3.1.5.1.1 Receive AUTH_INFO
The AUTH_INFO message (section 2.2.2.1) MUST be the first message sent on a connection, and MUST be sent only by the connection's initiator.
If the AUTH_INFO message is received in any state other than IN_CONN_STATE_ACCEPTED or from the connection's responder, the connection MUST be terminated.
The following steps MUST be taken to validate the AUTH_INFO message:
The Message Size MUST be verified to be at least 0x10.
The Connection Type MUST be verified to be either 0x01 or 0x02.
The offsets MUST be verified to satisfy the following conditions:
Graph ID Offset is less than Source Peer ID Offset.
Source Peer ID Offset is less than Destination Peer ID Offset.
Destination Peer ID Offset is no greater than Message Size.
The content of the Source Peer ID string MUST NOT be empty.
The content of the Graph ID Data field MUST NOT be empty,
If the value of the Destination Peer ID Offset field is less than the Message Size, the content of the Destination Peer ID field MUST NOT be empty.
The content of the Graph ID field MUST match the Graph ID of the local Node.
If the content of the Destination Peer ID field is not empty it MUST match the Peer ID of the local Node.
If any of the above conditions are not verified or a local Node instance cannot be located, the connection MUST be terminated.
Otherwise, the message MUST be forwarded to the local Node. If a Graph Security Provider is not configured on the local Node instance, the Authentication Timer MUST be canceled and the Connection state MUST be set to IN_CONN_STATE_AUTHENTICATED.
If a Graph Security Provider is configured on the local Node instance:
Connection state MUST be set to IN_CONN_STATE_GOT_AUTHINFO.
The Graph Security Provider MUST be queried for the message to send in response.
If the Graph Security Provider returns an error, the connection MUST be terminated. Otherwise, if the Graph Security Provider supplies a message to send in response, the message MUST be sent.
If the Graph Security Provider indicates that the security negotiation is completed, then the Connection state MUST be set to IN_CONN_STATE_AUTHENTICATED and the Authentication Timer MUST be canceled.
If the Graph Security Provider indicates that the security negotiation is not completed, the state of the Connection MUST NOT be changed and any message received MUST be forwarded to the Graph Security Provider.