com.theorem.radius3
Class EAPPacket

Object
  EAPPacket

public class EAPPacket

extends Object

Class to handle EAP (Extensible Authentication Protocol) Encapsulated packet data. Packet format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Code      |  Identifier   |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |  Type-Data ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
 

Field Summary

static int	CODE_FAILURE Code value for failure = 4.
static int	CODE_REQUEST Code value for request = 1.
static int	CODE_RESPONSE Code value for response = 2.
static int	CODE_SUCCESS Code value for success = 3.
static int	MAX_ATTRIBUTE_LENGTH Maximum attribute length = 255.
static int	MINPACKET Minimum packet size possible (except for StartEap) - 4.
static int	TYPE_AKA Type for AKA - 23.
static int	TYPE_EXPANDED Expanded = 254.
static int	TYPE_EXPERIMENTAL_TYPE Experimental Type = 255.
static int	TYPE_GTC Type value for Generic Token Card = 6.
static int	TYPE_IDENTITY Type value for Identity = 1.
static int	TYPE_INTERNATIONALIZATION Type for Internationalization = 28.
static int	TYPE_LEAP Type for LEAP - 17.
static int	TYPE_MD5 Type value for MD5-Challenge = 4.
static int	TYPE_NAK Type value for NAK = 3.
static int	TYPE_NOTIFICATION Type value for Notification = 2.
static int	TYPE_OTP Type value for One-Time Password = 5.
static int	TYPE_PEAP Type for PEAP = 25.
static int	TYPE_SIM Type for TTLS - 18.
static int	TYPE_TLS Type for EAP-TLS = 13.
static int	TYPE_TTLS Type for TTLS - 21.
static int	TYPE_UNDEFINED Type value for undefined (no type field set or found) = 0.

Constructor Summary

EAPPacket()
Default constructor.

EAPPacket(AttributeList list)
Create the EAP Packet from an attribute list.

EAPPacket(byte[] eapData)
Constructor to disassemble an EAP packet from an EAP-Message packet.

EAPPacket(int code, int id, int type, byte[] data)
Constructor to create an EAP packet.

EAPPacket(int code, int id, int vendorId, int vendorType, byte[] data)
Constructor to create an expanded vendor EAP packet.

