public class SimulatedTlsSRPIdentityManager extends java.lang.Object implements TlsSRPIdentityManager
TlsSRPIdentityManager
that simulates the existence of "unknown" identities
to obscure the fact that there is no verifier for them.Modifier and Type | Field and Description |
---|---|
protected SRP6Group |
group |
protected TlsMAC |
mac |
protected TlsSRP6VerifierGenerator |
verifierGenerator |
Constructor and Description |
---|
SimulatedTlsSRPIdentityManager(SRP6Group group,
TlsSRP6VerifierGenerator verifierGenerator,
TlsMAC mac) |
Modifier and Type | Method and Description |
---|---|
TlsSRPLoginParameters |
getLoginParameters(byte[] identity)
Lookup the
TlsSRPLoginParameters corresponding to the specified identity. |
static SimulatedTlsSRPIdentityManager |
getRFC5054Default(TlsCrypto crypto,
SRP6Group group,
byte[] seedKey)
Create a
SimulatedTlsSRPIdentityManager that implements the algorithm from RFC 5054 2.5.1.3 |
protected SRP6Group group
protected TlsSRP6VerifierGenerator verifierGenerator
protected TlsMAC mac
public SimulatedTlsSRPIdentityManager(SRP6Group group, TlsSRP6VerifierGenerator verifierGenerator, TlsMAC mac)
public static SimulatedTlsSRPIdentityManager getRFC5054Default(TlsCrypto crypto, SRP6Group group, byte[] seedKey) throws java.io.IOException
SimulatedTlsSRPIdentityManager
that implements the algorithm from RFC 5054 2.5.1.3group
- the SRP6Group
defining the group that SRP is operating inseedKey
- the secret "seed key" referred to in RFC 5054 2.5.1.3SimulatedTlsSRPIdentityManager
java.io.IOException
public TlsSRPLoginParameters getLoginParameters(byte[] identity)
TlsSRPIdentityManager
TlsSRPLoginParameters
corresponding to the specified identity.
NOTE: To avoid "identity probing", unknown identities SHOULD be handled as recommended in RFC
5054 2.5.1.3. SimulatedTlsSRPIdentityManager
is provided for this purpose.getLoginParameters
in interface TlsSRPIdentityManager
identity
- the SRP identity sent by the connecting clientTlsSRPLoginParameters
for the specified identity, or else 'simulated'
parameters if the identity is not recognized. A null value is also allowed, but not
recommended.