class Net::SASL::CramMD5Authenticator

Authenticator for the “CRAM-MD5SASL mechanism, specified in RFC2195.

Deprecated

CRAM-MD5 is obsolete. It is included for compatibility with existing servers. draft-ietf-sasl-crammd5-to-historic recommends using SCRAM-* or PLAIN protected by TLS instead.

Attributes

done[R]
done?[R]
password[R]
username[R]

Public Class Methods

new(username, password, **_options) click to toggle source

Provide the username and password credentials for authentication.

CRAM-MD5 doesn't support authzid, and an ArgumentError will be raised if a third positional parameter is passed.

This should generally be instantiated via Net::SASL.authenticator.

Calls superclass method Net::SASL::Authenticator::new
# File lib/net/sasl/cram_md5_authenticator.rb, line 31
def initialize(username, password, **_options)
  super
  @username = username
  @password = password
  @done = false
end

Public Instance Methods

process(challenge) click to toggle source

responds to the server's challenge using the HMAC-MD5 algorithm.

# File lib/net/sasl/cram_md5_authenticator.rb, line 39
def process(challenge)
  digest = hmac_md5(challenge, password)
  "#{username} #{digest}"
end

Private Instance Methods

hmac_md5(text, key) click to toggle source

rubocop:disable Metrics/AbcSize, Metrics/MethodLength

# File lib/net/sasl/cram_md5_authenticator.rb, line 48
def hmac_md5(text, key)
  if key.length > 64
    key = Digest::MD5.digest(key)
  end

  k_ipad = key + "\0" * (64 - key.length)
  k_opad = key + "\0" * (64 - key.length)
  (0..63).each do |i|
    k_ipad[i] = (k_ipad[i].ord ^ 0x36).chr
    k_opad[i] = (k_opad[i].ord ^ 0x5c).chr
  end

  digest = Digest::MD5.digest(k_ipad + text)

  Digest::MD5.hexdigest(k_opad + digest)
end