ONOS AAA app: Authentication and Authorization logic.

Change-Id: I36eb889eeab38edf12377c13e780a147551459a4

+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2015 Open Networking Laboratory
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<app name="org.onosproject.aaa" origin="ATT" version="${project.version}"
+     featuresRepo="mvn:${project.groupId}/${project.artifactId}/${project.version}/xml/features"
+     features="${project.artifactId}">
+    <description>${project.description}</description>
+    <artifact>mvn:${project.groupId}/${project.artifactId}/${project.version}</artifact>
+    <artifact>mvn:${project.groupId}/onos-app-xos-integration/${project.version}</artifact>
+    <bundle>mvn:com.sun.jersey/jersey-client/1.19</bundle>
+</app>

+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+  ~ Copyright 2015 Open Networking Laboratory
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<features xmlns="http://karaf.apache.org/xmlns/features/v1.2.0" name="${project.artifactId}-${project.version}">
+    <repository>mvn:${project.groupId}/${project.artifactId}/${project.version}/xml/features</repository>
+    <feature name="${project.artifactId}" version="${project.version}"
+             description="${project.description}">
+        <feature>onos-api</feature>
+        <bundle>mvn:com.sun.jersey/jersey-client/1.19</bundle>
+        <bundle>mvn:${project.groupId}/${project.artifactId}/${project.version}</bundle>
+        <bundle>mvn:${project.groupId}/onos-app-xos-integration/${project.version}</bundle>
+    </feature>
+</features>

+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2014 Open Networking Laboratory
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+
+    <parent>
+        <groupId>org.onosproject</groupId>
+        <artifactId>onos-apps</artifactId>
+        <version>1.3.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>onos-app-aaa</artifactId>
+    <packaging>bundle</packaging>
+
+    <description>ONOS authentication application</description>
+
+    <properties>
+        <onos.app.name>org.onosproject.aaa</onos.app.name>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.compendium</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.onosproject</groupId>
+            <artifactId>onlab-junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.onosproject</groupId>
+            <artifactId>onos-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+         <dependency>
+            <groupId>org.onosproject</groupId>
+            <artifactId>onlab-osgi</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.scr.annotations</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.onosproject</groupId>
+            <artifactId>onos-app-xos-integration</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+
+        <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.onosproject</groupId>
+                <artifactId>onos-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

+/*
+ * Copyright 2014 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * AAA implmentation.
+ */
+package org.onosproject.aaa;

