server_test_tls.cxx

Diameter协议栈

/* BEGIN_COPYRIGHT                                                        */
/*                                                                        */
/* Open Diameter: Open-source software for the Diameter and               */
/*                Diameter related protocols                              */
/*                                                                        */
/* Copyright (C) 2002-2004 Open Diameter Project                          */
/*                                                                        */
/* This library is free software; you can redistribute it and/or modify   */
/* it under the terms of the GNU Lesser General Public License as         */
/* published by the Free Software Foundation; either version 2.1 of the   */
/* License, or (at your option) any later version.                        */
/*                                                                        */
/* This library is distributed in the hope that it will be useful,        */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of         */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU      */
/* Lesser General Public License for more details.                        */
/*                                                                        */
/* You should have received a copy of the GNU Lesser General Public       */
/* License along with this library; if not, write to the Free Software    */
/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307    */
/* USA.                                                                   */
/*                                                                        */
/* In addition, when you copy and redistribute some or the entire part of */
/* the source code of this software with or without modification, you     */
/* MUST include this copyright notice in each copy.                       */
/*                                                                        */
/* If you make any changes that are appeared to be useful, please send    */
/* sources that include the changed part to                               */
/* diameter-developers@lists.sourceforge.net so that we can reflect your  */
/* changes to one unified version of this software.                       */
/*                                                                        */
/* END_COPYRIGHT                                                          */

/* $Id: */
/* 
   server_test.cxx
   Server test program for Diameter EAP Application 
   Written by Yoshihiro Ohba
   Created December 23, 2003.
*/

/*
  ---------------------------------------------------------
  Brief explanation on what is done in this sample program.
  ---------------------------------------------------------

  This program includes the test for Diameter EAP application where
  EAP Identity method is performed either between a peer and a NAS
  (Case 1) or between the peer and a backend EAP server via the NAS
  (Case 2), and then EAP MD5-Challenge authenticator method is
  performed between the peer and the backend EAP server via the NAS.

  The peer session entity will prompt you to input a username.  Once
  the username is input, it is carried in an Response/Identity message
  and sent to the Diameter server.

  The NAS will retransmit the Request/Identity message until you input
  the username or the number of retransmission reaches its maximum
  value (the maximum value is set to 3 in this program).  For the
  latter case, the authenticator will stop its state machine and the
  peer will timeout and fail.

Case 1:

  Peer                NAS                         EAP Server
                     (= EAP PassThough          (= Diameter Server)
                        Authenticator +
                        Diameter client)         
   |                        |  Null message            |
   |                        |------------------------->|
   |                        |                          |
   |                        |  Request/Identity        |
   |  Request/Identity      |<-------------------------|
   |<-----------------------|                          |
   |                        |                          |
(input userid)              |                          |
   |                        |                          |
   |  Response/Identity     |                          |
   |----------------------->|  Response/Identity       |
   |                        |------------------------->|
   |                        |  Request/MD5-Challenge   |
   |  Request/MD5-Challenge |<-------------------------|
   |<-----------------------|                          |
   |  Response/MD5-Challenge|                          |
   |----------------------->|  Response/MD5-Challenge  |
   |                        |------------------------->|
   |                        |                          |
   |                        |          Success         |
   |       Success          |<-------------------------|
   |<-----------------------|

Case 2:

  Peer                NAS                         EAP Server
                     (= EAP PassThough          (= Diameter Server)
                        Authenticator +
                        Diameter client)         
   |  Request/Identity      |                          |
   |<-----------------------|                          |
   |                        |                          |
(input userid)              |                          |
   |                        |                          |
   |  Response/Identity     |                          |
   |----------------------->|  Response/Identity       |
   |                        |------------------------->|
   |                        |  Request/MD5-Challenge   |
   |  Request/MD5-Challenge |<-------------------------|
   |<-----------------------|                          |
   |  Response/MD5-Challenge|                          |
   |----------------------->|  Response/MD5-Challenge  |
   |                        |------------------------->|
   |                        |                          |
   |                        |          Success         |
   |       Success          |<-------------------------|
   |<-----------------------|

