Module: Net::IMAP::SASL::GS2Header

Relationships & Source Files
Extension / Inclusion / Inheritance Descendants
Included In: `OAuthAuthenticator`, `OAuthBearerAuthenticator`, `ScramAuthenticator`, `ScramSHA1Authenticator`, `ScramSHA256Authenticator`
Defined in:	lib/net/imap/sasl/gs2_header.rb

Overview

Originally defined for the GS2 mechanism family in RFC5801, several different mechanisms start with a GS2 header:

GS2-* — RFC5801
SCRAM-* — RFC5802 (ScramAuthenticator)
SAML20 — RFC6595
OPENID20 — RFC6616
OAUTH10A — RFC7628
OAUTHBEARER — RFC7628 (OAuthBearerAuthenticator)

Classes that include this module must implement #authzid.

Constant Summary

NO_NULL_CHARS = Internal use only
# File 'lib/net/imap/sasl/gs2_header.rb', line 21
```
/\A[^\x00]+\z/u.freeze
```
RFC5801_SASLNAME =

Matches RFC5801 §4 saslname. The output from gs2_saslname_encode matches this Regexp.

# File 'lib/net/imap/sasl/gs2_header.rb', line 26
```
/\A(?:[^,=\x00]|=2C|=3D)+\z/u.freeze
```

Class Method Summary

.gs2_saslname_encode(str) mod_func

Encodes str to match RFC5801_SASLNAME.

Instance Method Summary

#gs2_authzid

The RFC5801 §4 gs2-authzid header, when #authzid is not empty.
#gs2_cb_flag

The RFC5801 §4 gs2-cb-flag:
#gs2_header (also: #cbind_input)

The RFC5801 §4 gs2-header, which prefixes the #initial_client_response.

Class Method Details

.gs2_saslname_encode(str) (mod_func)

Encodes str to match RFC5801_SASLNAME.

[ GitHub ]

# File 'lib/net/imap/sasl/gs2_header.rb', line 67


def gs2_saslname_encode(str)
  str = str.encode("UTF-8")
  # Regexp#match raises "invalid byte sequence" for invalid UTF-8
  NO_NULL_CHARS.match str or
    raise ArgumentError, "invalid saslname: %p" % [str]
  str
    .gsub(?=, "=3D")
    .gsub(?,, "=2C")
end

Instance Method Details

#gs2_authzid

The RFC5801 §4 gs2-authzid header, when #authzid is not empty.

If #authzid is empty or nil, an empty string is returned.

[ GitHub ]

# File 'lib/net/imap/sasl/gs2_header.rb', line 59


def gs2_authzid
  return "" if authzid.nil? || authzid == ""
  "a=#{gs2_saslname_encode(authzid)}"
end

#gs2_cb_flag

The RFC5801 §4 gs2-cb-flag:

“n”: The client doesn’t support channel binding.
“y”: The client does support channel binding but thinks the server does not.
“p”: The client requires channel binding. The selected channel binding follows “p=”.

The default always returns “n”. A mechanism that supports channel binding must override this method.

[ GitHub ]

# File 'lib/net/imap/sasl/gs2_header.rb', line 53


def gs2_cb_flag; "n" end

#gs2_header Also known as: #cbind_input

The RFC5801 §4 gs2-header, which prefixes the #initial_client_response.

Note: the actual GS2 header includes an optional flag to indicate that the GSS mechanism is not “standard”, but since all of the SASL mechanisms using GS2 are “standard”, we don’t include that flag. A class for a nonstandard GSSAPI mechanism should prefix with “F,”.

[ GitHub ]

# File 'lib/net/imap/sasl/gs2_header.rb', line 37


def gs2_header
  "#{gs2_cb_flag},#{gs2_authzid},"
end