do not accept fast token w/o channel binding for channel bound login

Daniel Gultsch created

Change summary

src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java | 14 +++-
1 file changed, 10 insertions(+), 4 deletions(-)

Detailed changes

src/main/java/eu/siacs/conversations/xmpp/XmppConnection.java 🔗 

@@ -65,6 +65,7 @@ import eu.siacs.conversations.R;
 import eu.siacs.conversations.crypto.XmppDomainVerifier;
 import eu.siacs.conversations.crypto.axolotl.AxolotlService;
 import eu.siacs.conversations.crypto.sasl.ChannelBinding;
+import eu.siacs.conversations.crypto.sasl.ChannelBindingMechanism;
 import eu.siacs.conversations.crypto.sasl.HashedToken;
 import eu.siacs.conversations.crypto.sasl.SaslMechanism;
 import eu.siacs.conversations.entities.Account;
@@ -826,10 +827,15 @@ public class XmppConnection implements Runnable {
                 tokenMechanism = null;
             }
             if (tokenMechanism != null && !Strings.isNullOrEmpty(token)) {
-                this.account.setFastToken(tokenMechanism, token);
-                Log.d(
-                        Config.LOGTAG,
-                        account.getJid().asBareJid() + ": storing hashed token " + tokenMechanism);
+                if (ChannelBinding.priority(tokenMechanism.channelBinding) >= ChannelBindingMechanism.getPriority(currentSaslMechanism)) {
+                    this.account.setFastToken(tokenMechanism, token);
+                    Log.d(
+                            Config.LOGTAG,
+                            account.getJid().asBareJid() + ": storing hashed token " + tokenMechanism);
+                } else {
+                    Log.d(Config.LOGTAG,account.getJid().asBareJid()+": not accepting hashed token "+ tokenMechanism.name()+" for log in mechanism "+currentSaslMechanism.getMechanism());
+                    this.account.resetFastToken();
+                }
             } else if (this.hashTokenRequest != null) {
                 Log.w(
                         Config.LOGTAG,