Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.srp
Class SRPServerSession

java.lang.Object
  extended by org.jboss.security.srp.SRPServerSession
All Implemented Interfaces:
Serializable
public class SRPServerSession
extends Object
implements Serializable

The server side logic to the SRP protocol. The class is the server side equivalent of the SRPClientSession object. An implementation of SRPServerInterface creates an SRPServerSession on the start of a login session. The client side algorithm using these classes consists of: 1. Get server, SRPServerInterface server = (SRPServerInterface) Naming.lookup(...); 2. Get SRP parameters, SRPParameters params = server.getSRPParameters(username); 3. Create a client session, SRPClientSession client = new SRPClientSession(username, password, params); 4. Exchange public keys, byte[] A = client.exponential(); byte[] B = server.init(username, A); 5. Exchange challenges, byte[] M1 = client.response(B); byte[] M2 = server.verify(username, M1); 6. Verify the server response, if( client.verify(M2) == false ) throw new SecurityException("Failed to validate server reply"); 7. Validation complete Note that these steps are stateful. They must be performed in order and a step cannot be repeated to update the session state. This product uses the 'Secure Remote Password' cryptographic authentication system developed by Tom Wu (tjw@CS.Stanford.EDU).

Version:
$Revision: 57210 $
Author:
Scott.Stark@jboss.org
See Also:
Serialized Form

Constructor Summary
SRPServerSession(String username, byte[] vb, SRPParameters params)
          Creates a new SRP server session object from the username, password verifier, and session parameters.
 
Method Summary
 void buildSessionKey(byte[] ab)
           
 byte[] exponential()
           
 byte[] getClientResponse()
           
 SRPParameters getParameters()
           
 byte[] getServerResponse()
           
 byte[] getSessionKey()
          Returns the negotiated session K, K = SessionHash(S)
 boolean verify(byte[] clientM1)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SRPServerSession

public SRPServerSession(String username,
                        byte[] vb,
                        SRPParameters params)
Creates a new SRP server session object from the username, password verifier, and session parameters.

Parameters:
username, - the user ID
vb, - the password verifier byte sequence
params, - the SRP parameters for the session
Method Detail

getParameters

public SRPParameters getParameters()

exponential

public byte[] exponential()

buildSessionKey

public void buildSessionKey(byte[] ab)
                     throws NoSuchAlgorithmException
Parameters:
ab - The client's exponential (parameter A).
Throws:
NoSuchAlgorithmException - thrown if the session key MessageDigest algorithm cannot be found.

getSessionKey

public byte[] getSessionKey()
                     throws SecurityException
Returns the negotiated session K, K = SessionHash(S)

Returns:
the private session K byte[]
Throws:
SecurityException - - if the current thread does not have an getSessionKey SRPPermission.

getServerResponse

public byte[] getServerResponse()

getClientResponse

public byte[] getClientResponse()

verify

public boolean verify(byte[] clientM1)
Parameters:
resp - The client's response to the server's challenge
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2002 JBoss Group, LLC. All Rights Reserved.