Class: ROM::LDAP::Directory::Password Abstract

Inherits:
Object
  • Object
show all
Defined in:
lib/rom/ldap/directory/password.rb

Overview

This class is abstract.

Encode and validate passwords using md5, sha or ssha.

Class Method Summary collapse

Class Method Details

._encode(type, encrypted) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Prepend type to encrypted string.

Returns:

  • (String)

    Prepend type to encrypted string.



72
73
74
 
# File 'lib/rom/ldap/directory/password.rb', line 72

def self._encode(type, encrypted)
  "{#{type.upcase}}" + Base64.strict_encode64(encrypted).chomp
end

.check_ssha(password, encrypted) ⇒ Boolean

Validate plain password against encrypted SSHA password.

Returns:

  • (Boolean) 


60
61
62
63
64
65
 
# File 'lib/rom/ldap/directory/password.rb', line 60

def self.check_ssha(password, encrypted)
  decoded = Base64.decode64(encrypted.gsub(/^{SSHA}/, EMPTY_STRING))
  # hash = decoded[0..20]
  salt = decoded[20..-1]
  _encode(:ssha, ssha(password, salt)) == encrypted
end

.check_ssha512(password, encrypted) ⇒ Object 



48
49
50
51
52
53
 
# File 'lib/rom/ldap/directory/password.rb', line 48

def self.check_ssha512(password, encrypted)
  decoded = Base64.decode64(encrypted.gsub(/^{SSHA512}/, EMPTY_STRING))
  # hash = decoded[0..64]
  salt = decoded[64..-1]
  _encode(:ssha512, ssha512(password, salt)) == encrypted
end

.generate(type, password, salt = secure_salt) ⇒ String

Generate an ecrypted password.

Examples:

Password.generate(:ssha, 'secret magic word')

Parameters:

  • type (Symbol)

    Encryption type. [:md5, :sha, :ssha].

  • password (String)

    Plain text password to be encrypted.

Returns:

  • (String)

Raises:



35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/rom/ldap/directory/password.rb', line 35

def self.generate(type, password, salt = secure_salt)
  raise PasswordError, 'No password supplied' if password.nil?

  case type
  when :md5    then _encode(type, md5(password))
  when :sha    then _encode(type, sha(password))
  when :ssha   then _encode(type, ssha(password, salt))
  when :ssha512 then _encode(type, ssha512(password, salt))
  else
    raise PasswordError, "Unsupported encryption type (#{type})"
  end
end

.md5(str) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns MD5 digest.

Parameters:

  • str (String)

Returns:

  • (String)

    MD5 digest.



88
89
90
 
# File 'lib/rom/ldap/directory/password.rb', line 88

def self.md5(str)
  Digest::MD5.digest(str)
end

.secure_saltObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Generate salt.



79
80
81
 
# File 'lib/rom/ldap/directory/password.rb', line 79

def self.secure_salt
  SecureRandom.random_bytes(16)
end

.sha(str) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns SHA1 digest without salt.

Parameters:

  • str (String)

Returns:

  • (String)

    SHA1 digest without salt.



107
108
109
 
# File 'lib/rom/ldap/directory/password.rb', line 107

def self.sha(str)
  Digest::SHA1.digest(str)
end

.ssha(str, salt) ⇒ String

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns SHA1 digest with salt.

Parameters:

  • str (String)
  • salt (String)

Returns:

  • (String)

    SHA1 digest with salt.



98
99
100
 
# File 'lib/rom/ldap/directory/password.rb', line 98

def self.ssha(str, salt)
  Digest::SHA1.digest(str + salt) + salt
end

.ssha512(str, salt) ⇒ Object

“SSHA512A1lCCGYzUEJ5/qQCrFUAztLVaTaWv959RnpzaOsWB9Ij4CBCeNh6i4XrZzrvwUMM/AWbEb8Gjc7FWOBSPnkRuHsexjzeQImm” initial



114
115
116
 
# File 'lib/rom/ldap/directory/password.rb', line 114

def self.ssha512(str, salt)
  Digest::SHA512.digest(str + salt) + salt
end