Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 1 | /* |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 2 | * Copyright 2017-present Open Networking Foundation |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | * |
| 16 | */ |
| 17 | |
Matteo Scandolo | cf847b8 | 2019-04-26 15:00:00 -0700 | [diff] [blame] | 18 | package org.opencord.aaa.impl; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 19 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 20 | import static org.slf4j.LoggerFactory.getLogger; |
| 21 | |
| 22 | import java.util.HashSet; |
| 23 | import java.util.Map; |
| 24 | import java.util.Set; |
| 25 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 26 | import org.onlab.packet.MacAddress; |
| 27 | import org.onosproject.net.ConnectPoint; |
Matteo Scandolo | cf847b8 | 2019-04-26 15:00:00 -0700 | [diff] [blame] | 28 | import org.opencord.aaa.AuthenticationEvent; |
| 29 | import org.opencord.aaa.StateMachineDelegate; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 30 | import org.slf4j.Logger; |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 31 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 32 | import com.google.common.collect.Maps; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 33 | |
| 34 | /** |
| 35 | * AAA Finite State Machine. |
| 36 | */ |
| 37 | |
Carmelo Cascone | 58b5329 | 2019-09-30 12:35:31 -0700 | [diff] [blame] | 38 | public class StateMachine { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 39 | //INDEX to identify the state in the transition table |
| 40 | static final int STATE_IDLE = 0; |
| 41 | static final int STATE_STARTED = 1; |
| 42 | static final int STATE_PENDING = 2; |
| 43 | static final int STATE_AUTHORIZED = 3; |
| 44 | static final int STATE_UNAUTHORIZED = 4; |
| 45 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 46 | // Defining the states where timeout can happen |
| 47 | static final Set<Integer> TIMEOUT_ELIGIBLE_STATES = new HashSet(); |
| 48 | static { |
| 49 | TIMEOUT_ELIGIBLE_STATES.add(STATE_STARTED); |
| 50 | TIMEOUT_ELIGIBLE_STATES.add(STATE_PENDING); |
| 51 | } |
| 52 | // INDEX to identify the transition in the transition table |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 53 | static final int TRANSITION_START = 0; // --> started |
| 54 | static final int TRANSITION_REQUEST_ACCESS = 1; |
| 55 | static final int TRANSITION_AUTHORIZE_ACCESS = 2; |
| 56 | static final int TRANSITION_DENY_ACCESS = 3; |
| 57 | static final int TRANSITION_LOGOFF = 4; |
| 58 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 59 | private static int identifier = -1; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 60 | private byte challengeIdentifier; |
| 61 | private byte[] challengeState; |
| 62 | private byte[] username; |
| 63 | private byte[] requestAuthenticator; |
| 64 | |
| 65 | // Supplicant connectivity info |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 66 | private ConnectPoint supplicantConnectpoint; |
| 67 | private MacAddress supplicantAddress; |
| 68 | private short vlanId; |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 69 | private byte priorityCode; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 70 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 71 | // Boolean flag indicating whether response is pending from AAA Server. |
| 72 | // Used for counting timeout happening for AAA Sessions due to no response. |
| 73 | private boolean waitingForRadiusResponse; |
| 74 | |
| 75 | private static int cleanupTimerTimeOutInMins; |
| 76 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 77 | private String sessionId = null; |
| 78 | |
| 79 | private final Logger log = getLogger(getClass()); |
| 80 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 81 | private State[] states = {new Idle(), new Started(), new Pending(), new Authorized(), new Unauthorized() }; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 82 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 83 | // Cleanup Timer instance created for this session |
| 84 | private java.util.concurrent.ScheduledFuture<?> cleanupTimer = null; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 85 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 86 | // TimeStamp of last EAPOL or RADIUS message received. |
| 87 | private long lastPacketReceivedTime = 0; |
| 88 | |
| 89 | // State transition table |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 90 | /* |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 91 | * |
| 92 | * state IDLE | STARTED | PENDING | AUTHORIZED | UNAUTHORIZED //// input |
| 93 | * ----------------------------------------------------------------------------- |
| 94 | * ----------------------- |
| 95 | * |
| 96 | * START STARTED | _ | _ | STARTED | STARTED |
| 97 | * |
| 98 | * REQUEST_ACCESS _ | PENDING | _ | _ | _ |
| 99 | * |
| 100 | * AUTHORIZE_ACCESS _ | _ | AUTHORIZED | _ | _ |
| 101 | * |
| 102 | * DENY_ACCESS _ | - | UNAUTHORIZED | _ | _ |
| 103 | * |
| 104 | * LOGOFF _ | _ | _ | IDLE | IDLE |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 105 | */ |
