class ROM::LDAP::Directory::Password
@abstract
Encode and validate passwords using md5, sha or ssha.
@api public
Public Class Methods
check_ssha(password, encrypted)
click to toggle source
Validate plain password against encrypted SSHA password.
@return [Boolean]
@api public
# File lib/rom/ldap/directory/password.rb, line 60 def self.check_ssha(password, encrypted) decoded = Base64.decode64(encrypted.gsub(/^{SSHA}/, EMPTY_STRING)) # hash = decoded[0..20] salt = decoded[20..-1] _encode(:ssha, ssha(password, salt)) == encrypted end
check_ssha512(password, encrypted)
click to toggle source
# File lib/rom/ldap/directory/password.rb, line 48 def self.check_ssha512(password, encrypted) decoded = Base64.decode64(encrypted.gsub(/^{SSHA512}/, EMPTY_STRING)) # hash = decoded[0..64] salt = decoded[64..-1] _encode(:ssha512, ssha512(password, salt)) == encrypted end
generate(type, password, salt = secure_salt)
click to toggle source
Generate an ecrypted password.
@example
Password.generate(:ssha, 'secret magic word')
@param type [Symbol] Encryption type. [:md5, :sha, :ssha]. @param password [String] Plain text password to be encrypted.
@return [String]
@raise [PasswordError]
@api public
# File lib/rom/ldap/directory/password.rb, line 35 def self.generate(type, password, salt = secure_salt) raise PasswordError, 'No password supplied' if password.nil? case type when :md5 then _encode(type, md5(password)) when :sha then _encode(type, sha(password)) when :ssha then _encode(type, ssha(password, salt)) when :ssha512 then _encode(type, ssha512(password, salt)) else raise PasswordError, "Unsupported encryption type (#{type})" end end
Private Class Methods
_encode(type, encrypted)
click to toggle source
@return [String] Prepend type to encrypted string.
@api private
# File lib/rom/ldap/directory/password.rb, line 72 def self._encode(type, encrypted) "{#{type.upcase}}" + Base64.strict_encode64(encrypted).chomp end
md5(str)
click to toggle source
@param str [String]
@return [String] MD5 digest.
@api private
# File lib/rom/ldap/directory/password.rb, line 88 def self.md5(str) Digest::MD5.digest(str) end
secure_salt()
click to toggle source
Generate salt.
@api private
# File lib/rom/ldap/directory/password.rb, line 79 def self.secure_salt SecureRandom.random_bytes(16) end
sha(str)
click to toggle source
@param str [String]
@return [String] SHA1 digest without salt.
@api private
# File lib/rom/ldap/directory/password.rb, line 107 def self.sha(str) Digest::SHA1.digest(str) end
ssha(str, salt)
click to toggle source
@param str [String] @param salt [String]
@return [String] SHA1 digest with salt.
@api private
# File lib/rom/ldap/directory/password.rb, line 98 def self.ssha(str, salt) Digest::SHA1.digest(str + salt) + salt end
ssha512(str, salt)
click to toggle source
“{SSHA512}A1lCCGYzUEJ5/qQCrFUAztLVaTaWv959RnpzaOsWB9Ij4CBCeNh6i4XrZzrvwUMM/AWbEb8Gjc7FWOBSPnkRuHsexjzeQImm” initial
# File lib/rom/ldap/directory/password.rb, line 114 def self.ssha512(str, salt) Digest::SHA512.digest(str + salt) + salt end