Gitiles
Code Review Sign In
gerrit.opencord.org / aaa / 1bd890d550a107d53f58d99177966ce19196feb1 / . / app / src / main / java / org / opencord / aaa / impl / AaaManager.java
blob: f14cf66fe1676971a9d4d3bdb13e3fd036c746f0 [file] [log] [blame]
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]1/*
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]2 * Copyright 2017-present Open Networking Foundation
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]16package org.opencord.aaa.impl;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]17
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]18import static org.onosproject.net.config.basics.SubjectFactories.APP_SUBJECT_FACTORY;
19import static org.slf4j.LoggerFactory.getLogger;
20
21import java.net.InetAddress;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]22import java.net.UnknownHostException;
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]23import java.nio.ByteBuffer;
24import java.util.Map;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]25import java.util.Dictionary;
26import java.util.HashSet;
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]27import java.util.Arrays;
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]28import java.util.List;
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]29
Jonathan Hart932bedc2018-07-12 13:46:09 -0700[diff] [blame]30import org.apache.commons.lang3.builder.ToStringBuilder;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]31import org.apache.felix.scr.annotations.Component;
32import org.apache.felix.scr.annotations.Deactivate;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]33import org.apache.felix.scr.annotations.Property;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]34import org.apache.felix.scr.annotations.Reference;
35import org.apache.felix.scr.annotations.ReferenceCardinality;
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]36import org.apache.felix.scr.annotations.Service;
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]37import org.onlab.packet.DeserializationException;
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]38import org.onlab.packet.EAP;
39import org.onlab.packet.EAPOL;
40import org.onlab.packet.EthType;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]41import org.onlab.packet.Ethernet;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]42import org.onlab.packet.MacAddress;
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]43import org.onlab.packet.RADIUS;
44import org.onlab.packet.RADIUSAttribute;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]45import org.onlab.util.Tools;
46import org.onosproject.cfg.ComponentConfigService;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]47import org.onosproject.core.ApplicationId;
48import org.onosproject.core.CoreService;
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]49import org.onosproject.event.AbstractListenerManager;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]50import org.onosproject.mastership.MastershipService;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]51import org.onosproject.net.ConnectPoint;
52import org.onosproject.net.DeviceId;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]53import org.onosproject.net.PortNumber;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]54import org.onosproject.net.config.ConfigFactory;
55import org.onosproject.net.config.NetworkConfigEvent;
56import org.onosproject.net.config.NetworkConfigListener;
57import org.onosproject.net.config.NetworkConfigRegistry;
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]58import org.onosproject.net.device.DeviceEvent;
59import org.onosproject.net.device.DeviceListener;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]60import org.onosproject.net.device.DeviceService;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]61import org.onosproject.net.flow.DefaultTrafficTreatment;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]62import org.onosproject.net.flow.TrafficTreatment;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]63import org.onosproject.net.packet.DefaultOutboundPacket;
64import org.onosproject.net.packet.InboundPacket;
65import org.onosproject.net.packet.OutboundPacket;
66import org.onosproject.net.packet.PacketContext;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]67import org.onosproject.net.packet.PacketProcessor;
68import org.onosproject.net.packet.PacketService;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]69import org.opencord.aaa.AaaConfig;
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]70import org.opencord.aaa.AaaMachineStatisticsEvent;
71import org.opencord.aaa.AaaMachineStatisticsService;
72import org.opencord.aaa.AaaSupplicantMachineStats;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]73import org.opencord.aaa.AuthenticationEvent;
74import org.opencord.aaa.AuthenticationEventListener;
75import org.opencord.aaa.AuthenticationService;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]76import org.opencord.aaa.AuthenticationStatisticsEvent;
77import org.opencord.aaa.AuthenticationStatisticsService;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]78import org.opencord.aaa.RadiusCommunicator;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]79import org.opencord.aaa.RadiusOperationalStatusEvent;
80import org.opencord.aaa.RadiusOperationalStatusService;
Matteo Scandolocf847b82019-04-26 15:00:00 -0700[diff] [blame]81import org.opencord.aaa.StateMachineDelegate;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]82import org.opencord.aaa.RadiusOperationalStatusService.RadiusOperationalStatusEvaluationMode;
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]83import org.opencord.sadis.BaseInformationService;
84import org.opencord.sadis.SadisService;
85import org.opencord.sadis.SubscriberAndDeviceInformation;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]86import org.osgi.service.component.ComponentContext;
Kartikey Dubeyf72e1952019-06-24 07:09:00 +0000[diff] [blame]87import org.apache.felix.scr.annotations.Modified;
88import org.apache.felix.scr.annotations.Activate;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]89import org.slf4j.Logger;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]90import com.google.common.base.Strings;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]91
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]92import java.util.concurrent.Executors;
93import java.util.concurrent.ScheduledExecutorService;
94import java.util.concurrent.ScheduledFuture;
95import java.util.concurrent.TimeUnit;
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]96
97import javax.crypto.Mac;
98import javax.crypto.spec.SecretKeySpec;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]99/**
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]100 * AAA application for ONOS.
