aaa4j
radius request or response Authenticator
Hi~ when i read radius Standard,i find the Authenticator,the description is as follows: The NAS and RADIUS accounting server share a secret. The Request Authenticator field in Accounting-Request packets contains a one- way MD5 hash calculated over a stream of octets consisting of the Code + Identifier + Length + 16 zero octets + request attributes + shared secret (where + indicates concatenation). The 16 octet MD5 hash value is stored in the Authenticator field of the Accounting-Request packet ok, actually in my project,i need use this algorithm to check the legitimacy of request,do you have some suggestions?
Hello,
The library verifies the authenticator field in Accounting-Request packets: https://github.com/aaa4j/aaa4j-radius/blob/562f411003859ce87dfe46e04112da8be38f8c89/aaa4j-radius-core/src/main/java/org/aaa4j/radius/core/packet/PacketCodec.java#L320-L331
If the RADIUS server receives an Accounting-Request packet with an invalid authenticator field, the handlePacket() method in your RadiusServer.Handler will not be called. The handleException() method in your RadiusServer.Handler implementation will be called so you can log the exception if you want.
The library also verifies the authenticator field in all the response packets: Access-Accept, Access-Reject, Access-Challenge, and Accounting-Response and throws an exception when calling send() on RadiusClient.
If a RADIUS packets contains a Message-Authenticator attribute, the library will also verify that and throw an exception if it is not correct. If you want to include a Message-Authenticator attribute in your request or response packets, you can add new MessageAuthenticator() and the library will automatically populate it with the calculated HMAC-MD5 of the entire packet when it's sent.
