Class SRP6Session

java.lang.Object
de.bsvrz.sys.funclib.srp6.SRP6Session
All Implemented Interfaces:
java.io.Serializable
Direct Known Subclasses:
SRP6ClientSession, SRP6ServerSession

public abstract class SRP6Session
extends java.lang.Object
implements java.io.Serializable
The base abstract class for client and server-side Secure Remote Password (SRP-6a) authentication sessions.
See Also:
Serialized Form
  • Field Summary

    Fields
    Modifier and Type Field Description
    protected java.math.BigInteger A
    The client public value 'A'.
    protected java.math.BigInteger B
    The server public value 'B'.
    protected ClientEvidenceRoutine clientEvidenceRoutine
    Custom routine for the client evidence message 'M1' computation.
    protected SRP6CryptoParams config
    The crypto configuration.
    protected URoutine hashedKeysRoutine
    Custom routine for the hashed keys 'u' computation.
    protected java.math.BigInteger k
    The multiplier 'k'.
    protected long lastActivity
    The last activity timestamp, from System.currentTimeMillis().
    protected java.math.BigInteger M1
    The client evidence message 'M1'.
    protected java.math.BigInteger M2
    The server evidence message 'M2'.
    protected java.security.SecureRandom random
    Source of randomness.
    protected java.math.BigInteger s
    The password salt 's'.
    protected java.math.BigInteger S
    The shared session key 'S'.
    protected ServerEvidenceRoutine serverEvidenceRoutine
    Custom routine for the server evidence message 'M2' computation.
    protected SRP6Routines srp6Routines  
    protected int timeout
    The SRP-6a authentication session timeout in seconds.
    protected java.math.BigInteger u
    The random scrambling parameter 'u'.
    protected java.lang.String userID
    The identity 'I' of the authenticating user.
  • Constructor Summary

    Constructors
    Constructor Description
    SRP6Session()
    Creates a new SRP-6a authentication session, session timeouts are disabled.
    SRP6Session​(int timeout)
    Creates a new SRP-6a authentication session.
    SRP6Session​(int timeout, SRP6Routines srp6Routines)
    Creates a new SRP-6a authentication session.
  • Method Summary

    Modifier and Type Method Description
    java.lang.Object getAttribute​(java.lang.String key)
    Gets a session attribute.
    java.math.BigInteger getClientEvidenceMessage()
    Gets the client evidence message 'M1'.
    ClientEvidenceRoutine getClientEvidenceRoutine()
    Gets the custom routine to compute the client evidence message 'M1'.
    SRP6CryptoParams getCryptoParams()
    Gets the SRP-6a crypto parameters for this session.
    URoutine getHashedKeysRoutine()
    Gets the custom routine to compute hashed keys 'u' a 'H(A | B)'.
    long getLastActivityTime()
    Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).
    java.math.BigInteger getPublicClientValue()
    Gets the public client value 'A'.
    java.math.BigInteger getPublicServerValue()
    Gets the public server value 'B'.
    java.math.BigInteger getSalt()
    Gets the password salt 's'.
    java.math.BigInteger getServerEvidenceMessage()
    Gets the server evidence message 'M2'.
    ServerEvidenceRoutine getServerEvidenceRoutine()
    Gets the custom routine to compute the server evidence message 'M2'.
    java.math.BigInteger getSessionKey()
    Gets the shared session key 'S'
    byte[] getSessionKeyHash()
    Gets the hash of the shared session key H(S).
    int getTimeout()
    Gets the SRP-6a authentication session timeout.
    java.lang.String getUserID()
    Gets the identity 'I' of the authenticating user.
    boolean hasTimedOut()
    Returns true if the session has timed out, based on the timeout configuration and the last activity timestamp.
    void setAttribute​(java.lang.String key, java.lang.Object value)
    Sets a session attribute.
    void setClientEvidenceRoutine​(ClientEvidenceRoutine routine)
    Sets a custom routine to compute the client evidence message 'M1'.
    void setHashedKeysRoutine​(URoutine hashedKeysRoutine)
    Sets a custom routine to compute hashed keys 'u' a 'H(A | B)'.
    void setServerEvidenceRoutine​(ServerEvidenceRoutine routine)
    Sets a custom routine to compute the server evidence message 'M2'.
    protected void updateLastActivityTime()
    Updates the last activity timestamp.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Field Details

    • srp6Routines

      protected final SRP6Routines srp6Routines
    • config

      protected SRP6CryptoParams config
      The crypto configuration.
    • random

      protected java.security.SecureRandom random
      Source of randomness.
    • timeout

      protected final int timeout
      The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. Zero implies no timeout.
    • lastActivity

      protected long lastActivity
      The last activity timestamp, from System.currentTimeMillis().
    • userID

      protected java.lang.String userID
      The identity 'I' of the authenticating user.
    • s

      protected java.math.BigInteger s
      The password salt 's'.
    • A

      protected java.math.BigInteger A
      The client public value 'A'.
    • B

      protected java.math.BigInteger B
      The server public value 'B'.
    • u

      protected java.math.BigInteger u
      The random scrambling parameter 'u'.
    • k

      protected java.math.BigInteger k
      The multiplier 'k'.
    • S

      protected java.math.BigInteger S
      The shared session key 'S'.
    • M1

      protected java.math.BigInteger M1
      The client evidence message 'M1'.
    • M2

      protected java.math.BigInteger M2
      The server evidence message 'M2'.
    • clientEvidenceRoutine

      protected ClientEvidenceRoutine clientEvidenceRoutine
      Custom routine for the client evidence message 'M1' computation.
    • serverEvidenceRoutine

      protected ServerEvidenceRoutine serverEvidenceRoutine
      Custom routine for the server evidence message 'M2' computation.
    • hashedKeysRoutine

      protected URoutine hashedKeysRoutine
      Custom routine for the hashed keys 'u' computation.
  • Constructor Details

