홍길동 / onos

Go to a project
Toggle navigation Toggle navigation pinning
Ari Saha
Committed by Gerrit Code Review
79d7c256 1 parent a2b59154

ONOS AAA app: Authentication and Authorization logic. 

Change-Id: I36eb889eeab38edf12377c13e780a147551459a4
Inline Side-by-side
Showing 14 changed files with 2409 additions and 0 deletions
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2015 Open Networking Laboratory
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<app name="org.onosproject.aaa" origin="ATT" version="${project.version}"
featuresRepo="mvn:${project.groupId}/${project.artifactId}/${project.version}/xml/features"
features="${project.artifactId}">
<description>${project.description}</description>
<artifact>mvn:${project.groupId}/${project.artifactId}/${project.version}</artifact>
<artifact>mvn:${project.groupId}/onos-app-xos-integration/${project.version}</artifact>
<bundle>mvn:com.sun.jersey/jersey-client/1.19</bundle>
</app>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!--
~ Copyright 2015 Open Networking Laboratory
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<features xmlns="http://karaf.apache.org/xmlns/features/v1.2.0" name="${project.artifactId}-${project.version}">
<repository>mvn:${project.groupId}/${project.artifactId}/${project.version}/xml/features</repository>
<feature name="${project.artifactId}" version="${project.version}"
description="${project.description}">
<feature>onos-api</feature>
<bundle>mvn:com.sun.jersey/jersey-client/1.19</bundle>
<bundle>mvn:${project.groupId}/${project.artifactId}/${project.version}</bundle>
<bundle>mvn:${project.groupId}/onos-app-xos-integration/${project.version}</bundle>
</feature>
</features>
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright 2014 Open Networking Laboratory
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.onosproject</groupId>
<artifactId>onos-apps</artifactId>
<version>1.3.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>onos-app-aaa</artifactId>
<packaging>bundle</packaging>
<description>ONOS authentication application</description>
<properties>
<onos.app.name>org.onosproject.aaa</onos.app.name>
</properties>
<dependencies>
<dependency>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.compendium</artifactId>
</dependency>
<dependency>
<groupId>org.onosproject</groupId>
<artifactId>onlab-junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.onosproject</groupId>
<artifactId>onos-api</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.onosproject</groupId>
<artifactId>onlab-osgi</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.apache.felix</groupId>
<artifactId>org.apache.felix.scr.annotations</artifactId>
</dependency>
<dependency>
<groupId>org.onosproject</groupId>
<artifactId>onos-app-xos-integration</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.onosproject</groupId>
<artifactId>onos-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
/*
* Copyright 2015 AT&T Foundry
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.onosproject.aaa;
import com.google.common.base.Strings;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.onlab.packet.Ethernet;
import org.onlab.packet.IPv4;
import org.onlab.packet.Ip4Address;
import org.onlab.packet.IpAddress;
import org.onlab.packet.MacAddress;
import org.onlab.packet.UDP;
import org.onlab.packet.VlanId;
import org.onlab.util.Tools;
import org.onosproject.aaa.packet.EAP;
import org.onosproject.aaa.packet.EAPEthernet;
import org.onosproject.aaa.packet.EAPOL;
import org.onosproject.aaa.packet.RADIUS;
import org.onosproject.aaa.packet.RADIUSAttribute;
import org.onosproject.cfg.ComponentConfigService;
import org.onosproject.core.ApplicationId;
import org.onosproject.core.CoreService;
import org.onosproject.net.ConnectPoint;
import org.onosproject.net.DeviceId;
import org.onosproject.net.Host;
import org.onosproject.net.PortNumber;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.FlowRuleService;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flow.TrafficTreatment;
import org.onosproject.net.host.HostService;
import org.onosproject.net.intent.IntentService;
import org.onosproject.net.packet.DefaultOutboundPacket;
import org.onosproject.net.packet.InboundPacket;
import org.onosproject.net.packet.OutboundPacket;
import org.onosproject.net.packet.PacketContext;
import org.onosproject.net.packet.PacketPriority;
import org.onosproject.net.packet.PacketProcessor;
import org.onosproject.net.packet.PacketService;
import org.onosproject.net.topology.TopologyService;
import org.onosproject.xosintegration.VoltTenantService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import static org.slf4j.LoggerFactory.getLogger;
/**
* AAA application for Onos.
*/
@Component(immediate = true)
public class AAA {
// a list of our dependencies :
// to register with ONOS as an application - described next
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected CoreService coreService;
// topology information
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected TopologyService topologyService;
// to receive Packet-in events that we'll respond to
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected PacketService packetService;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected FlowRuleService flowService;
// to submit/withdraw intents for traffic manipulation
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected IntentService intentService;
// end host information
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected HostService hostService;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected VoltTenantService voltTenantService;
// for verbose output
private final Logger log = getLogger(getClass());
// our application-specific event handler
private ReactivePacketProcessor processor = new ReactivePacketProcessor();
// our unique identifier
private ApplicationId appId;
// Map of state machines. Each state machine is represented by an
// unique identifier on the switch: dpid + port number
Map stateMachineMap = null;
// RADIUS server IP address
private static final String DEFAULT_RADIUS_IP = "192.168.1.10";
// NAS IP address
private static final String DEFAULT_NAS_IP = "192.168.1.11";
// RADIUS uplink port
private static final int DEFAULT_RADIUS_UPLINK = 2;
// RADIUS server shared secret
private static final String DEFAULT_RADIUS_SECRET = "ONOSecret";
//RADIUS MAC address
private static final String RADIUS_MAC_ADDRESS = "00:00:00:00:01:10";
//NAS MAC address
private static final String NAS_MAC_ADDRESS = "00:00:00:00:10:01";
//Radius Switch Id
private static final String DEFAULT_RADIUS_SWITCH = "of:5e3e486e73000187";
//Radius Port Number
private static final String DEFAULT_RADIUS_PORT = "5";
@Property(name = "radiusIpAddress", value = DEFAULT_RADIUS_IP,
label = "RADIUS IP Address")
private String radiusIpAddress = DEFAULT_RADIUS_IP;
@Property(name = "nasIpAddress", value = DEFAULT_NAS_IP,
label = "NAP IP Address")
private String nasIpAddress = DEFAULT_NAS_IP;
@Property(name = "radiusMacAddress", value = RADIUS_MAC_ADDRESS,
label = "RADIUS MAC Address")
private String radiusMacAddress = RADIUS_MAC_ADDRESS;
@Property(name = "nasMacAddress", value = NAS_MAC_ADDRESS,
label = "NAP MAC Address")
private String nasMacAddress = NAS_MAC_ADDRESS;
@Property(name = "radiusSecret", value = DEFAULT_RADIUS_SECRET,
label = "RADIUS shared secret")
private String radiusSecret = DEFAULT_RADIUS_SECRET;
@Property(name = "radiusSwitchId", value = DEFAULT_RADIUS_SWITCH,
label = "Radius switch")
private String radiusSwitch = DEFAULT_RADIUS_SWITCH;
@Property(name = "radiusPortNumber", value = DEFAULT_RADIUS_PORT,
label = "Radius port")
private String radiusPort = DEFAULT_RADIUS_PORT;
// Parsed RADIUS server IP address
protected InetAddress parsedRadiusIpAddress;
