Module: Net::IMAP::SASL::GS2Header

Included in:

OAuthAuthenticator, ScramAuthenticator

Defined in:

lib/net/imap/sasl/gs2_header.rb

Overview

Originally defined for the GS2 mechanism family in RFC5801, several different mechanisms start with a GS2 header:

• GS2-* — RFC5801

• SCRAM-* — RFC5802 (ScramAuthenticator)

• SAML20 — RFC6595

• OPENID20 — RFC6616

• OAUTH10A — RFC7628

• OAUTHBEARER — RFC7628 (OAuthBearerAuthenticator)

Classes that include this module must implement #authzid.

Constant Summary

NO_NULL_CHARS =

:nodoc:

/\A[^\x00]+\z/u.freeze

RFC5801_SASLNAME =

Matches RFC5801 §4 saslname. The output from gs2_saslname_encode matches this Regexp.

/\A(?:[^,=\x00]|=2C|=3D)+\z/u.freeze

Class Method Summary

• .gs2_saslname_encode(str) ⇒ Object

  Encodes str to match RFC5801_SASLNAME.

Instance Method Summary

• #gs2_authzid ⇒ Object

  The RFC5801 §4 gs2-authzid header, when #authzid is not empty.

• #gs2_cb_flag ⇒ Object

  The RFC5801 §4 gs2-cb-flag:.

• #gs2_header ⇒ Object

  The RFC5801 §4 gs2-header, which prefixes the #initial_client_response.

Class Method Details

.gs2_saslname_encode(str) ⇒ Object

Encodes str to match RFC5801_SASLNAME.

# File 'lib/net/imap/sasl/gs2_header.rb', line 67

def gs2_saslname_encode(str)
  str = str.encode("UTF-8")
  # Regexp#match raises "invalid byte sequence" for invalid UTF-8
  NO_NULL_CHARS.match str or
    raise ArgumentError, "invalid saslname: %p" % [str]
  str
    .gsub(?=, "=3D")
    .gsub(?,, "=2C")
end

Instance Method Details

#gs2_authzid ⇒ Object

The RFC5801 §4 gs2-authzid header, when #authzid is not empty.

If #authzid is empty or nil, an empty string is returned.

# File 'lib/net/imap/sasl/gs2_header.rb', line 59

def gs2_authzid
  return "" if authzid.nil? || authzid == ""
  "a=#{gs2_saslname_encode(authzid)}"
end

#gs2_cb_flag ⇒ Object

The RFC5801 §4 gs2-cb-flag:

“n”

The client doesn’t support channel binding.

“y”

The client does support channel binding but thinks the server does not.

“p”

The client requires channel binding. The selected channel binding follows “p=”.

The default always returns “n”. A mechanism that supports channel binding must override this method.

# File 'lib/net/imap/sasl/gs2_header.rb', line 53

def gs2_cb_flag; "n" end

#gs2_header ⇒ Object

The RFC5801 §4 gs2-header, which prefixes the #initial_client_response.

Note: the actual GS2 header includes an optional flag to indicate that the GSS mechanism is not “standard”, but since all of the SASL mechanisms using GS2 are “standard”, we don’t include that flag. A class for a nonstandard GSSAPI mechanism should prefix with “F,”.

# File 'lib/net/imap/sasl/gs2_header.rb', line 37

def gs2_header
  "#{gs2_cb_flag},#{gs2_authzid},"
end