Package de.bsvrz.sys.funclib.srp6
Class SRP6Session
- java.lang.Object
-
- de.bsvrz.sys.funclib.srp6.SRP6Session
-
- All Implemented Interfaces:
java.io.Serializable
- Direct Known Subclasses:
SRP6ClientSession
,SRP6ServerSession
public abstract class SRP6Session extends java.lang.Object implements java.io.Serializable
The base abstract class for client and server-side Secure Remote Password (SRP-6a) authentication sessions.- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected java.math.BigInteger
A
The client public value 'A'.protected java.math.BigInteger
B
The server public value 'B'.protected ClientEvidenceRoutine
clientEvidenceRoutine
Custom routine for the client evidence message 'M1' computation.protected SRP6CryptoParams
config
The crypto configuration.protected URoutine
hashedKeysRoutine
Custom routine for the hashed keys 'u' computation.protected java.math.BigInteger
k
The multiplier 'k'.protected long
lastActivity
The last activity timestamp, from System.currentTimeMillis().protected java.math.BigInteger
M1
The client evidence message 'M1'.protected java.math.BigInteger
M2
The server evidence message 'M2'.protected java.security.SecureRandom
random
Source of randomness.protected java.math.BigInteger
s
The password salt 's'.protected java.math.BigInteger
S
The shared session key 'S'.protected ServerEvidenceRoutine
serverEvidenceRoutine
Custom routine for the server evidence message 'M2' computation.protected SRP6Routines
srp6Routines
protected int
timeout
The SRP-6a authentication session timeout in seconds.protected java.math.BigInteger
u
The random scrambling parameter 'u'.protected java.lang.String
userID
The identity 'I' of the authenticating user.
-
Constructor Summary
Constructors Constructor Description SRP6Session()
Creates a new SRP-6a authentication session, session timeouts are disabled.SRP6Session(int timeout)
Creates a new SRP-6a authentication session.SRP6Session(int timeout, SRP6Routines srp6Routines)
Creates a new SRP-6a authentication session.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.Object
getAttribute(java.lang.String key)
Gets a session attribute.java.math.BigInteger
getClientEvidenceMessage()
Gets the client evidence message 'M1'.ClientEvidenceRoutine
getClientEvidenceRoutine()
Gets the custom routine to compute the client evidence message 'M1'.SRP6CryptoParams
getCryptoParams()
Gets the SRP-6a crypto parameters for this session.URoutine
getHashedKeysRoutine()
Gets the custom routine to compute hashed keys 'u' a 'H(A | B)'.long
getLastActivityTime()
Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).java.math.BigInteger
getPublicClientValue()
Gets the public client value 'A'.java.math.BigInteger
getPublicServerValue()
Gets the public server value 'B'.java.math.BigInteger
getSalt()
Gets the password salt 's'.java.math.BigInteger
getServerEvidenceMessage()
Gets the server evidence message 'M2'.ServerEvidenceRoutine
getServerEvidenceRoutine()
Gets the custom routine to compute the server evidence message 'M2'.java.math.BigInteger
getSessionKey()
Gets the shared session key 'S'byte[]
getSessionKeyHash()
Gets the hash of the shared session key H(S).int
getTimeout()
Gets the SRP-6a authentication session timeout.java.lang.String
getUserID()
Gets the identity 'I' of the authenticating user.boolean
hasTimedOut()
Returnstrue
if the session has timed out, based on the timeout configuration and the last activity timestamp.void
setAttribute(java.lang.String key, java.lang.Object value)
Sets a session attribute.void
setClientEvidenceRoutine(ClientEvidenceRoutine routine)
Sets a custom routine to compute the client evidence message 'M1'.void
setHashedKeysRoutine(URoutine hashedKeysRoutine)
Sets a custom routine to compute hashed keys 'u' a 'H(A | B)'.void
setServerEvidenceRoutine(ServerEvidenceRoutine routine)
Sets a custom routine to compute the server evidence message 'M2'.protected void
updateLastActivityTime()
Updates the last activity timestamp.
-
-
-
Field Detail
-
srp6Routines
protected final SRP6Routines srp6Routines
-
config
protected SRP6CryptoParams config
The crypto configuration.
-
random
protected java.security.SecureRandom random
Source of randomness.
-
timeout
protected final int timeout
The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. Zero implies no timeout.
-
lastActivity
protected long lastActivity
The last activity timestamp, from System.currentTimeMillis().
-
userID
protected java.lang.String userID
The identity 'I' of the authenticating user.
-
s
protected java.math.BigInteger s
The password salt 's'.
-
A
protected java.math.BigInteger A
The client public value 'A'.
-
B
protected java.math.BigInteger B
The server public value 'B'.
-
u
protected java.math.BigInteger u
The random scrambling parameter 'u'.
-
k
protected java.math.BigInteger k
The multiplier 'k'.
-
S
protected java.math.BigInteger S
The shared session key 'S'.
-
M1
protected java.math.BigInteger M1
The client evidence message 'M1'.
-
M2
protected java.math.BigInteger M2
The server evidence message 'M2'.
-
clientEvidenceRoutine
protected ClientEvidenceRoutine clientEvidenceRoutine
Custom routine for the client evidence message 'M1' computation.
-
serverEvidenceRoutine
protected ServerEvidenceRoutine serverEvidenceRoutine
Custom routine for the server evidence message 'M2' computation.
-
hashedKeysRoutine
protected URoutine hashedKeysRoutine
Custom routine for the hashed keys 'u' computation.
