module Net::IMAP::SASL::GS2Header
Originally defined for the GS2 mechanism family in RFC5801, several different mechanisms start with a GS2 header:
-
GS2-*
— RFC5801 -
SCRAM-*
— RFC5802 (ScramAuthenticator
) -
SAML20
— RFC6595 -
OPENID20
— RFC6616 -
OAUTH10A
— RFC7628 -
OAUTHBEARER
— RFC7628 (OAuthBearerAuthenticator
)
Classes that include this module must implement #authzid
.
Constants
- RFC5801_SASLNAME
Matches RFC5801 §4
saslname
. The output fromgs2_saslname_encode
matches this Regexp.
Public Instance Methods
The RFC5801 §4 gs2-authzid
header, when #authzid
is not empty.
If #authzid
is empty or nil
, an empty string is returned.
# File net-imap-0.4.4/lib/net/imap/sasl/gs2_header.rb, line 59 def gs2_authzid return "" if authzid.nil? || authzid == "" "a=#{gs2_saslname_encode(authzid)}" end
The RFC5801 §4 gs2-cb-flag
:
- “
n
” -
The client doesn’t support channel binding.
- “
y
” -
The client does support channel binding but thinks the server does not.
- “
p
” -
The client requires channel binding. The selected channel binding follows “
p=
”.
The default always returns “n
”. A mechanism that supports channel binding must override this method.
# File net-imap-0.4.4/lib/net/imap/sasl/gs2_header.rb, line 53 def gs2_cb_flag; "n" end
The RFC5801 §4 gs2-header
, which prefixes the initial_client_response.
Note: the actual GS2 header includes an optional flag to indicate that the GSS mechanism is not “standard”, but since all of the SASL mechanisms using GS2 are “standard”, we don’t include that flag. A class for a nonstandard GSSAPI mechanism should prefix with “
F,
”.
# File net-imap-0.4.4/lib/net/imap/sasl/gs2_header.rb, line 37 def gs2_header "#{gs2_cb_flag},#{gs2_authzid}," end
Encodes str
to match RFC5801_SASLNAME
.
# File net-imap-0.4.4/lib/net/imap/sasl/gs2_header.rb, line 67 def gs2_saslname_encode(str) str = str.encode("UTF-8") # Regexp#match raises "invalid byte sequence" for invalid UTF-8 NO_NULL_CHARS.match str or raise ArgumentError, "invalid saslname: %p" % [str] str .gsub(?=, "=3D") .gsub(?,, "=2C") end