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]101 */
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]102@Service
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]103@Component(immediate = true)
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]104public class AaaManager
105 extends AbstractListenerManager<AuthenticationEvent, AuthenticationEventListener>
106 implements AuthenticationService {
107
Charles Chandf7ff862017-01-20 11:22:05 -0800[diff] [blame]108 private static final String APP_NAME = "org.opencord.aaa";
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]109
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]110 private final Logger log = getLogger(getClass());
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]111
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]112 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
113 protected CoreService coreService;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]114
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]115 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
116 protected PacketService packetService;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]117
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]118 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]119 protected NetworkConfigRegistry netCfgService;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]120
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]121 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
122 protected DeviceService deviceService;
123
124 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]125 protected SadisService sadisService;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]126
127 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
128 protected MastershipService mastershipService;
129
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]130 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
131 protected AuthenticationStatisticsService aaaStatisticsManager;
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]132
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]133 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]134 protected AaaMachineStatisticsService aaaSupplicantStatsManager;
135
136 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]137 protected ComponentConfigService cfgService;
138
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]139 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
140 protected RadiusOperationalStatusService radiusOperationalStatusService;
141
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]142 protected AuthenticationStatisticsEventPublisher authenticationStatisticsPublisher;
143 protected BaseInformationService<SubscriberAndDeviceInformation> subsService;
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]144 private final DeviceListener deviceListener = new InternalDeviceListener();
145
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]146 private static final int DEFAULT_REPEAT_DELAY = 20;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]147 @Property(name = "statisticsGenerationPeriodInSeconds", intValue = DEFAULT_REPEAT_DELAY,
148 label = "AAA Statistics generation frequency in seconds")
149 private int statisticsGenerationPeriodInSeconds = DEFAULT_REPEAT_DELAY;
150
151 private static final int DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION = 30;
152 @Property(name = "operationalStatusEventGenerationPeriodInSeconds",
153 intValue = DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION, label = "AAA Radius Server Operational "
154 + "Status Frequency in seconds")
155 private int operationalStatusEventGenerationPeriodInSeconds = DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION;
156
157 private static final int DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT = 10;
158 @Property(name = "operationalStatusServerTimeoutInSeconds",
159 intValue = DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT, label = "Maximum period(in Seconds) to "
160 + "wait for Status response from AAA Server ")
161 private int operationalStatusServerTimeoutInSeconds = DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT;
162
163 private static final String DEFAULT_STATUS_SERVER_MODE = "AUTO";
164 @Property(name = "operationalStatusEvaluationMode", value = DEFAULT_STATUS_SERVER_MODE,
165 label = "Evaluation mode for determining the Operational Status of Radius Server. Valid values are AUTO "
166 + "(default), STATUS_REQUEST and ACCESS_REQUEST")
167 protected String operationalStatusEvaluationMode = DEFAULT_STATUS_SERVER_MODE;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]168
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]169 // NAS IP address
170 protected InetAddress nasIpAddress;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]171
172 // self MAC address
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]173 protected String nasMacAddress;
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]174
175 // Parsed RADIUS server addresses
176 protected InetAddress radiusIpAddress;
177
178 // MAC address of RADIUS server or net hop router
179 protected String radiusMacAddress;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]180
181 // RADIUS server secret
182 protected String radiusSecret;
183
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]184 // bindings
185 protected CustomizationInfo customInfo;
Ray Milkey5d99bd12015-10-06 15:41:30 -0700[diff] [blame]186
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]187 // our application-specific event handler
188 private ReactivePacketProcessor processor = new ReactivePacketProcessor();
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]189
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]190 // our unique identifier
191 private ApplicationId appId;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]192
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]193 // TimeOut time for cleaning up stateMachines stuck due to pending AAA/EAPOL message.
194 protected int cleanupTimerTimeOutInMins;
195
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]196 // Setup specific customization/attributes on the RADIUS packets
197 PacketCustomizer pktCustomizer;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]198
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]199 // packet customizer to use
200 private String customizer;
201
202 // Type of connection to use to communicate with Radius server, options are
203 // "socket" or "packet_out"
204 private String radiusConnectionType;
205
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]206 // Object for the specific type of communication with the RADIUS
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]207 // server, socket based or packet_out based
208 RadiusCommunicator impl = null;
209
210 // latest configuration
211 AaaConfig newCfg;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]212
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]213 ScheduledFuture<?> scheduledFuture;
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]214 ScheduledFuture<?> scheduledStatusServerChecker;
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]215 ScheduledExecutorService executor;
216 String configuredAaaServerAddress;
217 HashSet<Byte> outPacketSet = new HashSet<Byte>();
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]218 HashSet<Byte> outPacketSupp = new HashSet<Byte>();
219 static final List<Byte> VALID_EAPOL_TYPE = Arrays.asList(EAPOL.EAPOL_START, EAPOL.EAPOL_LOGOFF, EAPOL.EAPOL_PACKET);
220 static final int HEADER_LENGTH = 4;
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]221 // Configuration properties factory
222 private final ConfigFactory factory =
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]223 new ConfigFactory<ApplicationId, AaaConfig>(APP_SUBJECT_FACTORY,
224 AaaConfig.class,
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]225 "AAA") {
226 @Override
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]227 public AaaConfig createConfig() {
228 return new AaaConfig();
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]229 }
230 };
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]231
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]232 // Listener for config changes
233 private final InternalConfigListener cfgListener = new InternalConfigListener();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]234
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]235 private StateMachineDelegate delegate = new InternalStateMachineDelegate();
236
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]237 /**
238 * Builds an EAPOL packet based on the given parameters.
239 *
240 * @param dstMac destination MAC address
241 * @param srcMac source MAC address
242 * @param vlan vlan identifier
243 * @param eapolType EAPOL type
244 * @param eap EAP payload
245 * @return Ethernet frame
246 */
247 private static Ethernet buildEapolResponse(MacAddress dstMac, MacAddress srcMac,
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]248 short vlan, byte eapolType, EAP eap, byte priorityCode) {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]249
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]250 Ethernet eth = new Ethernet();
251 eth.setDestinationMACAddress(dstMac.toBytes());
252 eth.setSourceMACAddress(srcMac.toBytes());
253 eth.setEtherType(EthType.EtherType.EAPOL.ethType().toShort());
254 if (vlan != Ethernet.VLAN_UNTAGGED) {
255 eth.setVlanID(vlan);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]256 eth.setPriorityCode(priorityCode);
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]257 }
258 //eapol header
259 EAPOL eapol = new EAPOL();
260 eapol.setEapolType(eapolType);
261 eapol.setPacketLength(eap.getLength());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]262
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]263 //eap part
264 eapol.setPayload(eap);
265
266 eth.setPayload(eapol);
267 eth.setPad(true);
268 return eth;
269 }
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]270
