Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 1 | /* |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 2 | * Copyright 2017-present Open Networking Foundation |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | * |
| 16 | */ |
| 17 | |
Matteo Scandolo | cf847b8 | 2019-04-26 15:00:00 -0700 | [diff] [blame^] | 18 | package org.opencord.aaa.impl; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 19 | |
Jonathan Hart | 4731dd9 | 2018-05-02 17:30:05 -0700 | [diff] [blame] | 20 | import com.google.common.collect.Maps; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 21 | import org.onlab.packet.MacAddress; |
| 22 | import org.onosproject.net.ConnectPoint; |
Matteo Scandolo | cf847b8 | 2019-04-26 15:00:00 -0700 | [diff] [blame^] | 23 | import org.opencord.aaa.AuthenticationEvent; |
| 24 | import org.opencord.aaa.StateMachineDelegate; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 25 | import org.slf4j.Logger; |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 26 | |
Jonathan Hart | 4731dd9 | 2018-05-02 17:30:05 -0700 | [diff] [blame] | 27 | import java.util.Map; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 28 | |
| 29 | import static org.slf4j.LoggerFactory.getLogger; |
| 30 | |
| 31 | /** |
| 32 | * AAA Finite State Machine. |
| 33 | */ |
| 34 | |
| 35 | class StateMachine { |
| 36 | //INDEX to identify the state in the transition table |
| 37 | static final int STATE_IDLE = 0; |
| 38 | static final int STATE_STARTED = 1; |
| 39 | static final int STATE_PENDING = 2; |
| 40 | static final int STATE_AUTHORIZED = 3; |
| 41 | static final int STATE_UNAUTHORIZED = 4; |
| 42 | |
| 43 | //INDEX to identify the transition in the transition table |
| 44 | static final int TRANSITION_START = 0; // --> started |
| 45 | static final int TRANSITION_REQUEST_ACCESS = 1; |
| 46 | static final int TRANSITION_AUTHORIZE_ACCESS = 2; |
| 47 | static final int TRANSITION_DENY_ACCESS = 3; |
| 48 | static final int TRANSITION_LOGOFF = 4; |
| 49 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 50 | private static int identifier = -1; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 51 | private byte challengeIdentifier; |
| 52 | private byte[] challengeState; |
| 53 | private byte[] username; |
| 54 | private byte[] requestAuthenticator; |
| 55 | |
| 56 | // Supplicant connectivity info |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 57 | private ConnectPoint supplicantConnectpoint; |
| 58 | private MacAddress supplicantAddress; |
| 59 | private short vlanId; |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 60 | private byte priorityCode; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 61 | |
| 62 | private String sessionId = null; |
| 63 | |
| 64 | private final Logger log = getLogger(getClass()); |
| 65 | |
| 66 | |
| 67 | private State[] states = { |
| 68 | new Idle(), new Started(), new Pending(), new Authorized(), new Unauthorized() |
| 69 | }; |
| 70 | |
| 71 | |
| 72 | //State transition table |
| 73 | /* |
| 74 | |
| 75 | state IDLE | STARTED | PENDING | AUTHORIZED | UNAUTHORIZED |
| 76 | //// |
| 77 | input |
| 78 | ---------------------------------------------------------------------------------------------------- |
| 79 | |
ke han | 04e47f3 | 2016-10-28 14:15:43 +0800 | [diff] [blame] | 80 | START STARTED | _ | _ | STARTED | STARTED |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 81 | |
| 82 | REQUEST_ACCESS _ | PENDING | _ | _ | _ |
| 83 | |
| 84 | AUTHORIZE_ACCESS _ | _ | AUTHORIZED | _ | _ |
| 85 | |
| 86 | DENY_ACCESS _ | - | UNAUTHORIZED | _ | _ |
| 87 | |
| 88 | LOGOFF _ | _ | _ | IDLE | IDLE |
| 89 | */ |
| 90 | |
| 91 | private int[] idleTransition = |
| 92 | {STATE_STARTED, STATE_IDLE, STATE_IDLE, STATE_IDLE, STATE_IDLE}; |
| 93 | private int[] startedTransition = |
| 94 | {STATE_STARTED, STATE_PENDING, STATE_STARTED, STATE_STARTED, STATE_STARTED}; |
| 95 | private int[] pendingTransition = |
| 96 | {STATE_PENDING, STATE_PENDING, STATE_AUTHORIZED, STATE_UNAUTHORIZED, STATE_PENDING}; |
| 97 | private int[] authorizedTransition = |
Qianqian Hu | 0c34981 | 2016-02-15 17:25:22 +0800 | [diff] [blame] | 98 | {STATE_STARTED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_IDLE}; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 99 | private int[] unauthorizedTransition = |
ke han | 04e47f3 | 2016-10-28 14:15:43 +0800 | [diff] [blame] | 100 | {STATE_STARTED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_IDLE}; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 101 | |
