Package com.bitbucket.thinbus.srp6.js

Class SRP6JavaClientSession

  • Direct Known Subclasses:
    SRP6JavaClientSessionSHA1, SRP6JavaClientSessionSHA256
    public abstract class SRP6JavaClientSession
extends Object
    If you want to have both Java clients and JavaScript clients authenticate to the same Java server then this class is a workalike to the JavaScript client session. This class is a thin wrapper to a Nimbus SRP6ClientSession which is configured to work with the Thinbus server session.

    • Field Detail

      • config

        protected final com.nimbusds.srp6.SRP6CryptoParams config
        The crypto parameters for the SRP-6a protocol. These must be agreed between client and server before authentication and consist of a large safe prime 'N', a corresponding generator 'g' and a hash function algorithm 'H'. You can generate your own with openssl using OpenSSLCryptoConfigConverter

      • session

        protected final com.nimbusds.srp6.SRP6ClientSession session
        The underlying Nimbus session which will be configure for JavaScript interactions

    • Constructor Detail

      • SRP6JavaClientSession

        public SRP6JavaClientSession​(com.nimbusds.srp6.SRP6CryptoParams srp6CryptoParams)
        Constructs a Java client session compatible with the server session which words with Java. underlying Nimbus SRP6ClientSession.
        Parameters:
        srp6CryptoParams - cryptographic constants which must match those being used by the client.

    • Method Detail

      • step1

        public void step1​(String userID,
                  String password)
        Records the identity 'I' and password 'P' of the authenticating user. The session is incremented to SRP6ClientSession.State.STEP_1.

        Argument origin:

        • From user: user identity 'I' and password 'P'.
        Parameters:
        userID - The identity 'I' of the authenticating user, UTF-8 encoded. Must not be null or empty.
        password - The user password 'P', UTF-8 encoded. Must not be null .
        Throws:
        IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.INIT.

      • step2

        public com.nimbusds.srp6.SRP6ClientCredentials step2​(String s,
                                                     String B)
                                              throws com.nimbusds.srp6.SRP6Exception
        Receives the password salt 's' and public value 'B' from the server. The SRP-6a crypto parameters are also set. The session is incremented to SRP6ClientSession.State.STEP_2.

        Argument origin:

        • From server: password salt 's', public value 'B'.
        • From server or pre-agreed: crypto parameters prime 'N', generator 'g'
        • Pre-agreed: crypto parameters prime 'H'
        Parameters:
        s - The password salt 's'. Must not be null.
        B - The public server value 'B'. Must not be null.
        Returns:
        The client credentials consisting of the client public key 'A' and the client evidence message 'M1'.
        Throws:
        IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_1.
        com.nimbusds.srp6.SRP6Exception - If the session has timed out or the public server value 'B' is invalid.

      • step3

        public void step3​(String M2)
           throws com.nimbusds.srp6.SRP6Exception
        Receives the server evidence message 'M1'. The session is incremented to SRP6ClientSession.State.STEP_3.

        Argument origin:

        • From server: evidence message 'M2'.
        Parameters:
        M2 - The server evidence message 'M2'. Must not be null.
        Throws:
        IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_2.
        com.nimbusds.srp6.SRP6Exception - If the session has timed out or the server evidence message 'M2' is invalid.

      • generateRandomSalt

        public String generateRandomSalt​(int numBytes)
        Generates a salt value 's'. The salt s is a public value in the protocol which is fixed per user and would be stored in the user database. The desired property is that it is unique for every user in your system. This can be ensured by adding a uniqueness constraint to a not null salt column within the database which is strongly recommended. Then it does not matter whether this public value has been generated using a good secure random number at the server or using a weaker random number generator at the browser. You simply reduce the probability of database constraint exceptions if you use a better random number. The Thinbus Javascript client session provides a method generateRandomSalt to run at the browser to create 's' which can be invoked with, or without, passing a sever generated secure random number or avoided entirely by generating the salt at the server. This method is the server version which you can use exclusively else mix with a client generated value.
        Parameters:
        numBytes - Number of random bytes. Recommended is greater than the bit length of the chosen hash e.g. HASH_HEX_LENGTH constant of server session is x2 hash length so a reasonable choice.
        Returns:
        A hex encoded random salt value.

      • getUserID

        public String getUserID()
        Gets the identity 'I' of the authenticating user.
        Returns:
        The user identity 'I', null if undefined.

      • getSalt

        public String getSalt()
        Gets the password salt 's'.
        Returns:
        The salt 's' if available, else null.

      • getPublicClientValue

        public String getPublicClientValue()
        Gets the public client value 'A'.
        Returns:
        The public client value 'A' if available, else null.

      • getClientEvidenceMessage

        public String getClientEvidenceMessage()
        Gets the client evidence message 'M1'.
        Returns:
        The client evidence message 'M1' if available, else null.

      • getState

        public com.nimbusds.srp6.SRP6ClientSession.State getState()
        Returns the current state of this SRP-6a authentication session.
        Returns:
        The current state.

      • getSessionKey

        public String getSessionKey​(boolean doHash)
        Gets the shared session key 'S' or its hash H(S).
        Parameters:
        doHash - If true the hash H(S) of the session key will be returned instead of the raw value.
        Returns:
        The shared session key 'S' or its hash H(S). null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.