blob: 8f6dec20ef6fdce0402e2315af41a1063fcd0fdb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
package eu.siacs.conversations.crypto.sasl;
import org.conscrypt.Conscrypt;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import eu.siacs.conversations.entities.Account;
abstract class ScramPlusMechanism extends ScramMechanism {
private static final String EXPORTER_LABEL = "EXPORTER-Channel-Binding";
ScramPlusMechanism(Account account, ChannelBinding channelBinding) {
super(account, channelBinding);
}
@Override
protected byte[] getChannelBindingData(final SSLSocket sslSocket)
throws AuthenticationException {
if (sslSocket == null) {
throw new AuthenticationException("Channel binding attempt on non secure socket");
}
if (this.channelBinding == ChannelBinding.TLS_EXPORTER) {
final byte[] keyingMaterial;
try {
keyingMaterial =
Conscrypt.exportKeyingMaterial(sslSocket, EXPORTER_LABEL, new byte[0], 32);
} catch (final SSLException e) {
throw new AuthenticationException("Could not export keying material");
}
if (keyingMaterial == null) {
throw new AuthenticationException(
"Could not export keying material. Socket not ready");
}
return keyingMaterial;
} else if (this.channelBinding == ChannelBinding.TLS_UNIQUE) {
final byte[] unique = Conscrypt.getTlsUnique(sslSocket);
if (unique == null) {
throw new AuthenticationException(
"Could not retrieve tls unique. Socket not ready");
}
return unique;
} else {
throw new AuthenticationException(
String.format("%s is not a valid channel binding", ChannelBinding.NONE));
}
}
}
|