| 106 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 107 | private int[] idleTransition = {STATE_STARTED, STATE_IDLE, STATE_IDLE, STATE_IDLE, STATE_IDLE }; |
| 108 | private int[] startedTransition = {STATE_STARTED, STATE_PENDING, STATE_STARTED, STATE_STARTED, STATE_STARTED }; |
| 109 | private int[] pendingTransition = {STATE_PENDING, STATE_PENDING, STATE_AUTHORIZED, STATE_UNAUTHORIZED, |
| 110 | STATE_PENDING }; |
| 111 | private int[] authorizedTransition = {STATE_STARTED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_AUTHORIZED, |
| 112 | STATE_IDLE }; |
| 113 | private int[] unauthorizedTransition = {STATE_STARTED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, |
| 114 | STATE_IDLE }; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 115 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 116 | // THE TRANSITION TABLE |
| 117 | private int[][] transition = {idleTransition, startedTransition, pendingTransition, authorizedTransition, |
| 118 | unauthorizedTransition }; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 119 | |
| 120 | private int currentState = STATE_IDLE; |
| 121 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 122 | // Maps of state machines. Each state machine is represented by an |
| 123 | // unique identifier on the switch: dpid + port number |
| 124 | private static Map<String, StateMachine> sessionIdMap; |
| 125 | private static Map<Integer, StateMachine> identifierMap; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 126 | |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 127 | private static StateMachineDelegate delegate; |
| 128 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 129 | public static void initializeMaps() { |
| 130 | sessionIdMap = Maps.newConcurrentMap(); |
| 131 | identifierMap = Maps.newConcurrentMap(); |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 132 | identifier = -1; |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 133 | } |
| 134 | |
| 135 | public static void destroyMaps() { |
| 136 | sessionIdMap = null; |
| 137 | identifierMap = null; |
| 138 | } |
| 139 | |
Matteo Scandolo | cf847b8 | 2019-04-26 15:00:00 -0700 | [diff] [blame] | 140 | public static void setDelegate(StateMachineDelegate delegate) { |
| 141 | StateMachine.delegate = delegate; |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 142 | } |
| 143 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 144 | public static void setcleanupTimerTimeOutInMins(int cleanupTimerTimeoutInMins) { |
| 145 | cleanupTimerTimeOutInMins = cleanupTimerTimeoutInMins; |
| 146 | } |
| 147 | |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 148 | public static void unsetDelegate(StateMachineDelegate delegate) { |
| 149 | if (StateMachine.delegate == delegate) { |
| 150 | StateMachine.delegate = null; |
| 151 | } |
| 152 | } |
| 153 | |
Qianqian Hu | 61a6a40 | 2016-02-16 15:18:05 +0800 | [diff] [blame] | 154 | public static Map<String, StateMachine> sessionIdMap() { |
| 155 | return sessionIdMap; |
| 156 | } |
| 157 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 158 | public static StateMachine lookupStateMachineById(byte identifier) { |
| 159 | return identifierMap.get((int) identifier); |
| 160 | } |
| 161 | |
| 162 | public static StateMachine lookupStateMachineBySessionId(String sessionId) { |
| 163 | return sessionIdMap.get(sessionId); |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 164 | } |
| 165 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 166 | public static void deleteStateMachineId(String sessionId) { |
| 167 | sessionIdMap.remove(sessionId); |
| 168 | } |
| 169 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 170 | public static void deleteStateMachineMapping(StateMachine machine) { |
| 171 | identifierMap.entrySet().removeIf(e -> e.getValue().equals(machine)); |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 172 | if (machine.cleanupTimer != null) { |
| 173 | machine.cleanupTimer.cancel(false); |
| 174 | machine.cleanupTimer = null; |
| 175 | } |
| 176 | } |
| 177 | |
| 178 | public java.util.concurrent.ScheduledFuture<?> getCleanupTimer() { |
| 179 | return cleanupTimer; |
| 180 | } |
| 181 | |
| 182 | public boolean isWaitingForRadiusResponse() { |
| 183 | return waitingForRadiusResponse; |
| 184 | } |
| 185 | |
| 186 | public void setWaitingForRadiusResponse(boolean waitingForRadiusResponse) { |
| 187 | this.waitingForRadiusResponse = waitingForRadiusResponse; |
| 188 | } |
| 189 | |
| 190 | public void setCleanupTimer(java.util.concurrent.ScheduledFuture<?> cleanupTimer) { |
| 191 | this.cleanupTimer = cleanupTimer; |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 192 | } |
| 193 | |
| 194 | /** |
David K. Bainbridge | 6201949 | 2017-07-28 17:02:10 -0700 | [diff] [blame] | 195 | * Deletes authentication state machine records for a given MAC address. |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 196 | * |
David K. Bainbridge | 6201949 | 2017-07-28 17:02:10 -0700 | [diff] [blame] | 197 | * @param mac mac address of the suppliant who's state machine should be removed |