| 102 | //THE TRANSITION TABLE |
| 103 | private int[][] transition = |
| 104 | {idleTransition, startedTransition, pendingTransition, authorizedTransition, |
| 105 | unauthorizedTransition}; |
| 106 | |
| 107 | private int currentState = STATE_IDLE; |
| 108 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 109 | // Maps of state machines. Each state machine is represented by an |
| 110 | // unique identifier on the switch: dpid + port number |
| 111 | private static Map<String, StateMachine> sessionIdMap; |
| 112 | private static Map<Integer, StateMachine> identifierMap; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 113 | |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 114 | private static StateMachineDelegate delegate; |
| 115 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 116 | public static void initializeMaps() { |
| 117 | sessionIdMap = Maps.newConcurrentMap(); |
| 118 | identifierMap = Maps.newConcurrentMap(); |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 119 | identifier = -1; |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 120 | } |
| 121 | |
| 122 | public static void destroyMaps() { |
| 123 | sessionIdMap = null; |
| 124 | identifierMap = null; |
| 125 | } |
| 126 | |
Matteo Scandolo | cf847b8 | 2019-04-26 15:00:00 -0700 | [diff] [blame^] | 127 | public static void setDelegate(StateMachineDelegate delegate) { |
| 128 | StateMachine.delegate = delegate; |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 129 | } |
| 130 | |
| 131 | public static void unsetDelegate(StateMachineDelegate delegate) { |
| 132 | if (StateMachine.delegate == delegate) { |
| 133 | StateMachine.delegate = null; |
| 134 | } |
| 135 | } |
| 136 | |
Qianqian Hu | 61a6a40 | 2016-02-16 15:18:05 +0800 | [diff] [blame] | 137 | public static Map<String, StateMachine> sessionIdMap() { |
| 138 | return sessionIdMap; |
| 139 | } |
| 140 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 141 | public static StateMachine lookupStateMachineById(byte identifier) { |
| 142 | return identifierMap.get((int) identifier); |
| 143 | } |
| 144 | |
| 145 | public static StateMachine lookupStateMachineBySessionId(String sessionId) { |
| 146 | return sessionIdMap.get(sessionId); |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 147 | } |
| 148 | |
| 149 | public static void deleteStateMachineMapping(StateMachine machine) { |
| 150 | identifierMap.entrySet().removeIf(e -> e.getValue().equals(machine)); |
| 151 | } |
| 152 | |
| 153 | /** |
David K. Bainbridge | 6201949 | 2017-07-28 17:02:10 -0700 | [diff] [blame] | 154 | * Deletes authentication state machine records for a given MAC address. |
| 155 | * @param mac mac address of the suppliant who's state machine should be removed |
| 156 | */ |
| 157 | public static void deleteByMac(MacAddress mac) { |
| 158 | |
| 159 | // Walk the map from session IDs to state machines looking for a MAC match |
| 160 | for (Map.Entry<String, StateMachine> e : sessionIdMap.entrySet()) { |
| 161 | |
| 162 | // If a MAC match is found then delete the entry from the session ID |
| 163 | // and identifier map as well as call delete identifier to clean up |
| 164 | // the identifier bit set. |
| 165 | if (e.getValue() != null && e.getValue().supplicantAddress != null && |
| 166 | e.getValue().supplicantAddress.equals(mac)) { |
| 167 | sessionIdMap.remove(e.getValue().sessionId); |
| 168 | if (e.getValue().identifier != -1) { |
| 169 | deleteStateMachineMapping(e.getValue()); |
| 170 | } |
| 171 | break; |
| 172 | } |
| 173 | } |
| 174 | } |
| 175 | |
| 176 | /** |
Jonathan Hart | 932bedc | 2018-07-12 13:46:09 -0700 | [diff] [blame] | 177 | * Creates a new StateMachine with the given session ID. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 178 | * |
Jonathan Hart | 932bedc | 2018-07-12 13:46:09 -0700 | [diff] [blame] | 179 | * @param sessionId session Id represented by the switch dpid + port number |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 180 | */ |
Jonathan Hart | 932bedc | 2018-07-12 13:46:09 -0700 | [diff] [blame] | 181 | public StateMachine(String sessionId) { |
| 182 | log.info("Creating a new state machine for {}", sessionId); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 183 | this.sessionId = sessionId; |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 184 | sessionIdMap.put(sessionId, this); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 185 | } |
| 186 | |
| 187 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 188 | * Gets the connect point for the supplicant side. |
| 189 | * |
