support end-point channel binding as last choice option

2022-09-07 12:08:50 +02:00 · 2022-09-07 12:08:50 +02:00 · ecbfe33e8d
parent 018e0d9edf
commit ecbfe33e8d
2 changed files with 3 additions and 7 deletions
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ChannelBinding.java
@ -32,6 +32,8 @@ public enum ChannelBinding {
            return TLS_EXPORTER;
        } else if (bindings.contains(TLS_UNIQUE)) {
            return TLS_UNIQUE;
        } else if (bindings.contains(TLS_SERVER_END_POINT)) {
            return TLS_SERVER_END_POINT;
        } else {
            return null;
        }
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramPlusMechanism.java
@ -1,7 +1,5 @@
 package eu.siacs.conversations.crypto.sasl;
 import android.util.Log;
 import org.bouncycastle.jcajce.provider.digest.SHA256;
 import org.conscrypt.Conscrypt;
@ -16,9 +14,7 @@ import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import eu.siacs.conversations.Config;
 import eu.siacs.conversations.entities.Account;
 import eu.siacs.conversations.utils.CryptoHelper;
 abstract class ScramPlusMechanism extends ScramMechanism {
@ -56,11 +52,10 @@ abstract class ScramPlusMechanism extends ScramMechanism {
            return unique;
        } else if (this.channelBinding == ChannelBinding.TLS_SERVER_END_POINT) {
            final byte[] endPoint = getServerEndPointChannelBinding(sslSocket.getSession());
            Log.d(Config.LOGTAG, "retrieved endpoint " + CryptoHelper.bytesToHex(endPoint));
            return endPoint;
        } else {
            throw new AuthenticationException(
-                    String.format("%s is not a valid channel binding", ChannelBinding.NONE));
+                    String.format("%s is not a valid channel binding", channelBinding));
        }
    }
@ -99,7 +94,6 @@ abstract class ScramPlusMechanism extends ScramMechanism {
                        "Could not instantiate message digest for " + hashAlgorithm);
            }
        }
        Log.d(Config.LOGTAG, "hashing certificate with " + messageDigest.getAlgorithm());
        final byte[] encodedCertificate;
        try {
            encodedCertificate = certificate.getEncoded();