| 198 | */ |
| 199 | public static void deleteByMac(MacAddress mac) { |
| 200 | |
| 201 | // Walk the map from session IDs to state machines looking for a MAC match |
| 202 | for (Map.Entry<String, StateMachine> e : sessionIdMap.entrySet()) { |
| 203 | |
| 204 | // If a MAC match is found then delete the entry from the session ID |
| 205 | // and identifier map as well as call delete identifier to clean up |
| 206 | // the identifier bit set. |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 207 | if (e.getValue() != null && e.getValue().supplicantAddress != null |
| 208 | && e.getValue().supplicantAddress.equals(mac)) { |
David K. Bainbridge | 6201949 | 2017-07-28 17:02:10 -0700 | [diff] [blame] | 209 | sessionIdMap.remove(e.getValue().sessionId); |
| 210 | if (e.getValue().identifier != -1) { |
| 211 | deleteStateMachineMapping(e.getValue()); |
| 212 | } |
| 213 | break; |
| 214 | } |
| 215 | } |
| 216 | } |
| 217 | |
| 218 | /** |
Jonathan Hart | 932bedc | 2018-07-12 13:46:09 -0700 | [diff] [blame] | 219 | * Creates a new StateMachine with the given session ID. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 220 | * |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 221 | * @param sessionId session Id represented by the switch dpid + port number |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 222 | */ |
Jonathan Hart | 932bedc | 2018-07-12 13:46:09 -0700 | [diff] [blame] | 223 | public StateMachine(String sessionId) { |
| 224 | log.info("Creating a new state machine for {}", sessionId); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 225 | this.sessionId = sessionId; |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 226 | sessionIdMap.put(sessionId, this); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 227 | } |
| 228 | |
| 229 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 230 | * Gets the connect point for the supplicant side. |
| 231 | * |
| 232 | * @return supplicant connect point |
| 233 | */ |
| 234 | public ConnectPoint supplicantConnectpoint() { |
| 235 | return supplicantConnectpoint; |
| 236 | } |
| 237 | |
| 238 | /** |
| 239 | * Sets the supplicant side connect point. |
| 240 | * |
| 241 | * @param supplicantConnectpoint supplicant select point. |
| 242 | */ |
| 243 | public void setSupplicantConnectpoint(ConnectPoint supplicantConnectpoint) { |
| 244 | this.supplicantConnectpoint = supplicantConnectpoint; |
| 245 | } |
| 246 | |
| 247 | /** |
| 248 | * Gets the MAC address of the supplicant. |
| 249 | * |
| 250 | * @return supplicant MAC address |
| 251 | */ |
| 252 | public MacAddress supplicantAddress() { |
| 253 | return supplicantAddress; |
| 254 | } |
| 255 | |
| 256 | /** |
| 257 | * Sets the supplicant MAC address. |
| 258 | * |
| 259 | * @param supplicantAddress new supplicant MAC address |
| 260 | */ |
| 261 | public void setSupplicantAddress(MacAddress supplicantAddress) { |
| 262 | this.supplicantAddress = supplicantAddress; |
| 263 | } |
| 264 | |
| 265 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 266 | * Sets the lastPacketReceivedTime. |
| 267 | * |
| 268 | * @param lastPacketReceivedTime timelastPacket was received |
| 269 | */ |
| 270 | public void setLastPacketReceivedTime(long lastPacketReceivedTime) { |
| 271 | this.lastPacketReceivedTime = lastPacketReceivedTime; |
| 272 | } |
| 273 | |
| 274 | /** |
| 275 | * Gets the lastPacketReceivedTime. |
| 276 | * |
| 277 | * @return lastPacketReceivedTime |
| 278 | */ |
| 279 | public long getLastPacketReceivedTime() { |
| 280 | return lastPacketReceivedTime; |
| 281 | } |
| 282 | |
| 283 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 284 | * Gets the client's Vlan ID. |
| 285 | * |
| 286 | * @return client vlan ID |
| 287 | */ |
| 288 | public short vlanId() { |
| 289 | return vlanId; |
| 290 | } |
| 291 | |
| 292 | /** |
| 293 | * Sets the client's vlan ID. |
| 294 | * |
| 295 | * @param vlanId new client vlan ID |
| 296 | */ |
| 297 | public void setVlanId(short vlanId) { |
| 298 | this.vlanId = vlanId; |
| 299 | } |
| 300 | |
| 301 | /** |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 302 | * Gets the client's priority Code. |
| 303 | * |
| 304 | * @return client Priority code |
| 305 | */ |
| 306 | public byte priorityCode() { |
| 307 | return priorityCode; |
| 308 | } |
| 309 | |
| 310 | /** |
| 311 | * Sets the client's priority Code. |
| 312 | * |
| 313 | * @param priorityCode new client priority Code |
| 314 | */ |
| 315 | public void setPriorityCode(byte priorityCode) { |
| 316 | this.priorityCode = priorityCode; |
| 317 | } |
| 318 | |
| 319 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 320 | * Gets the client id that is requesting for access. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 321 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 322 | * @return The client id. |
| 323 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 324 | public String sessionId() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 325 | return this.sessionId; |