// Parsed NAS IP address
protected InetAddress parsedNasIpAddress;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected ComponentConfigService cfgService;
@Modified
public void modified(ComponentContext context) {
Dictionary<?, ?> properties = context.getProperties();
String s = Tools.get(properties, "radiusIpAddress");
try {
parsedRadiusIpAddress = InetAddress.getByName(s);
radiusIpAddress = Strings.isNullOrEmpty(s) ? DEFAULT_RADIUS_IP : s;
} catch (UnknownHostException e) {
log.error("Invalid RADIUS IP address specification: {}", s);
}
try {
s = Tools.get(properties, "nasIpAddress");
parsedNasIpAddress = InetAddress.getByName(s);
nasIpAddress = Strings.isNullOrEmpty(s) ? DEFAULT_NAS_IP : s;
} catch (UnknownHostException e) {
log.error("Invalid NAS IP address specification: {}", s);
}
s = Tools.get(properties, "radiusMacAddress");
radiusMacAddress = Strings.isNullOrEmpty(s) ? RADIUS_MAC_ADDRESS : s;
s = Tools.get(properties, "nasMacAddress");
nasMacAddress = Strings.isNullOrEmpty(s) ? NAS_MAC_ADDRESS : s;
s = Tools.get(properties, "radiusSecret");
radiusSecret = Strings.isNullOrEmpty(s) ? DEFAULT_RADIUS_SECRET : s;
s = Tools.get(properties, "radiusSwitchId");
radiusSwitch = Strings.isNullOrEmpty(s) ? DEFAULT_RADIUS_SWITCH : s;
s = Tools.get(properties, "radiusPortNumber");
radiusPort = Strings.isNullOrEmpty(s) ? DEFAULT_RADIUS_PORT : s;
}
@Activate
public void activate(ComponentContext context) {
cfgService.registerProperties(getClass());
modified(context);
// "org.onosproject.aaa" is the FQDN of our app
appId = coreService.registerApplication("org.onosproject.aaa");
// register our event handler
packetService.addProcessor(processor, PacketProcessor.ADVISOR_MAX + 2);
TrafficSelector.Builder selector = DefaultTrafficSelector.builder();
selector.matchEthType(EAPEthernet.TYPE_PAE);
packetService.requestPackets(selector.build(),
PacketPriority.CONTROL, appId);
// Instantiate the map of the state machines
Map<String, StateMachine> stateMachines = new HashMap<String, StateMachine>();
stateMachineMap = Collections.synchronizedMap(stateMachines);
hostService.startMonitoringIp(IpAddress.valueOf(radiusIpAddress));
}
@Deactivate
public void deactivate() {
cfgService.unregisterProperties(getClass(), false);
// de-register and null our handler
packetService.removeProcessor(processor);
processor = null;
}
// our handler defined as a private inner class
/**
* Packet processor responsible for forwarding packets along their paths.
*/
private class ReactivePacketProcessor implements PacketProcessor {
@Override
public void process(PacketContext context) {
// Extract the original Ethernet frame from the packet information
InboundPacket pkt = context.inPacket();
Ethernet ethPkt = pkt.parsed();
if (ethPkt == null) {
return;
}
//identify if incoming packet comes from supplicant (EAP) or RADIUS
switch (ethPkt.getEtherType()) {
case (short) 0x888e:
handleSupplicantPacket(ethPkt, context);
break;
case 0x800:
IPv4 ipv4Packet = (IPv4) ethPkt.getPayload();
Ip4Address srcIp = Ip4Address.valueOf(ipv4Packet.getSourceAddress());
Ip4Address radiusIp4Address = Ip4Address.valueOf(parsedRadiusIpAddress);
if (srcIp.equals(radiusIp4Address) && ipv4Packet.getProtocol() == IPv4.PROTOCOL_UDP) {
// TODO: check for port as well when it's configurable
UDP udpPacket = (UDP) ipv4Packet.getPayload();
// RADIUS radiusPacket = (RADIUS) udpPacket.getPayload();
byte[] datagram = udpPacket.getPayload().serialize();
RADIUS radiusPacket = new RADIUS();
radiusPacket = (RADIUS) radiusPacket.deserialize(datagram, 0, datagram.length);
handleRadiusPacket(radiusPacket);
}
break;
default:
return;
}
}
/**
* Handle PAE packets (supplicant).
* @param ethPkt Ethernet packet coming from the supplicant.
*/
private void handleSupplicantPacket(Ethernet ethPkt, PacketContext context) {
// Where does it come from?
MacAddress srcMAC = ethPkt.getSourceMAC();
DeviceId deviceId = context.inPacket().receivedFrom().deviceId();
PortNumber portNumber = context.inPacket().receivedFrom().port();
String sessionId = deviceId.toString() + portNumber.toString();
StateMachine stateMachine = getStateMachine(sessionId);
//Reserialize the data of the eth packet into our EAPOL format
// this code will go once it is in the onos repository.
byte[] bullshit = ethPkt.getPayload().serialize();
EAPOL eapol = (EAPOL) new EAPOL().deserialize(bullshit, 0, bullshit.length);
switch (eapol.getEapolType()) {
case EAPOL.EAPOL_START:
try {
stateMachine.start();
stateMachine.supplicantConnectpoint = context.inPacket().receivedFrom();
//send an EAP Request/Identify to the supplicant
EAP eapPayload = new EAP(EAP.REQUEST, stateMachine.getIdentifier(), EAP.ATTR_IDENTITY, null);
Ethernet eth = EAPOL.buildEapolResponse(srcMAC, MacAddress.valueOf(1L),
ethPkt.getVlanID(), EAPOL.EAPOL_PACKET,
eapPayload);
stateMachine.supplicantAddress = srcMAC;
stateMachine.vlanId = ethPkt.getVlanID();
this.sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint);
} catch (StateMachineException e) {
e.printStackTrace();
}
break;
case EAPOL.EAPOL_PACKET:
//check if this is a Response/Idenfity or a Response/TLS
EAP eapPacket = (EAP) eapol.getPayload();
byte dataType = eapPacket.getDataType();
switch (dataType) {
case EAP.ATTR_IDENTITY:
try {
//request id access to RADIUS
RADIUS radiusPayload = new RADIUS(RADIUS.RADIUS_CODE_ACCESS_REQUEST,
eapPacket.getIdentifier());
radiusPayload.setIdentifier(stateMachine.getIdentifier());
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME,
eapPacket.getData());
stateMachine.setUsername(eapPacket.getData());
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP,
AAA.this.parsedNasIpAddress.getAddress());
radiusPayload.encapsulateMessage(eapPacket);
// set Request Authenticator in StateMachine
stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
radiusPayload.addMessageAuthenticator(AAA.this.radiusSecret);
sendRadiusMessage(radiusPayload);
//change the state to "PENDING"
stateMachine.requestAccess();
} catch (StateMachineException e) {
e.printStackTrace();
}
break;
case EAP.ATTR_MD5:
//verify if the EAP identifier corresponds to the challenge identifier from the client state
//machine.
if (eapPacket.getIdentifier() == stateMachine.getChallengeIdentifier()) {
//send the RADIUS challenge response
RADIUS radiusPayload = new RADIUS(RADIUS.RADIUS_CODE_ACCESS_REQUEST,
eapPacket.getIdentifier());
radiusPayload.setIdentifier(stateMachine.getChallengeIdentifier());
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME,
stateMachine.getUsername());
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP,
AAA.this.parsedNasIpAddress.getAddress());
radiusPayload.encapsulateMessage(eapPacket);
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
stateMachine.getChallengeState());
radiusPayload.addMessageAuthenticator(AAA.this.radiusSecret);
sendRadiusMessage(radiusPayload);
}
break;
case EAP.ATTR_TLS:
try {
//request id access to RADIUS
RADIUS radiusPayload = new RADIUS(RADIUS.RADIUS_CODE_ACCESS_REQUEST,
eapPacket.getIdentifier());
radiusPayload.setIdentifier(stateMachine.getIdentifier());
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME,
stateMachine.getUsername());
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP,
AAA.this.parsedNasIpAddress.getAddress());
radiusPayload.encapsulateMessage(eapPacket);
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
stateMachine.getChallengeState());
stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
radiusPayload.addMessageAuthenticator(AAA.this.radiusSecret);
sendRadiusMessage(radiusPayload);
// TODO: this gets called on every fragment, should only be called at TLS-Start
stateMachine.requestAccess();
} catch (StateMachineException e) {
e.printStackTrace();
}
break;
default:
return;
}
break;
default:
return;
}
}
/**
* Handle RADIUS packets.
