001/** 002 * 003 * Copyright 2016-2020 Florian Schmaus 004 * 005 * Licensed under the Apache License, Version 2.0 (the "License"); 006 * you may not use this file except in compliance with the License. 007 * You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.jivesoftware.smack.sasl.core; 018 019import java.security.NoSuchAlgorithmException; 020import java.security.cert.CertificateEncodingException; 021 022import javax.net.ssl.SSLPeerUnverifiedException; 023 024import org.jivesoftware.smack.SmackException.SmackSaslException; 025import org.jivesoftware.smack.util.TLSUtils; 026 027/** 028 * SCRAM-X-PLUS implementation. Due limitations of the Java API, this mechanism only supports the 'tls-server-end-point' 029 * channel binding type. But on the other hand, the other relevant channel binding type 'tls-unique' has some flaws (see 030 * 3SHAKE, RFC 7627). 031 * 032 * @author Florian Schmaus 033 */ 034public abstract class ScramPlusMechanism extends ScramMechanism { 035 036 protected ScramPlusMechanism(ScramHmac scramHmac) { 037 super(scramHmac); 038 } 039 040 @Override 041 public String getName() { 042 return super.getName() + "-PLUS"; 043 } 044 045 @Override 046 protected String getGs2CbindFlag() { 047 return "p=tls-server-end-point"; 048 } 049 050 @Override 051 protected byte[] getChannelBindingData() throws SmackSaslException { 052 byte[] cbData; 053 try { 054 cbData = TLSUtils.getChannelBindingTlsServerEndPoint(sslSession); 055 } 056 catch (SSLPeerUnverifiedException | CertificateEncodingException | NoSuchAlgorithmException e) { 057 throw new SmackSaslException(e); 058 } 059 return cbData; 060 } 061}