CHAP is handled both by the RADIUS client and server.
The RADIUS Server has a method in the AuthInfo class called cmpCHAP() that takes a plain text password and examines the CHAP challenge attributes. If the password matches the challenge the method returns true. Here's an example of detecting the challenge and comparing the result:
// If this is a CHAP challenge then perform the necessary authentication.
if (inList.exists(Attribute.CHAP_Password))
{
if (! auth.cmpCHAP(password.getBytes()))
{
AccessRejectException are = new
AccessRejectException("Bad Password - CHAP challenge");
rList.addAttribute(Attribute.Reply_Message,
"Bad Password - CHAP challenge");
are.setAttributes(rList);
throw are;
}
}
The RADIUS client offers a way to create a CHAP challenge. The RADIUSClient.createCHAP() method creates the challenge attributes.
RADIUSClient rauth = new RADIUSClient(...); // Create the attribute list and set some attributes. AttributeList alist = new AttributeList(); alist.addAttribute(Attribute.NAS_Identifier, clientID); alist.addAttribute(Attribute.NAS_Port, 1); // Add the User-Name attribute. alist.addAttribute(Attribute.User_Name, "michael"); // Create the CHAP attributes in the current list. rauth.createCHAP(password.getBytes(), alist); // Authenticate using only the attribute list. rauth.authenticate(alist);