 1);
}
- } catch (DeserializationException dex) {
- aaaManager.aaaStatisticsManager.getAaaStats().increaseMalformedResponsesRx();
- aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
- log.error("Cannot deserialize packet", dex);
- } catch (StateMachineException sme) {
- log.error("Illegal state machine operation", sme);
- }
-
+ } catch (DeserializationException dex) {
+ aaaManager.aaaStatisticsManager.getAaaStats().increaseMalformedResponsesRx();
+ aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
+ log.error("Cannot deserialize packet", dex);
+ }
}
}
diff --git a/app/src/test/java/org/opencord/aaa/impl/AaaTestBase.java b/app/src/test/java/org/opencord/aaa/impl/AaaTestBase.java
index 14f1258..3d7a28b 100644
--- a/app/src/test/java/org/opencord/aaa/impl/AaaTestBase.java
+++ b/app/src/test/java/org/opencord/aaa/impl/AaaTestBase.java
@@ -15,6 +15,7 @@
*/
package org.opencord.aaa.impl;
+import com.google.common.base.Charsets;
import org.onlab.packet.BasePacket;
import org.onlab.packet.EAP;
import org.onlab.packet.EAPOL;
@@ -22,15 +23,17 @@
import org.onlab.packet.Ethernet;
import org.onlab.packet.Ip4Address;
import org.onlab.packet.MacAddress;
+import org.onlab.packet.RADIUS;
+import org.onlab.packet.RADIUSAttribute;
import org.onlab.packet.VlanId;
import org.onosproject.cfg.ComponentConfigService;
import org.onosproject.cfg.ConfigProperty;
import org.onosproject.net.Annotations;
-import org.onosproject.net.device.DeviceServiceAdapter;
import org.onosproject.net.ConnectPoint;
import org.onosproject.net.Element;
import org.onosproject.net.Port;
import org.onosproject.net.PortNumber;
+import org.onosproject.net.device.DeviceServiceAdapter;
import org.onosproject.net.packet.DefaultInboundPacket;
import org.onosproject.net.packet.DefaultPacketContext;
import org.onosproject.net.packet.InboundPacket;
@@ -38,7 +41,6 @@
import org.onosproject.net.packet.PacketContext;
import org.onosproject.net.packet.PacketProcessor;
import org.onosproject.net.packet.PacketServiceAdapter;
-
import org.opencord.sadis.BandwidthProfileInformation;
import org.opencord.sadis.BaseInformationService;
import org.opencord.sadis.SadisService;
@@ -477,4 +479,34 @@
return eth;
}
+ /**
+ * Constructs an Ethernet packet containing a RADIUS challenge
+ * packet.
+ *
+ * @param challengeCode code to use in challenge packet
+ * @param challengeType type to use in challenge packet
+ * @return Ethernet packet
+ */
+ RADIUS constructRadiusCodeAccessChallengePacket(byte challengeCode, byte challengeType,
+ byte identifier, byte[] messageAuth) {
+
+ String challenge = "12345678901234567";
+
+ EAP eap = new EAP(challengeType, (byte) 4, challengeType,
+ challenge.getBytes(Charsets.US_ASCII));
+ //eap.setIdentifier((byte) 4);
+ eap.setIdentifier(identifier);
+
+ RADIUS radius = new RADIUS();
+ radius.setCode(challengeCode);
+ //radius.setIdentifier((byte) 4);
+ radius.setIdentifier(identifier);
+ radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
+ challenge.getBytes(Charsets.US_ASCII));
+
+ radius.setPayload(eap);
+ radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE, eap.serialize());
+ radius.setAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, messageAuth);
+ return radius;
+ }
}
diff --git a/app/src/test/java/org/opencord/aaa/impl/StateMachineTest.java b/app/src/test/java/org/opencord/aaa/impl/StateMachineTest.java
index 4053ff9..e66a5f3 100644
--- a/app/src/test/java/org/opencord/aaa/impl/StateMachineTest.java
+++ b/app/src/test/java/org/opencord/aaa/impl/StateMachineTest.java
@@ -19,11 +19,10 @@
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
-import org.onlab.packet.MacAddress;
+
+import java.util.concurrent.Executors;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
public class StateMachineTest {
StateMachine stateMachine = null;
@@ -31,15 +30,13 @@
@Before
public void setUp() {
System.out.println("Set Up.");
- StateMachine.initializeMaps();
StateMachine.setDelegate(e -> { });
- stateMachine = new StateMachine("session0");
+ stateMachine = new StateMachine("session0", Executors.newSingleThreadScheduledExecutor());
}
@After
public void tearDown() {
System.out.println("Tear Down.");
- StateMachine.destroyMaps();
stateMachine = null;
}
@@ -47,7 +44,7 @@
/**
* Test all the basic inputs from state to state: IDLE -> STARTED -> PENDING -> AUTHORIZED -> IDLE
*/
- public void basic() throws StateMachineException {
+ public void basic() {
System.out.println("======= BASIC =======.");
assertEquals(stateMachine.state(), StateMachine.STATE_IDLE);
@@ -68,7 +65,7 @@
/**
* Test all inputs from an IDLE state (starting with the ones that are not impacting the current state)
*/
- public void testIdleState() throws StateMachineException {
+ public void testIdleState() {
System.out.println("======= IDLE STATE TEST =======.");
stateMachine.requestAccess();
assertEquals(stateMachine.state(), StateMachine.STATE_IDLE);
@@ -90,7 +87,7 @@
/**
* Test all inputs from an STARTED state (starting with the ones that are not impacting the current state)
*/
- public void testStartedState() throws StateMachineException {
+ public void testStartedState() {
System.out.println("======= STARTED STATE TEST =======.");
stateMachine.start();
@@ -115,7 +112,7 @@
* Test all inputs from a PENDING state (starting with the ones that are not impacting the current state).
