# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1659488657 -7200
# Node ID e60c776b776093a4d34b2db32375c558a8de7f17
# Parent  628896d39d8e14867dc4e069a5eb02b8903ebc0f
util.sasl.scram: Refactor channel binding

This will ease support for new channel binding methods.

diff -r 628896d39d8e -r e60c776b7760 util/sasl/scram.lua
--- a/util/sasl/scram.lua	Wed Aug 03 02:59:09 2022 +0200
+++ b/util/sasl/scram.lua	Wed Aug 03 03:04:17 2022 +0200
@@ -35,16 +35,25 @@
 	return (gsub(str, "[,=]", { [","] = "=2C", ["="] = "=3D" }));
 end
 
+local function cb(conn)
+	if conn:ssl() then
+		if sock.getfinished then
+			return "p=tls-unique", sock:getfinished();
+		end
+	end
+end
+
 local function scram(stream, name)
 	local username = "n=" .. value_safe(stream.username);
 	local c_nonce = base64(random.bytes(15));
 	local our_nonce = "r=" .. c_nonce;
 	local client_first_message_bare = username .. "," .. our_nonce;
 	local cbind_data = "";
-	local gs2_cbind_flag = stream.conn:ssl() and "y" or "n";
+	local gs2_cbind_flag = "n";
 	if name == "SCRAM-SHA-1-PLUS" then
-		cbind_data = stream.conn:socket():getfinished();
-		gs2_cbind_flag = "p=tls-unique";
+		gs2_cbind_flag, cbind_data = cb(stream.conn);
+	elseif cb(stream.conn) then
+		gs2_cbind_flag = "y";
 	end
 	local gs2_header = gs2_cbind_flag .. ",,";
 	local client_first_message = gs2_header .. client_first_message_bare;
@@ -107,8 +116,7 @@
 		if name == "SCRAM-SHA-1" then
 			return scram, 99;
 		elseif name == "SCRAM-SHA-1-PLUS" then
-			local sock = stream.conn:ssl() and stream.conn:socket();
-			if sock and sock.getfinished then
+			if cb(stream.conn) then
 				return scram, 100;
 			end
 		end