Overview  Package   Class  Use  Index 
AXL RADIUS Server API V3
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.theorem.radserver3
Class EncryptImpl

Object
  extended byEncryptImpl
public abstract class EncryptImpl
extends Object

Abstract class for implementing encrypted packets. These methods are called asynchronously from the server just as a packet arrives and just before its sent. This class is primarily for proxied packets sent between RADIUS servers. There is no standard covering RADIUS encryption and this is merely a possibly useful extension.

There are legitimate concerns about the vulnerability of RADIUS packets with poorly chosen shared secrets or otherwise exposed secrets. Replay attacks are also easier if packets can be read.

While this may not be a problem with a NAS to RADIUS server in a local network, it can become a problem between RADIUS proxy servers for roaming customers. It's been suggested that encrypting the packet is a strong deterrent and a more flexible solution than relying on well chosen server secrets. Packets may even be signed before being encrypted for greater confidence.

Data arriving for the RADIUS server will be decrypted - how a packet is determined to be encrypted is up the implementation.

Data leaving the server is encrypted after all other processing by the server is completed.

See Also:
EncryptImplFactory

Constructor Summary
EncryptImpl()
           
 
Method Summary
abstract  byte[] decrypt(byte[] b)
          Decrypt data arriving from a proxy RADIUS server.
abstract  byte[] encrypt(byte[] b, boolean isProxy)
          Encrypt data leaving the server.
abstract  void logs(LogImpl svrLog, LogImpl dbgLog)
          Connects the implementation to the server logs.
 
Methods inherited from class Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

EncryptImpl

public EncryptImpl()
Method Detail

decrypt

public abstract byte[] decrypt(byte[] b)
Decrypt data arriving from a proxy RADIUS server.

The returned data block need not be the same size as the encrypted block.

Parameters:
b - block of data to be decrypted.
Returns:
plaintext RADIUS data packet.

encrypt

public abstract byte[] encrypt(byte[] b,
                               boolean isProxy)
Encrypt data leaving the server.

This is expected to be used only for proxied packets. The returned data block need not be the same size as the plain text block.

Parameters:
b - block of data to be encrypted (plain text RADIUS packet data).
isProxy - true if this packet is being proxied.
Returns:
encrypted RADIUS data packet.

logs

public abstract void logs(LogImpl svrLog,
                          LogImpl dbgLog)
Connects the implementation to the server logs. The logging classes are made available to the implementation for reporting this and that. These classes are whatever the programmer defined them to be in the RADIUSServer class. This method will be called when the authentication server is started.

Parameters:
svrLog - Server log class
dbgLog - Debug log class
Overview  Package   Class  Use  Index 
AXL RADIUS Server API V3
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Submit a bug report or feature request

Copyright 1998-2008 AXL Software. PO Box 97, Viola, Delaware 19979, U.S.A. All Rights Reserved.