Class SRP6Session

  • All Implemented Interfaces:
    java.io.Serializable
    Direct Known Subclasses:
    SRP6ClientSession, SRP6ServerSession

    public abstract class SRP6Session
    extends java.lang.Object
    implements java.io.Serializable
    The base abstract class for client and server-side Secure Remote Password (SRP-6a) authentication sessions.
    See Also:
    Serialized Form
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected java.math.BigInteger A
      The client public value 'A'.
      protected java.math.BigInteger B
      The server public value 'B'.
      protected ClientEvidenceRoutine clientEvidenceRoutine
      Custom routine for the client evidence message 'M1' computation.
      protected SRP6CryptoParams config
      The crypto configuration.
      protected URoutine hashedKeysRoutine
      Custom routine for the hashed keys 'u' computation.
      protected java.math.BigInteger k
      The multiplier 'k'.
      protected long lastActivity
      The last activity timestamp, from System.currentTimeMillis().
      protected java.math.BigInteger M1
      The client evidence message 'M1'.
      protected java.math.BigInteger M2
      The server evidence message 'M2'.
      protected java.security.SecureRandom random
      Source of randomness.
      protected java.math.BigInteger s
      The password salt 's'.
      protected java.math.BigInteger S
      The shared session key 'S'.
      protected ServerEvidenceRoutine serverEvidenceRoutine
      Custom routine for the server evidence message 'M2' computation.
      protected SRP6Routines srp6Routines  
      protected int timeout
      The SRP-6a authentication session timeout in seconds.
      protected java.math.BigInteger u
      The random scrambling parameter 'u'.
      protected java.lang.String userID
      The identity 'I' of the authenticating user.
    • Constructor Summary

      Constructors 
      Constructor Description
      SRP6Session()
      Creates a new SRP-6a authentication session, session timeouts are disabled.
      SRP6Session​(int timeout)
      Creates a new SRP-6a authentication session.
      SRP6Session​(int timeout, SRP6Routines srp6Routines)
      Creates a new SRP-6a authentication session.
    • Field Detail

      • random

        protected java.security.SecureRandom random
        Source of randomness.
      • timeout

        protected final int timeout
        The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. Zero implies no timeout.
      • lastActivity

        protected long lastActivity
        The last activity timestamp, from System.currentTimeMillis().
      • userID

        protected java.lang.String userID
        The identity 'I' of the authenticating user.
      • s

        protected java.math.BigInteger s
        The password salt 's'.
      • A

        protected java.math.BigInteger A
        The client public value 'A'.
      • B

        protected java.math.BigInteger B
        The server public value 'B'.
      • u

        protected java.math.BigInteger u
        The random scrambling parameter 'u'.
      • k

        protected java.math.BigInteger k
        The multiplier 'k'.
      • S

        protected java.math.BigInteger S
        The shared session key 'S'.
      • M1

        protected java.math.BigInteger M1
        The client evidence message 'M1'.
      • M2

        protected java.math.BigInteger M2
        The server evidence message 'M2'.
      • clientEvidenceRoutine

        protected ClientEvidenceRoutine clientEvidenceRoutine
        Custom routine for the client evidence message 'M1' computation.
      • serverEvidenceRoutine

        protected ServerEvidenceRoutine serverEvidenceRoutine
        Custom routine for the server evidence message 'M2' computation.
      • hashedKeysRoutine

        protected URoutine hashedKeysRoutine
        Custom routine for the hashed keys 'u' computation.
    • Constructor Detail

      • SRP6Session

        public SRP6Session​(int timeout,
                           SRP6Routines srp6Routines)
        Creates a new SRP-6a authentication session.
        Parameters:
        timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
        srp6Routines - The math routines to use.
      • SRP6Session

        public SRP6Session​(int timeout)
        Creates a new SRP-6a authentication session.
        Parameters:
        timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
      • SRP6Session

        public SRP6Session()
        Creates a new SRP-6a authentication session, session timeouts are disabled. The default math routines are used.
    • Method Detail

      • updateLastActivityTime

        protected void updateLastActivityTime()
        Updates the last activity timestamp.
      • getLastActivityTime

        public long getLastActivityTime()
        Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).
        Returns:
        The last activity timestamp.
      • hasTimedOut

        public boolean hasTimedOut()
        Returns true if the session has timed out, based on the timeout configuration and the last activity timestamp.
        Returns:
        true if the session has timed out, else false.
      • getCryptoParams

        public SRP6CryptoParams getCryptoParams()
        Gets the SRP-6a crypto parameters for this session.
        Returns:
        The SRP-6a crypto parameters, null if undefined.
      • getUserID

        public java.lang.String getUserID()
        Gets the identity 'I' of the authenticating user.
        Returns:
        The user identity 'I', null if undefined.
      • getTimeout

        public int getTimeout()
        Gets the SRP-6a authentication session timeout.
        Returns:
        The SRP-6a authentication session timeout, in seconds. Zero implies to timeout.
      • getSalt

        public java.math.BigInteger getSalt()
        Gets the password salt 's'.
        Returns:
        The salt 's' if available, else null.
      • getPublicClientValue

        public java.math.BigInteger getPublicClientValue()
        Gets the public client value 'A'.
        Returns:
        The public client value 'A' if available, else null.
      • getPublicServerValue

        public java.math.BigInteger getPublicServerValue()
        Gets the public server value 'B'.
        Returns:
        The public server value 'B' if available, else null.
      • getClientEvidenceMessage

        public java.math.BigInteger getClientEvidenceMessage()
        Gets the client evidence message 'M1'.
        Returns:
        The client evidence message 'M1' if available, else null.
      • getServerEvidenceMessage

        public java.math.BigInteger getServerEvidenceMessage()
        Gets the server evidence message 'M2'.
        Returns:
        The server evidence message 'M2' if available, else null.
      • getSessionKey

        public java.math.BigInteger getSessionKey()
        Gets the shared session key 'S'
        Returns:
        The shared session key 'S'. null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.
      • getSessionKeyHash

        public byte[] getSessionKeyHash()
        Gets the hash of the shared session key H(S).
        Returns:
        The hash of the shared session key H(S). null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.
      • setAttribute

        public void setAttribute​(java.lang.String key,
                                 java.lang.Object value)
        Sets a session attribute. This method can be used to store arbitrary objects with this session and retrieve them later with getAttribute(java.lang.String).
        Parameters:
        key - The attribute key. Must not be null.
        value - The attribute value. May be null.
      • getAttribute

        public java.lang.Object getAttribute​(java.lang.String key)
        Gets a session attribute. This method can be used to retrieve arbitrary objects stored with this session with setAttribute(java.lang.String, java.lang.Object).
        Parameters:
        key - The attribute key. Must not be null.
        Returns:
        The attribute value, null if none was found by the specified key or its value is null.