Add auth method pinning

author: Sam Whited <sam@samwhited.com> 2014-11-15 09:42:40 -0500
committer: Sam Whited <sam@samwhited.com> 2014-11-15 10:01:08 -0500
commit: 847877f9d2954130a73860118cb7b6fe073aafe8 (patch)
tree: 4e177dd7cf9d2ec29cbd5a544736c4e4cba0411c /src/main/java/eu/siacs/conversations/crypto/sasl
parent: 35bf13f5effd802f57b9f3633115fed479e14f1e (diff)
4 files changed, 30 insertions, 3 deletions
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java b/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java
index b56d2a46..850cacc2 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/DigestMd5.java
@@ -17,7 +17,13 @@ public class DigestMd5 extends SaslMechanism {
 		super(tagWriter, account, rng);
 	}
 
-	public static String getMechanism() {
+	@Override
+	public int getPriority() {
+		return 10;
+	}
+
+	@Override
+	public String getMechanism() {
 		return "DIGEST-MD5";
 	}
 
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java b/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java
index f7e7ee8a..c7dedc5e 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/Plain.java
@@ -12,7 +12,13 @@ public class Plain extends SaslMechanism {
 		super(tagWriter, account, null);
 	}
 
-	public static String getMechanism() {
+	@Override
+	public int getPriority() {
+		return 0;
+	}
+
+	@Override
+	public String getMechanism() {
 		return "PLAIN";
 	}
 
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
index 7dd5e99c..14d8b944 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/SaslMechanism.java
@@ -44,6 +44,15 @@ public abstract class SaslMechanism {
 		this.rng = rng;
 	}
 
+	/**
+	 * The priority is used to pin the authentication mechanism. If authentication fails, it MAY be retried with another
+	 * mechanism of the same priority, but MUST NOT be tried with a mechanism of lower priority (to prevent downgrade
+	 * attacks).
+	 * @return An arbitrary int representing the priority
+	 */
+	public abstract int getPriority();
+
+	public abstract String getMechanism();
 	public String getClientFirstMessage() {
 		return "";
 	}
diff --git a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
index 2073de2d..f3589fa2 100644
--- a/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
+++ b/src/main/java/eu/siacs/conversations/crypto/sasl/ScramSha1.java
@@ -43,7 +43,13 @@ public class ScramSha1 extends SaslMechanism {
 		clientFirstMessageBare = "";
 	}
 
-	public static String getMechanism() {
+	@Override
+	public int getPriority() {
+		return 20;
+	}
+
+	@Override
+	public String getMechanism() {
 		return "SCRAM-SHA-1";
 	}
author	Sam Whited <sam@samwhited.com>	2014-11-15 09:42:40 -0500
committer	Sam Whited <sam@samwhited.com>	2014-11-15 10:01:08 -0500
commit	847877f9d2954130a73860118cb7b6fe073aafe8 (patch)
tree	4e177dd7cf9d2ec29cbd5a544736c4e4cba0411c /src/main/java/eu/siacs/conversations/crypto/sasl
parent	35bf13f5effd802f57b9f3633115fed479e14f1e (diff)