eap_tls_fsm.cxx

Diameter协议栈

            if (response.get_tls_message_length() > 0)
            {
              session_auth->set_dirty_in(response.get_data());
              first_fragment = false;
              state=EvSgMoreFragments;
            }
            else state=EvSgInvalid;
         }
         else if (!TLS_LENGTH_INCLUDED(response.get_flags()) && !first_fragment)
         {
            EAP_LOG(LM_DEBUG,"AuthTls : LENGTH INCLUDED \n");
            if (response.get_data()->length() > 0)
            {
              state=EvSgMoreFragments;
              session_auth->append_dirty_in(response.get_data());
            }
            else state=EvSgInvalid;
         }
         else state = EvSgInvalid;
      }
      else    
      {
          EAP_LOG(LM_DEBUG,"AuthTls : NO MORE FRAGMENTS \n");
          first_fragment ? session_auth->set_dirty_in(response.get_data()) : session_auth->append_dirty_in(response.get_data());
          first_fragment = true;
          //It is a packet without fragmentation.
          state = EvSgNoMoreFragments;
      }
      msm.Event(state);
    }
  };

  class AcProcessResponseSecondWay : public EapAuthTlsAction
  {
    void operator()(EapAuthTlsStateMachine &msm)
    {
      EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
      EAPTLS_tls_mng_auth &tls_mng_auth = msm.get_mng_auth();
      EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
      ACE_Byte flags = 0x00;
      EAP_LOG(LM_DEBUG, "-------------->AuthTls: Process response second way message.\n");

	ACE_INT32 err;
      if((err = tls_mng_auth.tls_handshake_recv(session_auth)) == EAPTLS_tls_mng::StAlertReceive)
      {
EAP_LOG(LM_ERROR, "AuthTls: AcProcessResponseSecondWay: AlertReceive.\n");
      	msm.Event(EvSgAlertReceive);
	return;
      }
      else if (err == EAPTLS_tls_mng::StAlertSend)
      {
EAP_LOG(LM_ERROR, "AuthTls: AcProcessResponseSecondWay: AlertSend.\n");
      	msm.Event(EvSgAlertSend);
	return;
      }

      AAAMessageBlock *data = session_auth->get_dirty_out();

      //Now to send final packet.
      ACE_UINT32 header_length = 6;
      if (session_auth->if_length_included())
      {
        header_length += 4;
        flags=SET_LENGTH_INCLUDED(flags);
      }
      AAAMessageBlock *msg = AAAMessageBlock::Acquire(header_length+data->length()); //Code(1)+Identifier(1)+Length(2)+Type(1)+Flags(1)+ Data(n)
      ACE_OS::memset(msg->base(), 0, header_length+data->length());

      EapRequestTls request(flags);
      request.set_data(data);
      request.set_tls_message_length(data->length());

      EapRequestTlsParser parser;
      parser.setAppData(&request);
      parser.setRawData(msg);
      try { parser.parseAppToRaw(); }
      catch (...) {
	    EAP_LOG(LM_ERROR, "AuthTls: Parse error.\n");
	    msm.Event(EvSgInvalid);
	    return;
	    }      
      // Set the message to the session.
      ssm.SetTxMessage(msg);
      // Send a "valid" signal to the switch state machine.
      ssm.Notify(EapAuthSwitchStateMachine::EvSgValidResp);
    }  
  };


  class AcBuildRequestFinish : public EapAuthTlsAction
  {
    void operator()(EapAuthTlsStateMachine &msm)
    {
      EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
      EAP_LOG(LM_DEBUG, "<-------------AuthTls: Building a request second way message.\n");

      EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
      AAAMessageBlock *data = session_auth->get_dirty_out(); //Getting TLS records to be encapsulated in request
      AAAMessageBlock *msg = AAAMessageBlock::Acquire(6+data->length()); //Code(1)+Identifier(1)+Length(2)+Type(1)+Flags(1)+ Data(n)
      ACE_OS::memset(msg->base(), 0, 6+data->length());

