narayana/conversations-classic
3
2
Fork 0
Code Issues 3 Pull requests 2 Actions Packages Projects Releases 4 Wiki Activity

support end-point channel binding as last choice option

Browse source
This commit is contained in:
Daniel Gultsch 2022-09-07 12:08:50 +02:00
parent 018e0d9edf
commit ecbfe33e8d
2 changed files with 3 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java
View file

@ -32,6 +32,8 @@ public enum ChannelBinding {
return TLS_EXPORTER;
} else if (bindings.contains(TLS_UNIQUE)) {
return TLS_UNIQUE;
} else if (bindings.contains(TLS_SERVER_END_POINT)) {
return TLS_SERVER_END_POINT;
} else {
return null;
}

8
src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java
View file

@ -1,7 +1,5 @@
package eu.siacs.conversations.crypto.sasl;
import android.util.Log;
import org.bouncycastle.jcajce.provider.digest.SHA256;
import org.conscrypt.Conscrypt;
@ -16,9 +14,7 @@ import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.utils.CryptoHelper;
abstract class ScramPlusMechanism extends ScramMechanism {
@ -56,11 +52,10 @@ abstract class ScramPlusMechanism extends ScramMechanism {
return unique;
} else if (this.channelBinding == ChannelBinding.TLS_SERVER_END_POINT) {
final byte[] endPoint = getServerEndPointChannelBinding(sslSocket.getSession());
Log.d(Config.LOGTAG, "retrieved endpoint " + CryptoHelper.bytesToHex(endPoint));
return endPoint;
} else {
throw new AuthenticationException(
String.format("%s is not a valid channel binding", ChannelBinding.NONE));
String.format("%s is not a valid channel binding", channelBinding));
}
}
@ -99,7 +94,6 @@ abstract class ScramPlusMechanism extends ScramMechanism {
"Could not instantiate message digest for " + hashAlgorithm);
}
}
Log.d(Config.LOGTAG, "hashing certificate with " + messageDigest.getAlgorithm());
final byte[] encodedCertificate;
try {
encodedCertificate = certificate.getEncoded();