Class: Vines::Stream::SASL
- Inherits:
-
Object
- Object
- Vines::Stream::SASL
- Includes:
- Log
- Defined in:
- lib/vines/stream/sasl.rb
Overview
Provides plain (username/password) and external (TLS certificate) SASL authentication to client and server streams.
Constant Summary collapse
- EMPTY =
'='.freeze
Instance Method Summary collapse
-
#external_auth(encoded) ⇒ Object
Authenticate server-to-server streams, comparing their domain to their SSL certificate.
-
#initialize(stream) ⇒ SASL
constructor
A new instance of SASL.
-
#plain_auth(encoded) ⇒ Object
Authenticate client-to-server streams using a username and password.
Methods included from Log
Constructor Details
#initialize(stream) ⇒ SASL
Returns a new instance of SASL.
11 12 13 |
# File 'lib/vines/stream/sasl.rb', line 11 def initialize(stream) @stream = stream end |
Instance Method Details
#external_auth(encoded) ⇒ Object
Authenticate server-to-server streams, comparing their domain to their SSL certificate.
http://xmpp.org/extensions/xep-0178.html#s2s
encoded - The Base64 encoded remote domain name String sent by the
server stream.
Returns true if the Base64 encoded domain matches the TLS certificate
presented earlier in stream negotiation.
Raises a SaslError if authentication failed.
27 28 29 30 31 32 33 34 35 |
# File 'lib/vines/stream/sasl.rb', line 27 def external_auth(encoded) unless encoded == EMPTY authzid = decode64(encoded) matches_from = (authzid == @stream.remote_domain) raise SaslErrors::InvalidAuthzid unless matches_from end matches_from = @stream.cert_domain_matches?(@stream.remote_domain) matches_from or raise SaslErrors::NotAuthorized end |
#plain_auth(encoded) ⇒ Object
Authenticate client-to-server streams using a username and password.
encoded - The Base64 encoded jid and password String sent by the
client stream.
Returns the authenticated User or raises SaslError if authentication failed.
43 44 45 46 47 |
# File 'lib/vines/stream/sasl.rb', line 43 def plain_auth(encoded) jid, password = decode_credentials(encoded) user = authenticate(jid, password) user or raise SaslErrors::NotAuthorized end |