Method Summary

static byte[]	createChallenge16() Create a sixteen byte challenge.
static byte[]	createChallenge8() Create an eight byte challenge.
AttributeList	createExpandedNAK(int id, int[] vendorIdList, int[] vendorTypeList) Create an Expanded NAK response.
AttributeList	createFailure(int id) Send a Failure response.
AttributeList	createGTCRequest(int id, byte[] message) Send a Generic Token Card (6) request.
AttributeList	createGTCResponse(int id, byte[] tcData) Send a Generic Token Card (6) response.
AttributeList	createIdentityRequest(int id, byte[] msg) Send an Identity (1) request.
AttributeList	createIdentityResponse(int id, byte[] identity) Send an Identity (1) response.
AttributeList	createMD5Request(int id, byte[] challenge) Create an MD5-Challenge request.
AttributeList	createMD5Response(int id, byte[] challenge, byte[] password) Create an MD5 response.
AttributeList	createNAKResponse(int id, byte[] data) Send a NAK response indicating the desired authentication type.
AttributeList	createNotificationRequest(int id, byte[] message) Send a Notification (2) request.
AttributeList	createNotificationResponse(int id) Send a Notification (2) response.
AttributeList	createOTPRequest(int id, byte[] message) Send a One-Time Password (OTP) (5) request.
AttributeList	createOTPResponse(int id, byte[] tcData) Send a One-Time Password (OTP) (5) response.
static int	createPacketIdentifier() Create a random packet identifier.
AttributeList	createStart(int id) Create an EAP Start packet.
AttributeList	createSuccess(int id) Send a Success response.
int	getCode() Get the code value.
String	getCodeName() Get the code's name.
byte[]	getData() Get the raw payload data of the EAP packet.
byte[]	getEAPPacketData() Get the full EAP Packet data.
String	getIdentity() Get the identity from an Identity EAP packet.
byte[]	getIdentityBytes() Get the identity from an Identity EAP packet.
int	getLength() Get the length of the packet data.
int	getPacketIdentifier() Get the packet packetIdentifier.
int	getType() Get the type value;
String	getTypeName() Get the type value's name.
String	getTypeName(int type) Get the type value's name.
int	getVendorId() Get the vendor Id for expanded packets.
int	getVendorType() Get the vendor type for expanded packets.
boolean	isEAPProtocol(int protocol) Determine if this is an expected EAP type packet.
boolean	isEAPStart() Determine if this is an EAP-Start packet.
boolean	isEAPTLS() Determine if this is an EAP-TLS packet.
boolean	isFailure() Determine if this packet is a failure response.
boolean	isIdentity() Determine if this packet is an identity packet.
boolean	isNAK() Determine if this packet type is a NAK.
boolean	isRequest() Determine if the packet is a request.
boolean	isResponse() Determine if the packet is a response.
boolean	isSuccess() Determine if this packet is a success response.
void	setCode(int code) Set the code.
void	setData(byte[] data) Set the raw data field for the EAP packet not including any type field.
void	setData(int type, byte[] data) Set the raw data field for the EAP packet that requires a type.
void	setFailure() Make this packet a failure.
void	setPacketIdentifier(int id) Set the packet packetIdentifier.
void	setRequest() Make this packet a request.
void	setResponse() Make this packet a response.
void	setSuccess() Make this packet a success.
AttributeList	toAttributeList() Return the EAP packet as a RADIUS attribute.
AttributeList	toServerAttributeList() Return the EAP packet as a RADIUS attribute.
String	toString() String representation of the EAP packet.

Methods inherited from class Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CODE_REQUEST

public static final int CODE_REQUEST

Code value for request = 1.

See Also:

Constant Field Values

CODE_RESPONSE

public static final int CODE_RESPONSE

Code value for response = 2.

See Also:

Constant Field Values

CODE_SUCCESS

public static final int CODE_SUCCESS

Code value for success = 3.

See Also:

Constant Field Values

CODE_FAILURE

public static final int CODE_FAILURE

Code value for failure = 4.

See Also:

Constant Field Values

TYPE_UNDEFINED

public static final int TYPE_UNDEFINED

Type value for undefined (no type field set or found) = 0.

See Also:

Constant Field Values

TYPE_IDENTITY

public static final int TYPE_IDENTITY

Type value for Identity = 1.

See Also:

Constant Field Values

TYPE_NOTIFICATION

public static final int TYPE_NOTIFICATION

Type value for Notification = 2.

See Also:

Constant Field Values

TYPE_NAK

public static final int TYPE_NAK

Type value for NAK = 3.

See Also:

Constant Field Values

TYPE_MD5

public static final int TYPE_MD5

Type value for MD5-Challenge = 4.

See Also:

Constant Field Values

TYPE_OTP

public static final int TYPE_OTP

Type value for One-Time Password = 5.

See Also:

Constant Field Values

TYPE_GTC

public static final int TYPE_GTC

Type value for Generic Token Card = 6.

See Also:

Constant Field Values

TYPE_TLS

public static final int TYPE_TLS

Type for EAP-TLS = 13.

See Also:

Constant Field Values

TYPE_PEAP

public static final int TYPE_PEAP

Type for PEAP = 25.

See Also:

Constant Field Values

TYPE_LEAP

public static final int TYPE_LEAP

Type for LEAP - 17.

See Also:

Constant Field Values

TYPE_TTLS

public static final int TYPE_TTLS

Type for TTLS - 21.

See Also:

Constant Field Values

TYPE_SIM

public static final int TYPE_SIM

Type for TTLS - 18.

