eap_tls_fsm.cxx

Diameter协议栈

      else data->rd_ptr(length_to_send-6);      //Move pointer to next bytes (next future fragment)
      // Set the message to the session.
      ssm.SetTxMessage(msg);
      // Update external method state.
      ssm.MethodState() = EapPeerSwitchStateMachine::CONT;
      // Send a "valid" signal to the switch state machine.
      ssm.Notify(EapAuthSwitchStateMachine::EvSgValidResp);
     }
  };

  class AcRecvAck : public EapPeerTlsAction
  {
    void operator()(EapPeerTlsStateMachine &msm)
    {
      EapPeerSwitchStateMachine &ssm = msm.PeerSwitchStateMachine();
      AAAMessageBlock *msg = ssm.GetRxMessage();   //Msg contains complete message.rd_ptr() points data section. (from byte after Type) and wr_ptr() at the end of Message
      EAP_LOG(LM_DEBUG, "PeerTls: Processing ACK.\n");

      // Check the EAP-TLS response.
      EapResponseTls response((ACE_Byte)0x00);
      EapResponseTlsParser parser;
      parser.setAppData(&response);
      parser.setRawData(msg);
      try { parser.parseRawToApp(); }
      catch	(...) {
        EAP_LOG(LM_ERROR, "PeerTls: Parse error.\n");
        msm.Event(EvSgInvalid);
        return;
      }
      if (response.get_is_ack()) msm.Event(EvSgValid);
      else msm.Event(EvSgInvalid);
    }
  };

  class AcProcessRequestFinish : public EapPeerTlsAction
  {
    void operator()(EapPeerTlsStateMachine &msm)
    {
      EapPeerSwitchStateMachine &ssm = msm.PeerSwitchStateMachine();
      EAPTLS_tls_mng_peer &tls_mng_peer = msm.get_mng_peer();
      AAAMessageBlock *msg = ssm.GetRxMessage();
      EAP_LOG(LM_DEBUG, "PeerTls: Process Request Finish.\n");

      EapRequestTls request((ACE_Byte)0x00);
      EapRequestTlsParser parser;
      parser.setAppData(&request);
      parser.setRawData(msg);

      try { parser.parseRawToApp(); }
      catch (...) {
	    EAP_LOG(LM_ERROR, "PeerTls: Parse error.\n");
	    msm.Event(EvSgInvalid);
	    return;
	  }

      EAPTLS_session_t_peer *session_peer = msm.get_tls_session();
      session_peer->set_dirty_in(request.get_data());

	ACE_INT32 err;
      if((err = tls_mng_peer.tls_handshake_recv(session_peer)) == EAPTLS_tls_mng::StAlertReceive)
      {
	msm.Event(EvSgAlertReceive);
      }
      else if (err == EAPTLS_tls_mng::StAlertSend)
      {
	msm.Event(EvSgAlertSend);
      }
      else
            
      // Proceed to the next step.
      msm.Event(EvSgValid);
    }
  };


  class AcNotifySuccess : public EapPeerTlsAction
  {
    void operator()(EapPeerTlsStateMachine &msm)
    {
      EapPeerSwitchStateMachine &ssm = msm.PeerSwitchStateMachine();
      EAP_LOG(LM_DEBUG, "PeerTls: Send Ack.\n");

      EAPTLS_session_t_peer *session_peer = msm.get_tls_session();
      AAAMessageBlock *data = session_peer->get_dirty_out(); //Getting TLS records to be encapsulated in request
      AAAMessageBlock *msg = AAAMessageBlock::Acquire(6); //Code(1)+Identifier(1)+Length(2)+Type(1)+Flags(1)+ Data(n)
      ACE_OS::memset(msg->base(), 0, 6);

      EapResponseTls response(0x00);
      EapResponseTlsParser  parser;
      response.set_data(data);

      parser.setAppData(&response);
      parser.setRawData(msg);

      try { parser.parseAppToRaw(); }
      catch (...) {
	    EAP_LOG(LM_ERROR, "PeerTls: Parse error.\n");
	    msm.Event(EvSgInvalid);
	    return;
	  }
      session_peer->session_close(); //This session is finished.
      // Set the message to the session.
      ssm.SetTxMessage(msg);
      ssm.Decision() = EapPeerSwitchStateMachine::UNCOND_SUCC;
      EAP_LOG(LM_DEBUG, "PeerTls: ACK prepared.\n");

