com.bitbucket.thinbus.srp6.js

Class SRP6JavaClientSession

java.lang.Object

com.bitbucket.thinbus.srp6.js.SRP6JavaClientSession

Direct Known Subclasses:

SRP6JavaClientSessionSHA1, SRP6JavaClientSessionSHA256

public abstract class SRP6JavaClientSession
extends Object

If you want to have both Java clients and JavaScript clients authenticate to the same Java server then this class is a workalike to the JavaScript client session. This class is a thin wrapper to a Nimbus SRP6ClientSession which is configured to work with the Thinbus server session.

Field Summary

Fields

Modifier and Type	Field and Description
protected com.nimbusds.srp6.SRP6CryptoParams	config The crypto parameters for the SRP-6a protocol.
protected com.nimbusds.srp6.SRP6ClientSession	session The underlying Nimbus session which will be configure for JavaScript interactions

Constructor Summary

Constructors

Constructor and Description
SRP6JavaClientSession(com.nimbusds.srp6.SRP6CryptoParams srp6CryptoParams) Constructs a Java client session compatible with the server session which words with Java.

Method Summary

Modifier and Type	Method and Description
String	generateRandomSalt(int numBytes) Generates a salt value 's'.
void	step1(String userID, String password) Records the identity 'I' and password 'P' of the authenticating user.
com.nimbusds.srp6.SRP6ClientCredentials	step2(String s, String B) Receives the password salt 's' and public value 'B' from the server.
void	step3(String M2) Receives the server evidence message 'M1'.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

config

protected final com.nimbusds.srp6.SRP6CryptoParams config

The crypto parameters for the SRP-6a protocol. These must be agreed between client and server before authentication and consist of a large safe prime 'N', a corresponding generator 'g' and a hash function algorithm 'H'. You can generate your own with openssl using OpenSSLCryptoConfig

session

protected final com.nimbusds.srp6.SRP6ClientSession session

The underlying Nimbus session which will be configure for JavaScript interactions

Constructor Detail

SRP6JavaClientSession

public SRP6JavaClientSession(com.nimbusds.srp6.SRP6CryptoParams srp6CryptoParams)

Constructs a Java client session compatible with the server session which words with Java. underlying Nimbus SRP6ClientSession.

Parameters:

srp6CryptoParams - cryptographic constants which must match those being used by the client.

Method Detail

step1

public void step1(String userID,
                  String password)

Records the identity 'I' and password 'P' of the authenticating user. The session is incremented to SRP6ClientSession.State.STEP_1.

Argument origin:

• From user: user identity 'I' and password 'P'.

Parameters:

userID - The identity 'I' of the authenticating user, UTF-8 encoded. Must not be null or empty.

password - The user password 'P', UTF-8 encoded. Must not be null .

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.INIT.

step2

public com.nimbusds.srp6.SRP6ClientCredentials step2(String s,
                                                     String B)
                                              throws com.nimbusds.srp6.SRP6Exception

Receives the password salt 's' and public value 'B' from the server. The SRP-6a crypto parameters are also set. The session is incremented to SRP6ClientSession.State.STEP_2.

Argument origin:

• From server: password salt 's', public value 'B'.
• From server or pre-agreed: crypto parameters prime 'N', generator 'g'
• Pre-agreed: crypto parameters prime 'H'

Parameters:

s - The password salt 's'. Must not be null.

B - The public server value 'B'. Must not be null.

Returns:

The client credentials consisting of the client public key 'A' and the client evidence message 'M1'.

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_1.

com.nimbusds.srp6.SRP6Exception - If the session has timed out or the public server value 'B' is invalid.

step3

public void step3(String M2)
           throws com.nimbusds.srp6.SRP6Exception

Receives the server evidence message 'M1'. The session is incremented to SRP6ClientSession.State.STEP_3.

Argument origin:

• From server: evidence message 'M2'.

Parameters:

M2 - The server evidence message 'M2'. Must not be null.

Throws:

IllegalStateException - If the method is invoked in a state other than SRP6ClientSession.State.STEP_2.

com.nimbusds.srp6.SRP6Exception - If the session has timed out or the server evidence message 'M2' is invalid.

generateRandomSalt

public String generateRandomSalt(int numBytes)

Generates a salt value 's'. The salt s is a public value in the protocol which is fixed per user and would be stored in the user database. The desired property is that it is unique for every user in your system. This can be ensured by adding a uniqueness constraint to a not null salt column within the database which is strongly recommended. Then it does not matter whether this public value has been generated using a good secure random number at the server or using a weaker random number generator at the browser. You simply reduce the probability of database constraint exceptions if you use a better random number. The Thinbus Javascript client session provides a method generateRandomSalt to run at the browser to create 's' which can be invoked with, or without, passing a sever generated secure random number or avoided entirely by generating the salt at the server. This method is the server version which you can use exclusively else mix with a client generated value.

Parameters:

numBytes - Number of random bytes. Recommended is greater than the bit length of the chosen hash e.g. HASH_HEX_LENGTH constant of server session is x2 hash length so a reasonable choice.

Returns:

A hex encoded random salt value.