See Also:

Constant Field Values

TYPE_AKA

public static final int TYPE_AKA

Type for AKA - 23.

See Also:

Constant Field Values

TYPE_INTERNATIONALIZATION

public static final int TYPE_INTERNATIONALIZATION

Type for Internationalization = 28.

See Also:

Constant Field Values

TYPE_EXPANDED

public static final int TYPE_EXPANDED

Expanded = 254.

See Also:

Constant Field Values

TYPE_EXPERIMENTAL_TYPE

public static final int TYPE_EXPERIMENTAL_TYPE

Experimental Type = 255.

See Also:

Constant Field Values

MAX_ATTRIBUTE_LENGTH

public static final int MAX_ATTRIBUTE_LENGTH

Maximum attribute length = 255.

See Also:

Constant Field Values

MINPACKET

public static final int MINPACKET

Minimum packet size possible (except for StartEap) - 4.

See Also:

Constant Field Values

Constructor Detail

EAPPacket

public EAPPacket()

Default constructor.

EAPPacket

public EAPPacket(byte[] eapData)
          throws EAPException

Constructor to disassemble an EAP packet from an EAP-Message packet.

Parameters:

eapData - bytes holding the EAP packet data which would be the data portion of an EAP-Message attribute.

Throws:

RADIUSException - if there is no EAP-Message attribute.

EAPException

EAPPacket

public EAPPacket(int code,
                 int id,
                 int type,
                 byte[] data)

Constructor to create an EAP packet.

Parameters:

code - The code field value.

id - Packet Id.

type - The type field value.

data - The data value.

Throws:

RADIUSException - if the EAP code is out of range or the physical size of the packet is incorrect.

EAPPacket

public EAPPacket(int code,
                 int id,
                 int vendorId,
                 int vendorType,
                 byte[] data)

Constructor to create an expanded vendor EAP packet.

Parameters:

code - The code field value.

id - Packet Id.

vendorId - Vendor identifier.

vendorType - Vendor type.

data - The data value.

Throws:

RADIUSException - if the EAP code is out of range or the physical size of the packet is incorrect.

Since:

3.41

EAPPacket

public EAPPacket(AttributeList list)
          throws EAPException

Create the EAP Packet from an attribute list.

Parameters:

list - List of request attributes.

Throws:

EAPException - if the EAP packet data is malformed.

Method Detail

getCode

public int getCode()

Get the code value.

Returns:

code.

getCodeName

public String getCodeName()

Get the code's name.

Returns:

Code's name (like REQUEST, RESPONSE).

getType

public int getType()

Get the type value;

Returns:

type.

getTypeName

public String getTypeName()

Get the type value's name.

Returns:

the type's name like IDENTITY, MD5, etc.

getTypeName

public String getTypeName(int type)

Get the type value's name.

Returns:

the type's name like IDENTITY, MD5, etc.

getLength

public int getLength()

Get the length of the packet data. This does not include the type field, if any.

Returns:

length.

getData

public byte[] getData()

Get the raw payload data of the EAP packet.

Returns:

raw data including the EAP-Type, or null if no data field has been created.

See Also:

getType()

getEAPPacketData

public byte[] getEAPPacketData()

Get the full EAP Packet data.

Returns:

the full EAP packet contents.

getIdentity

public String getIdentity()

Get the identity from an Identity EAP packet. If the identity data contains a null character the portion of the identity preceeding the null will be be returned per RFC 3748 specifications.

Returns:

Identity or null if this isn't an identity packet.

getIdentityBytes

public byte[] getIdentityBytes()

Get the identity from an Identity EAP packet. Note that the identity bytes are governed by conversions made by getIdentity().

Returns:

Identity or null if this isn't an identity packet.

getPacketIdentifier

public int getPacketIdentifier()

Get the packet packetIdentifier.

Returns:

packet packetIdentifier

getVendorId

public int getVendorId()

Get the vendor Id for expanded packets.