* The next valid state for this test is AUTHORIZED
*/
- public void testPendingStateToAuthorized() throws StateMachineException {
+ public void testPendingStateToAuthorized() {
System.out.println("======= PENDING STATE TEST (AUTHORIZED) =======.");
stateMachine.start();
stateMachine.requestAccess();
@@ -141,7 +138,7 @@
* Test all inputs from an PENDING state (starting with the ones that are not impacting the current state).
* The next valid state for this test is UNAUTHORIZED
*/
- public void testPendingStateToUnauthorized() throws StateMachineException {
+ public void testPendingStateToUnauthorized() {
System.out.println("======= PENDING STATE TEST (DENIED) =======.");
stateMachine.start();
stateMachine.requestAccess();
@@ -166,7 +163,7 @@
/**
* Test all inputs from an AUTHORIZED state (starting with the ones that are not impacting the current state).
*/
- public void testAuthorizedState() throws StateMachineException {
+ public void testAuthorizedState() {
System.out.println("======= AUTHORIZED STATE TEST =======.");
stateMachine.start();
stateMachine.requestAccess();
@@ -192,7 +189,7 @@
/**
* Test all inputs from an UNAUTHORIZED state (starting with the ones that are not impacting the current state).
*/
- public void testUnauthorizedState() throws StateMachineException {
+ public void testUnauthorizedState() {
System.out.println("======= UNAUTHORIZED STATE TEST =======.");
stateMachine.start();
stateMachine.requestAccess();
@@ -214,87 +211,4 @@
assertEquals(stateMachine.state(), StateMachine.STATE_IDLE);
}
- @Test
- public void testSessionIdLookups() {
- String sessionId1 = "session1";
- String sessionId2 = "session2";
- String sessionId3 = "session3";
-
- StateMachine machine1ShouldBeNull =
- StateMachine.lookupStateMachineBySessionId(sessionId1);
- assertNull(machine1ShouldBeNull);
- StateMachine machine2ShouldBeNull =
- StateMachine.lookupStateMachineBySessionId(sessionId2);
- assertNull(machine2ShouldBeNull);
-
- StateMachine stateMachine1 = new StateMachine(sessionId1);
- StateMachine stateMachine2 = new StateMachine(sessionId2);
-
- assertEquals(stateMachine1,
- StateMachine.lookupStateMachineBySessionId(sessionId1));
- assertEquals(stateMachine2,
- StateMachine.lookupStateMachineBySessionId(sessionId2));
- assertNull(StateMachine.lookupStateMachineBySessionId(sessionId3));
- }
-
- @Test
- public void testIdentifierLookups() throws StateMachineException {
- String sessionId1 = "session1";
- String sessionId2 = "session2";
-
- StateMachine machine1ShouldBeNull =
- StateMachine.lookupStateMachineById((byte) 1);
- assertNull(machine1ShouldBeNull);
- StateMachine machine2ShouldBeNull =
- StateMachine.lookupStateMachineById((byte) 2);
- assertNull(machine2ShouldBeNull);
-
- StateMachine stateMachine1 = new StateMachine(sessionId1);
- stateMachine1.start();
- StateMachine stateMachine2 = new StateMachine(sessionId2);
- stateMachine2.start();
-
- assertEquals(stateMachine1,
- StateMachine.lookupStateMachineById(stateMachine1.identifier()));
- assertEquals(stateMachine2,
- StateMachine.lookupStateMachineById(stateMachine2.identifier()));
- }
-
- @Test
- /**
- * Test state machine deletes
- */
- public void testStateMachineReset() throws StateMachineException {
-
- int count = 256;
-
- //StateMachine.initializeMaps();
- StateMachine.lookupStateMachineById((byte) 1);
-
- // Instantiate a bunch of state machines
- for (int i = 0; i < count; i += 1) {
- String mac = String.format("00:00:00:00:00:%02x", i);
- StateMachine sm = new StateMachine(mac);
- sm.start();
- sm.setSupplicantAddress(MacAddress.valueOf(mac));
- }
-
- // Verify all state machines with a "even" MAC exist
- for (int i = 0; i < count; i += 2) {
- String mac = String.format("00:00:00:00:00:%02x", i);
- assertNotNull(StateMachine.lookupStateMachineBySessionId(mac));
- }
-
- // Delete all state machines with a "even" MAC
- for (int i = 0; i < count; i += 2) {
- String mac = String.format("00:00:00:00:00:%02x", i);
- StateMachine.deleteByMac(MacAddress.valueOf(mac));
- }
-
- // Verify all the delete state machines no long exist
- for (int i = 0; i < count; i += 2) {
- String mac = String.format("00:00:00:00:00:%02x", i);
- assertNull(StateMachine.lookupStateMachineBySessionId(mac));
- }
- }
}