+/*
+ *
+ *  * Copyright 2015 AT&T Foundry
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *     http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package org.onosproject.aaa.packet;
+
+import org.onlab.packet.BasePacket;
+import org.onlab.packet.IPacket;
+
+import java.nio.ByteBuffer;
+
+
+/**
+ *
+ */
+public class EAP extends BasePacket {
+    public static final short MIN_LEN = 0x4;
+    public static final short EAP_HDR_LEN_REQ_RESP = 5;
+    public static final short EAP_HDR_LEN_SUC_FAIL = 4;
+
+    /* EAP Code */
+    public static final byte REQUEST  = 0x1;
+    public static final byte RESPONSE = 0x2;
+    public static final byte SUCCESS  = 0x3;
+    public static final byte FAILURE  = 0x4;
+
+    /* EAP Attribute Type */
+    public static final byte ATTR_IDENTITY = 0x1;
+    public static final byte ATTR_NOTIFICATION = 0x2;
+    public static final byte ATTR_NAK = 0x3;
+    public static final byte ATTR_MD5 = 0x4;
+    public static final byte ATTR_OTP = 0x5;
+    public static final byte ATTR_GTC = 0x6;
+    public static final byte ATTR_TLS = 0xd;
+
+    protected byte code;
+    protected byte identifier;
+    protected short length;
+    protected byte type;
+    protected byte[] data;
+
+
+    /**
+     * Get the EAP code.
+     * @return EAP code
+     */
+    public byte getCode() {
+        return this.code;
+    }
+
+
+    /**
+     * Set the EAP code.
+     * @param code EAP code
+     * @return this
+     */
+    public EAP setCode(final byte code) {
+        this.code = code;
+        return this;
+    }
+
+    /**
+     * Get the EAP identifier.
+     * @return EAP identifier
+     */
+    public byte getIdentifier() {
+        return this.identifier;
+    }
+
+    /**
+     * Set the EAP identifier.
+     * @param identifier
+     * @return this
+     */
+    public EAP setIdentifier(final byte identifier) {
+        this.identifier = identifier;
+        return this;
+    }
+
+    /**
+     * Get the get packet length.
+     * @return packet length
+     */
+    public short getLength() {
+        return this.length;
+    }
+
+    /**
+     * Set the packet length.
+     * @param length packet length
+     * @return this
+     */
+    public EAP setLength(final short length) {
+        this.length = length;
+        return this;
+    }
+
+    /**
+     * Get the data type.
+     * @return data type
+     */
+    public byte getDataType() {
+        return this.type;
+    }
+
+    /**
+     * Set the data type.
+     * @param type data type
+     * @return this
+     */
+    public EAP setDataType(final byte type) {
+        this.type = type;
+        return this;
+    }
+
+    /**
+     * Get the EAP data.
+     * @return EAP data
+     */
+    public byte[] getData() {
+        return this.data;
+    }
+
+    /**
+     * Set the EAP data.
+     * @param data EAP data to be set
+     * @return this
+     */
+    public EAP setData(final byte[] data) {
+        this.data = data;
+        return this;
+    }
+
+    /**
+     * Default EAP constructor that set the EAP code to 0.
+     */
+    public EAP() {
+        this.code = 0;
+    }
+
+    /**
+     * EAP constructor that initially sets all fields.
+     * @param code EAP code
+     * @param identifier EAP identifier
+     * @param type packet type
+     * @param data EAP data
+     */
+    public EAP(byte code, byte identifier, byte type, byte[] data) {
+        this.code = code;
+        this.identifier = identifier;
+        if (this.code == REQUEST || this.code == RESPONSE) {
+            this.length = (short) (5 + (data == null ? 0 : data.length));
+            this.type = type;
+        } else {
+            this.length = (short) (4 + (data == null ? 0 : data.length));
+        }
+        this.data = data;
+    }
+
+    /**
+     * Serializes the packet, based on the code/type using the payload
+     * to compute its length.
+     * @return the serialized payload
+     */
+    @Override
+    public byte[] serialize() {
+        final byte[] data = new byte[this.length];
+
+        final ByteBuffer bb = ByteBuffer.wrap(data);
+        bb.put(this.code);
+        bb.put(this.identifier);
+        bb.putShort(this.length);
+        if (this.code == REQUEST || this.code == RESPONSE) {
+            bb.put(this.type);
+        }
+        if (this.data != null) {
+            bb.put(this.data);
+        }
+        return data;
+    }
+
+    @Override
+    public IPacket deserialize(final byte[] data, final int offset,
+                               final int length) {
+        final ByteBuffer bb = ByteBuffer.wrap(data, offset, length);
+        this.code = bb.get();
+        this.identifier = bb.get();
+        this.length = bb.getShort();
+
+        int dataLength;
+        if (this.code == REQUEST || this.code == RESPONSE) {
+            this.type = bb.get();
+            dataLength = this.length - 5;
+        } else {
+            dataLength = this.length - 4;
+        }
+        this.data = new byte[dataLength];
+        bb.get(this.data);
+        return this;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 3889;
+        int result = super.hashCode();
+        result = prime * result + this.code;
+        result = prime * result + this.identifier;
+        result = prime * result + this.length;
+        result = prime * result + this.type;
+        return result;
+    }
+}