| 190 | * @return supplicant connect point |
| 191 | */ |
| 192 | public ConnectPoint supplicantConnectpoint() { |
| 193 | return supplicantConnectpoint; |
| 194 | } |
| 195 | |
| 196 | /** |
| 197 | * Sets the supplicant side connect point. |
| 198 | * |
| 199 | * @param supplicantConnectpoint supplicant select point. |
| 200 | */ |
| 201 | public void setSupplicantConnectpoint(ConnectPoint supplicantConnectpoint) { |
| 202 | this.supplicantConnectpoint = supplicantConnectpoint; |
| 203 | } |
| 204 | |
| 205 | /** |
| 206 | * Gets the MAC address of the supplicant. |
| 207 | * |
| 208 | * @return supplicant MAC address |
| 209 | */ |
| 210 | public MacAddress supplicantAddress() { |
| 211 | return supplicantAddress; |
| 212 | } |
| 213 | |
| 214 | /** |
| 215 | * Sets the supplicant MAC address. |
| 216 | * |
| 217 | * @param supplicantAddress new supplicant MAC address |
| 218 | */ |
| 219 | public void setSupplicantAddress(MacAddress supplicantAddress) { |
| 220 | this.supplicantAddress = supplicantAddress; |
| 221 | } |
| 222 | |
| 223 | /** |
| 224 | * Gets the client's Vlan ID. |
| 225 | * |
| 226 | * @return client vlan ID |
| 227 | */ |
| 228 | public short vlanId() { |
| 229 | return vlanId; |
| 230 | } |
| 231 | |
| 232 | /** |
| 233 | * Sets the client's vlan ID. |
| 234 | * |
| 235 | * @param vlanId new client vlan ID |
| 236 | */ |
| 237 | public void setVlanId(short vlanId) { |
| 238 | this.vlanId = vlanId; |
| 239 | } |
| 240 | |
| 241 | /** |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 242 | * Gets the client's priority Code. |
| 243 | * |
| 244 | * @return client Priority code |
| 245 | */ |
| 246 | public byte priorityCode() { |
| 247 | return priorityCode; |
| 248 | } |
| 249 | |
| 250 | /** |
| 251 | * Sets the client's priority Code. |
| 252 | * |
| 253 | * @param priorityCode new client priority Code |
| 254 | */ |
| 255 | public void setPriorityCode(byte priorityCode) { |
| 256 | this.priorityCode = priorityCode; |
| 257 | } |
| 258 | |
| 259 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 260 | * Gets the client id that is requesting for access. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 261 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 262 | * @return The client id. |
| 263 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 264 | public String sessionId() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 265 | return this.sessionId; |
| 266 | } |
| 267 | |
| 268 | /** |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 269 | * Set the challenge identifier and the state issued by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 270 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 271 | * @param challengeIdentifier The challenge identifier set into the EAP packet from the RADIUS message. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 272 | * @param challengeState The challenge state from the RADIUS. |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 273 | */ |
| 274 | protected void setChallengeInfo(byte challengeIdentifier, byte[] challengeState) { |
| 275 | this.challengeIdentifier = challengeIdentifier; |
| 276 | this.challengeState = challengeState; |
| 277 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 278 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 279 | /** |
| 280 | * Set the challenge identifier issued by the RADIUS on the access challenge request. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 281 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 282 | * @param challengeIdentifier The challenge identifier set into the EAP packet from the RADIUS message. |
| 283 | */ |
| 284 | protected void setChallengeIdentifier(byte challengeIdentifier) { |
| 285 | log.info("Set Challenge Identifier to {}", challengeIdentifier); |
| 286 | this.challengeIdentifier = challengeIdentifier; |
| 287 | } |
| 288 | |
| 289 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 290 | * Gets the challenge EAP identifier set by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 291 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 292 | * @return The challenge EAP identifier. |
| 293 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 294 | protected byte challengeIdentifier() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 295 | return this.challengeIdentifier; |
| 296 | } |
| 297 | |
| 298 | |
| 299 | /** |
| 300 | * Set the challenge state info issued by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 301 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 302 | * @param challengeState The challenge state from the RADIUS. |