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]271 @Activate
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]272 public void activate(ComponentContext context) {
Charles Chandf7ff862017-01-20 11:22:05 -0800[diff] [blame]273 appId = coreService.registerApplication(APP_NAME);
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]274 eventDispatcher.addSink(AuthenticationEvent.class, listenerRegistry);
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]275 netCfgService.addListener(cfgListener);
276 netCfgService.registerConfigFactory(factory);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]277 cfgService.registerProperties(getClass());
278 modified(context);
Gamze Abaka1cfdb192018-10-25 11:39:19 +0000[diff] [blame]279 subsService = sadisService.getSubscriberInfoService();
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]280 customInfo = new CustomizationInfo(subsService, deviceService);
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]281 cfgListener.reconfigureNetwork(netCfgService.getConfig(appId, AaaConfig.class));
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]282 log.info("Starting with config {} {}", this, newCfg);
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]283 configureRadiusCommunication();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]284 // register our event handler
Brian O'Connord9c7da02015-07-29 17:49:24 -0700[diff] [blame]285 packetService.addProcessor(processor, PacketProcessor.director(2));
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]286 StateMachine.initializeMaps();
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]287 StateMachine.setDelegate(delegate);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]288 cleanupTimerTimeOutInMins = newCfg.sessionCleanupTimer();
289 StateMachine.setcleanupTimerTimeOutInMins(cleanupTimerTimeOutInMins);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]290 impl.initializeLocalState(newCfg);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]291 impl.requestIntercepts();
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]292 deviceService.addListener(deviceListener);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]293 getConfiguredAaaServerAddress();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]294 radiusOperationalStatusService.initialize(nasIpAddress.getAddress(), radiusSecret, impl);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]295 authenticationStatisticsPublisher =
296 new AuthenticationStatisticsEventPublisher();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]297 executor = Executors.newScheduledThreadPool(3);
298
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]299 scheduledFuture = executor.scheduleAtFixedRate(authenticationStatisticsPublisher,
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]300 0, statisticsGenerationPeriodInSeconds, TimeUnit.SECONDS);
301 scheduledStatusServerChecker = executor.scheduleAtFixedRate(new ServerStatusChecker(), 0,
302 operationalStatusEventGenerationPeriodInSeconds, TimeUnit.SECONDS);
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]303
Jian Li13c67162015-12-09 13:20:34 -0800[diff] [blame]304 log.info("Started");
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]305 }
306
307 @Deactivate
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]308 public void deactivate(ComponentContext context) {
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]309 impl.withdrawIntercepts();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]310 packetService.removeProcessor(processor);
Deepa Vaddireddyb9c24c62017-09-21 13:45:30 +0530[diff] [blame]311 netCfgService.removeListener(cfgListener);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]312 cfgService.unregisterProperties(getClass(), false);
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]313 StateMachine.unsetDelegate(delegate);
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]314 StateMachine.destroyMaps();
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]315 impl.deactivate();
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]316 deviceService.removeListener(deviceListener);
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]317 eventDispatcher.removeSink(AuthenticationEvent.class);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]318 scheduledFuture.cancel(true);
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]319 scheduledStatusServerChecker.cancel(true);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]320 executor.shutdown();
Jian Li13c67162015-12-09 13:20:34 -0800[diff] [blame]321 log.info("Stopped");
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]322 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]323 @Modified
324 public void modified(ComponentContext context) {
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]325 Dictionary<String, Object> properties = context.getProperties();
326 String s = Tools.get(properties, "statisticsGenerationPeriodInSeconds");
327 statisticsGenerationPeriodInSeconds = Strings.isNullOrEmpty(s) ? DEFAULT_REPEAT_DELAY
328 : Integer.parseInt(s.trim());
329
330 s = Tools.get(properties, "operationalStatusEventGenerationPeriodInSeconds");
331 operationalStatusEventGenerationPeriodInSeconds = Strings.isNullOrEmpty(s)
332 ? DEFAULT_OPERATIONAL_STATUS_SERVER_EVENT_GENERATION
333 : Integer.parseInt(s.trim());
334
335 s = Tools.get(properties, "operationalStatusServerTimeoutInSeconds");
336 operationalStatusServerTimeoutInSeconds = Strings.isNullOrEmpty(s) ? DEFAULT_OPERATIONAL_STATUS_SERVER_TIMEOUT
337 : Integer.parseInt(s.trim());
338
339 s = Tools.get(properties, "operationalStatusEvaluationMode");
340 String newEvaluationModeString = Strings.isNullOrEmpty(s) ? DEFAULT_STATUS_SERVER_MODE : s.trim();
341
342 radiusOperationalStatusService
343 .setOperationalStatusServerTimeoutInMillis(operationalStatusServerTimeoutInSeconds * 1000);
344 RadiusOperationalStatusEvaluationMode newEvaluationMode =
345 RadiusOperationalStatusEvaluationMode.getValue(newEvaluationModeString);
346 if (newEvaluationMode != null) {
347 radiusOperationalStatusService.setRadiusOperationalStatusEvaluationMode(newEvaluationMode);
348 operationalStatusEvaluationMode = newEvaluationModeString;
349 } else {
350 properties.put("operationalStatusEvaluationMode", operationalStatusEvaluationMode);
351 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]352 }
353
Shubham Sharma1ad16632019-11-26 11:09:21 +0000[diff] [blame]354 protected void configureRadiusCommunication() {
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]355 if (radiusConnectionType.toLowerCase().equals("socket")) {
356 impl = new SocketBasedRadiusCommunicator(appId, packetService, this);
357 } else {
358 impl = new PortBasedRadiusCommunicator(appId, packetService, mastershipService,
359 deviceService, subsService, pktCustomizer, this);
360 }
361 }
362
363 private void configurePacketCustomizer() {
364 switch (customizer.toLowerCase()) {
365 case "sample":
366 pktCustomizer = new SamplePacketCustomizer(customInfo);
367 log.info("Created SamplePacketCustomizer");
368 break;
Saurav Dase72358a2018-11-13 21:56:46 -0800[diff] [blame]369 case "att":
370 pktCustomizer = new AttPacketCustomizer(customInfo);
371 log.info("Created AttPacketCustomizer");
372 break;
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]373 default:
374 pktCustomizer = new PacketCustomizer(customInfo);
375 log.info("Created default PacketCustomizer");
376 break;
377 }
378 }
379
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]380 private void getConfiguredAaaServerAddress() {
381 try {
382 InetAddress address;
383 if (newCfg.radiusHostName() != null) {
384 address = InetAddress.getByName(newCfg.radiusHostName());
385 } else {
386 address = newCfg.radiusIp();
387 }
388
389 configuredAaaServerAddress = address.getHostAddress();
390 } catch (UnknownHostException uhe) {
391 log.warn("Unable to resolve host {}", newCfg.radiusHostName());
392 }
393 }
394
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]395 private void checkReceivedPacketForValidValidator(RADIUS radiusPacket, byte[] requestAuthenticator) {
396 if (!checkResponseMessageAuthenticator(radiusSecret, radiusPacket, requestAuthenticator)) {
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]397 aaaStatisticsManager.getAaaStats().increaseInvalidValidatorsRx();
398 }
399 }
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]400
401 private boolean checkResponseMessageAuthenticator(String key, RADIUS radiusPacket, byte[] requestAuthenticator) {
402 byte[] newHash = new byte[16];
403 Arrays.fill(newHash, (byte) 0);
404 byte[] messageAuthenticator = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH).getValue();
405 byte[] authenticator = radiusPacket.getAuthenticator();
406 radiusPacket.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, newHash);
407 radiusPacket.setAuthenticator(requestAuthenticator);
408 // Calculate the MD5 HMAC based on the message
409 try {
410 SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacMD5");
411 Mac mac = Mac.getInstance("HmacMD5");
412 mac.init(keySpec);
413 newHash = mac.doFinal(radiusPacket.serialize());
414 } catch (Exception e) {
415 log.error("Failed to generate message authenticator: {}", e.getMessage());
416 }
417 radiusPacket.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, messageAuthenticator);
418 radiusPacket.setAuthenticator(authenticator);
419 // Compare the calculated Message-Authenticator with the one in the message
420 return Arrays.equals(newHash, messageAuthenticator);
421 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]422 public void checkForPacketFromUnknownServer(String hostAddress) {
423 if (!hostAddress.equals(configuredAaaServerAddress)) {
Vijaykumar Kushwahafffd3d12019-08-01 11:09:59 +0000[diff] [blame]424 getConfiguredAaaServerAddress();
425 if (!hostAddress.equals(configuredAaaServerAddress)) {
426 aaaStatisticsManager.getAaaStats().incrementUnknownServerRx();
427 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]428 }
429 }
430
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]431 /**
432 * Send RADIUS packet to the RADIUS server.
