try to make this work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/radius/eap/protocol/context.go

@@ -19,6 +19,8 @@ type Context interface {
 
 	ProtocolSettings() interface{}
 
+	ForInnerProtocol(p Type) Context
+
 	StateForProtocol(p Type) interface{}
 	GetProtocolState() interface{}
 	SetProtocolState(interface{})

internal/outpost/radius/eap/protocol/eap/payload.go

@@ -47,7 +47,7 @@ func (packet *Payload) Decode(raw []byte) error {
 	if packet.Payload == nil {
 		return nil
 	}
-	log.WithField("raw", debug.FormatBytes(raw)).WithField("payload", fmt.Sprintf("%T", packet.Payload)).Debug("EAP: decode raw")
+	log.WithField("raw", debug.FormatBytes(raw)).WithField("payload", fmt.Sprintf("%T", packet.Payload)).Trace("EAP: decode raw")
 	err := packet.Payload.Decode(raw[5:])
 	if err != nil {
 		return err

internal/outpost/radius/eap/protocol/packet.go

@@ -8,6 +8,10 @@ type Payload interface {
 	Offerable() bool
 }
 
+type Inner interface {
+	HasInner() Payload
+}
+
 type Type uint8
 
 type Code uint8

internal/outpost/radius/eap/protocol/peap/payload.go

@@ -21,33 +21,55 @@ func Protocol() protocol.Payload {
 
 type Payload struct {
 	Inner protocol.Payload
+
+	eap *eap.Payload
+	st  *State
+	raw []byte
 }
 
 func (p *Payload) Type() protocol.Type {
 	return TypePEAP
 }
 
+func (p *Payload) HasInner() protocol.Payload {
+	return p.Inner
+}
+
 func (p *Payload) Decode(raw []byte) error {
 	log.WithField("raw", debug.FormatBytes(raw)).Debug("PEAP: Decode")
+	p.raw = raw
 	return nil
 }
 
 func (p *Payload) Encode() ([]byte, error) {
-	log.Debug("PEAP: Encode")
-	return []byte{}, nil
+	return p.eap.Encode()
 }
 
 func (p *Payload) Handle(ctx protocol.Context) protocol.Payload {
+	defer func() {
+		ctx.SetProtocolState(p.st)
+	}()
+
 	eapState := ctx.StateForProtocol(eap.TypeEAP).(*eap.State)
-	if !ctx.IsProtocolStart() {
+
+	if ctx.IsProtocolStart() {
 		ctx.Log().Debug("PEAP: Protocol start")
+		p.st = &State{}
 		return &eap.Payload{
 			Code:    protocol.CodeRequest,
-			ID:      eapState.PacketID,
+			ID:      eapState.PacketID + 1,
 			MsgType: identity.TypeIdentity,
 			Payload: &identity.Payload{},
 		}
 	}
+	p.st = ctx.GetProtocolState().(*State)
+
+	ep := &eap.Payload{}
+	err := ep.Decode(p.raw)
+	if err != nil {
+		ctx.Log().WithError(err).Warning("PEAP: failed to decode inner EAP")
+		return &Payload{}
+	}
 	return &Payload{}
 }
 

internal/outpost/radius/eap/protocol/peap/state.go

@@ -0,0 +1,4 @@
+package peap
+
+type State struct {
+}

internal/outpost/radius/eap/protocol/tls/inner.go

@@ -13,9 +13,16 @@ func (p *Payload) innerHandler(ctx protocol.Context) {
 		ctx.EndInnerProtocol(protocol.StatusError, nil)
 		return
 	}
-	pl := p.Inner.Handle(ctx)
+	pl := p.Inner.Handle(ctx.ForInnerProtocol(p.Inner.Type()))
 	enc, err := pl.Encode()
-	p.st.TLS.Write(enc)
+	if err != nil {
+		ctx.Log().WithError(err).Warning("failed to encode inner protocol")
+	}
+	// p.st.Conn.expectedWriterByteCount = len(enc)
+	_, err = p.st.TLS.Write(enc)
+	if err != nil {
+		ctx.Log().WithError(err).Warning("failed to write to TLS")
+	}
 	// return &Payload{
 	// 	Data: enc,
 	// }

internal/outpost/radius/eap/protocol/tls/payload.go

@@ -36,12 +36,16 @@ type Payload struct {
 }
 
 func (p *Payload) Type() protocol.Type {
-	if p.Inner != nil {
-		return p.Inner.Type()
-	}
+	// if p.inner != nil {
+	// 	return p.inner.Type()
+	// }
 	return TypeTLS
 }
 
+func (p *Payload) HasInner() protocol.Payload {
+	return p.Inner
+}
+
 func (p *Payload) Offerable() bool {
 	return true
 }
@@ -58,7 +62,7 @@ func (p *Payload) Decode(raw []byte) error {
 	} else {
 		p.Data = raw[0:]
 	}
-	log.WithField("raw", debug.FormatBytes(p.Data)).WithField("size", len(p.Data)).WithField("flags", p.Flags).Debug("TLS: decode raw")
+	log.WithField("raw", debug.FormatBytes(p.Data)).WithField("size", len(p.Data)).WithField("flags", p.Flags).Trace("TLS: decode raw")
 	return nil
 }