| 303 | */ |
| 304 | protected void setChallengeState(byte[] challengeState) { |
| 305 | log.info("Set Challenge State"); |
| 306 | this.challengeState = challengeState; |
| 307 | } |
| 308 | |
| 309 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 310 | * Gets the challenge state set by the RADIUS. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 311 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 312 | * @return The challenge state. |
| 313 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 314 | protected byte[] challengeState() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 315 | return this.challengeState; |
| 316 | } |
| 317 | |
| 318 | /** |
| 319 | * Set the username. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 320 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 321 | * @param username The username sent to the RADIUS upon access request. |
| 322 | */ |
| 323 | protected void setUsername(byte[] username) { |
| 324 | this.username = username; |
| 325 | } |
| 326 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 327 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 328 | * Gets the username. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 329 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 330 | * @return The requestAuthenticator. |
| 331 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 332 | protected byte[] requestAuthenticator() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 333 | return this.requestAuthenticator; |
| 334 | } |
| 335 | |
| 336 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 337 | * Sets the authenticator. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 338 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 339 | * @param authenticator The username sent to the RADIUS upon access request. |
| 340 | */ |
| 341 | protected void setRequestAuthenticator(byte[] authenticator) { |
| 342 | this.requestAuthenticator = authenticator; |
| 343 | } |
| 344 | |
| 345 | |
| 346 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 347 | * Gets the username. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 348 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 349 | * @return The username. |
| 350 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 351 | protected byte[] username() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 352 | return this.username; |
| 353 | } |
| 354 | |
| 355 | /** |
| 356 | * Return the identifier of the state machine. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 357 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 358 | * @return The state machine identifier. |
| 359 | */ |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 360 | public synchronized byte identifier() { |
| 361 | identifier = (identifier + 1) % 255; |
| 362 | identifierMap.put(identifier, this); |
| 363 | return (byte) identifier; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 364 | } |
| 365 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 366 | /** |
| 367 | * Move to the next state. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 368 | * |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 369 | * @param msg message |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 370 | */ |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 371 | private void next(int msg) { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 372 | currentState = transition[currentState][msg]; |
| 373 | log.info("Current State " + currentState); |
| 374 | } |
| 375 | |
| 376 | /** |
| 377 | * Client has requested the start action to allow network access. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 378 | * |
| 379 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 380 | */ |
| 381 | public void start() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 382 | states[currentState].start(); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 383 | |
| 384 | delegate.notify(new AuthenticationEvent( |
| 385 | AuthenticationEvent.Type.STARTED, supplicantConnectpoint)); |
| 386 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 387 | //move to the next state |
| 388 | next(TRANSITION_START); |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 389 | identifier = this.identifier(); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 390 | } |
| 391 | |
| 392 | /** |
| 393 | * An Identification information has been sent by the supplicant. |