* @param radiusPacket RADIUS packet coming from the RADIUS server.
*/
private void handleRadiusPacket(RADIUS radiusPacket) {
StateMachine stateMachine = getStateMachineById(radiusPacket.getIdentifier());
if (stateMachine == null) {
log.error("Invalid session identifier, exiting...");
return;
}
byte[] eapMessage = null;
EAP eapPayload = new EAP();
Ethernet eth = null;
switch (radiusPacket.getCode()) {
case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
byte[] challengeState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE).getValue();
eapPayload = radiusPacket.decapsulateMessage();
stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
eth = EAPOL.buildEapolResponse(stateMachine.supplicantAddress,
MacAddress.valueOf(1L), stateMachine.vlanId, EAPOL.EAPOL_PACKET, eapPayload);
this.sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint);
break;
case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
try {
//send an EAPOL - Success to the supplicant.
eapMessage =
radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
eapPayload = new EAP();
eapPayload = (EAP) eapPayload.deserialize(eapMessage, 0, eapMessage.length);
eth = EAPOL.buildEapolResponse(stateMachine.supplicantAddress,
MacAddress.valueOf(1L), stateMachine.vlanId, EAPOL.EAPOL_PACKET, eapPayload);
this.sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint);
stateMachine.authorizeAccess();
} catch (StateMachineException e) {
e.printStackTrace();
}
break;
case RADIUS.RADIUS_CODE_ACCESS_REJECT:
try {
stateMachine.denyAccess();
} catch (StateMachineException e) {
e.printStackTrace();
}
break;
default:
log.warn("Unknown RADIUS message received with code: {}", radiusPacket.getCode());
}
}
private StateMachine getStateMachineById(byte identifier) {
StateMachine stateMachine = null;
Set stateMachineSet = stateMachineMap.entrySet();
synchronized (stateMachineMap) {
Iterator itr = stateMachineSet.iterator();
while (itr.hasNext()) {
Map.Entry entry = (Map.Entry) itr.next();
stateMachine = (StateMachine) entry.getValue();
if (identifier == stateMachine.getIdentifier()) {
//the state machine has already been created for this session session
stateMachine = (StateMachine) entry.getValue();
break;
}
}
}
return stateMachine;
}
private StateMachine getStateMachine(String sessionId) {
StateMachine stateMachine = null;
Set stateMachineSet = stateMachineMap.entrySet();
synchronized (stateMachineMap) {
Iterator itr = stateMachineSet.iterator();
while (itr.hasNext()) {
Map.Entry entry = (Map.Entry) itr.next();
if (sessionId.equals(entry.getKey())) {
//the state machine has already been created for this session session
stateMachine = (StateMachine) entry.getValue();
break;
}
}
}
if (stateMachine == null) {
stateMachine = new StateMachine(sessionId, voltTenantService);
stateMachineMap.put(sessionId, stateMachine);
}
return stateMachine;
}
private void sendRadiusMessage(RADIUS radiusMessage) {
Set<Host> hosts = hostService.getHostsByIp(IpAddress.valueOf(radiusIpAddress));
Optional<Host> odst = hosts.stream().filter(h -> h.vlan().toShort() == VlanId.UNTAGGED).findFirst();
Host dst;
if (!odst.isPresent()) {
log.info("Radius server {} is not present", radiusIpAddress);
return;
} else {
dst = odst.get();
}
UDP udp = new UDP();
IPv4 ip4Packet = new IPv4();
Ethernet ethPkt = new Ethernet();
radiusMessage.setParent(udp);
udp.setDestinationPort((short) 1812);
udp.setSourcePort((short) 1812); // TODO: make this configurable
udp.setPayload(radiusMessage);
udp.setParent(ip4Packet);
ip4Packet.setSourceAddress(AAA.this.nasIpAddress);
ip4Packet.setDestinationAddress(AAA.this.radiusIpAddress);
ip4Packet.setProtocol(IPv4.PROTOCOL_UDP);
ip4Packet.setPayload(udp);
ip4Packet.setParent(ethPkt);
ethPkt.setDestinationMACAddress(radiusMacAddress);
ethPkt.setSourceMACAddress(nasMacAddress);
ethPkt.setEtherType(Ethernet.TYPE_IPV4);
ethPkt.setPayload(ip4Packet);
TrafficTreatment treatment = DefaultTrafficTreatment.builder()
.setOutput(PortNumber.portNumber(Integer.parseInt(radiusPort))).build();
OutboundPacket packet = new DefaultOutboundPacket(DeviceId.deviceId(radiusSwitch),
treatment, ByteBuffer.wrap(ethPkt.serialize()));
packetService.emit(packet);
}
/**
* Send the ethernet packet to the supplicant.
* @param ethernetPkt the ethernet packet
*/
private void sendPacketToSupplicant(Ethernet ethernetPkt, ConnectPoint connectPoint) {
TrafficTreatment treatment = DefaultTrafficTreatment.builder().setOutput(connectPoint.port()).build();
OutboundPacket packet = new DefaultOutboundPacket(connectPoint.deviceId(),
treatment, ByteBuffer.wrap(ethernetPkt.serialize()));
packetService.emit(packet);
}
}
}
/*
*
* Copyright 2015 AT&T Foundry
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.onosproject.aaa;
import org.onlab.packet.MacAddress;
import org.onosproject.net.ConnectPoint;
import org.onosproject.xosintegration.VoltTenant;
import org.onosproject.xosintegration.VoltTenantService;
import org.slf4j.Logger;
import java.util.BitSet;
import static org.slf4j.LoggerFactory.getLogger;
/**
* AAA Finite State Machine.
