1package eu.siacs.conversations.crypto.sasl;
 2
 3import org.conscrypt.Conscrypt;
 4
 5import javax.net.ssl.SSLException;
 6import javax.net.ssl.SSLSocket;
 7
 8import eu.siacs.conversations.entities.Account;
 9
10abstract class ScramPlusMechanism extends ScramMechanism {
11
12    private static final String EXPORTER_LABEL = "EXPORTER-Channel-Binding";
13
14    ScramPlusMechanism(Account account, ChannelBinding channelBinding) {
15        super(account, channelBinding);
16    }
17
18    @Override
19    protected byte[] getChannelBindingData(final SSLSocket sslSocket)
20            throws AuthenticationException {
21        if (sslSocket == null) {
22            throw new AuthenticationException("Channel binding attempt on non secure socket");
23        }
24        if (this.channelBinding == ChannelBinding.TLS_EXPORTER) {
25            try {
26                return Conscrypt.exportKeyingMaterial(sslSocket, EXPORTER_LABEL, new byte[0], 32);
27            } catch (final SSLException e) {
28                throw new AuthenticationException("Could not export keying material");
29            }
30        } else {
31            throw new AuthenticationException(
32                    String.format("%s is not a valid channel binding", ChannelBinding.NONE));
33        }
34    }
35}