| 394 | * Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 395 | * |
| 396 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 397 | */ |
| 398 | public void requestAccess() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 399 | states[currentState].requestAccess(); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 400 | |
| 401 | delegate.notify(new AuthenticationEvent( |
| 402 | AuthenticationEvent.Type.REQUESTED, supplicantConnectpoint)); |
| 403 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 404 | //move to the next state |
| 405 | next(TRANSITION_REQUEST_ACCESS); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 406 | } |
| 407 | |
| 408 | /** |
| 409 | * RADIUS has accepted the identification. |
| 410 | * Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 411 | * |
| 412 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 413 | */ |
| 414 | public void authorizeAccess() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 415 | states[currentState].radiusAccepted(); |
| 416 | //move to the next state |
| 417 | next(TRANSITION_AUTHORIZE_ACCESS); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 418 | |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 419 | delegate.notify(new AuthenticationEvent( |
| 420 | AuthenticationEvent.Type.APPROVED, supplicantConnectpoint)); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 421 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 422 | // Clear mapping |
| 423 | deleteStateMachineMapping(this); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 424 | } |
| 425 | |
| 426 | /** |
| 427 | * RADIUS has denied the identification. |
| 428 | * Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 429 | * |
| 430 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 431 | */ |
| 432 | public void denyAccess() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 433 | states[currentState].radiusDenied(); |
| 434 | //move to the next state |
| 435 | next(TRANSITION_DENY_ACCESS); |
Jonathan Hart | 5db4453 | 2018-07-12 18:13:54 -0700 | [diff] [blame] | 436 | |
| 437 | delegate.notify(new AuthenticationEvent( |
| 438 | AuthenticationEvent.Type.DENIED, supplicantConnectpoint)); |
| 439 | |
Amit Ghosh | c9ac1e5 | 2017-07-28 12:31:18 +0100 | [diff] [blame] | 440 | // Clear mappings |
| 441 | deleteStateMachineMapping(this); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 442 | } |
| 443 | |
| 444 | /** |
| 445 | * Logoff request has been requested. |
| 446 | * Move to the next state if possible. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 447 | * |
| 448 | * @throws StateMachineException if authentication protocol is violated |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 449 | */ |
| 450 | public void logoff() throws StateMachineException { |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 451 | states[currentState].logoff(); |
| 452 | //move to the next state |
| 453 | next(TRANSITION_LOGOFF); |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 454 | } |
| 455 | |
| 456 | /** |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 457 | * Gets the current state. |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 458 | * |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 459 | * @return The current state. Could be STATE_IDLE, STATE_STARTED, STATE_PENDING, STATE_AUTHORIZED, |
| 460 | * STATE_UNAUTHORIZED. |
| 461 | */ |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 462 | public int state() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 463 | return currentState; |
| 464 | } |
| 465 | |
Ray Milkey | f61a24e | 2015-09-24 16:34:02 -0700 | [diff] [blame] | 466 | @Override |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 467 | public String toString() { |
| 468 | return ("sessionId: " + this.sessionId) + "\t" + ("identifier: " + this.identifier) + "\t" + |
| 469 | ("state: " + this.currentState); |
| 470 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 471 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 472 | abstract class State { |
| 473 | private final Logger log = getLogger(getClass()); |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 474 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 475 | private String name = "State"; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 476 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 477 | public void start() throws StateMachineInvalidTransitionException { |
| 478 | log.warn("START transition from this state is not allowed."); |