| 326 | } |
| 327 | |
| 328 | /** |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 329 | * Set the challenge identifier and the state issued by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 330 | * |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 331 | * @param challengeIdentifier The challenge identifier set into the EAP packet |
| 332 | * from the RADIUS message. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 333 | * @param challengeState The challenge state from the RADIUS. |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 334 | */ |
| 335 | protected void setChallengeInfo(byte challengeIdentifier, byte[] challengeState) { |
| 336 | this.challengeIdentifier = challengeIdentifier; |
| 337 | this.challengeState = challengeState; |
| 338 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 339 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 340 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 341 | * Set the challenge identifier issued by the RADIUS on the access challenge |
| 342 | * request. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 343 | * |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 344 | * @param challengeIdentifier The challenge identifier set into the EAP packet |
| 345 | * from the RADIUS message. |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 346 | */ |
| 347 | protected void setChallengeIdentifier(byte challengeIdentifier) { |
| 348 | log.info("Set Challenge Identifier to {}", challengeIdentifier); |
| 349 | this.challengeIdentifier = challengeIdentifier; |
| 350 | } |
| 351 | |
| 352 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 353 | * Gets the challenge EAP identifier set by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 354 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 355 | * @return The challenge EAP identifier. |
| 356 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 357 | protected byte challengeIdentifier() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 358 | return this.challengeIdentifier; |
| 359 | } |
| 360 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 361 | /** |
| 362 | * Set the challenge state info issued by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 363 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 364 | * @param challengeState The challenge state from the RADIUS. |
| 365 | */ |
| 366 | protected void setChallengeState(byte[] challengeState) { |
| 367 | log.info("Set Challenge State"); |
| 368 | this.challengeState = challengeState; |
| 369 | } |
| 370 | |
| 371 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 372 | * Gets the challenge state set by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 373 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 374 | * @return The challenge state. |
| 375 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 376 | protected byte[] challengeState() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 377 | return this.challengeState; |
| 378 | } |
| 379 | |
| 380 | /** |
| 381 | * Set the username. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 382 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 383 | * @param username The username sent to the RADIUS upon access request. |
| 384 | */ |
| 385 | protected void setUsername(byte[] username) { |
| 386 | this.username = username; |
| 387 | } |
| 388 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 389 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 390 | * Gets the username. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 391 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 392 | * @return The requestAuthenticator. |
| 393 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 394 | protected byte[] requestAuthenticator() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 395 | return this.requestAuthenticator; |
| 396 | } |
| 397 | |
| 398 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 399 | * Sets the authenticator. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 400 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 401 | * @param authenticator The username sent to the RADIUS upon access request. |
| 402 | */ |
| 403 | protected void setRequestAuthenticator(byte[] authenticator) { |
| 404 | this.requestAuthenticator = authenticator; |
| 405 | } |
| 406 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 407 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 408 | * Gets the username. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 409 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 410 | * @return The username. |
| 411 | */ |
Carmelo Cascone | 58b5329 | 2019-09-30 12:35:31 -0700 | [diff] [blame] | 412 | public byte[] username() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 413 | return this.username; |
| 414 | } |
| 415 | |
| 416 | /** |
| 417 | * Return the identifier of the state machine. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 418 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 419 | * @return The state machine identifier. |