*/
class StateMachine {
//INDEX to identify the state in the transition table
static final int STATE_IDLE = 0;
static final int STATE_STARTED = 1;
static final int STATE_PENDING = 2;
static final int STATE_AUTHORIZED = 3;
static final int STATE_UNAUTHORIZED = 4;
//INDEX to identify the transition in the transition table
static final int TRANSITION_START = 0; // --> started
static final int TRANSITION_REQUEST_ACCESS = 1;
static final int TRANSITION_AUTHORIZE_ACCESS = 2;
static final int TRANSITION_DENY_ACCESS = 3;
static final int TRANSITION_LOGOFF = 4;
//map of access identifiers (issued at EAPOL START)
static BitSet bitSet = new BitSet();
private final VoltTenantService voltService;
private int identifier = -1;
private byte challengeIdentifier;
private byte[] challengeState;
private byte[] username;
private byte[] requestAuthenticator;
// Supplicant connectivity info
protected ConnectPoint supplicantConnectpoint;
protected MacAddress supplicantAddress;
protected short vlanId;
private String sessionId = null;
private final Logger log = getLogger(getClass());
private State[] states = {
new Idle(), new Started(), new Pending(), new Authorized(), new Unauthorized()
};
//State transition table
/*
state IDLE | STARTED | PENDING | AUTHORIZED | UNAUTHORIZED
////
input
----------------------------------------------------------------------------------------------------
START STARTED | _ | _ | _ | _
REQUEST_ACCESS _ | PENDING | _ | _ | _
AUTHORIZE_ACCESS _ | _ | AUTHORIZED | _ | _
DENY_ACCESS _ | - | UNAUTHORIZED | _ | _
LOGOFF _ | _ | _ | IDLE | IDLE
*/
private int[] idleTransition =
{STATE_STARTED, STATE_IDLE, STATE_IDLE, STATE_IDLE, STATE_IDLE};
private int[] startedTransition =
{STATE_STARTED, STATE_PENDING, STATE_STARTED, STATE_STARTED, STATE_STARTED};
private int[] pendingTransition =
{STATE_PENDING, STATE_PENDING, STATE_AUTHORIZED, STATE_UNAUTHORIZED, STATE_PENDING};
private int[] authorizedTransition =
{STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_AUTHORIZED, STATE_IDLE};
private int[] unauthorizedTransition =
{STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_UNAUTHORIZED, STATE_IDLE};
//THE TRANSITION TABLE
private int[][] transition =
{idleTransition, startedTransition, pendingTransition, authorizedTransition,
unauthorizedTransition};
private int currentState = STATE_IDLE;
/**
* State Machine Constructor.
* @param sessionId Session Id represented by the switch dpid + port number
*/
public StateMachine(String sessionId, VoltTenantService voltService) {
log.info("Creating a new state machine for {}", sessionId);
this.sessionId = sessionId;
this.voltService = voltService;
}
/**
* Get the client id that is requesting for access.
* @return The client id.
*/
public String getSessionId() {
return this.sessionId;
}
/**
* Create the identifier for the state machine (happens when goes to STARTED state).
*/
private void createIdentifier() throws StateMachineException {
log.debug("Creating Identifier.");
int index = -1;
try {
//find the first available spot for identifier assignment
index = StateMachine.bitSet.nextClearBit(0);
//there is a limit of 256 identifiers
if (index == 256) {
throw new StateMachineException("Cannot handle any new identifier. Limit is 256.");
}
} catch (IndexOutOfBoundsException e) {
throw new StateMachineException(e.getMessage());
}
log.info("Assigning identifier {}", index);
StateMachine.bitSet.set(index);
this.identifier = index;
}
/**
* Set the challenge identifier and the state issued by the RADIUS.
* @param challengeIdentifier The challenge identifier set into the EAP packet from the RADIUS message.
* @param challengeState The challenge state from the RADIUS.
*/
protected void setChallengeInfo(byte challengeIdentifier, byte[] challengeState) {
this.challengeIdentifier = challengeIdentifier;
this.challengeState = challengeState;
}
/**
* Set the challenge identifier issued by the RADIUS on the access challenge request.
* @param challengeIdentifier The challenge identifier set into the EAP packet from the RADIUS message.
*/
protected void setChallengeIdentifier(byte challengeIdentifier) {
log.info("Set Challenge Identifier to {}", challengeIdentifier);
this.challengeIdentifier = challengeIdentifier;
}
/**
* Get the challenge EAP identifier set by the RADIUS.
* @return The challenge EAP identifier.
*/
protected byte getChallengeIdentifier() {
return this.challengeIdentifier;
}
/**
* Set the challenge state info issued by the RADIUS.
* @param challengeState The challenge state from the RADIUS.
*/
protected void setChallengeState(byte[] challengeState) {
log.info("Set Challenge State");
this.challengeState = challengeState;
}
/**
* Get the challenge state set by the RADIUS.
* @return The challenge state.
*/
protected byte[] getChallengeState() {
return this.challengeState;
}
/**
* Set the username.
* @param username The username sent to the RADIUS upon access request.
*/
protected void setUsername(byte[] username) {
this.username = username;
}
/**
* Get the username.
* @return The requestAuthenticator.
*/
protected byte[] getReqeustAuthenticator() {
return this.requestAuthenticator;
}
/**
* Set the username.
* @param authenticator The username sent to the RADIUS upon access request.
*/
protected void setRequestAuthenticator(byte[] authenticator) {
this.requestAuthenticator = authenticator;
}
/**
* Get the username.
* @return The username.
*/
protected byte[] getUsername() {
return this.username;
}
/**
* Return the identifier of the state machine.
* @return The state machine identifier.
*/
public byte getIdentifier() {
return (byte) this.identifier;
}
protected void deleteIdentifier() {
if (this.identifier != -1) {
log.info("Freeing up " + this.identifier);
//this state machine should be deleted and free up the identifier
StateMachine.bitSet.clear(this.identifier);
this.identifier = -1;
}
}
/**
* Move to the next state.
* @param msg
*/
private void next(int msg) {
currentState = transition[currentState][msg];
log.info("Current State " + currentState);
}
/**
* Client has requested the start action to allow network access.
*/
public void start() throws StateMachineException {
try {
states[currentState].start();
//move to the next state
next(TRANSITION_START);
createIdentifier();
} catch (StateMachineInvalidTransitionException e) {
e.printStackTrace();
}
}
/**
* An Identification information has been sent by the supplicant.
* Move to the next state if possible.
*/
public void requestAccess() throws StateMachineException {
try {
states[currentState].requestAccess();
//move to the next state
next(TRANSITION_REQUEST_ACCESS);
} catch (StateMachineInvalidTransitionException e) {
e.printStackTrace();
}
}
/**
* RADIUS has accepted the identification.
* Move to the next state if possible.
*/
public void authorizeAccess() throws StateMachineException {
try {
states[currentState].radiusAccepted();
//move to the next state
next(TRANSITION_AUTHORIZE_ACCESS);
if (voltService != null) {
voltService.addTenant(
VoltTenant.builder()
.withHumanReadableName("VCPE-" + this.identifier)
.withId(this.identifier)
.withProviderService(1)
.withServiceSpecificId(String.valueOf(this.identifier))
.withPort(this.supplicantConnectpoint)
.withVlanId(String.valueOf(this.vlanId)).build());
}
deleteIdentifier();
} catch (StateMachineInvalidTransitionException e) {
e.printStackTrace();
}
}
/**
* RADIUS has denied the identification.
* Move to the next state if possible.
*/
public void denyAccess() throws StateMachineException {
try {
states[currentState].radiusDenied();
//move to the next state
next(TRANSITION_DENY_ACCESS);
deleteIdentifier();
} catch (StateMachineInvalidTransitionException e) {
e.printStackTrace();
}
}
/**
* Logoff request has been requested.
* Move to the next state if possible.
*/
public void logoff() throws StateMachineException {
try {
states[currentState].logoff();
//move to the next state
next(TRANSITION_LOGOFF);
} catch (StateMachineInvalidTransitionException e) {
e.printStackTrace();
}
}
/**
* Get the current state.
* @return The current state. Could be STATE_IDLE, STATE_STARTED, STATE_PENDING, STATE_AUTHORIZED,
* STATE_UNAUTHORIZED.