433 *
434 * @param radiusPacket RADIUS packet to be sent to server.
435 * @param inPkt Incoming EAPOL packet
436 */
437 protected void sendRadiusPacket(RADIUS radiusPacket, InboundPacket inPkt) {
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]438 outPacketSet.add(radiusPacket.getIdentifier());
439 aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(true);
440 aaaStatisticsManager.getAaaStats().increaseAccessRequestsTx();
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]441 aaaStatisticsManager.putOutgoingIdentifierToMap(radiusPacket.getIdentifier());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]442 impl.sendRadiusPacket(radiusPacket, inPkt);
443 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]444
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]445 /**
446 * For scheduling the timer required for cleaning up StateMachine
447 * when no response
448 * from RADIUS SERVER.
449 *
450 * @param sessionId SessionId of the current session
451 * @param stateMachine StateMachine for the id
452 */
453 public void scheduleStateMachineCleanupTimer(String sessionId, StateMachine stateMachine) {
454 StateMachine.CleanupTimerTask cleanupTask = stateMachine.new CleanupTimerTask(sessionId, this);
455 ScheduledFuture<?> cleanupTimer = executor.schedule(cleanupTask, cleanupTimerTimeOutInMins, TimeUnit.MINUTES);
456 stateMachine.setCleanupTimer(cleanupTimer);
457
458 }
459
460 /**
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]461 * Handles RADIUS packets.
462 *
463 * @param radiusPacket RADIUS packet coming from the RADIUS server.
464 * @throws StateMachineException if an illegal state transition is triggered
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]465 * @throws DeserializationException if packet deserialization fails
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]466 */
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]467 public void handleRadiusPacket(RADIUS radiusPacket)
468 throws StateMachineException, DeserializationException {
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]469 if (log.isTraceEnabled()) {
470 log.trace("Received RADIUS packet {}", radiusPacket);
471 }
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]472 if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
473 radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
474 return;
475 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]476 StateMachine stateMachine = StateMachine.lookupStateMachineById(radiusPacket.getIdentifier());
477 if (stateMachine == null) {
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]478 log.error("Invalid packet identifier {}, could not find corresponding "
479 + "state machine ... exiting", radiusPacket.getIdentifier());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]480 aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
481 aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]482 return;
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]483 }
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]484
485 //instance of StateMachine using the sessionId for updating machine stats
486 StateMachine machineStats = StateMachine.lookupStateMachineBySessionId(stateMachine.sessionId());
487
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]488 EAP eapPayload;
489 Ethernet eth;
Vijaykumar Kushwaha056e4cd2019-08-06 13:16:25 +0000[diff] [blame]490 checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]491
492 //increasing packets and octets received from server
493 machineStats.incrementTotalPacketsReceived();
494 machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
495
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]496 if (outPacketSet.contains(radiusPacket.getIdentifier())) {
497 aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
498 outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
499 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]500 switch (radiusPacket.getCode()) {
501 case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]502 log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE");
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]503 RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
504 byte[] challengeState = null;
505 if (radiusAttrState != null) {
506 challengeState = radiusAttrState.getValue();
507 }
508 eapPayload = radiusPacket.decapsulateMessage();
509 stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
510 eth = buildEapolResponse(stateMachine.supplicantAddress(),
511 MacAddress.valueOf(nasMacAddress),
512 stateMachine.vlanId(),
513 EAPOL.EAPOL_PACKET,
514 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]515 log.debug("Send EAP challenge response to supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]516 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]517 aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]518 outPacketSupp.add(eapPayload.getIdentifier());
519 aaaStatisticsManager.getAaaStats().incrementPendingResSupp();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]520 //increasing packets send to server
521 machineStats.incrementTotalPacketsSent();
522 machineStats.incrementTotalOctetSent(eapPayload.getLength());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]523 break;
524 case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]525 log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT");
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]526 //send an EAPOL - Success to the supplicant.
527 byte[] eapMessageSuccess =
528 radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]529 eapPayload = EAP.deserializer().deserialize(
530 eapMessageSuccess, 0, eapMessageSuccess.length);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]531 eth = buildEapolResponse(stateMachine.supplicantAddress(),
532 MacAddress.valueOf(nasMacAddress),
533 stateMachine.vlanId(),
534 EAPOL.EAPOL_PACKET,
535 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]536 log.info("Send EAP success message to supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]537 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
538 aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]539
540 stateMachine.authorizeAccess();
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]541 aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]542 //increasing packets send to server
543 machineStats.incrementTotalPacketsSent();
544 machineStats.incrementTotalOctetSent(eapPayload.getLength());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]545 break;
546 case RADIUS.RADIUS_CODE_ACCESS_REJECT:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]547 log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT");
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]548 //send an EAPOL - Failure to the supplicant.