| 420 | */ |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 421 | public synchronized byte identifier() { |
| 422 | identifier = (identifier + 1) % 255; |
| 423 | identifierMap.put(identifier, this); |
| 424 | return (byte) identifier; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 425 | } |
| 426 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 427 | /** |
| 428 | * Move to the next state. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 429 | * |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 430 | * @param msg message |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 431 | */ |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 432 | private void next(int msg) { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 433 | currentState = transition[currentState][msg]; |
| 434 | log.info("Current State " + currentState); |
| 435 | } |
| 436 | |
| 437 | /** |
| 438 | * Client has requested the start action to allow network access. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 439 | * |
| 440 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 441 | */ |
| 442 | public void start() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 443 | states[currentState].start(); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 444 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 445 | delegate.notify(new AuthenticationEvent(AuthenticationEvent.Type.STARTED, supplicantConnectpoint)); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 446 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 447 | // move to the next state |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 448 | next(TRANSITION_START); |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 449 | identifier = this.identifier(); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 450 | } |
| 451 | |
| 452 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 453 | * An Identification information has been sent by the supplicant. Move to the |
| 454 | * next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 455 | * |
| 456 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 457 | */ |
| 458 | public void requestAccess() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 459 | states[currentState].requestAccess(); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 460 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 461 | delegate.notify(new AuthenticationEvent(AuthenticationEvent.Type.REQUESTED, supplicantConnectpoint)); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 462 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 463 | // move to the next state |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 464 | next(TRANSITION_REQUEST_ACCESS); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 465 | } |
| 466 | |
| 467 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 468 | * RADIUS has accepted the identification. Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 469 | * |
| 470 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 471 | */ |
| 472 | public void authorizeAccess() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 473 | states[currentState].radiusAccepted(); |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 474 | // move to the next state |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 475 | next(TRANSITION_AUTHORIZE_ACCESS); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 476 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 477 | delegate.notify(new AuthenticationEvent(AuthenticationEvent.Type.APPROVED, supplicantConnectpoint)); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 478 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 479 | // Clear mapping |
| 480 | deleteStateMachineMapping(this); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 481 | } |
| 482 | |
| 483 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 484 | * RADIUS has denied the identification. Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 485 | * |
| 486 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 487 | */ |
| 488 | public void denyAccess() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 489 | states[currentState].radiusDenied(); |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 490 | // move to the next state |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 491 | next(TRANSITION_DENY_ACCESS); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 492 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 493 | delegate.notify(new AuthenticationEvent(AuthenticationEvent.Type.DENIED, supplicantConnectpoint)); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 494 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 495 | // Clear mappings |
| 496 | deleteStateMachineMapping(this); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 497 | } |
| 498 | |
| 499 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 500 | * Logoff request has been requested. Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 501 | * |