      // Update external method state.
      ssm.MethodState() = EapPeerSwitchStateMachine::DONE;
      ssm.Event(EapPeerSwitchStateMachine::EvSgValidReq);
    }
  };

  class AcNotifyInvalid : public EapPeerTlsAction
  {
    void operator()(EapPeerTlsStateMachine &msm)
    {
      EAP_LOG(LM_DEBUG,"PeerTls: AcNotifyInvalid\n");
      EapPeerSwitchStateMachine &ssm = msm.PeerSwitchStateMachine();
      ssm.Event(EapPeerSwitchStateMachine::EvSgInvalidReq);
    }
  };

	class AcBuildResponseAckAlert : public EapPeerTlsAction
	{
		void operator()(EapPeerTlsStateMachine &msm)
		{
			EAP_LOG(LM_DEBUG,"PeerTls: AcBuildResponseAckAlert\n");
			EapPeerSwitchStateMachine &ssm = msm.PeerSwitchStateMachine();

			EAPTLS_session_t_peer *session_peer = msm.get_tls_session();
			AAAMessageBlock *data = session_peer->get_dirty_out(); //Getting TLS records to be encapsulated in request
			AAAMessageBlock *msg = AAAMessageBlock::Acquire(6 + data->length()); //Code(1)+Identifier(1)+Length(2)+Type(1)+Flags(1)+ Data(n)
			ACE_OS::memset(msg->base(), 0, 6 + data->length());

			EapResponseTls response(0x00);
			EapResponseTlsParser parser;
			response.set_data(data);

			parser.setAppData(&response);
			parser.setRawData(msg);

			try { parser.parseAppToRaw(); }
			catch (...) {
				EAP_LOG(LM_ERROR, "PeerTls: Parse error.\n");
				msm.Event(EvSgInvalid);
				return;
			}

			session_peer->session_close(); //This session is finished.
			// Set the message to the session.
			ssm.SetTxMessage(msg);
			ssm.Decision() = EapPeerSwitchStateMachine::FAIL;

			// Update external method state.
			ssm.MethodState() = EapPeerSwitchStateMachine::DONE;
			ssm.Event(EapPeerSwitchStateMachine::EvSgValidReq);
		}
	};

	class AcBuildResponseAlert : public EapPeerTlsAction
	{
		void operator()(EapPeerTlsStateMachine &msm)
		{
			EAP_LOG(LM_DEBUG,"PeerTls: AcBuildResponseAlert\n");
			EapPeerSwitchStateMachine &ssm = msm.PeerSwitchStateMachine();

			EAPTLS_session_t_peer *session_peer = msm.get_tls_session();
			AAAMessageBlock *data = session_peer->get_dirty_out(); //Getting TLS records to be encapsulated in request
			AAAMessageBlock *msg = AAAMessageBlock::Acquire(6 + data->length()); //Code(1)+Identifier(1)+Length(2)+Type(1)+Flags(1)+ Data(n)
			ACE_OS::memset(msg->base(), 0, 6 + data->length());

			EapResponseTls response(0x00);
			EapResponseTlsParser parser;
			response.set_data(data);

			parser.setAppData(&response);
			parser.setRawData(msg);

			try { parser.parseAppToRaw(); }
			catch (...) {
				EAP_LOG(LM_ERROR, "PeerTls: Parse error.\n");
				msm.Event(EvSgInvalid);
				return;
			}

			session_peer->session_close(); //This session is finished.
			// Set the message to the session.
			ssm.SetTxMessage(msg);
			ssm.Decision() = EapPeerSwitchStateMachine::FAIL;

			// Update external method state.
			ssm.MethodState() = EapPeerSwitchStateMachine::DONE;
			ssm.Event(EapPeerSwitchStateMachine::EvSgValidReq);
		}
	};

  enum {
    EvSgValid,
    EvSgInvalid,
    EvSgMoreFragments,
    EvSgNoMoreFragments,
	EvSgAlertReceive,
	EvSgAlertSend
  };
  enum state {
    StInitialize,
    StProcessStart,
    StBuildResponseClientHello,
    StVerifyAuthMoreFragments,
    StVerifyPeerMoreFragments,
    StRecvAck,
    StWaitRequestFinish,
    StProcessRequestFinish,
    StSuccess,
	StFailure
  };

  AcProcessStart acProcessStart;
  AcBuildResponseClientHello acBuildResponseClientHello;
  AcVerifyAuthMoreFragments acVerifyAuthMoreFragments;
  AcSendAck acSendAck;
  AcVerifyPeerMoreFragments acVerifyPeerMoreFragments;
  AcSendFragment acSendFragment;
  AcRecvAck acRecvAck;
  AcProcessRequestFinish acProcessRequestFinish;
  AcNotifySuccess acNotifySuccess;
  AcNotifyInvalid acNotifyInvalid;
	AcBuildResponseAckAlert acBuildResponseAckAlert;
	AcBuildResponseAlert acBuildResponseAlert;