*/
public int getState() {
return currentState;
}
public String toString() {
return ("sessionId: " + this.sessionId) + "\t" + ("identifier: " + this.identifier) + "\t" +
("state: " + this.currentState);
}
}
abstract class State {
private final Logger log = getLogger(getClass());
private String name = "State";
public void start() throws StateMachineInvalidTransitionException {
log.warn("START transition from this state is not allowed.");
}
public void requestAccess() throws StateMachineInvalidTransitionException {
log.warn("REQUEST ACCESS transition from this state is not allowed.");
}
public void radiusAccepted() throws StateMachineInvalidTransitionException {
log.warn("AUTHORIZE ACCESS transition from this state is not allowed.");
}
public void radiusDenied() throws StateMachineInvalidTransitionException {
log.warn("DENY ACCESS transition from this state is not allowed.");
}
public void logoff() throws StateMachineInvalidTransitionException {
log.warn("LOGOFF transition from this state is not allowed.");
}
}
/**
* Idle state: supplicant is logged of from the network.
*/
class Idle extends State {
private final Logger log = getLogger(getClass());
private String name = "IDLE_STATE";
public void start() {
log.info("Moving from IDLE state to STARTED state.");
}
}
/**
* Started state: supplicant has entered the network and informed the authenticator.
*/
class Started extends State {
private final Logger log = getLogger(getClass());
private String name = "STARTED_STATE";
public void requestAccess() {
log.info("Moving from STARTED state to PENDING state.");
}
}
/**
* Pending state: supplicant has been identified by the authenticator but has not access yet.
*/
class Pending extends State {
private final Logger log = getLogger(getClass());
private String name = "PENDING_STATE";
public void radiusAccepted() {
log.info("Moving from PENDING state to AUTHORIZED state.");
}
public void radiusDenied() {
log.info("Moving from PENDING state to UNAUTHORIZED state.");
}
}
/**
* Authorized state: supplicant port has been accepted, access is granted.
*/
class Authorized extends State {
private final Logger log = getLogger(getClass());
private String name = "AUTHORIZED_STATE";
public void logoff() {
log.info("Moving from AUTHORIZED state to IDLE state.");
}
}
/**
* Unauthorized state: supplicant port has been rejected, access is denied.
*/
class Unauthorized extends State {
private final Logger log = getLogger(getClass());
private String name = "UNAUTHORIZED_STATE";
public void logoff() {
log.info("Moving from UNAUTHORIZED state to IDLE state.");
}
}
/**
* Exception for the State Machine.
*/
class StateMachineException extends Exception {
public StateMachineException(String message) {
super(message);
}
}
/**
* Exception raised when the transition from one state to another is invalid.
*/
class StateMachineInvalidTransitionException extends StateMachineException {
public StateMachineInvalidTransitionException(String message) {
super(message);
}
}
/*
* Copyright 2014 Open Networking Laboratory
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* AAA implmentation.
*/
package org.onosproject.aaa;
/*
*
* * Copyright 2015 AT&T Foundry
* *
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
package org.onosproject.aaa.packet;
import org.onlab.packet.BasePacket;
import org.onlab.packet.IPacket;
import java.nio.ByteBuffer;
/**
*
*/
public class EAP extends BasePacket {
public static final short MIN_LEN = 0x4;
public static final short EAP_HDR_LEN_REQ_RESP = 5;
public static final short EAP_HDR_LEN_SUC_FAIL = 4;
/* EAP Code */
public static final byte REQUEST = 0x1;
public static final byte RESPONSE = 0x2;
public static final byte SUCCESS = 0x3;
public static final byte FAILURE = 0x4;
/* EAP Attribute Type */
public static final byte ATTR_IDENTITY = 0x1;
public static final byte ATTR_NOTIFICATION = 0x2;
public static final byte ATTR_NAK = 0x3;
public static final byte ATTR_MD5 = 0x4;
public static final byte ATTR_OTP = 0x5;
public static final byte ATTR_GTC = 0x6;
public static final byte ATTR_TLS = 0xd;
protected byte code;
protected byte identifier;
protected short length;
protected byte type;
protected byte[] data;
/**
* Get the EAP code.
* @return EAP code
*/
public byte getCode() {
return this.code;
}
/**
* Set the EAP code.
* @param code EAP code
* @return this
*/
public EAP setCode(final byte code) {
this.code = code;
return this;
}
/**
* Get the EAP identifier.
* @return EAP identifier
*/
public byte getIdentifier() {
return this.identifier;
}
/**
* Set the EAP identifier.
* @param identifier
* @return this
*/
public EAP setIdentifier(final byte identifier) {
this.identifier = identifier;
return this;
}
/**
* Get the get packet length.
* @return packet length
*/
public short getLength() {
return this.length;
}
/**
* Set the packet length.
* @param length packet length
* @return this
*/
public EAP setLength(final short length) {
this.length = length;
return this;
}
/**
* Get the data type.
* @return data type
*/
public byte getDataType() {
return this.type;
}
/**
* Set the data type.
* @param type data type
* @return this
*/
public EAP setDataType(final byte type) {
this.type = type;
return this;
}
/**
* Get the EAP data.
* @return EAP data
*/
public byte[] getData() {
return this.data;
}
/**
* Set the EAP data.
* @param data EAP data to be set
* @return this
*/
public EAP setData(final byte[] data) {
this.data = data;
return this;
}
/**
* Default EAP constructor that set the EAP code to 0.
*/
public EAP() {
this.code = 0;
}
/**
* EAP constructor that initially sets all fields.
* @param code EAP code
* @param identifier EAP identifier
* @param type packet type
* @param data EAP data
*/
public EAP(byte code, byte identifier, byte type, byte[] data) {
this.code = code;
this.identifier = identifier;
if (this.code == REQUEST || this.code == RESPONSE) {
this.length = (short) (5 + (data == null ? 0 : data.length));
this.type = type;
} else {
this.length = (short) (4 + (data == null ? 0 : data.length));
}
this.data = data;
}
/**
* Serializes the packet, based on the code/type using the payload
* to compute its length.
* @return the serialized payload
*/
@Override
public byte[] serialize() {
final byte[] data = new byte[this.length];
final ByteBuffer bb = ByteBuffer.wrap(data);
bb.put(this.code);
bb.put(this.identifier);
bb.putShort(this.length);
if (this.code == REQUEST || this.code == RESPONSE) {
bb.put(this.type);
}
if (this.data != null) {
bb.put(this.data);
}
return data;
}
@Override
public IPacket deserialize(final byte[] data, final int offset,
final int length) {
final ByteBuffer bb = ByteBuffer.wrap(data, offset, length);
this.code = bb.get();
this.identifier = bb.get();
this.length = bb.getShort();
int dataLength;
if (this.code == REQUEST || this.code == RESPONSE) {
this.type = bb.get();
dataLength = this.length - 5;
} else {
dataLength = this.length - 4;
}
this.data = new byte[dataLength];
bb.get(this.data);
return this;
}
@Override
public int hashCode() {
final int prime = 3889;
int result = super.hashCode();
result = prime * result + this.code;
result = prime * result + this.identifier;
result = prime * result + this.length;
result = prime * result + this.type;
return result;
}
}
/*
* Copyright 2015 Open Networking Laboratory
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.onosproject.aaa.packet;
import org.onlab.packet.ARP;
import org.onlab.packet.Ethernet;
import org.onlab.packet.IPv4;
import org.onlab.packet.IPv6;
import org.onlab.packet.LLDP;
/**
* Created by jono on 5/19/15.
