Class: Vines::Stream::SASL

Inherits:
Object
  • Object
show all
Includes:
Log
Defined in:
lib/vines/stream/sasl.rb

Overview

Provides plain (username/password) and external (TLS certificate) SASL authentication to client and server streams.

Constant Summary collapse

EMPTY = 
'='.freeze

Instance Method Summary collapse

Methods included from Log

#log, set_log_file

Constructor Details

#initialize(stream) ⇒ SASL

Returns a new instance of SASL.



11
12
13
 
# File 'lib/vines/stream/sasl.rb', line 11

def initialize(stream)
  @stream = stream
end

Instance Method Details

#external_auth(encoded) ⇒ Object

Authenticate server-to-server streams, comparing their domain to their SSL certificate.

http://xmpp.org/extensions/xep-0178.html#s2s

encoded - The Base64 encoded remote domain name String sent by the

server stream.

Returns true if the Base64 encoded domain matches the TLS certificate

presented earlier in stream negotiation.

Raises a SaslError if authentication failed.



27
28
29
30
31
32
33
34
35
 
# File 'lib/vines/stream/sasl.rb', line 27

def external_auth(encoded)
  unless encoded == EMPTY
    authzid = decode64(encoded)
    matches_from = (authzid == @stream.remote_domain)
    raise SaslErrors::InvalidAuthzid unless matches_from
  end
  matches_from = @stream.cert_domain_matches?(@stream.remote_domain)
  matches_from or raise SaslErrors::NotAuthorized
end

#plain_auth(encoded) ⇒ Object

Authenticate client-to-server streams using a username and password.

encoded - The Base64 encoded jid and password String sent by the

client stream.

Returns the authenticated User or raises SaslError if authentication failed.



43
44
45
46
47
 
# File 'lib/vines/stream/sasl.rb', line 43

def plain_auth(encoded)
  jid, password = decode_credentials(encoded)
  user = authenticate(jid, password)
  user or raise SaslErrors::NotAuthorized
end