549 byte[] eapMessageFailure;
550 eapPayload = new EAP();
551 RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
552 if (radiusAttrEap == null) {
553 eapPayload.setCode(EAP.FAILURE);
554 eapPayload.setIdentifier(stateMachine.challengeIdentifier());
555 eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
556 } else {
557 eapMessageFailure = radiusAttrEap.getValue();
Jonathan Hart4731dd92018-05-02 17:30:05 -0700[diff] [blame]558 eapPayload = EAP.deserializer().deserialize(
559 eapMessageFailure, 0, eapMessageFailure.length);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]560 }
561 eth = buildEapolResponse(stateMachine.supplicantAddress(),
562 MacAddress.valueOf(nasMacAddress),
563 stateMachine.vlanId(),
564 EAPOL.EAPOL_PACKET,
565 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]566 log.warn("Send EAP failure message to supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]567 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
568 aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
569
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]570 stateMachine.denyAccess();
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]571 aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]572 //increasing packets send to server
573 machineStats.incrementTotalPacketsSent();
574 machineStats.incrementTotalOctetSent(eapPayload.getLength());
575 //pushing machine stats to kafka
576 AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
577 aaaSupplicantStatsManager.getMachineStatsDelegate()
578 .notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, machineObj));
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]579 break;
580 default:
581 log.warn("Unknown RADIUS message received with code: {}", radiusPacket.getCode());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]582 aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]583 //increasing packets received to server
584 machineStats.incrementTotalPacketsReceived();
585 machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]586 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]587 aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
Aaron Kruglikovd39d99e2015-07-03 13:30:57 -0700[diff] [blame]588 }
589
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]590 /**
591 * Send the ethernet packet to the supplicant.
592 *
593 * @param ethernetPkt the ethernet packet
594 * @param connectPoint the connect point to send out
595 */
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]596 private void sendPacketToSupplicant(Ethernet ethernetPkt, ConnectPoint connectPoint, boolean isChallengeResponse) {
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]597 TrafficTreatment treatment = DefaultTrafficTreatment.builder().setOutput(connectPoint.port()).build();
598 OutboundPacket packet = new DefaultOutboundPacket(connectPoint.deviceId(),
599 treatment, ByteBuffer.wrap(ethernetPkt.serialize()));
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]600 EAPOL eap = ((EAPOL) ethernetPkt.getPayload());
601 EAP eapPkt = (EAP) eap.getPayload();
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]602 if (log.isTraceEnabled()) {
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]603 log.trace("Sending eapol payload {} enclosed in {} to supplicant at {}",
604 eap, ethernetPkt, connectPoint);
605 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]606 packetService.emit(packet);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]607 if (isChallengeResponse) {
608 aaaStatisticsManager.getAaaStats().incrementEapPktTxauthEap();
609 }
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]610 aaaStatisticsManager.getAaaStats().incrementEapolFramesTx();
611 aaaStatisticsManager.getAaaStats().countReqEapFramesTx();
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]612 }
613
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]614 @Override
615 public String toString() {
616 return ToStringBuilder.reflectionToString(this);
617 }
618
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]619 // our handler defined as a private inner class
620
621 /**
622 * Packet processor responsible for forwarding packets along their paths.
623 */
624 private class ReactivePacketProcessor implements PacketProcessor {
625 @Override
626 public void process(PacketContext context) {
627
628 // Extract the original Ethernet frame from the packet information
629 InboundPacket pkt = context.inPacket();
630 Ethernet ethPkt = pkt.parsed();
631 if (ethPkt == null) {
632 return;
633 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]634
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]635 try {
636 // identify if incoming packet comes from supplicant (EAP) or RADIUS
637 switch (EthType.EtherType.lookup(ethPkt.getEtherType())) {
638 case EAPOL:
639 handleSupplicantPacket(context.inPacket());
640 break;
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]641 default:
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]642 // any other packets let the specific implementation handle
643 impl.handlePacketFromServer(context);
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]644 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]645 } catch (StateMachineException e) {
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]646 log.warn("Unable to process packet:", e);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]647 }
648 }
649
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]650 /**
651 * Creates and initializes common fields of a RADIUS packet.
652 *
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]653 * @param stateMachine state machine for the request
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]654 * @param eapPacket EAP packet
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]655 * @return RADIUS packet
656 */
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]657 private RADIUS getRadiusPayload(StateMachine stateMachine, byte identifier, EAP eapPacket) {
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]658 RADIUS radiusPayload =
659 new RADIUS(RADIUS.RADIUS_CODE_ACCESS_REQUEST,
660 eapPacket.getIdentifier());
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]661
662 // set Request Authenticator in StateMachine
663 stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
664
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]665 radiusPayload.setIdentifier(identifier);
666 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME,
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]667 stateMachine.username());
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]668
669 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP,
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]670 AaaManager.this.nasIpAddress.getAddress());
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]671
672 radiusPayload.encapsulateMessage(eapPacket);
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]673
674 return radiusPayload;
675 }
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]676
677 /**
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]678 * Handles PAE packets (supplicant).
679 *
680 * @param inPacket Ethernet packet coming from the supplicant
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]681 */
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]682 private void handleSupplicantPacket(InboundPacket inPacket) throws StateMachineException {
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]683 Ethernet ethPkt = inPacket.parsed();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]684 // Where does it come from?
