com.nimbusds.srp6

Class SRP6Session

java.lang.Object

com.nimbusds.srp6.SRP6Session

All Implemented Interfaces:

java.io.Serializable

Direct Known Subclasses:

SRP6ClientSession, SRP6ServerSession

public abstract class SRP6Session
extends java.lang.Object
implements java.io.Serializable

The base abstract class for client and server-side Secure Remote Password (SRP-6a) authentication sessions.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected java.math.BigInteger	A The client public value 'A'.
protected java.math.BigInteger	B The server public value 'B'.
protected ClientEvidenceRoutine	clientEvidenceRoutine Custom routine for the client evidence message 'M1' computation.
protected SRP6CryptoParams	config The crypto configuration.
protected URoutine	hashedKeysRoutine Custom routine for the hashed keys 'u' computation.
protected java.math.BigInteger	k The multiplier 'k'.
protected long	lastActivity The last activity timestamp, from System.currentTimeMillis().
protected java.math.BigInteger	M1 The client evidence message 'M1'.
protected java.math.BigInteger	M2 The server evidence message 'M2'.
protected java.security.SecureRandom	random Source of randomness.
protected java.math.BigInteger	s The password salt 's'.
protected java.math.BigInteger	S The shared session key 'S'.
protected ServerEvidenceRoutine	serverEvidenceRoutine Custom routine for the server evidence message 'M2' computation.
protected SRP6Routines	srp6Routines
protected int	timeout The SRP-6a authentication session timeout in seconds.
protected java.math.BigInteger	u The random scrambling parameter 'u'.
protected java.lang.String	userID The identity 'I' of the authenticating user.

Constructor Summary

Constructors

Constructor and Description
SRP6Session() Creates a new SRP-6a authentication session, session timeouts are disabled.
SRP6Session(int timeout) Creates a new SRP-6a authentication session.
SRP6Session(int timeout, SRP6Routines srp6Routines) Creates a new SRP-6a authentication session.

Method Summary

Modifier and Type	Method and Description
java.lang.Object	getAttribute(java.lang.String key) Gets a session attribute.
java.math.BigInteger	getClientEvidenceMessage() Gets the client evidence message 'M1'.
ClientEvidenceRoutine	getClientEvidenceRoutine() Gets the custom routine to compute the client evidence message 'M1'.
SRP6CryptoParams	getCryptoParams() Gets the SRP-6a crypto parameters for this session.
URoutine	getHashedKeysRoutine() Gets the custom routine to compute hashed keys 'u' a 'H(A | B)'.
long	getLastActivityTime() Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).
java.math.BigInteger	getPublicClientValue() Gets the public client value 'A'.
java.math.BigInteger	getPublicServerValue() Gets the public server value 'B'.
java.math.BigInteger	getSalt() Gets the password salt 's'.
java.math.BigInteger	getServerEvidenceMessage() Gets the server evidence message 'M2'.
ServerEvidenceRoutine	getServerEvidenceRoutine() Gets the custom routine to compute the server evidence message 'M2'.
java.math.BigInteger	getSessionKey() Gets the shared session key 'S'
byte[]	getSessionKeyHash() Gets the hash of the shared session key H(S).
int	getTimeout() Gets the SRP-6a authentication session timeout.
java.lang.String	getUserID() Gets the identity 'I' of the authenticating user.
boolean	hasTimedOut() Returns true if the session has timed out, based on the timeout configuration and the last activity timestamp.
void	setAttribute(java.lang.String key, java.lang.Object value) Sets a session attribute.
void	setClientEvidenceRoutine(ClientEvidenceRoutine routine) Sets a custom routine to compute the client evidence message 'M1'.
void	setHashedKeysRoutine(URoutine hashedKeysRoutine) Sets a custom routine to compute hashed keys 'u' a 'H(A | B)'.
void	setServerEvidenceRoutine(ServerEvidenceRoutine routine) Sets a custom routine to compute the server evidence message 'M2'.
protected void	updateLastActivityTime() Updates the last activity timestamp.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

srp6Routines

protected final SRP6Routines srp6Routines

config

protected SRP6CryptoParams config

The crypto configuration.

random

protected java.security.SecureRandom random

Source of randomness.

timeout

protected final int timeout

The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. Zero implies no timeout.

lastActivity

protected long lastActivity

The last activity timestamp, from System.currentTimeMillis().

userID

protected java.lang.String userID

The identity 'I' of the authenticating user.

s

protected java.math.BigInteger s

The password salt 's'.

A

protected java.math.BigInteger A

The client public value 'A'.

B

protected java.math.BigInteger B

The server public value 'B'.

u

protected java.math.BigInteger u

The random scrambling parameter 'u'.

k

protected java.math.BigInteger k

The multiplier 'k'.

S

protected java.math.BigInteger S

The shared session key 'S'.

M1

protected java.math.BigInteger M1

The client evidence message 'M1'.

M2

protected java.math.BigInteger M2

The server evidence message 'M2'.

clientEvidenceRoutine

protected ClientEvidenceRoutine clientEvidenceRoutine

Custom routine for the client evidence message 'M1' computation.

serverEvidenceRoutine

protected ServerEvidenceRoutine serverEvidenceRoutine

Custom routine for the server evidence message 'M2' computation.

hashedKeysRoutine

protected URoutine hashedKeysRoutine

Custom routine for the hashed keys 'u' computation.