*/
public final class EAPEthernet extends Ethernet {
public static final short TYPE_PAE = (short) 0x888e;
private EAPEthernet() {
}
static {
Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_ARP, ARP.class);
org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_RARP, ARP.class);
org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_IPV4, IPv4.class);
org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_IPV6, IPv6.class);
org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_LLDP, LLDP.class);
org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_BSN, LLDP.class);
org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(TYPE_PAE, EAPOL.class);
}
}
/*
*
* * Copyright 2015 AT&T Foundry
* *
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
package org.onosproject.aaa.packet;
import org.onlab.packet.BasePacket;
import org.onlab.packet.Ethernet;
import org.onlab.packet.IPacket;
import org.onlab.packet.MacAddress;
import java.nio.ByteBuffer;
/**
*
*/
public class EAPOL extends BasePacket {
private byte version = 0x01;
private byte eapolType;
private short packetLength;
/* EAPOL Packet Type */
public static final byte EAPOL_PACKET = 0x0;
public static final byte EAPOL_START = 0x1;
public static final byte EAPOL_LOGOFF = 0x2;
public static final byte EAPOL_KEY = 0x3;
public static final byte EAPOL_ASF = 0x4;
public static final MacAddress PAE_GROUP_ADDR = MacAddress.valueOf(new byte[] {
(byte) 0x01, (byte) 0x80, (byte) 0xc2, (byte) 0x00, (byte) 0x00, (byte) 0x03
});
/**
* Get version.
* @return version
*/
public byte getVersion() {
return this.version;
}
/**
* Set version.
* @param version EAPOL version
* @return this
*/
public EAPOL setVersion(final byte version) {
this.version = version;
return this;
}
/**
* Get type.
* @return EAPOL type
*/
public byte getEapolType() {
return this.eapolType;
}
/**
* Set EAPOL type.
* @param eapolType EAPOL type
* @return this
*/
public EAPOL setEapolType(final byte eapolType) {
this.eapolType = eapolType;
return this;
}
/**
* Get packet length.
* @return packet length
*/
public short getPacketLength() {
return this.packetLength;
}
/**
* Set packet length.
* @param packetLen packet length
* @return this
*/
public EAPOL setPacketLength(final short packetLen) {
this.packetLength = packetLen;
return this;
}
/**
* Serializes the packet, based on the code/type using the payload
* to compute its length.
* @return this
*/
@Override
public byte[] serialize() {
byte[] payloadData = null;
if (this.payload != null) {
this.payload.setParent(this);
payloadData = this.payload.serialize();
}
//prepare the buffer to hold the version (1), packet type (1), packet length (2) and the eap payload.
//if there is no payload, packet length is 0
byte[] data = new byte[4 + this.packetLength];
final ByteBuffer bb = ByteBuffer.wrap(data);
bb.put(this.version);
bb.put(this.eapolType);
bb.putShort(this.packetLength);
//put the EAP payload
if (payloadData != null) {
bb.put(payloadData);
}
return data;
}
@Override
public IPacket deserialize(final byte[] data, final int offset,
final int length) {
final ByteBuffer bb = ByteBuffer.wrap(data, offset, length);
//deserialize the EAPOL header
this.version = bb.get();
this.eapolType = bb.get();
this.packetLength = bb.getShort();
if (this.packetLength > 0) {
//deserialize the EAP Payload
this.payload = new EAP();
this.payload = this.payload.deserialize(data, bb.position(), length - 4);
this.payload.setParent(this);
}
return this;
}
@Override
public int hashCode() {
final int prime = 3889;
int result = super.hashCode();
result = prime * result + this.version;
result = prime * result + this.eapolType;
result = prime * result + this.packetLength;
return result;
}
/**
*
* @param dstMac
* @param srcMac
* @param eapolType
* @param eap
* @return Ethernet frame
*/
public static Ethernet buildEapolResponse(MacAddress dstMac, MacAddress srcMac,
short vlan, byte eapolType, EAP eap) {
Ethernet eth = new Ethernet();
eth.setDestinationMACAddress(dstMac.toBytes());
eth.setSourceMACAddress(srcMac.toBytes());
eth.setEtherType(EAPEthernet.TYPE_PAE);
if (vlan != Ethernet.VLAN_UNTAGGED) {
eth.setVlanID(vlan);
}
//eapol header
EAPOL eapol = new EAPOL();
eapol.setEapolType(eapolType);
eapol.setPacketLength(eap.getLength());
//eap part
eapol.setPayload(eap);
eth.setPayload(eapol);
eth.setPad(true);
return eth;
}
}
/*
*
* * Copyright 2015 AT&T Foundry
* *
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
package org.onosproject.aaa.packet;
import org.onlab.packet.BasePacket;
import org.onlab.packet.IPacket;
import org.slf4j.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import static org.slf4j.LoggerFactory.getLogger;
/**
*
*/
public class RADIUS extends BasePacket {
protected byte code;
protected byte identifier;
protected short length = RADIUS_MIN_LENGTH;
protected byte[] authenticator = new byte[16];
protected ArrayList<RADIUSAttribute> attributes = new ArrayList<>();
/* RADIUS parameters */
public static final short RADIUS_MIN_LENGTH = 20;
public static final short MAX_ATTR_VALUE_LENGTH = 253;
public static final short RADIUS_MAX_LENGTH = 4096;
/* RADIUS packet types */
public static final byte RADIUS_CODE_ACCESS_REQUEST = 0x01;
public static final byte RADIUS_CODE_ACCESS_ACCEPT = 0x02;
public static final byte RADIUS_CODE_ACCESS_REJECT = 0x03;
public static final byte RADIUS_CODE_ACCOUNTING_REQUEST = 0x04;
public static final byte RADIUS_CODE_ACCOUNTING_RESPONSE = 0x05;
public static final byte RADIUS_CODE_ACCESS_CHALLENGE = 0x0b;
private final Logger log = getLogger(getClass());
public RADIUS() {
}
public RADIUS(byte code, byte identifier) {
this.code = code;
this.identifier = identifier;
}
public byte getCode() {
return this.code;
}
public void setCode(byte code) {
this.code = code;
}
public byte getIdentifier() {
return this.identifier;
}
public void setIdentifier(byte identifier) {
this.identifier = identifier;
}
public byte[] getAuthenticator() {
return this.authenticator;
}
public void setAuthenticator(byte[] a) {
this.authenticator = a;
}
public byte[] generateAuthCode() {
new SecureRandom().nextBytes(this.authenticator);
return this.authenticator;
}
public boolean isValidCode() {
return this.code == RADIUS_CODE_ACCESS_REQUEST ||
this.code == RADIUS_CODE_ACCESS_ACCEPT ||
this.code == RADIUS_CODE_ACCESS_REJECT ||
this.code == RADIUS_CODE_ACCOUNTING_REQUEST ||
this.code == RADIUS_CODE_ACCOUNTING_RESPONSE ||
this.code == RADIUS_CODE_ACCESS_CHALLENGE;
}
public RADIUSAttribute addMessageAuthenticator(String key) {
/* Message-Authenticator = HMAC-MD5 (Type, Identifier, Length, Request Authenticator, Attributes)
When the message integrity check is calculated the signature string should be considered to be
sixteen octets of zero.
