public static CreateResponseAuthenticator ( string sharedSecret, |
||
sharedSecret | string | The shared secret key. |
requestPacket | RADIUS packet sent from client to server. | |
responsePacket | RADIUS packet sent from server to client. | |
return | byte[] |
public static byte[] CreateResponseAuthenticator(string sharedSecret, RadiusPacket requestPacket, RadiusPacket responsePacket)
{
// Response authenticator is generated as follows:
// MD5(Code + Identifier + Length + Request Authenticator + Attributes + Shared Secret)
// where:
// Code, Identifier, Length & Attributes are from the response RADIUS packet
// Request Authenticator is from the request RADIUS packet
// Shared Secret is the shared secret key
int length = responsePacket.BinaryLength;
byte[] sharedSecretBytes = Encoding.GetBytes(sharedSecret);
byte[] buffer = new byte[length + sharedSecretBytes.Length];
responsePacket.GenerateBinaryImage(buffer, 0);
Buffer.BlockCopy(requestPacket.BinaryImage(), 4, buffer, 4, 16);
Buffer.BlockCopy(sharedSecretBytes, 0, buffer, length, sharedSecretBytes.Length);
return new MD5CryptoServiceProvider().ComputeHash(buffer);
}
/// <summary> /// Send a request to the server and waits for a response back. /// </summary> /// <param name="request">Request to be sent to the server.</param> /// <returns>Response packet if a valid response is received from the server; otherwise Nothing.</returns> public RadiusPacket ProcessRequest(RadiusPacket request) { CheckDisposed(); // We wait indefinitely for the connection to establish. But since this is UDP, the connection // will always be successful (locally we're binding to any available UDP port). if (m_udpClient.CurrentState != ClientState.Connected) { return(null); } RadiusPacket response = null; // We have a UDP socket we can use for exchanging packets. DateTime stopTime; for (int i = 1; i <= m_requestAttempts; i++) { m_responseBytes = null; m_udpClient.Send(request.BinaryImage()); stopTime = DateTime.UtcNow.AddMilliseconds(m_reponseTimeout); while (true) { Thread.Sleep(1); // Stay in the loop until: // 1) We receive a response OR // 2) We exceed the response timeout duration if ((object)m_responseBytes != null || DateTime.UtcNow > stopTime) { break; } } if ((object)m_responseBytes != null) { // The server sent a response. response = new RadiusPacket(m_responseBytes, 0, m_responseBytes.Length); if (response.Identifier == request.Identifier && response.Authenticator.CompareTo(RadiusPacket.CreateResponseAuthenticator(m_sharedSecret, request, response)) == 0) { break; } // The response failed the verification, so we'll silently discard it. response = null; } } return(response); }