 */

#include <iostream>
#include <ace/Log_Msg.h>
#include <ace/OS.h>
#include "diameter_api.h"
#include "diameter_eap_server_session.hxx"
#include "eap.hxx"
#include "eap_peerfsm.hxx"
#include "eap_authfsm.hxx"
#include "eap_identity.hxx"
#include "eap_policy.hxx"
#include "eap_method_registrar.hxx"
#include "eap_fsm.hxx"
#include "eap_log.hxx"
#include "eap_tls.hxx"
#include "eap_tls_fsm.hxx"

// Modified by Santiago Zapata Hernandez for UMU
// New
void print_cadena (ACE_Byte * cad, ACE_INT32 length)
{
    EAP_LOG (LM_DEBUG, "LENGTH cad %d\n", length);
    for (int i = 0; i < length; i++)
    {
	EAP_LOG (LM_DEBUG, "%02x ", (ACE_Byte) (cad[i]));
    }
    EAP_LOG (LM_DEBUG, "\n");
}
// End New

typedef AAA_JobHandle<AAA_GroupedJob> MyJobHandle;

class MyBackendAuthSwitchStateMachine;

/******** Diameter EAP Client Session ********/

// Class definition for authenticator identity method for my application.
class MyEapAuthIdentityStateMachine : public EapAuthIdentityStateMachine
{
  friend class EapMethodStateMachineCreator<MyEapAuthIdentityStateMachine>;
public:
  MyEapAuthIdentityStateMachine(EapSwitchStateMachine &s)
    : EapAuthIdentityStateMachine(s) {} 

  // Reimplemented from EapAuthIdentityStateMachine.
  ProcessIdentityResult ProcessIdentity(std::string& identity) 
  {
    std::cout << "Identity received : " << identity << std::endl;
    return EapAuthIdentityStateMachine::Success;
  }
private:
  ~MyEapAuthIdentityStateMachine() {} 
};

// Class definition for authenticator identity method for my application.
class MyEapAuthTlsStateMachine : public EapAuthTlsStateMachine
{
  friend class EapMethodStateMachineCreator<MyEapAuthTlsStateMachine>;
public:
  MyEapAuthTlsStateMachine(EapSwitchStateMachine &s) :
    EapAuthTlsStateMachine(s) {}

protected:
  std::string& InputConfigFile()
  {
    std::cout << "Received an Tls-Request "<< std::endl;
      
//    static std::string configFile;
//    std::cout << "Input config filename (within 10sec.): " << std::endl;
//    std::cin >> configFile;
//    std::cout << "Config file name = " << configFile << std::endl;
static std::string configFile("./config/server.eap-tls.xml");
    return configFile;
}

private:
  ~MyEapAuthTlsStateMachine() {} 
};

class MyBackendAuthSwitchStateMachine 
  : public EapBackendAuthSwitchStateMachine
{
 public:

  MyBackendAuthSwitchStateMachine(ACE_Reactor &r, MyJobHandle& h) 
    : EapBackendAuthSwitchStateMachine(r, h)
  {}

  void Send(AAAMessageBlock *b);

  void Success(AAAMessageBlock *b);

  void Success();

  void Failure(AAAMessageBlock *b);

  void Failure();

  void Abort();

 private:
};

class MyDiameterEapServerSession : public DiameterEapServerSession,
				   public AAA_JobData
{
 public:
  MyDiameterEapServerSession(AAAApplicationCore& appCore, 
			     diameter_unsigned32_t appId=EapApplicationId) 
    : DiameterEapServerSession(appCore, appId),
      handle(EapJobHandle
	     (AAA_GroupedJob::Create(appCore.GetTask().Job(), 
				     this, "backend"))),
      eap(boost::shared_ptr<MyBackendAuthSwitchStateMachine>
	  (new MyBackendAuthSwitchStateMachine
	   (*appCore.GetTask().reactor(), handle))),
      identityMethod(EapContinuedPolicyElement(EapType(1))),
      methodTls(EapContinuedPolicyElement(EapType(TLS_METHOD_TYPE))),
      initial(true)
// Modified by Santiago Zapata Hernandez for UMU
// New
    , userNameValidate (false)
// End New
  {