| 479 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 480 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 481 | public void requestAccess() throws StateMachineInvalidTransitionException { |
| 482 | log.warn("REQUEST ACCESS transition from this state is not allowed."); |
| 483 | } |
| 484 | |
| 485 | public void radiusAccepted() throws StateMachineInvalidTransitionException { |
| 486 | log.warn("AUTHORIZE ACCESS transition from this state is not allowed."); |
| 487 | } |
| 488 | |
| 489 | public void radiusDenied() throws StateMachineInvalidTransitionException { |
| 490 | log.warn("DENY ACCESS transition from this state is not allowed."); |
| 491 | } |
| 492 | |
| 493 | public void logoff() throws StateMachineInvalidTransitionException { |
| 494 | log.warn("LOGOFF transition from this state is not allowed."); |
| 495 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 496 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 497 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 498 | /** |
| 499 | * Idle state: supplicant is logged of from the network. |
| 500 | */ |
| 501 | class Idle extends State { |
| 502 | private final Logger log = getLogger(getClass()); |
| 503 | private String name = "IDLE_STATE"; |
| 504 | |
| 505 | public void start() { |
| 506 | log.info("Moving from IDLE state to STARTED state."); |
| 507 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 508 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 509 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 510 | /** |
| 511 | * Started state: supplicant has entered the network and informed the authenticator. |
| 512 | */ |
| 513 | class Started extends State { |
| 514 | private final Logger log = getLogger(getClass()); |
| 515 | private String name = "STARTED_STATE"; |
| 516 | |
| 517 | public void requestAccess() { |
| 518 | log.info("Moving from STARTED state to PENDING state."); |
| 519 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 520 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 521 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 522 | /** |
| 523 | * Pending state: supplicant has been identified by the authenticator but has not access yet. |
| 524 | */ |
| 525 | class Pending extends State { |
| 526 | private final Logger log = getLogger(getClass()); |
| 527 | private String name = "PENDING_STATE"; |
| 528 | |
| 529 | public void radiusAccepted() { |
| 530 | log.info("Moving from PENDING state to AUTHORIZED state."); |
| 531 | } |
| 532 | |
| 533 | public void radiusDenied() { |
| 534 | log.info("Moving from PENDING state to UNAUTHORIZED state."); |
| 535 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 536 | } |
Thomas Vachuska | e989420 | 2015-07-30 11:59:07 -0700 | [diff] [blame] | 537 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 538 | /** |
| 539 | * Authorized state: supplicant port has been accepted, access is granted. |
| 540 | */ |
| 541 | class Authorized extends State { |
| 542 | private final Logger log = getLogger(getClass()); |
| 543 | private String name = "AUTHORIZED_STATE"; |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 544 | |
Qianqian Hu | 0c34981 | 2016-02-15 17:25:22 +0800 | [diff] [blame] | 545 | public void start() { |
| 546 | log.info("Moving from AUTHORIZED state to STARTED state."); |
| 547 | } |
| 548 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 549 | public void logoff() { |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 550 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 551 | log.info("Moving from AUTHORIZED state to IDLE state."); |
| 552 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 553 | } |
| 554 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 555 | /** |
| 556 | * Unauthorized state: supplicant port has been rejected, access is denied. |
| 557 | */ |
| 558 | class Unauthorized extends State { |
| 559 | private final Logger log = getLogger(getClass()); |
| 560 | private String name = "UNAUTHORIZED_STATE"; |
| 561 | |
ke han | 04e47f3 | 2016-10-28 14:15:43 +0800 | [diff] [blame] | 562 | public void start() { |
| 563 | log.info("Moving from UNAUTHORIZED state to STARTED state."); |
| 564 | } |
| 565 | |
Ray Milkey | 78e95a4 | 2015-09-24 08:36:45 -0700 | [diff] [blame] | 566 | public void logoff() { |
| 567 | log.info("Moving from UNAUTHORIZED state to IDLE state."); |
| 568 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 569 | } |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 570 | |
| 571 | |
Ari Saha | 8983174 | 2015-06-26 10:31:48 -0700 | [diff] [blame] | 572 | } |