Class SRP6ClientSession

  • All Implemented Interfaces:
    java.io.Serializable

    public class SRP6ClientSession
    extends SRP6Session
    implements java.io.Serializable
    Stateful client-side Secure Remote Password (SRP-6a) authentication session. Handles the computing and storing of SRP-6a variables between the protocol steps as well as timeouts.

    Usage:

    • Create a new SRP-6a client session for each authentication attempt.
    • If you wish to use custom routines for the password key 'x', the server evidence message 'M1', and / or the client evidence message 'M2' specify them at this point.
    • Proceed to step one by recording the input user identity 'I' (submitted to the server) and password 'P'.
    • Proceed to step two on receiving the password salt 's' and the public server value 'B' from the server. At this point the SRP-6a crypto parameters 'N', 'g' and 'H' must also be specified. These can either be agreed in advance between server and client or suggested by the server in its step one response.
    • Proceed to step three on receiving the server evidence message 'M2'.
    See Also:
    Serialized Form
    • Constructor Detail

      • SRP6ClientSession

        public SRP6ClientSession​(int timeout)
        Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT.
        Parameters:
        timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
      • SRP6ClientSession

        public SRP6ClientSession()
        Creates a new client-side SRP-6a authentication session and sets its state to SRP6ClientSession.State.INIT. Session timeouts are disabled.
    • Method Detail

      • setXRoutine

        public void setXRoutine​(XRoutine routine)
        Sets a custom routine for the password key 'x' computation. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_2.
        Parameters:
        routine - The password key 'x' routine or null to use the default one instead.
      • getXRoutine

        public XRoutine getXRoutine()
        Gets the custom routine for the password key 'x' computation.
        Returns:
        The routine instance or null if the default default one is used.
      • step1

        public void step1​(java.lang.String userID,
                          java.lang.String password)
        Records the identity 'I' and password 'P' of the authenticating user. The session is incremented to SRP6ClientSession.State.STEP_1.

        Argument origin:

        • From user: user identity 'I' and password 'P'.
        Parameters:
        userID - The identity 'I' of the authenticating user, UTF-8 encoded. Must not be null or empty.
        password - The user password 'P', UTF-8 encoded. Must not be null.
        Throws:
        java.lang.IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.INIT.
      • step2

        public SRP6ClientCredentials step2​(SRP6CryptoParams config,
                                           java.math.BigInteger s,
                                           java.math.BigInteger B)
                                    throws SRP6Exception
        Receives the password salt 's' and public value 'B' from the server. The SRP-6a crypto parameters are also set. The session is incremented to SRP6ClientSession.State.STEP_2.

        Argument origin:

        • From server: password salt 's', public value 'B'.
        • From server or pre-agreed: crypto parameters prime 'N', generator 'g' and hash function 'H'.
        Parameters:
        config - The SRP-6a crypto parameters. Must not be null.
        s - The password salt 's'. Must not be null.
        B - The public server value 'B'. Must not be null.
        Returns:
        The client credentials consisting of the client public key 'A' and the client evidence message 'M1'.
        Throws:
        java.lang.IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_1.
        SRP6Exception - If the session has timed out or the public server value 'B' is invalid.
      • step3

        public void step3​(java.math.BigInteger M2)
                   throws SRP6Exception
        Receives the server evidence message 'M1'. The session is incremented to SRP6ClientSession.State.STEP_3.

        Argument origin:

        • From server: evidence message 'M2'.
        Parameters:
        M2 - The server evidence message 'M2'. Must not be null.
        Throws:
        java.lang.IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_2.
        SRP6Exception - If the session has timed out or the server evidence message 'M2' is invalid.
      • getState

        public SRP6ClientSession.State getState()
        Returns the current state of this SRP-6a authentication session.
        Returns:
        The current state.