【求教】关于使用Jradius进行EAP-TLS认证

lywh348977787 2015-09-09 09:37:15

求教关于Jradius进行EAP-TLS认证问题。
代码如下。
http://www.coova.org/node/3379



String authMode ="eap-tls";

RadiusAuthenticator authenticator = RadiusClient.getAuthProtocol(authMode);



if(authenticator instanceof EAPTLSAuthenticator) {

final String CERT_FILE_PATH = "/home/Khevz/Desktop/";

EAPTLSAuthenticator eapTlsAuth = (EAPTLSAuthenticator)authenticator;

// client cert

eapTlsAuth.setKeyFileType("pkcs12");

eapTlsAuth.setKeyFile(CERT_FILE_PATH + "client.p12");

eapTlsAuth.setKeyPassword("password");

// ca cert

eapTlsAuth.setCaFileType("pkcs12");

eapTlsAuth.setCaFile(CERT_FILE_PATH+"ca.p12");

eapTlsAuth.setCaPassword("password");

//eapTlsAuth.setTrustAll(true);

}



RadiusClient radClient = null;

try {

InetAddress host = InetAddress.getByName("localhost");

radClient = new RadiusClient(host, "password", 1812, 1813, 10);

}

catch(Exception se) {

}



AttributeList attrs = new AttributeList();

attrs.add(new Attr_UserName("Devices"));

attrs.add(new Attr_NASPortType(Attr_NASPortType.Wireless80211));

attrs.add(new Attr_NASPort(new Long(1)));

//attrs.add(new Attr_UserPassword("password")); // not for eap-tls



AccessRequest accessRequest = new AccessRequest(radClient, attrs);

accessRequest.addAttribute(new Attr_UserPassword("password"));

RadiusPacket reply = null;

try {

// RadiusClient.authenticate() handles authenticators

// processChallenge that throws exception by default except

// EAPAuthenticator.

if(authenticator instanceof EAPAuthenticator) {

reply = radClient.authenticate(accessRequest, authenticator, 5);

}

else {

authenticator.setupRequest(radClient, accessRequest);

authenticator.processRequest(accessRequest);

InetAddress host = null;

try {

host = InetAddress.getByName("localhost");

} catch (UnknownHostException e) {

// TODO Auto-generated catch block

e.printStackTrace();

}

reply = radClient.sendReceive(accessRequest, host,	1812, 5);

}

}

catch(RadiusException e) {

}



if(reply==null) {

System.out.println("reply is null");

return;

}

String replyMessage = (String) reply.getAttributeValue(Attr_ReplyMessage.TYPE);

System.out.println("reply: "+replyMessage);

if (reply instanceof AccessReject) {

}

else if (reply instanceof AccessAccept) {

}

else if( reply instanceof AccessChallenge) {

}

}



}

问题1.tls证书认证是否需要传username和password，这里的username和password是对应的什么呢，能稍微解释下嚒？
attrs.add(new Attr_UserName("Devices"));
attrs.add(new Attr_NASPortType(Attr_NASPortType.Wireless80211));
attrs.add(new Attr_NASPort(new Long(1)));
//attrs.add(new Attr_UserPassword("password")); // not for eap-tls

问题2.我已经在pki系统上面申请了个人认证证书，我看代码上还传送了服务器端证书，在真实情况下是否需要传送服务器端证书
// client cert
eapTlsAuth.setKeyFileType("pkcs12");
eapTlsAuth.setKeyFile(CERT_FILE_PATH + "client.p12");
eapTlsAuth.setKeyPassword("password");
// ca cert
eapTlsAuth.setCaFileType("pkcs12");
eapTlsAuth.setCaFile(CERT_FILE_PATH+"ca.p12");
eapTlsAuth.setCaPassword("password");

问题3.也是上面问题而得代码，setKeyPassword和setCaPassword分别对应的是什么，是证书的安装密码嚒？

问题4,现在整个实例代码，证书是可以确认是对的，其他用户名和密码不确定是否需要传，所以不确定是否是对的，但是执行之后爆空指针，reply = radClient.authenticate(accessRequest, authenticator, 5); 这句。

本人协议小白，请大家不吝赐教。

...全文