public class SRP6ServerSession extends SRP6Session implements Serializable
Usage:
step one
on receiving a valid user identity
'I' from the authenticating client. Respond with the server public
value 'B' and password salt 's'. If the SRP-6a crypto parameters 'N',
'g' and 'H' were not agreed in advance between server and client
append them to the response.
step two
on receiving the public client
value 'A' and evidence message 'M1'. If the client credentials are
valid signal success and return the server evidence message 'M2'. The
established session key 'S' may be retrieved
to
encrypt further communication with the client. Else signal an
authentication failure to the client.
Modifier and Type | Class and Description |
---|---|
static class |
SRP6ServerSession.State
Enumerates the states of a server-side SRP-6a authentication session.
|
A, B, clientEvidenceRoutine, config, hashedKeysRoutine, k, lastActivity, M1, M2, random, s, S, serverEvidenceRoutine, timeout, u, userID
Constructor and Description |
---|
SRP6ServerSession(SRP6CryptoParams config)
Creates a new server-side SRP-6a authentication session and sets its
state to
SRP6ServerSession.State.INIT . |
SRP6ServerSession(SRP6CryptoParams config,
int timeout)
Creates a new server-side SRP-6a authentication session and sets its
state to
SRP6ServerSession.State.INIT . |
Modifier and Type | Method and Description |
---|---|
SRP6ServerSession.State |
getState()
Returns the current state of this SRP-6a authentication session.
|
BigInteger |
mockStep1(String userID,
BigInteger s,
BigInteger v)
Increments this SRP-6a authentication session to
SRP6ServerSession.State.STEP_1 indicating a non-existing user identity 'I'
with mock (simulated) salt 's' and password verifier 'v' values. |
BigInteger |
step1(String userID,
BigInteger s,
BigInteger v)
Increments this SRP-6a authentication session to
SRP6ServerSession.State.STEP_1 . |
BigInteger |
step2(BigInteger A,
BigInteger M1)
Increments this SRP-6a authentication session to
SRP6ServerSession.State.STEP_2 . |
getAttribute, getClientEvidenceMessage, getClientEvidenceRoutine, getCryptoParams, getHashedKeysRoutine, getLastActivityTime, getPublicClientValue, getPublicServerValue, getSalt, getServerEvidenceMessage, getServerEvidenceRoutine, getSessionKey, getTimeout, getUserID, hasTimedOut, setAttribute, setClientEvidenceRoutine, setHashedKeysRoutine, setServerEvidenceRoutine, updateLastActivityTime
public SRP6ServerSession(SRP6CryptoParams config, int timeout)
SRP6ServerSession.State.INIT
.config
- The SRP-6a crypto parameters configuration. Must not
be null
.timeout
- The SRP-6a authentication session timeout in seconds.
If the authenticating counterparty (server or client)
fails to respond within the specified time the session
will be closed. If zero timeouts are disabled.public SRP6ServerSession(SRP6CryptoParams config)
SRP6ServerSession.State.INIT
. Session timeouts are disabled.config
- The SRP-6a crypto parameters configuration. Must not
be null
.public BigInteger step1(String userID, BigInteger s, BigInteger v)
SRP6ServerSession.State.STEP_1
.
Argument origin:
userID
- The identity 'I' of the authenticating user. Must not
be null
or empty.s
- The password salt 's'. Must not be null
.v
- The password verifier 'v'. Must not be null
.IllegalStateException
- If the mehod is invoked in a state
other than SRP6ServerSession.State.INIT
.public BigInteger mockStep1(String userID, BigInteger s, BigInteger v)
SRP6ServerSession.State.STEP_1
indicating a non-existing user identity 'I'
with mock (simulated) salt 's' and password verifier 'v' values.
This method can be used to avoid informing the client at step one that the user identity is bad and throw instead a guaranteed general "bad credentials" SRP-6a exception at step two.
Argument origin:
userID
- The identity 'I' of the authenticating user. Must not
be null
or empty.s
- The password salt 's'. Must not be null
.v
- The password verifier 'v'. Must not be null
.IllegalStateException
- If the method is invoked in a state
other than SRP6ServerSession.State.INIT
.public BigInteger step2(BigInteger A, BigInteger M1) throws SRP6Exception
SRP6ServerSession.State.STEP_2
.
Argument origin:
A
- The client public value. Must not be null
.M1
- The client evidence message. Must not be null
.SRP6Exception
- If the session has timed out, the client public
value 'A' is invalid or the user credentials
are invalid.IllegalStateException
- If the method is invoked in a state
other than SRP6ServerSession.State.STEP_1
.public SRP6ServerSession.State getState()
Copyright © 2015 Connect2id Ltd.. All Rights Reserved.