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]685 MacAddress srcMac = ethPkt.getSourceMAC();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]686
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]687 DeviceId deviceId = inPacket.receivedFrom().deviceId();
688 PortNumber portNumber = inPacket.receivedFrom().port();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]689 String sessionId = deviceId.toString() + portNumber.toString();
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]690 EAPOL eapol = (EAPOL) ethPkt.getPayload();
691 if (log.isTraceEnabled()) {
692 log.trace("Received EAPOL packet {} in enclosing packet {} from "
693 + "dev/port: {}/{}", eapol, ethPkt, deviceId,
694 portNumber);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]695 }
Jonathan Harta46dddf2015-06-30 15:31:20 -0700[diff] [blame]696
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]697 short pktlen = eapol.getPacketLength();
698 byte[] eapPayLoadBuffer = eapol.serialize();
699 int len = eapPayLoadBuffer.length;
700 if (len != (HEADER_LENGTH + pktlen)) {
701 aaaStatisticsManager.getAaaStats().incrementInvalidBodyLength();
702 return;
703 }
704 if (!VALID_EAPOL_TYPE.contains(eapol.getEapolType())) {
705 aaaStatisticsManager.getAaaStats().incrementInvalidPktType();
706 return;
707 }
708 if (pktlen >= 0 && ethPkt.getEtherType() == EthType.EtherType.EAPOL.ethType().toShort()) {
709 aaaStatisticsManager.getAaaStats().incrementValidEapolFramesRx();
710 }
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]711 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(sessionId);
712 if (stateMachine == null) {
713 log.debug("Creating new state machine for sessionId: {} for "
714 + "dev/port: {}/{}", sessionId, deviceId, portNumber);
715 stateMachine = new StateMachine(sessionId);
716 } else {
717 log.debug("Using existing state-machine for sessionId: {}", sessionId);
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]718 stateMachine.setEapolTypeVal(eapol.getEapolType());
Saurav Das987441a2018-09-18 16:33:47 -0700[diff] [blame]719 }
720
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]721 switch (eapol.getEapolType()) {
722 case EAPOL.EAPOL_START:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]723 log.debug("EAP packet: EAPOL_START");
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]724 stateMachine.setSupplicantConnectpoint(inPacket.receivedFrom());
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]725 if (stateMachine.getCleanupTimer() == null) {
726 scheduleStateMachineCleanupTimer(sessionId, stateMachine);
727 }
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]728 stateMachine.start();
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]729 aaaStatisticsManager.getAaaStats().incrementEapolStartReqTrans();
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]730 //send an EAP Request/Identify to the supplicant
731 EAP eapPayload = new EAP(EAP.REQUEST, stateMachine.identifier(), EAP.ATTR_IDENTITY, null);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]732 if (ethPkt.getVlanID() != Ethernet.VLAN_UNTAGGED) {
733 stateMachine.setPriorityCode(ethPkt.getPriorityCode());
734 }
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]735 Ethernet eth = buildEapolResponse(srcMac, MacAddress.valueOf(nasMacAddress),
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]736 ethPkt.getVlanID(), EAPOL.EAPOL_PACKET,
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]737 eapPayload, stateMachine.priorityCode());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]738
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]739 stateMachine.setSupplicantAddress(srcMac);
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]740 stateMachine.setVlanId(ethPkt.getVlanID());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]741 log.debug("Getting EAP identity from supplicant {}", stateMachine.supplicantAddress().toString());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]742 sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]743 aaaStatisticsManager.getAaaStats().incrementRequestIdFramesTx();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]744
745 break;
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]746 case EAPOL.EAPOL_LOGOFF:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]747 log.debug("EAP packet: EAPOL_LOGOFF");
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]748 //posting the machine stat data for current supplicant device.
749 if (stateMachine.getSessionTerminateReason() == null ||
750 stateMachine.getSessionTerminateReason().equals("")) {
751 stateMachine.setSessionTerminateReason(
752 StateMachine.SessionTerminationReasons.SUPPLICANT_LOGOFF.getReason());
753 }
754 AaaSupplicantMachineStats obj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
755 aaaSupplicantStatsManager.getMachineStatsDelegate()
756 .notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, obj));
Ray Milkeyb34b4962016-01-04 10:24:43 -0800[diff] [blame]757 if (stateMachine.state() == StateMachine.STATE_AUTHORIZED) {
758 stateMachine.logoff();
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]759 aaaStatisticsManager.getAaaStats().incrementEapolLogoffRx();
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]760 }
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]761 if (stateMachine.state() == StateMachine.STATE_IDLE) {
762 aaaStatisticsManager.getAaaStats().incrementAuthStateIdle();
763 }
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]764
765 break;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]766 case EAPOL.EAPOL_PACKET:
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]767 RADIUS radiusPayload;
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]768 // check if this is a Response/Identify or a Response/TLS
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]769 EAP eapPacket = (EAP) eapol.getPayload();
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]770 Byte identifier = new Byte(eapPacket.getIdentifier());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]771
772 byte dataType = eapPacket.getDataType();
773 switch (dataType) {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]774
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]775 case EAP.ATTR_IDENTITY:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]776 log.debug("EAP packet: EAPOL_PACKET ATTR_IDENTITY");
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]777 //Setting the time of this response from RG, only when its not a re-transmission.
778 if (stateMachine.getLastPacketReceivedTime() == 0) {
779 stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
780 }
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]781 // request id access to RADIUS
782 stateMachine.setUsername(eapPacket.getData());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]783
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]784 radiusPayload = getRadiusPayload(stateMachine, stateMachine.identifier(), eapPacket);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]785 radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]786 radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]787
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]788 sendRadiusPacket(radiusPayload, inPacket);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]789 stateMachine.setWaitingForRadiusResponse(true);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]790 aaaStatisticsManager.getAaaStats().incrementEapolAtrrIdentity();
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]791 // change the state to "PENDING"
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]792 if (stateMachine.state() == StateMachine.STATE_PENDING) {
793 aaaStatisticsManager.getAaaStats().increaseRequestReTx();
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]794 stateMachine.incrementTotalPacketsSent();
795 stateMachine.incrementTotalOctetSent(eapol.getPacketLength());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]796 }
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]797 stateMachine.requestAccess();
798 break;
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]799 case EAP.ATTR_MD5:
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]800 stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]801 log.debug("EAP packet: EAPOL_PACKET ATTR_MD5");
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]802 // verify if the EAP identifier corresponds to the
803 // challenge identifier from the client state
804 // machine.