-
-
Constructor Detail
-
SRP6Session
public SRP6Session(int timeout, SRP6Routines srp6Routines)
Creates a new SRP-6a authentication session.- Parameters:
timeout
- The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.srp6Routines
- The math routines to use.
-
SRP6Session
public SRP6Session(int timeout)
Creates a new SRP-6a authentication session.- Parameters:
timeout
- The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
-
SRP6Session
public SRP6Session()
Creates a new SRP-6a authentication session, session timeouts are disabled. The default math routines are used.
-
-
Method Detail
-
updateLastActivityTime
protected void updateLastActivityTime()
Updates the last activity timestamp.
-
getLastActivityTime
public long getLastActivityTime()
Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).- Returns:
- The last activity timestamp.
-
hasTimedOut
public boolean hasTimedOut()
Returnstrue
if the session has timed out, based on the timeout configuration and the last activity timestamp.- Returns:
true
if the session has timed out, elsefalse
.
-
getCryptoParams
public SRP6CryptoParams getCryptoParams()
Gets the SRP-6a crypto parameters for this session.- Returns:
- The SRP-6a crypto parameters,
null
if undefined.
-
getUserID
public java.lang.String getUserID()
Gets the identity 'I' of the authenticating user.- Returns:
- The user identity 'I',
null
if undefined.
-
getTimeout
public int getTimeout()
Gets the SRP-6a authentication session timeout.- Returns:
- The SRP-6a authentication session timeout, in seconds. Zero implies to timeout.
-
setClientEvidenceRoutine
public void setClientEvidenceRoutine(ClientEvidenceRoutine routine)
Sets a custom routine to compute the client evidence message 'M1'. Note that the custom routine must be set prior toSRP6ClientSession.State.STEP_2
orSRP6ServerSession.State.STEP_2
.- Parameters:
routine
- The client evidence message 'M1' routine ornull
to use the defaultSRP6Routines.computeClientEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger)
.
-
getClientEvidenceRoutine
public ClientEvidenceRoutine getClientEvidenceRoutine()
Gets the custom routine to compute the client evidence message 'M1'.- Returns:
- The routine instance or
null
if the defaultSRP6Routines.computeClientEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger)
is used.
-
setServerEvidenceRoutine
public void setServerEvidenceRoutine(ServerEvidenceRoutine routine)
Sets a custom routine to compute the server evidence message 'M2'. Note that the custom routine must be set prior toSRP6ClientSession.State.STEP_3
orSRP6ServerSession.State.STEP_2
.- Parameters:
routine
- The server evidence message 'M2' routine ornull
to use the defaultSRP6Routines.computeServerEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger)
.
-
getServerEvidenceRoutine
public ServerEvidenceRoutine getServerEvidenceRoutine()
Gets the custom routine to compute the server evidence message 'M2'.- Returns:
- The routine instance or
null
if the defaultSRP6Routines.computeServerEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger)
is used.
-
getHashedKeysRoutine
public URoutine getHashedKeysRoutine()
Gets the custom routine to compute hashed keys 'u' a 'H(A | B)'.- Returns:
- The routine instance or
null
if the defaultSRP6Routines.computeU(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger)
is to be used.
-
setHashedKeysRoutine
public void setHashedKeysRoutine(URoutine hashedKeysRoutine)
Sets a custom routine to compute hashed keys 'u' a 'H(A | B)'. Note that the custom routine must be set prior toSRP6ServerSession.State.STEP_2
.- Parameters:
hashedKeysRoutine
- The hashed keys 'u' routine ornull
to use the defaultSRP6Routines.computeU(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger)
.
-
getSalt
public java.math.BigInteger getSalt()
Gets the password salt 's'.- Returns:
- The salt 's' if available, else
null
.
-
getPublicClientValue
public java.math.BigInteger getPublicClientValue()
Gets the public client value 'A'.- Returns:
- The public client value 'A' if available, else
null
.
-
getPublicServerValue
public java.math.BigInteger getPublicServerValue()
Gets the public server value 'B'.- Returns:
- The public server value 'B' if available, else
null
.
-
getClientEvidenceMessage
public java.math.BigInteger getClientEvidenceMessage()
Gets the client evidence message 'M1'.- Returns:
- The client evidence message 'M1' if available, else
null
.
-
getServerEvidenceMessage
public java.math.BigInteger getServerEvidenceMessage()
Gets the server evidence message 'M2'.- Returns:
- The server evidence message 'M2' if available, else
null
.
-
getSessionKey
public java.math.BigInteger getSessionKey()
Gets the shared session key 'S'- Returns:
- The shared session key 'S'.
null
will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.
-
getSessionKeyHash
public byte[] getSessionKeyHash()
Gets the hash of the shared session key H(S).- Returns:
- The hash of the shared session key H(S).
null
will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.
-
setAttribute
public void setAttribute(java.lang.String key, java.lang.Object value)
Sets a session attribute. This method can be used to store arbitrary objects with this session and retrieve them later withgetAttribute(java.lang.String)
.- Parameters:
key
- The attribute key. Must not benull
.value
- The attribute value. May benull
.
-
getAttribute
public java.lang.Object getAttribute(java.lang.String key)
Gets a session attribute. This method can be used to retrieve arbitrary objects stored with this session withsetAttribute(java.lang.String, java.lang.Object)
.- Parameters:
key
- The attribute key. Must not benull
.- Returns:
- The attribute value,
null
if none was found by the specified key or its value isnull
.
-
-