+/*
+ * Copyright 2015 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.aaa.packet;
+
+import org.onlab.packet.ARP;
+import org.onlab.packet.Ethernet;
+import org.onlab.packet.IPv4;
+import org.onlab.packet.IPv6;
+import org.onlab.packet.LLDP;
+
+/**
+ * Created by jono on 5/19/15.
+ */
+public final class EAPEthernet extends Ethernet {
+
+    public static final short TYPE_PAE = (short) 0x888e;
+
+    private EAPEthernet() {
+
+    }
+
+    static {
+        Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_ARP, ARP.class);
+        org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_RARP, ARP.class);
+        org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_IPV4, IPv4.class);
+        org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_IPV6, IPv6.class);
+        org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_LLDP, LLDP.class);
+        org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(org.onlab.packet.Ethernet.TYPE_BSN, LLDP.class);
+        org.onlab.packet.Ethernet.ETHER_TYPE_CLASS_MAP.put(TYPE_PAE, EAPOL.class);
+    }
+}

+/*
+ *
+ *  * Copyright 2015 AT&T Foundry
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *     http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package org.onosproject.aaa.packet;
+
+import org.onlab.packet.BasePacket;
+import org.onlab.packet.Ethernet;
+import org.onlab.packet.IPacket;
+import org.onlab.packet.MacAddress;
+
+import java.nio.ByteBuffer;
+
+/**
+ *
+ */
+public class EAPOL extends BasePacket {
+
+    private byte version = 0x01;
+    private byte eapolType;
+    private short packetLength;
+
+    /* EAPOL Packet Type */
+    public static final byte EAPOL_PACKET = 0x0;
+    public static final byte EAPOL_START  = 0x1;
+    public static final byte EAPOL_LOGOFF = 0x2;
+    public static final byte EAPOL_KEY    = 0x3;
+    public static final byte EAPOL_ASF    = 0x4;
+
+    public static final MacAddress PAE_GROUP_ADDR = MacAddress.valueOf(new byte[] {
+            (byte) 0x01, (byte) 0x80, (byte) 0xc2, (byte) 0x00, (byte) 0x00, (byte) 0x03
+    });
+
+
+    /**
+     * Get version.
+     * @return version
+     */
+    public byte getVersion() {
+        return this.version;
+    }
+
+    /**
+     * Set version.
+     * @param version EAPOL version
+     * @return this
+     */
+    public EAPOL setVersion(final byte version) {
+        this.version = version;
+        return this;
+    }
+
+    /**
+     * Get type.
+     * @return EAPOL type
+     */
+    public byte getEapolType() {
+        return this.eapolType;
+    }
+
+    /**
+     * Set EAPOL type.
+     * @param eapolType EAPOL type
+     * @return this
+     */
+    public EAPOL setEapolType(final byte eapolType) {
+        this.eapolType = eapolType;
+        return this;
+    }
+
+    /**
+     * Get packet length.
+     * @return packet length
+     */
+    public short getPacketLength() {
+        return this.packetLength;
+    }
+
+    /**
+     * Set packet length.
+     * @param packetLen packet length
+     * @return this
+     */
+    public EAPOL setPacketLength(final short packetLen) {
+        this.packetLength = packetLen;
+        return this;
+    }
+
+
+
+    /**
+     * Serializes the packet, based on the code/type using the payload
+     * to compute its length.
+     * @return this
+     */
+    @Override
+    public byte[] serialize() {
+
+        byte[] payloadData = null;
+
+        if (this.payload != null) {
+            this.payload.setParent(this);
+            payloadData = this.payload.serialize();
+        }
+
+        //prepare the buffer to hold the version (1), packet type (1), packet length (2) and the eap payload.
+        //if there is no payload, packet length is 0
+        byte[] data = new byte[4 + this.packetLength];
+        final ByteBuffer bb = ByteBuffer.wrap(data);
+        bb.put(this.version);
+        bb.put(this.eapolType);
+        bb.putShort(this.packetLength);
+
+        //put the EAP payload
+        if (payloadData != null) {
+            bb.put(payloadData);
+        }
+
+        return data;
+    }
+
+    @Override
+    public IPacket deserialize(final byte[] data, final int offset,
+                               final int length) {
+        final ByteBuffer bb = ByteBuffer.wrap(data, offset, length);
+
+
+        //deserialize the EAPOL header
+        this.version = bb.get();
+        this.eapolType = bb.get();
+        this.packetLength = bb.getShort();
+
+        if (this.packetLength > 0) {
+            //deserialize the EAP Payload
+            this.payload = new EAP();
+
+            this.payload = this.payload.deserialize(data, bb.position(), length - 4);
+            this.payload.setParent(this);
+        }
+
+
+        return this;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 3889;
+        int result = super.hashCode();
+        result = prime * result + this.version;
+        result = prime * result + this.eapolType;
+        result = prime * result + this.packetLength;
+        return result;
+    }
+
+    /**
+     *
+     * @param dstMac
+     * @param srcMac
+     * @param eapolType
+     * @param eap
+     * @return Ethernet frame
+     */
+    public static Ethernet buildEapolResponse(MacAddress dstMac, MacAddress srcMac,
+                                              short vlan, byte eapolType, EAP eap) {
+
+        Ethernet eth = new Ethernet();
+        eth.setDestinationMACAddress(dstMac.toBytes());
+        eth.setSourceMACAddress(srcMac.toBytes());
+        eth.setEtherType(EAPEthernet.TYPE_PAE);
+        if (vlan != Ethernet.VLAN_UNTAGGED) {
+            eth.setVlanID(vlan);
+        }
+        //eapol header
+        EAPOL eapol = new EAPOL();
+        eapol.setEapolType(eapolType);
+        eapol.setPacketLength(eap.getLength());
+
+        //eap part
+        eapol.setPayload(eap);
+
+        eth.setPayload(eapol);
+        eth.setPad(true);
+        return eth;
+    }
+}
+

