Package de.bsvrz.sys.funclib.srp6
Class SRP6ServerSession
java.lang.Object
de.bsvrz.sys.funclib.srp6.SRP6Session
de.bsvrz.sys.funclib.srp6.SRP6ServerSession
- All Implemented Interfaces:
Serializable
Stateful server-side Secure Remote Password (SRP-6a) authentication session.
Handles the computing and storing of SRP-6a variables between the protocol
steps as well as timeouts.
Usage:
- Create a new SRP-6a server session for each client authentication attempt.
- If you wish to use custom routines for the server evidence message 'M1' and / or the client evidence message 'M2' specify them at this point.
- Proceed to
step one
on receiving a valid user identity 'I' from the authenticating client. Respond with the server public value 'B' and password salt 's'. If the SRP-6a crypto parameters 'N', 'g' and 'H' were not agreed in advance between server and client append them to the response. - Proceed to
step two
on receiving the public client value 'A' and evidence message 'M1'. If the client credentials are valid signal success and return the server evidence message 'M2'. The established session key 'S' may beretrieved
to encrypt further communication with the client. Else signal an authentication failure to the client.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enum
Enumerates the states of a server-side SRP-6a authentication session. -
Field Summary
Fields inherited from class de.bsvrz.sys.funclib.srp6.SRP6Session
A, B, clientEvidenceRoutine, config, hashedKeysRoutine, k, lastActivity, M1, M2, random, s, S, serverEvidenceRoutine, srp6Routines, timeout, u, userID
-
Constructor Summary
ConstructorsConstructorDescriptionSRP6ServerSession
(SRP6CryptoParams config) Creates a new server-side SRP-6a authentication session and sets its state toSRP6ServerSession.State.INIT
.SRP6ServerSession
(SRP6CryptoParams config, int timeout) Creates a new server-side SRP-6a authentication session and sets its state toSRP6ServerSession.State.INIT
. -
Method Summary
Modifier and TypeMethodDescriptiongetState()
Returns the current state of this SRP-6a authentication session.mockStep1
(String userID, BigInteger s, BigInteger v) Increments this SRP-6a authentication session toSRP6ServerSession.State.STEP_1
indicating a non-existing user identity 'I' with mock (simulated) salt 's' and password verifier 'v' values.step1
(String userID, BigInteger s, BigInteger v) Increments this SRP-6a authentication session toSRP6ServerSession.State.STEP_1
.step2
(BigInteger A, BigInteger M1) Increments this SRP-6a authentication session toSRP6ServerSession.State.STEP_2
.Methods inherited from class de.bsvrz.sys.funclib.srp6.SRP6Session
getAttribute, getClientEvidenceMessage, getClientEvidenceRoutine, getCryptoParams, getHashedKeysRoutine, getLastActivityTime, getPublicClientValue, getPublicServerValue, getSalt, getServerEvidenceMessage, getServerEvidenceRoutine, getSessionKey, getSessionKeyHash, getTimeout, getUserID, hasTimedOut, setAttribute, setClientEvidenceRoutine, setHashedKeysRoutine, setServerEvidenceRoutine, updateLastActivityTime
-
Constructor Details
-
SRP6ServerSession
Creates a new server-side SRP-6a authentication session and sets its state toSRP6ServerSession.State.INIT
.- Parameters:
config
- The SRP-6a crypto parameters configuration. Must not benull
.timeout
- The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
-
SRP6ServerSession
Creates a new server-side SRP-6a authentication session and sets its state toSRP6ServerSession.State.INIT
. Session timeouts are disabled.- Parameters:
config
- The SRP-6a crypto parameters configuration. Must not benull
.
-
-
Method Details
-
step1
Increments this SRP-6a authentication session toSRP6ServerSession.State.STEP_1
.Argument origin:
- From client: user identity 'I'.
- From server database: matching salt 's' and password verifier 'v' values.
- Parameters:
userID
- The identity 'I' of the authenticating user. Must not benull
or empty.s
- The password salt 's'. Must not benull
.v
- The password verifier 'v'. Must not benull
.- Returns:
- The server public value 'B'.
- Throws:
IllegalStateException
- If the mehod is invoked in a state other thanSRP6ServerSession.State.INIT
.
-
mockStep1
Increments this SRP-6a authentication session toSRP6ServerSession.State.STEP_1
indicating a non-existing user identity 'I' with mock (simulated) salt 's' and password verifier 'v' values.This method can be used to avoid informing the client at step one that the user identity is bad and throw instead a guaranteed general "bad credentials" SRP-6a exception at step two.
Argument origin:
- From client: user identity 'I'.
- Simulated by server, preferably consistently for the specified identity 'I': salt 's' and password verifier 'v' values.
- Parameters:
userID
- The identity 'I' of the authenticating user. Must not benull
or empty.s
- The password salt 's'. Must not benull
.v
- The password verifier 'v'. Must not benull
.- Returns:
- The server public value 'B'.
- Throws:
IllegalStateException
- If the method is invoked in a state other thanSRP6ServerSession.State.INIT
.
-
step2
Increments this SRP-6a authentication session toSRP6ServerSession.State.STEP_2
.Argument origin:
- From client: public value 'A' and evidence message 'M1'.
- Parameters:
A
- The client public value. Must not benull
.M1
- The client evidence message. Must not benull
.- Returns:
- The server evidence message 'M2'.
- Throws:
SRP6Exception
- If the session has timed out, the client public value 'A' is invalid or the user credentials are invalid.IllegalStateException
- If the method is invoked in a state other thanSRP6ServerSession.State.STEP_1
.
-
getState
Returns the current state of this SRP-6a authentication session.- Returns:
- The current state.
-