Java处理Radius access-challenge

  最近使用 RSA Authentication Manager， 并且与其自带的Radius server整合， RSA的Radius server 配置不太透明， 目前只配成功了PAP方式的验证，CHAP目前不成功。

RSA Radius在token输错3次后有要求用户输入next token的安全设置方式， 开始不知道java如何处理，后来查了一些资料，Radius协议本身是无状态的，客户端第二次next token

的request需要跟上前一次response中的state才能让服务器识别出这个session，跟http 的 session是一个意思。

// next token new request send 
                    AttributeList response = r.getAttributes();
                    AttributeList state = response.getAttributeList(Attribute.State);
                    System.out.println(">>>>>>>Response state:" + state);
                    System.out.println("next Token");
                    Scanner sa = new Scanner(System.in);
                    String sl = sa.next();
                    String mima = sl + "";
                    System.out.println(mima);
                    AttributeList attList = new AttributeList();
                    attList.addAttribute(Attribute.NAS_Port, 1);
                    attList.mergeAttributes(state);
                    int nResul = r.authenticate("ryan", mima, attList);
    

注意这个

r.authenticate("ryan", mima, attList);

处理的是PAP格式的请求。

First Token

17507862

17507862

>>>>>>>>>>>>>>>>>>>authenticate.

<81> ------------------- Request Packet -----------------

<81> Address: 10.207.67.63:1812  Packet Length: 50 Type: Access-Request(1)

01 51 00 32 77 98 1B F0 - C0 39 C4 41 A0 6D BF 7A   .Q.2w... - .9.A.m.z

55 0D D5 F6 05 06 00 00 - 00 01 01 06 72 79 61 6E   U....... - ....ryan

02 12 98 8C D9 43 C5 7E - 34 C2 E5 3A F5 31 21 4A   .....C.~ - 4..:.1!J

13 78 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00   .x...... - ........

Attributes:

NAS-Port (5), Length: 6, Data: [# 1], 0x00000001

User-Name (1), Length: 6, Data: [ryan], [# 1920557422] / [IP 114.121.97.110], 0x7279616E

User-Password (2), Length: 18, Data: 0x988CD943C57E34C2E53AF531214A1378

<81> ---------------------------------------------------

<81> ------------------- Response Packet -----------------

<81> Address: 10.207.67.63:1812  Packet Length: 88 Type: Access-Challenge(11)

0B 51 00 58 69 D2 A0 52 - C1 EC FC 7D 71 AA 91 42   .Q.Xi..R - ...}q..B

65 6E 4D 17 4C 06 00 00 - 00 00 12 30 0D 0A 50 6C   enM.L... - ...0..Pl

65 61 73 65 20 45 6E 74 - 65 72 20 74 68 65 20 4E   ease Ent - er the N

65 78 74 20 43 6F 64 65 - 20 66 72 6F 6D 20 59 6F   ext Code -  from Yo

75 72 20 54 6F 6B 65 6E - 3A 00 18 0E 53 42 52 2D   ur Token - :...SBR-

43 48 20 34 36 7C 31 00 - 00 00 00 00 00 00 00 00   CH 46|1. - ........

Attributes:

Prompt (76), Length: 6, Data: [# 0], 0x00000000

Reply-Message (18), Length: 48, Data: 0x0D0A506C6561736520456E74657220746865204E65787420436F64652066726F6D20596F757220546F6B656E3A00

State (24), Length: 14, Data: 0x5342522D43482034367C3100

<81> ---------------------------------------------------

>>>>>>>Response Result:11

>>>>>>>Response state:State (24), Length: 14, Data: 0x5342522D43482034367C3100

next Token

77340845

77340845

<100> ------------------- Request Packet -----------------

<100> Address: 10.207.67.63:1812  Packet Length: 64 Type: Access-Request(1)

01 64 00 40 41 73 2F F7 - 74 13 A4 3D 98 76 58 84   .d.@As/. - t..=.vX.

9C 8B 5A D3 05 06 00 00 - 00 01 18 0E 53 42 52 2D   ..Z..... - ....SBR-

43 48 20 34 36 7C 31 00 - 01 06 72 79 61 6E 02 12   CH 46|1. - ..ryan..

A5 1C 73 E3 60 F0 57 21 - 39 9E 8A EA 8D BB 3C EA   ..s.`.W! - 9.....<.

Attributes:

NAS-Port (5), Length: 6, Data: [# 1], 0x00000001

State (24), Length: 14, Data: 0x5342522D43482034367C3100

User-Name (1), Length: 6, Data: [ryan], [# 1920557422] / [IP 114.121.97.110], 0x7279616E

User-Password (2), Length: 18, Data: 0xA51C73E360F05721399E8AEA8DBB3CEA

<100> ---------------------------------------------------

<100> ------------------- Response Packet -----------------

<100> Address: 10.207.67.63:1812  Packet Length: 86 Type: Access-Accept(2)

02 64 00 56 E5 63 66 C1 - 9F 85 75 47 09 97 CE AB   .d.V.cf. - ..uG....

8A 7A 19 C4 19 37 53 42 - 52 32 43 4C 81 ED 94 D1   .z...7SB - R2CL....

C8 E6 EA DE 8B 80 11 80 - 22 01 80 03 81 98 CE 80   ........ - ".......

02 80 05 81 B9 9E AC 96 - F0 12 80 0E 81 81 ED 94   ........ - ........

D1 C8 E6 EA DE 8B 80 80 - 80 84 9C 01 0B 55 73 65   ........ - .....Use

72 2D 4E 61 6D 65 00 00 - 00 00 00 00 00 00 00 00   r-Name.. - ........

Attributes:

Class (25), Length: 55, Data: 0x53425232434C81ED94D1C8E6EADE8B801180220180038198CE8002800581B99EAC96F012800E8181ED94D1C8E6EADE8B808080849C

User-Name (1), Length: 11, Data: [User-Name], 0x557365722D4E616D65

<100> ---------------------------------------------------

>>>>>>>>>>>>>>>>>>>authenticate again.

r.getErrorString():No Error (0)

Second nResult:2

Second nResult:2

Second nResult:Access-Accept

Final return:0