Message-Authenticator validation missing for Radius Response in ONOS AAA App

As per RFC 2869 Section 5.14 describing Message-Authenticator attribute, the Request Authenticator header value should be used for generation of HMAC-MD5 hash for both Radius Access-request (client to server) and Radius Access-Challenge/Access-Accept/Access-Reject response (server to client). However, there is a flaw/missing part in RADIUS.checkMessageAuthenticator() method of base RADIUS implementation used in ONOS AAA application, which works fine only for Radius Request as it uses current value of Authenticator header for HMAC-MD5 calculation. This does not work correctly for validating Message-Authenticator attribute received in Radius Response (Access-Challenge/Accept/Reject) received by AAA application because the earlier sent value of Authentication header (not the current one received in Response) should be used for HMAC-MD5 calculation. This is causing failure of Message Authentication check for each Radius response and its counter is increasing everytime. Fix the issue by using the Request Authenticator value saved in State Machine for this check.