Constructor Detail

SRP6Session

public SRP6Session(int timeout,
                   SRP6Routines srp6Routines)

Creates a new SRP-6a authentication session.

Parameters:

timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.

srp6Routines - The math routines to use.

SRP6Session

public SRP6Session(int timeout)

Creates a new SRP-6a authentication session.

Parameters:

timeout - The SRP-6a authentication session timeout in seconds. If the authenticating counterparty (server or client) fails to respond within the specified time the session will be closed. If zero timeouts are disabled.

SRP6Session

public SRP6Session()

Creates a new SRP-6a authentication session, session timeouts are disabled. The default math routines are used.

Method Detail

updateLastActivityTime

protected void updateLastActivityTime()

Updates the last activity timestamp.

getLastActivityTime

public long getLastActivityTime()

Gets the last session activity timestamp, in milliseconds since midnight, January 1, 1970 UTC (see System.currentTimeMillis()).

Returns:

The last activity timestamp.

hasTimedOut

public boolean hasTimedOut()

Returns true if the session has timed out, based on the timeout configuration and the last activity timestamp.

Returns:

true if the session has timed out, else false.

getCryptoParams

public SRP6CryptoParams getCryptoParams()

Gets the SRP-6a crypto parameters for this session.

Returns:

The SRP-6a crypto parameters, null if undefined.

getUserID

public java.lang.String getUserID()

Gets the identity 'I' of the authenticating user.

Returns:

The user identity 'I', null if undefined.

getTimeout

public int getTimeout()

Gets the SRP-6a authentication session timeout.

Returns:

The SRP-6a authentication session timeout, in seconds. Zero implies to timeout.

setClientEvidenceRoutine

public void setClientEvidenceRoutine(ClientEvidenceRoutine routine)

Sets a custom routine to compute the client evidence message 'M1'. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_2 or SRP6ServerSession.State.STEP_2.

Parameters:

routine - The client evidence message 'M1' routine or null to use the default SRP6Routines.computeClientEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger).

getClientEvidenceRoutine

public ClientEvidenceRoutine getClientEvidenceRoutine()

Gets the custom routine to compute the client evidence message 'M1'.

Returns:

The routine instance or null if the default SRP6Routines.computeClientEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger) is used.

setServerEvidenceRoutine

public void setServerEvidenceRoutine(ServerEvidenceRoutine routine)

Sets a custom routine to compute the server evidence message 'M2'. Note that the custom routine must be set prior to SRP6ClientSession.State.STEP_3 or SRP6ServerSession.State.STEP_2.

Parameters:

routine - The server evidence message 'M2' routine or null to use the default SRP6Routines.computeServerEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger).

getServerEvidenceRoutine

public ServerEvidenceRoutine getServerEvidenceRoutine()

Gets the custom routine to compute the server evidence message 'M2'.

Returns:

The routine instance or null if the default SRP6Routines.computeServerEvidence(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger) is used.

getHashedKeysRoutine

public URoutine getHashedKeysRoutine()

Gets the custom routine to compute hashed keys 'u' a 'H(A | B)'.

Returns:

The routine instance or null if the default SRP6Routines.computeU(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger) is to be used.

setHashedKeysRoutine

public void setHashedKeysRoutine(URoutine hashedKeysRoutine)

Sets a custom routine to compute hashed keys 'u' a 'H(A | B)'. Note that the custom routine must be set prior to SRP6ServerSession.State.STEP_2.

Parameters:

hashedKeysRoutine - The hashed keys 'u' routine or null to use the default SRP6Routines.computeU(java.security.MessageDigest, java.math.BigInteger, java.math.BigInteger, java.math.BigInteger).

getSalt

public java.math.BigInteger getSalt()

Gets the password salt 's'.

Returns:

The salt 's' if available, else null.

getPublicClientValue

public java.math.BigInteger getPublicClientValue()

Gets the public client value 'A'.

Returns:

The public client value 'A' if available, else null.

getPublicServerValue

public java.math.BigInteger getPublicServerValue()

Gets the public server value 'B'.

Returns:

The public server value 'B' if available, else null.

getClientEvidenceMessage

public java.math.BigInteger getClientEvidenceMessage()

Gets the client evidence message 'M1'.

Returns:

The client evidence message 'M1' if available, else null.

getServerEvidenceMessage

public java.math.BigInteger getServerEvidenceMessage()

Gets the server evidence message 'M2'.

Returns:

The server evidence message 'M2' if available, else null.

getSessionKey

public java.math.BigInteger getSessionKey()

Gets the shared session key 'S'

Returns:

The shared session key 'S'. null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.

getSessionKeyHash

public byte[] getSessionKeyHash()

Gets the hash of the shared session key H(S).

Returns:

The hash of the shared session key H(S). null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.

setAttribute

public void setAttribute(java.lang.String key,
                         java.lang.Object value)

Sets a session attribute. This method can be used to store arbitrary objects with this session and retrieve them later with getAttribute(java.lang.String).

Parameters:

key - The attribute key. Must not be null.

value - The attribute value. May be null.

getAttribute

public java.lang.Object getAttribute(java.lang.String key)

Gets a session attribute. This method can be used to retrieve arbitrary objects stored with this session with setAttribute(java.lang.String, java.lang.Object).

Parameters:

key - The attribute key. Must not be null.

Returns:

The attribute value, null if none was found by the specified key or its value is null.