GUACAMOLE-197: Convert state to Hex string to avoid encoding issues.

extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/AuthenticationProviderService.java

@@ -21,8 +21,10 @@
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import java.nio.charset.Charset;
 import java.util.Arrays;
 import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.DatatypeConverter;
 import org.apache.guacamole.auth.radius.user.AuthenticatedUser;
 import org.apache.guacamole.auth.radius.form.RadiusChallengeResponseField;
 import org.apache.guacamole.auth.radius.form.RadiusStateField;
@@ -97,7 +99,7 @@ private CredentialsInfo getRadiusChallenge(RadiusPacket challengePacket) {
 
         // We have the required attributes - convert to strings and then generate the additional login box/field
         String replyMsg = replyAttr.toString();
-        String radiusState = new String(stateAttr.getValue().getBytes());
+        String radiusState = javax.xml.bind.DatatypeConverter.printHexBinary(stateAttr.getValue().getBytes());
         Field radiusResponseField = new RadiusChallengeResponseField(replyMsg);
         Field radiusStateField = new RadiusStateField(radiusState);
 
@@ -155,9 +157,10 @@ public AuthenticatedUser authenticateUser(Credentials credentials)
         // This is a response to a previous challenge, authenticate with that.
         else {
             try {
+                byte[] stateBytes = javax.xml.bind.DatatypeConverter.parseHexBinary(request.getParameter(RadiusStateField.PARAMETER_NAME));
                 radPack = radiusService.sendChallengeResponse(credentials.getUsername(),
                                                      challengeResponse,
-                                                     request.getParameter(RadiusStateField.PARAMETER_NAME));
+                                                     stateBytes);
             }
             catch (GuacamoleException e) {
                 logger.error("Cannot configure RADIUS server: {}", e.getMessage());

extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusConnectionService.java

@@ -187,7 +187,7 @@ private RadiusAuthenticator setupRadiusAuthenticator(RadiusClient radiusClient)
      * @throws GuacamoleException
      *     If an error occurs while talking to the server.
      */
-    public RadiusPacket authenticate(String username, String secret, String state)
+    public RadiusPacket authenticate(String username, String secret, byte[] state)
             throws GuacamoleException {
 
         // If a username wasn't passed, we quit
@@ -219,7 +219,7 @@ public RadiusPacket authenticate(String username, String secret, String state)
         try {
             AttributeList radAttrs = new AttributeList();
             radAttrs.add(new Attr_UserName(username));
-            if (state != null && !state.isEmpty())
+            if (state != null && state.length > 0)
                 radAttrs.add(new Attr_State(state));
             radAttrs.add(new Attr_UserPassword(secret));
             radAttrs.add(new Attr_CleartextPassword(secret));
@@ -282,15 +282,15 @@ public RadiusPacket authenticate(String username, String secret, String state)
      * @throws GuacamoleException
      *     If an error is encountered trying to talk to the RADIUS server.
      */
-    public RadiusPacket sendChallengeResponse(String username, String response, String state)
+    public RadiusPacket sendChallengeResponse(String username, String response, byte[] state)
             throws GuacamoleException {
 
         if (username == null || username.isEmpty()) {
             logger.error("Challenge/response to RADIUS requires a username.");
             return null;
         }
 
-        if (state == null || state.isEmpty()) {
+        if (state == null || state.length < 1) {
             logger.error("Challenge/response to RADIUS requires a prior state.");
             return null;
         }