com.bitbucket.thinbus.srp6.js

Class SRP6JavascriptServerSession

java.lang.Object

com.bitbucket.thinbus.srp6.js.SRP6JavascriptServerSession

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

SRP6JavascriptServerSessionSHA1, SRP6JavascriptServerSessionSHA256

public abstract class SRP6JavascriptServerSession
extends Object
implements Serializable

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected com.nimbusds.srp6.SRP6CryptoParams	config The crypto parameters for the SRP-6a protocol.
static int	HASH_HEX_LENGTH This must match the expected character length of the specified algorithm
protected com.nimbusds.srp6.SRP6ServerSession	session The underlying Nimbus session which will be configure for JavaScript interactions

Constructor Summary

Constructors

Constructor and Description
SRP6JavascriptServerSession(com.nimbusds.srp6.SRP6CryptoParams srp6CryptoParams) Constructs a JavaScript compatible server session which configures an underlying Nimbus SRP6ServerSession.

Method Summary

Modifier and Type	Method and Description
static BigInteger	fromDecimal(String base10) Turn a radix10 string into a java.net.BigInteger
String	getPublicServerValue() Deprecated. This value is returned by step1 having a getter means holding onto more memory see issue #4 at https://bitbucket.org/simon_massey/thinbus-srp-js/issues/4
String	getSalt() Deprecated. This value is returned by step1 having a getter means holding onto more memory see issue #4 at https://bitbucket.org/simon_massey/thinbus-srp-js/issues/4
String	getServerEvidenceMessage() Deprecated. This value is returned by step2 having a getter means holding onto more memory see issue #4 at https://bitbucket.org/simon_massey/thinbus-srp-js/issues/4
String	getSessionKey(boolean doHash) Gets the shared session key 'S' or its hash H(S).
String	getState() Returns the underlying session state as a String for JavaScript testing.
String	getUserID() Gets the identity 'I' of the authenticating user.
String	k() k is actually fixed and done with hash padding routine which uses java.net.BigInteger byte array constructor so this is a convenience method to get at the Java generated value to use in the configuration of the Javascript
String	step1(String username, String salt, String v) Returns the one-time server challenge `B` encoded as hex.
String	step2(String A, String M1) Validates a password proof `M1` based on the client one-tiem public key `A`.
String	toString() Outputs the configuration in the way which can be used to configure JavaScript.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

config

protected final com.nimbusds.srp6.SRP6CryptoParams config

The crypto parameters for the SRP-6a protocol. These must be agreed between client and server before authentication and consist of a large safe prime 'N', a corresponding generator 'g' and a hash function algorithm 'H'. You can generate your own with openssl using OpenSSLCryptoConfigConverter

session

protected final com.nimbusds.srp6.SRP6ServerSession session

The underlying Nimbus session which will be configure for JavaScript interactions

HASH_HEX_LENGTH

public static int HASH_HEX_LENGTH

This must match the expected character length of the specified algorithm

Constructor Detail

SRP6JavascriptServerSession

public SRP6JavascriptServerSession(com.nimbusds.srp6.SRP6CryptoParams srp6CryptoParams)

Constructs a JavaScript compatible server session which configures an underlying Nimbus SRP6ServerSession.

Parameters:

srp6CryptoParams - cryptographic constants which must match those being used by the client.

Method Detail

step1

public String step1(String username,
                    String salt,
                    String v)

Returns the one-time server challenge `B` encoded as hex. Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_1.

Parameters:

username - The identity 'I' of the authenticating user. Must not be null or empty.

salt - The password salt 's'. Must not be null.

v - The password verifier 'v'. Must not be null.

Returns:

The server public value 'B' as hex encoded number.

Throws:

IllegalStateException - If the mehod is invoked in a state other than SRP6ServerSession.State.INIT.

step2

public String step2(String A,
                    String M1)
             throws Exception

Validates a password proof `M1` based on the client one-tiem public key `A`. Increments this SRP-6a authentication session to SRP6ServerSession.State.STEP_2.

Parameters:

A - The client public value. Must not be null.

M1 - The client evidence message. Must not be null.

Returns:

The server evidence message 'M2' has hex encoded number with leading zero padding to match the 256bit hash length.

Throws:

com.nimbusds.srp6.SRP6Exception - If the client public value 'A' is invalid or the user credentials are invalid.

IllegalStateException - If the mehod is invoked in a state other than SRP6ServerSession.State.STEP_1.

Exception

getState

public String getState()

Returns the underlying session state as a String for JavaScript testing.

Returns:

The current state.

getUserID

public String getUserID()

Gets the identity 'I' of the authenticating user.

Returns:

The user identity 'I', null if undefined.

k

public String k()

k is actually fixed and done with hash padding routine which uses java.net.BigInteger byte array constructor so this is a convenience method to get at the Java generated value to use in the configuration of the Javascript

Returns:

'k' calculated as H( N, g )

fromDecimal

public static BigInteger fromDecimal(String base10)

Turn a radix10 string into a java.net.BigInteger

Parameters:

base10 - the radix10 string

Returns:

the BigInteger representation of the number

toString

public String toString()

Outputs the configuration in the way which can be used to configure JavaScript. Note that 'k' is fixed but uses the byte array constructor of BigInteger which is not available in JavaScript to you must set it as configuration.

Overrides:

toString in class Object

Returns:

Parameters required by JavaScript client.

getSalt

@Deprecated
public String getSalt()

Deprecated. This value is returned by step1 having a getter means holding onto more memory see issue #4 at https://bitbucket.org/simon_massey/thinbus-srp-js/issues/4

Gets the password salt 's'.

Returns:

The salt 's' if available, else null.

getPublicServerValue

@Deprecated
public String getPublicServerValue()

Deprecated. This value is returned by step1 having a getter means holding onto more memory see issue #4 at https://bitbucket.org/simon_massey/thinbus-srp-js/issues/4

Gets the public server value 'B'.

Returns:

The public server value 'B' if available, else null.

getServerEvidenceMessage

@Deprecated
public String getServerEvidenceMessage()

Deprecated. This value is returned by step2 having a getter means holding onto more memory see issue #4 at https://bitbucket.org/simon_massey/thinbus-srp-js/issues/4

Gets the server evidence message 'M2'.

Returns:

The server evidence message 'M2' if available, else null.

getSessionKey

public String getSessionKey(boolean doHash)

Gets the shared session key 'S' or its hash H(S).

Parameters:

doHash - If true the hash H(S) of the session key will be returned instead of the raw value.

Returns:

The shared session key 'S' or its hash H(S). null will be returned if authentication failed or the method is invoked in a session state when the session key 'S' has not been computed yet.