001/**
002 *
003 * Copyright 2016-2020 Florian Schmaus
004 *
005 * Licensed under the Apache License, Version 2.0 (the "License");
006 * you may not use this file except in compliance with the License.
007 * You may obtain a copy of the License at
008 *
009 *     http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.jivesoftware.smack.sasl.core;
018
019import java.security.NoSuchAlgorithmException;
020import java.security.cert.CertificateEncodingException;
021
022import javax.net.ssl.SSLPeerUnverifiedException;
023
024import org.jivesoftware.smack.SmackException.SmackSaslException;
025import org.jivesoftware.smack.util.TLSUtils;
026
027/**
028 * SCRAM-X-PLUS implementation. Due limitations of the Java API, this mechanism only supports the 'tls-server-end-point'
029 * channel binding type. But on the other hand, the other relevant channel binding type 'tls-unique' has some flaws (see
030 * 3SHAKE, RFC 7627).
031 *
032 * @author Florian Schmaus
033 */
034public abstract class ScramPlusMechanism extends ScramMechanism {
035
036    protected ScramPlusMechanism(ScramHmac scramHmac) {
037        super(scramHmac);
038    }
039
040    @Override
041    public String getName() {
042        return super.getName() + "-PLUS";
043    }
044
045    @Override
046    protected String getGs2CbindFlag() {
047        return "p=tls-server-end-point";
048    }
049
050    @Override
051    protected byte[] getChannelBindingData() throws SmackSaslException {
052        byte[] cbData;
053        try {
054            cbData = TLSUtils.getChannelBindingTlsServerEndPoint(sslSession);
055        }
056        catch (SSLPeerUnverifiedException | CertificateEncodingException | NoSuchAlgorithmException e) {
057            throw new SmackSaslException(e);
058        }
059        return cbData;
060    }
061}