Ray Milkeyf61a24e2015-09-24 16:34:02 -0700[diff] [blame]805 if (eapPacket.getIdentifier() == stateMachine.challengeIdentifier()) {
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]806 //send the RADIUS challenge response
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]807 radiusPayload =
808 getRadiusPayload(stateMachine,
809 stateMachine.identifier(),
810 eapPacket);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]811 radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]812
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]813 if (stateMachine.challengeState() != null) {
814 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
815 stateMachine.challengeState());
816 }
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]817 radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]818 if (outPacketSupp.contains(eapPacket.getIdentifier())) {
819 aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
820 outPacketSupp.remove(identifier);
821 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]822 sendRadiusPacket(radiusPayload, inPacket);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]823 stateMachine.setWaitingForRadiusResponse(true);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]824 aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]825 }
826 break;
827 case EAP.ATTR_TLS:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]828 log.debug("EAP packet: EAPOL_PACKET ATTR_TLS");
Ray Milkey9eb293f2015-09-30 15:09:17 -0700[diff] [blame]829 // request id access to RADIUS
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]830 radiusPayload = getRadiusPayload(stateMachine, stateMachine.identifier(), eapPacket);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]831 radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]832
Qianqian Hub55a1ac2015-12-23 20:44:48 +0800[diff] [blame]833 if (stateMachine.challengeState() != null) {
834 radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
835 stateMachine.challengeState());
836 }
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]837 stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]838
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]839 radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]840 if (outPacketSupp.contains(eapPacket.getIdentifier())) {
841 aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
842 outPacketSupp.remove(identifier);
843 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]844 sendRadiusPacket(radiusPayload, inPacket);
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]845 stateMachine.setWaitingForRadiusResponse(true);
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]846 aaaStatisticsManager.getAaaStats().incrementEapolTlsRespChall();
Ray Milkey5493b512015-10-21 12:13:49 -0700[diff] [blame]847
Ray Milkeyf3790b82015-10-21 16:28:08 -0700[diff] [blame]848 if (stateMachine.state() != StateMachine.STATE_PENDING) {
849 stateMachine.requestAccess();
850 }
Ray Milkeyf51eba22015-09-25 10:24:23 -0700[diff] [blame]851
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]852 break;
853 default:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]854 log.warn("Unknown EAP packet type");
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]855 return;
856 }
857 break;
858 default:
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]859 log.debug("Skipping EAPOL message {}", eapol.getEapolType());
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]860 }
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]861 aaaStatisticsManager.getAaaStats().countTransRespNotNak();
862 aaaStatisticsManager.getAaaStats().countEapolResIdentityMsgTrans();
Ari Saha89831742015-06-26 10:31:48 -0700[diff] [blame]863 }
Ray Milkey967776a2015-10-07 14:37:17 -0700[diff] [blame]864 }
865
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]866 /**
Jonathan Hart5db44532018-07-12 18:13:54 -0700[diff] [blame]867 * Delegate allowing the StateMachine to notify us of events.
868 */
869 private class InternalStateMachineDelegate implements StateMachineDelegate {
870
871 @Override
872 public void notify(AuthenticationEvent authenticationEvent) {
873 log.info("Auth event {} for {}",
874 authenticationEvent.type(), authenticationEvent.subject());
875 post(authenticationEvent);
876 }
877 }
878
879 /**
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]880 * Configuration Listener, handles change in configuration.
881 */
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]882 private class InternalConfigListener implements NetworkConfigListener {
883
884 /**
Ray Milkeyc9e8dcc2015-12-30 10:31:32 -0800[diff] [blame]885 * Reconfigures the AAA application according to the
886 * configuration parameters passed.
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]887 *
888 * @param cfg configuration object
889 */
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]890 private void reconfigureNetwork(AaaConfig cfg) {
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]891 log.info("Reconfiguring AaaConfig from config: {}", cfg);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]892
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]893 if (cfg == null) {
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]894 newCfg = new AaaConfig();
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]895 } else {
896 newCfg = cfg;
897 }
898 if (newCfg.nasIp() != null) {
899 nasIpAddress = newCfg.nasIp();
900 }
901 if (newCfg.radiusIp() != null) {
902 radiusIpAddress = newCfg.radiusIp();
903 }
904 if (newCfg.radiusMac() != null) {
905 radiusMacAddress = newCfg.radiusMac();
906 }
907 if (newCfg.nasMac() != null) {
908 nasMacAddress = newCfg.nasMac();
909 }
910 if (newCfg.radiusSecret() != null) {
911 radiusSecret = newCfg.radiusSecret();
912 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]913
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]914 boolean reconfigureCustomizer = false;
915 if (customizer == null || !customizer.equals(newCfg.radiusPktCustomizer())) {
916 customizer = newCfg.radiusPktCustomizer();
917 configurePacketCustomizer();
918 reconfigureCustomizer = true;
919 }
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]920
Deepa Vaddireddye0e10722017-09-27 05:00:10 +0530[diff] [blame]921 if (radiusConnectionType == null
922 || reconfigureCustomizer
923 || !radiusConnectionType.equals(newCfg.radiusConnectionType())) {
924 radiusConnectionType = newCfg.radiusConnectionType();
925 if (impl != null) {
926 impl.withdrawIntercepts();
927 impl.clearLocalState();
928 }
929 configureRadiusCommunication();
930 impl.initializeLocalState(newCfg);
931 impl.requestIntercepts();
932 } else if (impl != null) {
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]933 impl.clearLocalState();