| 502 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 503 | */ |
| 504 | public void logoff() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 505 | states[currentState].logoff(); |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 506 | // move to the next state |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 507 | next(TRANSITION_LOGOFF); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 508 | } |
| 509 | |
| 510 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 511 | * Gets the current state. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 512 | * |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 513 | * @return The current state. Could be STATE_IDLE, STATE_STARTED, STATE_PENDING, |
| 514 | * STATE_AUTHORIZED, STATE_UNAUTHORIZED. |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 515 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 516 | public int state() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 517 | return currentState; |
| 518 | } |
| 519 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 520 | @Override |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 521 | public String toString() { |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 522 | return ("sessionId: " + this.sessionId) + "\t" + ("identifier: " + this.identifier) + "\t" |
| 523 | + ("state: " + this.currentState); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 524 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 525 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 526 | abstract class State { |
| 527 | private final Logger log = getLogger(getClass()); |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 528 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 529 | private String name = "State"; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 530 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 531 | public void start() throws StateMachineInvalidTransitionException { |
| 532 | log.warn("START transition from this state is not allowed."); |
| 533 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 534 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 535 | public void requestAccess() throws StateMachineInvalidTransitionException { |
| 536 | log.warn("REQUEST ACCESS transition from this state is not allowed."); |
| 537 | } |
| 538 | |
| 539 | public void radiusAccepted() throws StateMachineInvalidTransitionException { |
| 540 | log.warn("AUTHORIZE ACCESS transition from this state is not allowed."); |
| 541 | } |
| 542 | |
| 543 | public void radiusDenied() throws StateMachineInvalidTransitionException { |
| 544 | log.warn("DENY ACCESS transition from this state is not allowed."); |
| 545 | } |
| 546 | |
| 547 | public void logoff() throws StateMachineInvalidTransitionException { |
| 548 | log.warn("LOGOFF transition from this state is not allowed."); |
| 549 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 550 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 551 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 552 | /** |
| 553 | * Idle state: supplicant is logged of from the network. |
| 554 | */ |
| 555 | class Idle extends State { |
| 556 | private final Logger log = getLogger(getClass()); |
| 557 | private String name = "IDLE_STATE"; |
| 558 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 559 | @Override |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 560 | public void start() { |
| 561 | log.info("Moving from IDLE state to STARTED state."); |
| 562 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 563 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 564 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 565 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 566 | * Started state: supplicant has entered the network and informed the |
| 567 | * authenticator. |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 568 | */ |
| 569 | class Started extends State { |
| 570 | private final Logger log = getLogger(getClass()); |
| 571 | private String name = "STARTED_STATE"; |
| 572 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 573 | @Override |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 574 | public void requestAccess() { |
| 575 | log.info("Moving from STARTED state to PENDING state."); |
| 576 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 577 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 578 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 579 | /** |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 580 | * Pending state: supplicant has been identified by the authenticator but has |
| 581 | * not access yet. |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 582 | */ |
| 583 | class Pending extends State { |
| 584 | private final Logger log = getLogger(getClass()); |
| 585 | private String name = "PENDING_STATE"; |
| 586 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 587 | @Override |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 588 | public void radiusAccepted() { |
| 589 | log.info("Moving from PENDING state to AUTHORIZED state."); |
