consider going from unique or exporter to endpoint a downgrade
This commit is contained in:
parent
a5f51d69e1
commit
822f3f4d22
|
@ -117,4 +117,14 @@ public enum ChannelBinding {
|
||||||
throw new AssertionError("Missing short name for " + channelBinding);
|
throw new AssertionError("Missing short name for " + channelBinding);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static int priority(final ChannelBinding channelBinding) {
|
||||||
|
if (Arrays.asList(TLS_EXPORTER,TLS_UNIQUE).contains(channelBinding)) {
|
||||||
|
return 2;
|
||||||
|
} else if (channelBinding == ChannelBinding.TLS_SERVER_END_POINT) {
|
||||||
|
return 1;
|
||||||
|
} else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,4 +97,13 @@ public interface ChannelBindingMechanism {
|
||||||
messageDigest.update(encodedCertificate);
|
messageDigest.update(encodedCertificate);
|
||||||
return messageDigest.digest();
|
return messageDigest.digest();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int getPriority(final SaslMechanism mechanism) {
|
||||||
|
if (mechanism instanceof ChannelBindingMechanism) {
|
||||||
|
final ChannelBindingMechanism channelBindingMechanism = (ChannelBindingMechanism) mechanism;
|
||||||
|
return ChannelBinding.priority(channelBindingMechanism.getChannelBinding());
|
||||||
|
} else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,7 +27,7 @@ public class ScramSha1Plus extends ScramPlusMechanism {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getPriority() {
|
public int getPriority() {
|
||||||
return 35; // higher than SCRAM-SHA512 (30)
|
return 35 + ChannelBinding.priority(this.channelBinding); // higher than SCRAM-SHA512 (30)
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -27,7 +27,7 @@ public class ScramSha256Plus extends ScramPlusMechanism {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getPriority() {
|
public int getPriority() {
|
||||||
return 40;
|
return 40 + ChannelBinding.priority(this.channelBinding);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -27,7 +27,7 @@ public class ScramSha512Plus extends ScramPlusMechanism {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int getPriority() {
|
public int getPriority() {
|
||||||
return 45;
|
return 45 + ChannelBinding.priority(this.channelBinding);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
Loading…
Reference in a new issue