      EapRequestTls request(0x00);

      request.set_data(data);

      EapRequestTlsParser parser;
      parser.setAppData(&request);
      parser.setRawData(msg);
      try { parser.parseAppToRaw(); }
      catch (...) {
	    EAP_LOG(LM_ERROR, "AuthTls: Parse error.\n");
	    msm.Event(EvSgInvalid);
	    return;
	    }
      // Update the history.
      // msm.History().append(msg->base() + 4, 4+32+40+516);
      //sleep(VALUE_TIME);

      // Set the message to the session.
      ssm.SetTxMessage(msg);

      // Send a "valid" signal to the switch state machine.
      ssm.Notify(EapAuthSwitchStateMachine::EvSgValidResp);
    }
  };

  class AcProcessResponseFinish : public EapAuthTlsAction
  {
    void operator()(EapAuthTlsStateMachine &msm)
    {
      EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
      AAAMessageBlock *msg = ssm.GetRxMessage();
      EAP_LOG(LM_DEBUG, "------------>AuthTls: Process response second way message.\n");

      EapResponseTls response((ACE_Byte)0x00);
      EapResponseTlsParser parser;
      parser.setAppData(&response);
      parser.setRawData(msg);

      try { parser.parseRawToApp(); }
      catch (...) {
	    EAP_LOG(LM_ERROR, "AuthTls: Parse error.\n");
	    msm.Event(EvSgInvalid);
	    return;
	    }
      /*EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
      session_auth->set_dirty_in(response.get_data());
      tls_mng_auth.tls_handshake_recv(session_auth);*/
      //sleep(VALUE_TIME);

	ACE_INT32 err;
      EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
      EAPTLS_tls_mng_auth &tls_mng_auth = msm.get_mng_auth();
      if((err = tls_mng_auth.tls_handshake_recv(session_auth)) == EAPTLS_tls_mng::StAlertReceive)
      {
EAP_LOG(LM_ERROR, "AuthTls: AcProcessResponseFinish: AlertReceive.\n");
      	msm.Event(EvSgAlertReceive);
      }
      else if (err == EAPTLS_tls_mng::StAlertSend)
      {
EAP_LOG(LM_ERROR, "AuthTls: AcProcessResponseFinish: AlertSend.\n");
      	msm.Event(EvSgAlertSend);
      }
      else
      // Proceed to the next step.
      msm.Event(EvSgValid);
    }
  };
  
  class AcNotifySuccess : public EapAuthTlsAction
  {
    void operator()(EapAuthTlsStateMachine &msm)
    {

      EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
      EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
      EAP_LOG(LM_DEBUG,"AuthTls: AcNotifySuccess\n");
      session_auth->session_close();
      ssm.Policy().Update(EapContinuedPolicyElement::PolicyOnSuccess);
      msm.IsDone() = true;
      ssm.Notify(EapAuthSwitchStateMachine::EvSgValidResp);
    }
  };

  class AcNotifyInvalid : public EapAuthTlsAction
  {
    void operator()(EapAuthTlsStateMachine &msm)
    {
      EAP_LOG(LM_DEBUG,"AuthTls: AcNotifyInvalid\n");
      EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
      ssm.Notify(EapAuthSwitchStateMachine::EvSgInvalidResp);
    }
  };

	class AcBuildRequestAlert : public EapAuthTlsAction
	{
		void operator()(EapAuthTlsStateMachine &msm)
		{
			EAP_LOG(LM_DEBUG,"AuthTls: AcBuildRequestAlert\n");

			EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();

			EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
			AAAMessageBlock *data = session_auth->get_dirty_out(); //Getting TLS records to be encapsulated in request
			AAAMessageBlock *msg = AAAMessageBlock::Acquire(6+data->length()); //Code(1)+Identifier(1)+Length(2)+Type(1)+Flags(1)+ Data(n)
			ACE_OS::memset(msg->base(), 0, 6+data->length());

			EapRequestTls request(0x00);

			request.set_data(data);

