123456789_123456789_123456789_123456789_123456789_

Class: Net::IMAP::SASL::CramMD5Authenticator

Relationships & Source Files
Inherits: Object
Defined in: lib/net/imap/sasl/cram_md5_authenticator.rb

Overview

Authenticator for the “CRAM-MD5::Net::IMAP::SASL mechanism, specified in RFC2195. See Net::IMAP#authenticate.

Deprecated

CRAM-MD5 is obsolete and insecure. It is included for compatibility with existing servers. draft-ietf-sasl-crammd5-to-historic recommends using SCRAM-* or PLAIN protected by TLS instead.

Additionally, RFC8314 discourage the use of cleartext and recommends TLS version 1.2 or greater be used for all traffic. With TLS CRAM-MD5 is okay, but so is PLAIN

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Constructor Details

.new(user = nil, pass = nil, authcid: nil, username: nil, password: nil, secret: nil, warn_deprecation: true) ⇒ CramMD5Authenticator

[ GitHub ] 

  


# File 'lib/net/imap/sasl/cram_md5_authenticator.rb', line 17



def initialize(user = nil, pass = nil,
               authcid: nil, username: nil,
               password: nil, secret: nil,
               warn_deprecation: true,
               **)
  if warn_deprecation
    warn "WARNING: CRAM-MD5 mechanism is deprecated." # TODO: recommend SCRAM
  end
  require "digest/md5"
  @user = authcid || username || user
  @password = password || secret || pass
  @done = false
end


  







Instance Attribute Details



  

    #done?Boolean  (readonly)
  

  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/cram_md5_authenticator.rb', line 40



def done?; @done end


  








  

    #initial_response?Boolean  (readonly)
  

  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/cram_md5_authenticator.rb', line 31



def initial_response?; false end


  







Instance Method Details



  

    #hmac_md5(text, key)   (private)
  

  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/cram_md5_authenticator.rb', line 44



def hmac_md5(text, key)
  if key.length > 64
    key = Digest::MD5.digest(key)
  end

  k_ipad = key + "\0" * (64 - key.length)
  k_opad = key + "\0" * (64 - key.length)
  for i in 0..63
    k_ipad[i] = (k_ipad[i].ord ^ 0x36).chr
    k_opad[i] = (k_opad[i].ord ^ 0x5c).chr
  end

  digest = Digest::MD5.digest(k_ipad + text)

  return Digest::MD5.hexdigest(k_opad + digest)
end


  








  

    #process(challenge)  
  

  [ GitHub ]


  

  


# File 'lib/net/imap/sasl/cram_md5_authenticator.rb', line 33



def process(challenge)
  digest = hmac_md5(challenge, @password)
  return @user + " " + digest
ensure
  @done = true
end