934 impl.initializeLocalState(newCfg);
Ray Milkey5d99bd12015-10-06 15:41:30 -0700[diff] [blame]935 }
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]936 }
937
938 @Override
939 public void event(NetworkConfigEvent event) {
940
941 if ((event.type() == NetworkConfigEvent.Type.CONFIG_ADDED ||
942 event.type() == NetworkConfigEvent.Type.CONFIG_UPDATED) &&
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]943 event.configClass().equals(AaaConfig.class)) {
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]944
Jonathan Hart092dfb22015-11-16 23:05:21 -0800[diff] [blame]945 AaaConfig cfg = netCfgService.getConfig(appId, AaaConfig.class);
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]946 reconfigureNetwork(cfg);
Amit Ghoshc9ac1e52017-07-28 12:31:18 +0100[diff] [blame]947
Matt Jeanneret2ff1a782018-06-13 15:24:25 -0400[diff] [blame]948 log.info("Reconfigured: {}", cfg.toString());
Ray Milkeyfcb623d2015-10-01 16:48:18 -0700[diff] [blame]949 }
950 }
951 }
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]952
953 private class InternalDeviceListener implements DeviceListener {
954 @Override
955 public void event(DeviceEvent event) {
956
957 switch (event.type()) {
958 case PORT_REMOVED:
959 DeviceId devId = event.subject().id();
960 PortNumber portNumber = event.port().number();
961 String sessionId = devId.toString() + portNumber.toString();
962
Kartikey Dubeybe14f472019-10-01 12:18:35 +0000[diff] [blame]963 StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(sessionId);
964 if (stateMachine != null) {
965 stateMachine.setSessionTerminateReason(
966 StateMachine.SessionTerminationReasons.PORT_REMOVED.getReason());
967 }
968 //pushing captured machine stats to kafka
969 AaaSupplicantMachineStats obj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
970 aaaSupplicantStatsManager.getMachineStatsDelegate()
971 .notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, obj));
972
Amit Ghoshf739be52017-09-21 15:49:37 +0100[diff] [blame]973 Map<String, StateMachine> sessionIdMap = StateMachine.sessionIdMap();
974 StateMachine removed = sessionIdMap.remove(sessionId);
975 if (removed != null) {
976 StateMachine.deleteStateMachineMapping(removed);
977 }
978
979 break;
980 default:
981 return;
982 }
983 }
984 }
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]985 private class AuthenticationStatisticsEventPublisher implements Runnable {
986 private final Logger log = getLogger(getClass());
987 public void run() {
988 log.info("Notifying AuthenticationStatisticsEvent");
989 aaaStatisticsManager.calculatePacketRoundtripTime();
990 log.debug("AcceptResponsesRx---" + aaaStatisticsManager.getAaaStats().getAcceptResponsesRx());
991 log.debug("AccessRequestsTx---" + aaaStatisticsManager.getAaaStats().getAccessRequestsTx());
992 log.debug("ChallengeResponsesRx---" + aaaStatisticsManager.getAaaStats().getChallengeResponsesRx());
993 log.debug("DroppedResponsesRx---" + aaaStatisticsManager.getAaaStats().getDroppedResponsesRx());
994 log.debug("InvalidValidatorsRx---" + aaaStatisticsManager.getAaaStats().getInvalidValidatorsRx());
995 log.debug("MalformedResponsesRx---" + aaaStatisticsManager.getAaaStats().getMalformedResponsesRx());
996 log.debug("PendingRequests---" + aaaStatisticsManager.getAaaStats().getPendingRequests());
997 log.debug("RejectResponsesRx---" + aaaStatisticsManager.getAaaStats().getRejectResponsesRx());
998 log.debug("RequestReTx---" + aaaStatisticsManager.getAaaStats().getRequestReTx());
999 log.debug("RequestRttMilis---" + aaaStatisticsManager.getAaaStats().getRequestRttMilis());
1000 log.debug("UnknownServerRx---" + aaaStatisticsManager.getAaaStats().getUnknownServerRx());
1001 log.debug("UnknownTypeRx---" + aaaStatisticsManager.getAaaStats().getUnknownTypeRx());
Shubham Sharmaa3b1bd32019-06-19 14:18:12 +0000[diff] [blame]1002 log.debug("TimedOutPackets----" + aaaStatisticsManager.getAaaStats().getTimedOutPackets());
Shubham Sharmac155ef82019-07-11 12:12:41 +0000[diff] [blame]1003 log.debug("EapolLogoffRx---" + aaaStatisticsManager.getAaaStats().getEapolLogoffRx());
1004 log.debug("EapolAuthSuccessTrans---" + aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans());
1005 log.debug("EapolAuthFailureTrans---" +
1006 aaaStatisticsManager.getAaaStats().getEapolAuthFailureTrans());
1007 log.debug("EapolStartReqTrans---" +
1008 aaaStatisticsManager.getAaaStats().getEapolStartReqTrans());
1009 log.debug("EapolTransRespNotNak---" +
1010 aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak());
1011 log.debug("EapPktTxauthChooseEap---" +
1012 aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap());
1013 log.debug("EapolResIdentityMsgTrans---" +
1014 aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans());
Shubham Sharma47869542019-09-13 10:39:47 +0000[diff] [blame]1015 log.debug("EapolFramesTx---" + aaaStatisticsManager.getAaaStats().getEapolFramesTx());
1016 log.debug("AuthStateIdle---" + aaaStatisticsManager.getAaaStats().getAuthStateIdle());
1017 log.debug("RequestIdFramesTx---" + aaaStatisticsManager.getAaaStats().getRequestIdFramesTx());
1018 log.debug("ReqEapFramesTx---" + aaaStatisticsManager.getAaaStats().getReqEapFramesTx());
1019 log.debug("InvalidPktType---" + aaaStatisticsManager.getAaaStats().getInvalidPktType());
1020 log.debug("InvalidBodyLength---" + aaaStatisticsManager.getAaaStats().getInvalidBodyLength());
1021 log.debug("ValidEapolFramesRx---" + aaaStatisticsManager.getAaaStats().getValidEapolFramesRx());
1022 log.debug("PendingResSupp---" + aaaStatisticsManager.getAaaStats().getPendingResSupp());
1023 log.debug("ResIdEapFramesRx---" + aaaStatisticsManager.getAaaStats().getEapolattrIdentity());
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]1024 aaaStatisticsManager.getStatsDelegate().
1025 notify(new AuthenticationStatisticsEvent(AuthenticationStatisticsEvent.Type.STATS_UPDATE,
1026 aaaStatisticsManager.getAaaStats()));
1027 }
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]1028 }
1029
1030 private class ServerStatusChecker implements Runnable {
1031 @Override
1032 public void run() {
1033 log.info("Notifying RadiusOperationalStatusEvent");
1034 radiusOperationalStatusService.checkServerOperationalStatus();
1035 log.info("--POSTING--" + radiusOperationalStatusService.getRadiusServerOperationalStatus());
1036 radiusOperationalStatusService.getRadiusOprStDelegate()
1037 .notify(new RadiusOperationalStatusEvent(
1038 RadiusOperationalStatusEvent.Type.RADIUS_OPERATIONAL_STATUS,
1039 radiusOperationalStatusService.
1040 getRadiusServerOperationalStatus()));
kartikey dubeye1545422019-05-22 12:53:45 +0000[diff] [blame]1041 }
Shubham Sharma048cc262019-06-19 14:18:50 +0000[diff] [blame]1042
1043 }
1044}