Since:

3.41

getVendorType

public int getVendorType()

Get the vendor type for expanded packets.

Since:

3.41

isEAPStart

public boolean isEAPStart()

Determine if this is an EAP-Start packet.

"In cases where an EAP-Request/Identity packet will not be sent, the NAS will send to the RADIUS server a RADIUS Access-Request packet containing an EAP-Message attribute signifying EAP-Start. EAP-Start is indicated by sending an EAP- Message attribute with a length of 2 (no data)."

Returns:

true if this an EAP-Start packet.

isEAPTLS

public boolean isEAPTLS()

Determine if this is an EAP-TLS packet.

Returns:

true if this is an EAP-TLS packet.

isEAPProtocol

public boolean isEAPProtocol(int protocol)

Determine if this is an expected EAP type packet.

Parameters:

protocol - EAP protocol like EAP-TLS, PEAP, etc.

Returns:

true if this is an EAP-TLS packet.

createStart

public AttributeList createStart(int id)

Create an EAP Start packet.

Parameters:

id - Packet packetIdentifier.

Returns:

EAP attribute list.

setCode

public void setCode(int code)

Set the code.

Parameters:

code - EAP Code value.

setData

public void setData(byte[] data)

Set the raw data field for the EAP packet not including any type field. If a type field is present use setData().

Parameters:

data - Data portion of packet.

setData

public void setData(int type,
                    byte[] data)

Set the raw data field for the EAP packet that requires a type. The type field must not be included in the data.

Parameters:

type - Type field value.

data - Data to follow the type field. If the data field is null no data will be sent, only the type.

setPacketIdentifier

public void setPacketIdentifier(int id)

Set the packet packetIdentifier.

Parameters:

id - Packet packetIdentifier.

setRequest

public void setRequest()

Make this packet a request.

setResponse

public void setResponse()

Make this packet a response.

setFailure

public void setFailure()

Make this packet a failure.

setSuccess

public void setSuccess()

Make this packet a success.

toAttributeList

public AttributeList toAttributeList()

Return the EAP packet as a RADIUS attribute. May produce several EAP-Message attributes if the EAP packet is long enough. This also produces the Message-Authenticator attribute.

Returns:

EAP-Message attribute array.

toServerAttributeList

public AttributeList toServerAttributeList()

Return the EAP packet as a RADIUS attribute. May produce several EAP-Message attributes if the EAP packet is long enough. This also produces the Message-Authenticator attribute.

Returns:

EAP-Message attribute array.

createIdentityRequest

public AttributeList createIdentityRequest(int id,
                                           byte[] msg)

Send an Identity (1) request.

Parameters:

id - Packet packetIdentifier.

msg - to display, if any. If the message is null no message will be sent.

Returns:

AttibuteList of EAP-Message attributes.

createIdentityResponse

public AttributeList createIdentityResponse(int id,
                                            byte[] identity)

Send an Identity (1) response.

Parameters:

id - Packet packetIdentifier.

identity - Peer identity (UTF8 encoded).

Returns:

AttibuteList of EAP-Message attributes.

createNotificationRequest

public AttributeList createNotificationRequest(int id,
                                               byte[] message)

Send a Notification (2) request.

Parameters:

id - Packet packetIdentifier.

message - Notification message. If null no message is sent.

Returns:

AttibuteList of EAP-Message attributes.

createNotificationResponse

public AttributeList createNotificationResponse(int id)

Send a Notification (2) response.

Parameters:

id - Packet Identifier.

Returns:

AttibuteList of EAP-Message attributes.

createExpandedNAK

public AttributeList createExpandedNAK(int id,
                                       int[] vendorIdList,
                                       int[] vendorTypeList)

Create an Expanded NAK response.

Parameters:

id - Packet Identifier.

vendorIdList - List of vendor Id's.

vendorTypeList - List of vendor types, each positionally matching the above vendorId list.