+/*
+ *
+ *  * Copyright 2015 AT&T Foundry
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  *     http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package org.onosproject.aaa.packet;
+
+import java.nio.ByteBuffer;
+
+public class RADIUSAttribute {
+    protected byte type;
+    protected byte length;
+    protected byte[] value;
+
+    /* RADIUS attribute types */
+    public static final byte RADIUS_ATTR_USERNAME = 1;
+    public static final byte RADIUS_ATTR_NAS_IP = 4;
+    public static final byte RADIUS_ATTR_NAS_PORT = 5;
+    public static final byte RADIUS_ATTR_FRAMED_MTU = 12;
+    public static final byte RADIUS_ATTR_STATE = 24;
+    public static final byte RADIUS_ATTR_VENDOR_SPECIFIC = 26;
+    public static final byte RADIUS_ATTR_CALLING_STATION_ID = 31;
+    public static final byte RADIUS_ATTR_NAS_ID = 32;
+    public static final byte RADIUS_ATTR_ACCT_SESSION_ID = 44;
+    public static final byte RADIUS_ATTR_NAS_PORT_TYPE = 61;
+    public static final byte RADIUS_ATTR_EAP_MESSAGE = 79;
+    public static final byte RADIUS_ATTR_MESSAGE_AUTH = 80;
+    public static final byte RADIUS_ATTR_NAS_PORT_ID = 87;
+
+    public RADIUSAttribute() {
+    }
+
+    public RADIUSAttribute(final byte type, final byte length, final byte[] value) {
+        this.type = type;
+        this.length = length;
+        this.value = value;
+    }
+
+    public boolean isValidType() {
+        return this.type == RADIUS_ATTR_USERNAME ||
+                this.type == RADIUS_ATTR_NAS_IP ||
+                this.type == RADIUS_ATTR_NAS_PORT ||
+                this.type == RADIUS_ATTR_VENDOR_SPECIFIC ||
+                this.type == RADIUS_ATTR_CALLING_STATION_ID ||
+                this.type == RADIUS_ATTR_NAS_ID ||
+                this.type == RADIUS_ATTR_ACCT_SESSION_ID ||
+                this.type == RADIUS_ATTR_NAS_PORT_TYPE ||
+                this.type == RADIUS_ATTR_EAP_MESSAGE ||
+                this.type == RADIUS_ATTR_MESSAGE_AUTH ||
+                this.type == RADIUS_ATTR_NAS_PORT_ID;
+    }
+
+    /**
+     * @return the type
+     */
+    public byte getType() {
+        return this.type;
+    }
+
+    /**
+     * @param type
+     *            the code to set
+     * @return this
+     */
+    public RADIUSAttribute setType(final byte type) {
+        this.type = type;
+        return this;
+    }
+
+    /**
+     * @return the length
+     */
+    public byte getLength() {
+        return this.length;
+    }
+
+    /**
+     * @param length
+     *            the length to set
+     * @return this
+     */
+    public RADIUSAttribute setLength(final byte length) {
+        this.length = length;
+        return this;
+    }
+
+    /**
+     * @return the value
+     */
+    public byte[] getValue() {
+        return this.value;
+    }
+
+    /**
+     * @param value
+     *            the data to set
+     * @return this
+     */
+    public RADIUSAttribute setValue(final byte[] value) {
+        this.value = value;
+        return this;
+    }
+
+    public byte[] serialize() {
+        final byte[] data = new byte[this.length];
+        final ByteBuffer bb = ByteBuffer.wrap(data);
+        bb.put(this.type);
+        bb.put(this.length);
+        bb.put(this.value);
+        return data;
+    }
+}