*/
byte[] hashOutput = new byte[16];
Arrays.fill(hashOutput, (byte) 0);
RADIUSAttribute authAttribute = this.getAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH);
if (authAttribute != null) {
// If Message-Authenticator was already present, override it
this.log.warn("Attempted to add duplicate Message-Authenticator");
authAttribute = this.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, hashOutput);
} else {
// Else generate a new attribute padded with zeroes
authAttribute = this.setAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, hashOutput);
}
// Calculate the MD5 HMAC based on the message
try {
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacMD5");
Mac mac = Mac.getInstance("HmacMD5");
mac.init(keySpec);
hashOutput = mac.doFinal(this.serialize());
// Update HMAC in Message-Authenticator
authAttribute = this.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, hashOutput);
} catch (Exception e) {
this.log.error("Failed to generate message authenticator: {}", e.getMessage());
}
return authAttribute;
}
public boolean checkMessageAuthenticator(String key) {
byte[] newHash = new byte[16];
Arrays.fill(newHash, (byte) 0);
byte[] messageAuthenticator = this.getAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH).getValue();
this.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, newHash);
// Calculate the MD5 HMAC based on the message
try {
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacMD5");
Mac mac = Mac.getInstance("HmacMD5");
mac.init(keySpec);
newHash = mac.doFinal(this.serialize());
} catch (Exception e) {
log.error("Failed to generate message authenticator: {}", e.getMessage());
}
this.updateAttribute(RADIUSAttribute.RADIUS_ATTR_MESSAGE_AUTH, messageAuthenticator);
// Compare the calculated Message-Authenticator with the one in the message
return Arrays.equals(newHash, messageAuthenticator);
}
/**
* @param message
* EAP message object to be embedded in the RADIUS EAP-Message attributed
*/
public void encapsulateMessage(EAP message) {
if (message.length <= MAX_ATTR_VALUE_LENGTH) {
// Use the regular serialization method as it fits into one EAP-Message attribute
this.setAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE,
message.serialize());
} else {
// Segment the message into chucks and embed them in several EAP-Message attributes
short remainingLength = message.length;
byte[] messageBuffer = message.serialize();
final ByteBuffer bb = ByteBuffer.wrap(messageBuffer);
while (bb.hasRemaining()) {
byte[] messageAttributeData;
if (remainingLength > MAX_ATTR_VALUE_LENGTH) {
// The remaining data is still too long to fit into one attribute, keep going
messageAttributeData = new byte[MAX_ATTR_VALUE_LENGTH];
bb.get(messageAttributeData, 0, MAX_ATTR_VALUE_LENGTH);
remainingLength -= MAX_ATTR_VALUE_LENGTH;
} else {
// The remaining data fits, this will be the last chunk
messageAttributeData = new byte[remainingLength];
bb.get(messageAttributeData, 0, remainingLength);
}
this.attributes.add(new RADIUSAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE,
(byte) (messageAttributeData.length + 2), messageAttributeData));
// Adding the size of the data to the total RADIUS length
this.length += (short) (messageAttributeData.length & 0xFF);
// Adding the size of the overhead attribute type and length
this.length += 2;
}
}
}
/**
* @return An EAP object containing the reassembled EAP message
*/
public EAP decapsulateMessage() {
EAP message = new EAP();
ByteArrayOutputStream messageStream = new ByteArrayOutputStream();
// Iterating through EAP-Message attributes to concatenate their value
for (RADIUSAttribute ra : this.getAttributeList(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE)) {
try {
messageStream.write(ra.getValue());
} catch (IOException e) {
log.error("Error while reassembling EAP message: {}", e.getMessage());
}
}
// Assembling EAP object from the concatenated stream
message.deserialize(messageStream.toByteArray(), 0, messageStream.size());
return message;
}
/**
* @param attrType
* the type field of the required attributes
* @return List of the attributes that matches the type or an empty list if there is none
*/
public ArrayList<RADIUSAttribute> getAttributeList(byte attrType) {
ArrayList<RADIUSAttribute> attrList = new ArrayList<>();
for (int i = 0; i < this.attributes.size(); i++) {
if (this.attributes.get(i).getType() == attrType) {
attrList.add(this.attributes.get(i));
}
}
return attrList;
}
/**
* @param attrType
* the type field of the required attribute
* @return the first attribute that matches the type or null if does not exist
*/
public RADIUSAttribute getAttribute(byte attrType) {
for (int i = 0; i < this.attributes.size(); i++) {
if (this.attributes.get(i).getType() == attrType) {
return this.attributes.get(i);
}
}
return null;
}
/**
* @param attrType
* the type field of the attribute to set
* @param value
* value to be set
* @return reference to the attribute object
*/
public RADIUSAttribute setAttribute(byte attrType, byte[] value) {
byte attrLength = (byte) (value.length + 2);
RADIUSAttribute newAttribute = new RADIUSAttribute(attrType, attrLength, value);
this.attributes.add(newAttribute);
this.length += (short) (attrLength & 0xFF);
return newAttribute;
}
public RADIUSAttribute updateAttribute(byte attrType, byte[] value) {
for (int i = 0; i < this.attributes.size(); i++) {
if (this.attributes.get(i).getType() == attrType) {
this.length -= (short) (this.attributes.get(i).getLength() & 0xFF);
RADIUSAttribute newAttr = new RADIUSAttribute(attrType, (byte) (value.length + 2), value);
this.attributes.set(i, newAttr);
this.length += (short) (newAttr.getLength() & 0xFF);
return newAttr;
}
}
return null;
}
@Override
public byte[] serialize() {
final byte[] data = new byte[this.length];
final ByteBuffer bb = ByteBuffer.wrap(data);
bb.put(this.code);
bb.put(this.identifier);
bb.putShort(this.length);
bb.put(this.authenticator);
for (int i = 0; i < this.attributes.size(); i++) {
RADIUSAttribute attr = this.attributes.get(i);
bb.put(attr.getType());
bb.put(attr.getLength());
bb.put(attr.getValue());
}
return data;
}
@Override
public IPacket deserialize(final byte[] data, final int offset,
final int length) {
final ByteBuffer bb = ByteBuffer.wrap(data, offset, length);
this.code = bb.get();
this.identifier = bb.get();
this.length = bb.getShort();
bb.get(this.authenticator, 0, 16);
int remainingLength = this.length - RADIUS_MIN_LENGTH;
while (remainingLength > 0 && bb.hasRemaining()) {
RADIUSAttribute attr = new RADIUSAttribute();
attr.setType(bb.get());
attr.setLength(bb.get());
short attrLength = (short) (attr.length & 0xff);
attr.value = new byte[attrLength - 2];
bb.get(attr.value, 0, attrLength - 2);
this.attributes.add(attr);
remainingLength -= attr.length;
}
return this;
}
}
/*
*
* * Copyright 2015 AT&T Foundry
* *
* * Licensed under the Apache License, Version 2.0 (the "License");
* * you may not use this file except in compliance with the License.
* * You may obtain a copy of the License at
* *
* * http://www.apache.org/licenses/LICENSE-2.0
* *
* * Unless required by applicable law or agreed to in writing, software
* * distributed under the License is distributed on an "AS IS" BASIS,
* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* * See the License for the specific language governing permissions and
* * limitations under the License.