Returns:

Attribute list of EAP-Messages comprising the expanded NAK and an empty Message-Authticator attribute.

Since:

3.41

createMD5Request

public AttributeList createMD5Request(int id,
                                      byte[] challenge)

Create an MD5-Challenge request.

Parameters:

id - Packet packetIdentifier.

challenge - Random challenge.

Returns:

AttributeList containing the resulting EAP-Messages.

createMD5Response

public AttributeList createMD5Response(int id,
                                       byte[] challenge,
                                       byte[] password)

Create an MD5 response. This is expected to be called on an MD5 request packet.

Parameters:

id - Packet packetIdentifier.

challenge - Raw MD5 challenge data including the Chap ID and challenge.

Returns:

attributes for an MD5 response or a NAK if the authentication type is not MD5. If the MD5 request isn't correct a Failure response is returned.

createOTPRequest

public AttributeList createOTPRequest(int id,
                                      byte[] message)

Send a One-Time Password (OTP) (5) request.

Parameters:

id - Packet packetIdentifier.

message - Displayable message containing an OTP challenge.

Returns:

AttibuteList of EAP-Message attributes.

See Also:

getData()

createOTPResponse

public AttributeList createOTPResponse(int id,
                                       byte[] tcData)

Send a One-Time Password (OTP) (5) response. The

Parameters:

id - Packet packetIdentifier.

tcData - Token Card data (6 words from the OTP dictionary).

Returns:

AttibuteList of EAP-Message attributes.

createGTCRequest

public AttributeList createGTCRequest(int id,
                                      byte[] message)

Send a Generic Token Card (6) request.

Parameters:

id - Packet packetIdentifier.

message - Display message. If null no message is sent.

Returns:

AttibuteList of EAP-Message attributes.

createGTCResponse

public AttributeList createGTCResponse(int id,
                                       byte[] tcData)

Send a Generic Token Card (6) response.

Parameters:

id - Packet packetIdentifier.

tcData - Token Card data.

Returns:

AttibuteList of EAP-Message attributes.

createFailure

public AttributeList createFailure(int id)

Send a Failure response.

Parameters:

id - Packet packetIdentifier.

Returns:

AttributeList containing the resulting EAP-Messages.

createSuccess

public AttributeList createSuccess(int id)

Send a Success response.

Parameters:

id - Packet packetIdentifier.

Returns:

AttributeList containing the resulting EAP-Messages.

createNAKResponse

public final AttributeList createNAKResponse(int id,
                                             byte[] data)

Send a NAK response indicating the desired authentication type.

Parameters:

id - Packet packetIdentifier.

data - Optional data. For example it's a list of EAP authentication types available for EAP-MD5.

Returns:

AttributeList containing the resulting EAP-Messages.

isNAK

public boolean isNAK()

Determine if this packet type is a NAK.

Returns:

true if this packet type is a NAK.

isRequest

public boolean isRequest()

Determine if the packet is a request.

Returns:

true if the packet is a request.

isResponse

public boolean isResponse()

Determine if the packet is a response.

Returns:

true if the packet is a response.

isSuccess

public boolean isSuccess()

Determine if this packet is a success response.

Returns:

true if this packet is a success response.

isFailure

public boolean isFailure()

Determine if this packet is a failure response.

Returns:

true if this packet is a failure response.

isIdentity

public boolean isIdentity()

Determine if this packet is an identity packet.

Returns:

true if this packet is an identity packet.

toString

public String toString()

String representation of the EAP packet.

Returns:

representation of the EAP packet.

createPacketIdentifier

public static int createPacketIdentifier()

Create a random packet identifier.

createChallenge16

public static byte[] createChallenge16()

Create a sixteen byte challenge.

Returns:

A sixteen byte challenge.

createChallenge8

public static byte[] createChallenge8()

Create an eight byte challenge.

Returns:

An eight byte challenge.