+/*
+ * Copyright 2014 Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.aaa;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Set of tests of the ONOS application component.
+ */
+public class AAATest {
+
+    private AAA aaa;
+
+    @Before
+    public void setUp() {
+
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    @Test
+    public void basics() {
+
+    }
+
+}

+/*
+ *
+ * Copyright 2015 AT&T Foundry
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.onosproject.aaa;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+
+public class StateMachineTest {
+    StateMachine stateMachine = null;
+
+    @Before
+    public void setUp() {
+        System.out.println("Set Up.");
+        StateMachine.bitSet.clear();
+        stateMachine = new StateMachine("session0", null);
+    }
+
+    @After
+    public void tearDown() {
+        System.out.println("Tear Down.");
+        StateMachine.bitSet.clear();
+        stateMachine = null;
+    }
+
+    @Test
+    /**
+     * Test all the basic inputs from state to state: IDLE -> STARTED -> PENDING -> AUTHORIZED -> IDLE
+     */
+    public void basic() throws StateMachineException {
+        System.out.println("======= BASIC =======.");
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
+
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+    }
+
+    @Test
+    /**
+     * Test all inputs from an IDLE state (starting with the ones that are not impacting the current state)
+     */
+    public void testIdleState() throws StateMachineException {
+        System.out.println("======= IDLE STATE TEST =======.");
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+
+        stateMachine.denyAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
+    }
+
+    @Test
+    /**
+     * Test all inputs from an STARTED state (starting with the ones that are not impacting the current state)
+     */
+    public void testStartedState() throws StateMachineException {
+        System.out.println("======= STARTED STATE TEST =======.");
+        stateMachine.start();
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
+
+        stateMachine.denyAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_STARTED);
+
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+    }
+
+    @Test
+    /**
+     * Test all inputs from a PENDING state (starting with the ones that are not impacting the current state).
+     * The next valid state for this test is AUTHORIZED
+     */
+    public void testPendingStateToAuthorized() throws StateMachineException {
+        System.out.println("======= PENDING STATE TEST (AUTHORIZED) =======.");
+        stateMachine.start();
+        stateMachine.requestAccess();
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+
+        stateMachine.denyAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+    }
+
+    @Test
+    /**
+     * Test all inputs from an PENDING state (starting with the ones that are not impacting the current state).
+     * The next valid state for this test is UNAUTHORIZED
+     */
+    public void testPendingStateToUnauthorized() throws StateMachineException {
+        System.out.println("======= PENDING STATE TEST (DENIED) =======.");
+        stateMachine.start();
+        stateMachine.requestAccess();
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_PENDING);
+
+        stateMachine.denyAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
+    }
+
+    @Test
+    /**
+     * Test all inputs from an AUTHORIZED state (starting with the ones that are not impacting the current state).
+     */
+    public void testAuthorizedState() throws StateMachineException {
