Class: SASL::DigestMD5

Inherits:
Mechanism show all
Defined in:
lib/sasl/digest_md5.rb

Overview

RFC 2831: tools.ietf.org/html/rfc2831

Instance Attribute Summary collapse

Attributes inherited from Mechanism

#mechanism, #preferences

Instance Method Summary collapse

Methods inherited from Mechanism

#failure?, #success?

Constructor Details

#initialize(*a) ⇒ DigestMD5

Returns a new instance of DigestMD5.



21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/sasl/digest_md5.rb', line 21

def initialize(*a)
  super
  @nonce_count = 0
  preferences.config[:secure_layer]=false if preferences.config[:secure_layer]==nil
  preferences.config[:confidentiality]=preferences.config[:secure_layer] if preferences.config[:confidentiality]==nil
  preferences.config[:cipher]="rc4" if preferences.config[:confidentiality] and not preferences.config[:cipher]

  if preferences.secure_layer and not HasOpenSSL
    raise ":secure_layer in #{self.class} depends on Openssl"
  end
end

Instance Attribute Details

#cnonce=(value) ⇒ Object (writeonly)

Sets the attribute cnonce

Parameters:

  • value

    the value to set the attribute cnonce to.



19
20
21
 
# File 'lib/sasl/digest_md5.rb', line 19

def cnonce=(value)
  @cnonce = value
end

Instance Method Details

#receive(message_name, content) ⇒ Object 



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'lib/sasl/digest_md5.rb', line 43

def receive(message_name, content)
  case message_name
  when 'challenge'
    c = decode_challenge(content)

    unless c['rspauth']
      response = {}
      if defined?(@nonce) && response['nonce'].nil?
        # Could be reauth
      else
        # No reauth:
        @nonce_count = 0
      end
      @nonce ||= c['nonce']
      response['username'] = preferences.username
      response['realm'] = c['realm'] || preferences.realm
      response['nonce'] = @nonce
      @cnonce = generate_nonce unless defined? @cnonce
      response['cnonce'] = @cnonce
      @nc = next_nc
      response['nc'] = @nc
      @qop="auth"
      if c['qop']
        c_qop = c['qop'].split(",")
      else
        c_qop = []
      end
      if preferences.secure_layer and preferences.confidentiality and c_qop.include?("auth-conf")
        response['qop'] = "auth-conf"
        response['cipher'] = preferences.config[:cipher]
      elsif preferences.secure_layer and not preferences.confidentiality and c_qop.include?("auth-int")
        response['qop'] = "auth-int"
      else
        response['qop'] = 'auth'
      end
      @cipher=response['cipher']
      @qop=response['qop']
      response['digest-uri'] = preferences.digest_uri
      response['charset'] = 'utf-8'
      @algorithm = c['algorithm'] || "md5"
      response['response'] = response_value(@algorithm, response['nonce'], response['nc'], response['cnonce'], response['qop'], response['realm'])
      result=['response', encode_response(response)]
    else
      rspauth_expected = response_value(@algorithm, @nonce, @nc, @cnonce, @qop, '')
      #p :rspauth_received=>c['rspauth'], :rspauth_expected=>rspauth_expected
      if c['rspauth'] == rspauth_expected
        result=['response', nil]
      else
        # Bogus server?
        @state = :failure
        result=['failure', nil]
      end
    end
  when 'success'
     result=super
     if preferences.secure_layer 
        securelayer_wrapper = proc {|io| DigestMD5SecureLayer.new(io, @ha1, @qop=="auth-conf",  @cipher) }
        result=['securelayer_wrapper', securelayer_wrapper]
     end      
  else
    # No challenge? Might be success or failure
    result=super
  end
  result
end

#startObject 



33
34
35
36
37
38
39
40
41
 
# File 'lib/sasl/digest_md5.rb', line 33

def start
  @state = nil
  unless defined? @nonce
    ['auth', nil]
  else
    # reauthentication
    receive('challenge', '')
  end
end