*
*/
package org.onosproject.aaa.packet;
import java.nio.ByteBuffer;
public class RADIUSAttribute {
protected byte type;
protected byte length;
protected byte[] value;
/* RADIUS attribute types */
public static final byte RADIUS_ATTR_USERNAME = 1;
public static final byte RADIUS_ATTR_NAS_IP = 4;
public static final byte RADIUS_ATTR_NAS_PORT = 5;
public static final byte RADIUS_ATTR_FRAMED_MTU = 12;
public static final byte RADIUS_ATTR_STATE = 24;
public static final byte RADIUS_ATTR_VENDOR_SPECIFIC = 26;
public static final byte RADIUS_ATTR_CALLING_STATION_ID = 31;
public static final byte RADIUS_ATTR_NAS_ID = 32;
public static final byte RADIUS_ATTR_ACCT_SESSION_ID = 44;
public static final byte RADIUS_ATTR_NAS_PORT_TYPE = 61;
public static final byte RADIUS_ATTR_EAP_MESSAGE = 79;
public static final byte RADIUS_ATTR_MESSAGE_AUTH = 80;
public static final byte RADIUS_ATTR_NAS_PORT_ID = 87;
public RADIUSAttribute() {
}
public RADIUSAttribute(final byte type, final byte length, final byte[] value) {
this.type = type;
this.length = length;
this.value = value;
}
public boolean isValidType() {
return this.type == RADIUS_ATTR_USERNAME ||
this.type == RADIUS_ATTR_NAS_IP ||
this.type == RADIUS_ATTR_NAS_PORT ||
this.type == RADIUS_ATTR_VENDOR_SPECIFIC ||
this.type == RADIUS_ATTR_CALLING_STATION_ID ||
this.type == RADIUS_ATTR_NAS_ID ||
this.type == RADIUS_ATTR_ACCT_SESSION_ID ||
this.type == RADIUS_ATTR_NAS_PORT_TYPE ||
this.type == RADIUS_ATTR_EAP_MESSAGE ||
this.type == RADIUS_ATTR_MESSAGE_AUTH ||
this.type == RADIUS_ATTR_NAS_PORT_ID;
}
/**
* @return the type
*/
public byte getType() {
return this.type;
}
/**
* @param type
* the code to set
* @return this
*/
public RADIUSAttribute setType(final byte type) {
this.type = type;
return this;
}
/**
* @return the length
*/
public byte getLength() {
return this.length;
}
/**
* @param length
* the length to set
* @return this
*/
public RADIUSAttribute setLength(final byte length) {
this.length = length;
return this;
}
/**
* @return the value
*/
public byte[] getValue() {
return this.value;
}
/**
* @param value
* the data to set
* @return this
*/
public RADIUSAttribute setValue(final byte[] value) {
this.value = value;
return this;
}
public byte[] serialize() {
final byte[] data = new byte[this.length];
final ByteBuffer bb = ByteBuffer.wrap(data);
bb.put(this.type);
bb.put(this.length);
bb.put(this.value);
return data;
}
}
/*
* Copyright 2014 Open Networking Laboratory
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.onosproject.aaa;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
/**
* Set of tests of the ONOS application component.
*/
public class AAATest {
private AAA aaa;
@Before
public void setUp() {
}
@After
public void tearDown() {
}
@Test
public void basics() {
}
}
/*
*
* Copyright 2015 AT&T Foundry
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.onosproject.aaa;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
public class StateMachineTest {
StateMachine stateMachine = null;
@Before
public void setUp() {
System.out.println("Set Up.");
StateMachine.bitSet.clear();
stateMachine = new StateMachine("session0", null);
}
@After
public void tearDown() {
System.out.println("Tear Down.");
StateMachine.bitSet.clear();
stateMachine = null;
}
@Test
/**
* Test all the basic inputs from state to state: IDLE -> STARTED -> PENDING -> AUTHORIZED -> IDLE
*/
public void basic() throws StateMachineException {
System.out.println("======= BASIC =======.");
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
}
@Test
/**
* Test all inputs from an IDLE state (starting with the ones that are not impacting the current state)
*/
public void testIdleState() throws StateMachineException {
System.out.println("======= IDLE STATE TEST =======.");
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
stateMachine.denyAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
}
@Test
/**
* Test all inputs from an STARTED state (starting with the ones that are not impacting the current state)
*/
public void testStartedState() throws StateMachineException {
System.out.println("======= STARTED STATE TEST =======.");
stateMachine.start();
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
stateMachine.denyAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
}
@Test
/**
* Test all inputs from a PENDING state (starting with the ones that are not impacting the current state).
* The next valid state for this test is AUTHORIZED
*/
public void testPendingStateToAuthorized() throws StateMachineException {
System.out.println("======= PENDING STATE TEST (AUTHORIZED) =======.");
stateMachine.start();
stateMachine.requestAccess();
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
stateMachine.denyAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
}
@Test
/**
* Test all inputs from an PENDING state (starting with the ones that are not impacting the current state).
* The next valid state for this test is UNAUTHORIZED
*/
public void testPendingStateToUnauthorized() throws StateMachineException {
System.out.println("======= PENDING STATE TEST (DENIED) =======.");
stateMachine.start();
stateMachine.requestAccess();
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
stateMachine.denyAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
}
@Test
/**
* Test all inputs from an AUTHORIZED state (starting with the ones that are not impacting the current state).
*/
public void testAuthorizedState() throws StateMachineException {
System.out.println("======= AUTHORIZED STATE TEST =======.");
stateMachine.start();
stateMachine.requestAccess();
stateMachine.authorizeAccess();
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
stateMachine.denyAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
}
@Test
/**
* Test all inputs from an UNAUTHORIZED state (starting with the ones that are not impacting the current state).
*/
public void testUnauthorizedState() throws StateMachineException {
System.out.println("======= UNAUTHORIZED STATE TEST =======.");
stateMachine.start();
stateMachine.requestAccess();
stateMachine.denyAccess();
stateMachine.start();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
stateMachine.requestAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
stateMachine.authorizeAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
stateMachine.denyAccess();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
stateMachine.logoff();
Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
}
@Test
public void testIdentifierAvailability() throws StateMachineException {
System.out.println("======= IDENTIFIER TEST =======.");
byte identifier = stateMachine.getIdentifier();
System.out.println("State: " + stateMachine.getState());
System.out.println("Identifier: " + Byte.toUnsignedInt(identifier));
Assert.assertEquals(-1, identifier);
stateMachine.start();
StateMachine sm247 = null;
StateMachine sm3 = null;
//create 255 others state machines
for (int i = 1; i <= 255; i++) {
StateMachine sm = new StateMachine("session" + i, null);
sm.start();
byte id = sm.getIdentifier();
Assert.assertEquals(i, Byte.toUnsignedInt(id));
if (i == 3) {
sm3 = sm;
System.out.println("SM3: " + sm3.toString());
}
if (i == 247) {
sm247 = sm;
System.out.println("SM247: " + sm247.toString());
}
}
//simulate the state machine for a specific session and logoff so we can free up a spot for an identifier
//let's choose identifier 247 then we free up 3
sm247.requestAccess();
sm247.authorizeAccess();
sm247.logoff();
sm247 = null;
sm3.requestAccess();
sm3.authorizeAccess();
sm3.logoff();
sm3 = null;
StateMachine otherSM3 = new StateMachine("session3b", null);
otherSM3.start();
otherSM3.requestAccess();
byte id3 = otherSM3.getIdentifier();
Assert.assertEquals(3, Byte.toUnsignedInt(id3));
StateMachine otherSM247 = new StateMachine("session247b", null);
otherSM247.start();
otherSM247.requestAccess();
byte id247 = otherSM247.getIdentifier();
Assert.assertEquals(247, Byte.toUnsignedInt(id247));
}
}
......@@ -32,6 +32,7 @@
<description>ONOS sample applications</description>
<modules>
<module>aaa</module>
<module>fwd</module>
<module>mobility</module>
<module>proxyarp</module>
......