			EapRequestTlsParser parser;
			parser.setAppData(&request);
			parser.setRawData(msg);
			try { parser.parseAppToRaw(); }
			catch (...) {
				EAP_LOG(LM_ERROR, "AuthTls: Parse error.\n");
				msm.Event(EvSgInvalid);
				return;
			}
      
			// Set the message to the session.
			ssm.SetTxMessage(msg);

			// Send a "valid" signal to the switch state machine.
			ssm.Notify(EapAuthSwitchStateMachine::EvSgValidResp);
		}
	};

	class AcProcessResponseAckAlert : public EapAuthTlsAction
	{
		void operator()(EapAuthTlsStateMachine &msm)
		{
			EAP_LOG(LM_DEBUG,"AuthTls: AcProcessResponseAckAlert\n");

			EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
			AAAMessageBlock *msg = ssm.GetRxMessage();

			EapResponseTls response((ACE_Byte)0x00);
			EapResponseTlsParser parser;
			parser.setAppData(&response);
			parser.setRawData(msg);

			try { parser.parseRawToApp(); }
			catch (...) {
				EAP_LOG(LM_ERROR, "AuthTls: Parse error.\n");
				msm.Event(EvSgInvalid);
				return;
			}

			EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
			session_auth->set_dirty_in(response.get_data());
      
			// Proceed to the next step.
			msm.Event(EvSgValid);
		}
	};

	class AcNotifyFailure : public EapAuthTlsAction
	{
		void operator()(EapAuthTlsStateMachine &msm)
		{
			EAP_LOG(LM_DEBUG,"AuthTls: AcNotifyFailure\n");
			EapAuthSwitchStateMachine &ssm = msm.AuthSwitchStateMachine();
			EAPTLS_session_t_auth *session_auth = msm.get_tls_session();
			session_auth->session_close();
			ssm.Policy().Update(EapContinuedPolicyElement::PolicyOnFailure);
			msm.IsDone() = true;
			ssm.Notify(EapAuthSwitchStateMachine::EvSgValidResp);
		}
	};

  
  enum {
    EvSgValid,
    EvSgInvalid,
    EvSgMoreFragments,
    EvSgNoMoreFragments,
	EvSgAlertReceive,
	EvSgAlertSend
  };
  enum state {
    StInitialize,
    StBuildStart,
    StProcessResponseClientHello,
    StVerifyAuthMoreFragments,
    StRecvAck,
    StSentAck,
    StVerifyPeerMoreFragments,
    StProcessResponseSecondWay,
    StSentRequestFinish,
    StProcessResponseFinish,
    StSuccess,
	StBuildRequestAlert,
	StProcessResponseAckAlert,
	StFailure
 };


  AcBuildStart acBuildStart;
  AcProcessResponseClientHello acProcessResponseClientHello;
  AcVerifyAuthMoreFragments acVerifyAuthMoreFragments;
  AcRecvAck acRecvAck;
  AcSendFragment acSendFragment; 
  AcSendAck acSendAck;
  AcProcessResponseSecondWay acProcessResponseSecondWay;
  AcVerifyPeerMoreFragments acVerifyPeerMoreFragments; 
  AcBuildRequestFinish acBuildRequestFinish;
  AcProcessResponseFinish acProcessResponseFinish;
  AcNotifySuccess acNotifySuccess;
  AcNotifyInvalid acNotifyInvalid;
	AcBuildRequestAlert acBuildRequestAlert;
	AcProcessResponseAckAlert acProcessResponseAckAlert;
	AcNotifyFailure acNotifyFailure;
 
  EapAuthTlsStateTable_S()                        //Constructor.
  {
    AddStateTableEntry(StInitialize,
		       EapMethodStateMachine::EvSgIntegrityCheck,
		       StBuildStart, acBuildStart);
    AddStateTableEntry(StInitialize, StInitialize, 0);

    AddStateTableEntry(StBuildStart,
		       EapMethodStateMachine::EvSgIntegrityCheck,
		       StProcessResponseClientHello, acProcessResponseClientHello);