| 590 | } |
| 591 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 592 | @Override |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 593 | public void radiusDenied() { |
| 594 | log.info("Moving from PENDING state to UNAUTHORIZED state."); |
| 595 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 596 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 597 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 598 | /** |
| 599 | * Authorized state: supplicant port has been accepted, access is granted. |
| 600 | */ |
| 601 | class Authorized extends State { |
| 602 | private final Logger log = getLogger(getClass()); |
| 603 | private String name = "AUTHORIZED_STATE"; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 604 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 605 | @Override |
Qianqian Hu | 0c34981 | 2016-02-15 17:25:22 +0800 | [diff] [blame] | 606 | public void start() { |
| 607 | log.info("Moving from AUTHORIZED state to STARTED state."); |
| 608 | } |
| 609 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 610 | @Override |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 611 | public void logoff() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 612 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 613 | log.info("Moving from AUTHORIZED state to IDLE state."); |
| 614 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 615 | } |
| 616 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 617 | /** |
| 618 | * Unauthorized state: supplicant port has been rejected, access is denied. |
| 619 | */ |
| 620 | class Unauthorized extends State { |
| 621 | private final Logger log = getLogger(getClass()); |
| 622 | private String name = "UNAUTHORIZED_STATE"; |
| 623 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 624 | @Override |
ke han | 04e47f3 | 2016-10-28 14:15:43 +0800 | [diff] [blame] | 625 | public void start() { |
| 626 | log.info("Moving from UNAUTHORIZED state to STARTED state."); |
| 627 | } |
| 628 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 629 | @Override |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 630 | public void logoff() { |
| 631 | log.info("Moving from UNAUTHORIZED state to IDLE state."); |
| 632 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 633 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 634 | |
Shubham Sharma | 1e43c56 | 2019-06-19 14:18:12 +0000 | [diff] [blame^] | 635 | /** |
| 636 | * Class for cleaning the StateMachine for those session for which no response |
| 637 | * is coming--implementing timeout. |
| 638 | */ |
| 639 | class CleanupTimerTask implements Runnable { |
| 640 | private final Logger log = getLogger(getClass()); |
| 641 | private String sessionId; |
| 642 | private AaaManager aaaManager; |
| 643 | |
| 644 | CleanupTimerTask(String sessionId, AaaManager aaaManager) { |
| 645 | this.sessionId = sessionId; |
| 646 | this.aaaManager = aaaManager; |
| 647 | } |
| 648 | |
| 649 | @Override |
| 650 | public void run() { |
| 651 | StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(sessionId); |
| 652 | if (null != stateMachine) { |
| 653 | // Asserting if last packet received for this stateMachine session was beyond half of timeout period. |
| 654 | // StateMachine is considered eligible for cleanup when no packets has been exchanged by it with AAA |
| 655 | // Server or RG during a long period (half of timeout period). For example, when cleanup timer has |
| 656 | // been configured as 10 minutes, StateMachine would be cleaned up at the end of 10 minutes if |
| 657 | // the authentication is still pending and no packet was exchanged for this session during last 5 |
| 658 | // minutes. |
| 659 | |
| 660 | boolean noTrafficWithinThreshold = (System.currentTimeMillis() |
| 661 | - stateMachine.getLastPacketReceivedTime()) > ((cleanupTimerTimeOutInMins * 60 * 1000) / 2); |
| 662 | |
| 663 | if ((TIMEOUT_ELIGIBLE_STATES.contains(stateMachine.state())) && noTrafficWithinThreshold) { |
| 664 | log.info("Deleting StateMachineMapping for sessionId: {}", sessionId); |
| 665 | cleanupTimer = null; |
| 666 | if (stateMachine.state() == STATE_PENDING && stateMachine.isWaitingForRadiusResponse()) { |
| 667 | aaaManager.aaaStatisticsManager.getAaaStats().increaseTimedOutPackets(); |
| 668 | } |
| 669 | deleteStateMachineId(sessionId); |
| 670 | deleteStateMachineMapping(stateMachine); |
| 671 | |
| 672 | // If StateMachine is not eligible for cleanup yet, reschedule cleanupTimer further. |
| 673 | } else { |
| 674 | aaaManager.scheduleStateMachineCleanupTimer(sessionId, stateMachine); |
| 675 | } |
| 676 | } else { |
| 677 | // This statement should not be logged; cleanupTimer should be cancelled for stateMachine |
| 678 | // instances which have been authenticated successfully. |
| 679 | log.warn("state-machine not found for sessionId: {}", sessionId); |
| 680 | } |
| 681 | |
| 682 | } |
| 683 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 684 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 685 | } |