    • SRP6Session

      public SRP6Session​(int timeout, SRP6Routines srp6Routines)
      Creates a new SRP-6a authentication session.
      Parameters:
      timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
      srp6Routines - The math routines to use.
    • SRP6Session

      public SRP6Session​(int timeout)
      Creates a new SRP-6a authentication session.
      Parameters:
      timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.
    • SRP6Session

      public SRP6Session()
      Creates a new SRP-6a authentication session, session timeouts are disabled. The default math routines are used.
  • Method Details

    • updateLastActivityTime

      protected void updateLastActivityTime()
      Updates the last activity timestamp.
    • getLastActivityTime

      public long getLastActivityTime()
      Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).
      Returns:
      The last activity timestamp.
    • hasTimedOut

      public boolean hasTimedOut()
      Returns true if the session has timed out, based on the timeout configuration and the last activity timestamp.
      Returns:
      true if the session has timed out, else false.
    • getCryptoParams

      public SRP6CryptoParams getCryptoParams()
      Gets the SRP-6a crypto parameters for this session.
      Returns:
      The SRP-6a crypto parameters, null if undefined.
    • getUserID

      public java.lang.String getUserID()
      Gets the identity 'I' of the authenticating user.
      Returns:
      The user identity 'I', null if undefined.
    • getTimeout

      public int getTimeout()
      Gets the SRP-6a authentication session timeout.
      Returns:
      The SRP-6a authentication session timeout, in seconds. Zero implies to timeout.
    • setClientEvidenceRoutine

      public void setClientEvidenceRoutine​(ClientEvidenceRoutine routine)
      Sets a custom routine to compute the client evidence message 'M1'. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_2 or SRP6ServerSession.State.STEP_2.
      Parameters:
      routine - The client evidence message 'M1' routine or null to use the default SRP6Routines.computeClientEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger).
    • getClientEvidenceRoutine

      public ClientEvidenceRoutine getClientEvidenceRoutine()
      Gets the custom routine to compute the client evidence message 'M1'.
      Returns:
      The routine instance or null if the default SRP6Routines.computeClientEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger) is used.
    • setServerEvidenceRoutine

      public void setServerEvidenceRoutine​(ServerEvidenceRoutine routine)
      Sets a custom routine to compute the server evidence message 'M2'. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_3 or SRP6ServerSession.State.STEP_2.
      Parameters:
      routine - The server evidence message 'M2' routine or null to use the default SRP6Routines.computeServerEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger).
    • getServerEvidenceRoutine

      public ServerEvidenceRoutine getServerEvidenceRoutine()
      Gets the custom routine to compute the server evidence message 'M2'.
      Returns:
      The routine instance or null if the default SRP6Routines.computeServerEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger) is used.
    • getHashedKeysRoutine

      public URoutine getHashedKeysRoutine()
      Gets the custom routine to compute hashed keys 'u' a 'H(A | B)'.
      Returns:
      The routine instance or null if the default SRP6Routines.computeU(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger) is to be used.
    • setHashedKeysRoutine

      public void setHashedKeysRoutine​(URoutine hashedKeysRoutine)
      Sets a custom routine to compute hashed keys 'u' a 'H(A | B)'. Note that the custom routine must be set prior to SRP6ServerSession.State.STEP_2.
      Parameters:
      hashedKeysRoutine - The hashed keys 'u' routine or null to use the default SRP6Routines.computeU(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger).
    • getSalt

      public java.math.BigInteger getSalt()
      Gets the password salt 's'.
      Returns:
      The salt 's' if available, else null.
    • getPublicClientValue

      public java.math.BigInteger getPublicClientValue()
      Gets the public client value 'A'.
      Returns:
      The public client value 'A' if available, else null.
    • getPublicServerValue

      public java.math.BigInteger getPublicServerValue()
      Gets the public server value 'B'.
      Returns:
      The public server value 'B' if available, else null.
    • getClientEvidenceMessage

      public java.math.BigInteger getClientEvidenceMessage()
      Gets the client evidence message 'M1'.
      Returns:
      The client evidence message 'M1' if available, else null.
    • getServerEvidenceMessage

      public java.math.BigInteger getServerEvidenceMessage()
      Gets the server evidence message 'M2'.
      Returns:
      The server evidence message 'M2' if available, else null.
    • getSessionKey

      public java.math.BigInteger getSessionKey()
      Gets the shared session key 'S'
      Returns:
      The shared session key 'S'. null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.
    • getSessionKeyHash

      public byte[] getSessionKeyHash()
      Gets the hash of the shared session key H(S).
      Returns:
      The hash of the shared session key H(S). null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.
    • setAttribute

      public void setAttribute​(java.lang.String key, java.lang.Object value)
      Sets a session attribute. This method can be used to store arbitrary objects with this session and retrieve them later with getAttribute(java.lang.String).
      Parameters:
      key - The attribute key. Must not be null.
      value - The attribute value. May be null.
    • getAttribute

      public java.lang.Object getAttribute​(java.lang.String key)
      Gets a session attribute. This method can be used to retrieve arbitrary objects stored with this session with setAttribute(java.lang.String, java.lang.Object).
      Parameters:
      key - The attribute key. Must not be null.
      Returns:
      The attribute value, null if none was found by the specified key or its value is null.