consider going from unique or exporter to endpoint a downgrade

This commit is contained in:
Daniel Gultsch 2023-10-21 14:21:29 +02:00
parent a5f51d69e1
commit 822f3f4d22
No known key found for this signature in database
GPG key ID: F43D18AD2A0982C2
5 changed files with 22 additions and 3 deletions

View file

@ -117,4 +117,14 @@ public enum ChannelBinding {
throw new AssertionError("Missing short name for " + channelBinding);
}
}
public static int priority(final ChannelBinding channelBinding) {
if (Arrays.asList(TLS_EXPORTER,TLS_UNIQUE).contains(channelBinding)) {
return 2;
} else if (channelBinding == ChannelBinding.TLS_SERVER_END_POINT) {
return 1;
} else {
return 0;
}
}
}

View file

@ -97,4 +97,13 @@ public interface ChannelBindingMechanism {
messageDigest.update(encodedCertificate);
return messageDigest.digest();
}
static int getPriority(final SaslMechanism mechanism) {
if (mechanism instanceof ChannelBindingMechanism) {
final ChannelBindingMechanism channelBindingMechanism = (ChannelBindingMechanism) mechanism;
return ChannelBinding.priority(channelBindingMechanism.getChannelBinding());
} else {
return 0;
}
}
}

View file

@ -27,7 +27,7 @@ public class ScramSha1Plus extends ScramPlusMechanism {
@Override
public int getPriority() {
return 35; // higher than SCRAM-SHA512 (30)
return 35 + ChannelBinding.priority(this.channelBinding); // higher than SCRAM-SHA512 (30)
}
@Override

View file

@ -27,7 +27,7 @@ public class ScramSha256Plus extends ScramPlusMechanism {
@Override
public int getPriority() {
return 40;
return 40 + ChannelBinding.priority(this.channelBinding);
}
@Override

View file

@ -27,7 +27,7 @@ public class ScramSha512Plus extends ScramPlusMechanism {
@Override
public int getPriority() {
return 45;
return 45 + ChannelBinding.priority(this.channelBinding);
}
@Override