+        System.out.println("======= AUTHORIZED STATE TEST =======.");
+        stateMachine.start();
+        stateMachine.requestAccess();
+        stateMachine.authorizeAccess();
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+
+        stateMachine.denyAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_AUTHORIZED);
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+    }
+
+    @Test
+    /**
+     * Test all inputs from an UNAUTHORIZED state (starting with the ones that are not impacting the current state).
+     */
+    public void testUnauthorizedState() throws StateMachineException {
+        System.out.println("======= UNAUTHORIZED STATE TEST =======.");
+        stateMachine.start();
+        stateMachine.requestAccess();
+        stateMachine.denyAccess();
+
+        stateMachine.start();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
+
+        stateMachine.requestAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
+
+        stateMachine.authorizeAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
+
+        stateMachine.denyAccess();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_UNAUTHORIZED);
+
+        stateMachine.logoff();
+        Assert.assertEquals(stateMachine.getState(), StateMachine.STATE_IDLE);
+    }
+
+
+    @Test
+    public void testIdentifierAvailability() throws StateMachineException {
+        System.out.println("======= IDENTIFIER TEST =======.");
+        byte identifier = stateMachine.getIdentifier();
+        System.out.println("State: " + stateMachine.getState());
+        System.out.println("Identifier: " + Byte.toUnsignedInt(identifier));
+        Assert.assertEquals(-1, identifier);
+        stateMachine.start();
+
+
+        StateMachine sm247 = null;
+        StateMachine sm3 = null;
+
+
+        //create 255 others state machines
+        for (int i = 1; i <= 255; i++) {
+                StateMachine sm = new StateMachine("session" + i, null);
+                sm.start();
+                byte id = sm.getIdentifier();
+                Assert.assertEquals(i, Byte.toUnsignedInt(id));
+                if (i == 3) {
+                    sm3 = sm;
+                    System.out.println("SM3: " + sm3.toString());
+                }
+                if (i == 247) {
+                    sm247 = sm;
+                    System.out.println("SM247: " + sm247.toString());
+                }
+        }
+
+        //simulate the state machine for a specific session and logoff so we can free up a spot for an identifier
+        //let's choose identifier 247 then we free up 3
+        sm247.requestAccess();
+        sm247.authorizeAccess();
+        sm247.logoff();
+        sm247 = null;
+
+        sm3.requestAccess();
+        sm3.authorizeAccess();
+        sm3.logoff();
+        sm3 = null;
+
+        StateMachine otherSM3 = new StateMachine("session3b", null);
+        otherSM3.start();
+        otherSM3.requestAccess();
+        byte id3 = otherSM3.getIdentifier();
+        Assert.assertEquals(3, Byte.toUnsignedInt(id3));
+
+        StateMachine otherSM247 = new StateMachine("session247b", null);
+        otherSM247.start();
+        otherSM247.requestAccess();
+        byte id247 = otherSM247.getIdentifier();
+        Assert.assertEquals(247, Byte.toUnsignedInt(id247));
+
+    }
+}

@@ -32,6 +32,7 @@
     <description>ONOS sample applications</description>
     <description>ONOS sample applications</description>
 
 
     <modules>
     <modules>
+        <module>aaa</module>
         <module>fwd</module>
         <module>fwd</module>
         <module>mobility</module>
         <module>mobility</module>
         <module>proxyarp</module>
         <module>proxyarp</module>