  

  EapPeerTlsStateTable_S()                        //Constructor.
  {
    AddStateTableEntry(StInitialize,
		       EapMethodStateMachine::EvSgIntegrityCheck,
		       StProcessStart, acProcessStart);
    AddWildcardStateTableEntry(StInitialize, StInitialize);

    AddStateTableEntry(StProcessStart, EvSgInvalid,
		       StInitialize, acNotifyInvalid);
    AddStateTableEntry(StProcessStart, EvSgValid,
		       StBuildResponseClientHello, acBuildResponseClientHello);

    AddStateTableEntry(StBuildResponseClientHello,
		       EapMethodStateMachine::EvSgIntegrityCheck,
		       StVerifyAuthMoreFragments, acVerifyAuthMoreFragments);    
    AddWildcardStateTableEntry(StBuildResponseClientHello, StBuildResponseClientHello);

    AddStateTableEntry(StVerifyAuthMoreFragments, EvSgMoreFragments,
		       StBuildResponseClientHello, acSendAck);    
    AddStateTableEntry(StVerifyAuthMoreFragments, EvSgNoMoreFragments,
		       StVerifyPeerMoreFragments, acVerifyPeerMoreFragments);
    AddStateTableEntry(StVerifyAuthMoreFragments, EvSgValid,
		       StVerifyPeerMoreFragments, acVerifyPeerMoreFragments);
    AddStateTableEntry(StVerifyAuthMoreFragments, EvSgInvalid,
		       StInitialize, acNotifyInvalid);

	AddStateTableEntry(StVerifyAuthMoreFragments, EvSgAlertReceive,
			StFailure, acBuildResponseAckAlert);
	AddStateTableEntry(StVerifyAuthMoreFragments, EvSgAlertSend,
			StFailure, acBuildResponseAlert);

    AddStateTableEntry(StVerifyPeerMoreFragments, EvSgMoreFragments,
		       StRecvAck, acSendFragment);
    AddStateTableEntry(StVerifyPeerMoreFragments, EvSgNoMoreFragments,
		       StWaitRequestFinish, acSendFragment);

    AddStateTableEntry(StRecvAck,
                       EapMethodStateMachine::EvSgIntegrityCheck,
		                   StVerifyAuthMoreFragments, acRecvAck);
    AddStateTableEntry(StRecvAck, StRecvAck, 0);
    
  
    AddStateTableEntry(StWaitRequestFinish,
		       EapMethodStateMachine::EvSgIntegrityCheck,
		       StProcessRequestFinish, acProcessRequestFinish);
    AddStateTableEntry(StWaitRequestFinish, StWaitRequestFinish, 0);

    AddStateTableEntry(StProcessRequestFinish, EvSgInvalid,
		       StInitialize, acNotifyInvalid);
    AddStateTableEntry(StProcessRequestFinish, EvSgValid,
		       StSuccess, acNotifySuccess);
           
	AddStateTableEntry(StProcessRequestFinish, EvSgAlertReceive,
			StFailure, acBuildResponseAckAlert);
	AddStateTableEntry(StProcessRequestFinish, EvSgAlertSend,
			StFailure, acBuildResponseAlert);

	AddWildcardStateTableEntry(StFailure, StFailure);

    AddWildcardStateTableEntry(StSuccess, StSuccess);

    InitialState(StInitialize);
  } // leaf class
  ~EapPeerTlsStateTable_S() {}
};

typedef ACE_Singleton<EapPeerTlsStateTable_S, ACE_Recursive_Thread_Mutex>
EapPeerTlsStateTable;

typedef ACE_Singleton<EapAuthTlsStateTable_S, ACE_Recursive_Thread_Mutex>
EapAuthTlsStateTable;

EapPeerTlsStateMachine::EapPeerTlsStateMachine
(EapSwitchStateMachine &s)
  : EapMethodStateMachine(s),
    EapStateMachine<EapPeerTlsStateMachine>
  (*this, *EapPeerTlsStateTable::instance(), s.Reactor(), s, "TLS(peer)")
{
  this->ssn=NULL;
}

EapAuthTlsStateMachine::EapAuthTlsStateMachine
(EapSwitchStateMachine &s)
  : EapMethodStateMachine(s),
    EapStateMachine<EapAuthTlsStateMachine>
  (*this, *EapAuthTlsStateTable::instance(),
   s.Reactor(), s, "TLS(authenticator)")
{
  this->ssn=NULL;
  
}