net-imap 0.3.4 → 0.4.1

data/net-imap.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.summary       = %q{Ruby client api for Internet Message Access Protocol}
   spec.description   = %q{Ruby client api for Internet Message Access Protocol}
   spec.homepage      = "https://github.com/ruby/net-imap"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.6.0")
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.7.3")
   spec.licenses       = ["Ruby", "BSD-2-Clause"]
 
   spec.metadata["homepage_uri"] = spec.homepage
@@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
-    `git ls-files -z 2>/dev/null`.split("\x0").reject { |f| f.match(%r{^(bin|test|spec|features)/}) }
+    `git ls-files -z 2>/dev/null`.split("\x0").reject { |f| f.match(%r{^(bin|test|spec|features|rfcs)/}) }
   end
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }

data/rakelib/saslprep.rake

@@ -10,17 +10,17 @@ end
 
 directory "lib/net/imap/sasl"
 
-file "lib/net/imap/sasl/stringprep_tables.rb" => generator.rb_deps do |t|
+file "lib/net/imap/stringprep/tables.rb" => generator.rb_deps do |t|
   File.write t.name, generator.stringprep_rb
 end
 
-file "lib/net/imap/sasl/saslprep_tables.rb" => generator.rb_deps do |t|
+file "lib/net/imap/stringprep/saslprep_tables.rb" => generator.rb_deps do |t|
   File.write t.name, generator.saslprep_rb
 end
 
 GENERATED_RUBY = FileList.new(
-  "lib/net/imap/sasl/stringprep_tables.rb",
-  "lib/net/imap/sasl/saslprep_tables.rb",
+  "lib/net/imap/stringprep/tables.rb",
+  "lib/net/imap/stringprep/saslprep_tables.rb",
 )
 
 CLEAN.include   generator.clean_deps

data/rakelib/string_prep_tables_generator.rb

@@ -62,9 +62,9 @@ class StringPrepTablesGenerator
       # This file is generated from RFC3454, by rake.  Don't edit directly.
       #++
 
-      module Net::IMAP::SASL
+      module Net::IMAP::StringPrep
 
-        module StringPrep
+        module Tables
 
           #{asgn_table "A.1"}
 
@@ -74,6 +74,12 @@ class StringPrepTablesGenerator
 
           #{asgn_table "B.3"}
 
+          #{asgn_mapping "B.1", ""}
+
+          #{asgn_mapping "B.2"}
+
+          #{asgn_mapping "B.3"}
+
           #{asgn_table "C.1.1"}
 
           #{asgn_table "C.1.2"}
@@ -105,14 +111,16 @@ class StringPrepTablesGenerator
 
           BIDI_DESC_REQ2 = "A string with RandALCat characters must not contain LCat characters."
 
-          # Bidirectional Characters [StringPrep, §6], Requirement 2::
+          # Bidirectional Characters [StringPrep, §6], Requirement 2
+          # >>>
           #   If a string contains any RandALCat character, the string MUST NOT
           #   contain any LCat character.
           BIDI_FAILS_REQ2 = #{bidi_fails_req2.inspect}.freeze
 
           BIDI_DESC_REQ3 = "A string with RandALCat characters must start and end with RandALCat characters."
 
-          # Bidirectional Characters [StringPrep, §6], Requirement 3::
+          # Bidirectional Characters [StringPrep, §6], Requirement 3
+          # >>>
           #   If a string contains any RandALCat character, a RandALCat
           #   character MUST be the first character of the string, and a
           #   RandALCat character MUST be the last character of the string.
@@ -122,15 +130,21 @@ class StringPrepTablesGenerator
           BIDI_FAILURE = #{bidi_failure_regexp.inspect}.freeze
 
           # Names of each codepoint table in the RFC-3454 appendices
-          TABLE_TITLES = {
+          TITLES = {
             #{table_titles_rb}
           }.freeze
 
           # Regexps matching each codepoint table in the RFC-3454 appendices
-          TABLE_REGEXPS = {
+          REGEXPS = {
             #{table_regexps_rb}
           }.freeze
 
+          MAPPINGS = {
+            "B.1" => [IN_B_1, MAP_B_1].freeze,
+            "B.2" => [IN_B_2, MAP_B_2].freeze,
+            "B.3" => [IN_B_3, MAP_B_3].freeze,
+          }.freeze
+
         end
       end
     RUBY
@@ -157,27 +171,30 @@ class StringPrepTablesGenerator
       # This file is generated from RFC3454, by rake.  Don't edit directly.
       #++
 
-      module Net::IMAP::SASL
+      module Net::IMAP::StringPrep
 
         module SASLprep
 
           # RFC4013 §2.1 Mapping - mapped to space
-          # * non-ASCII space characters (\\StringPrep\\[\\"C.1.2\\"]) that can be
-          #   mapped to SPACE (U+0020), and
+          # >>>
+          #   non-ASCII space characters (\\StringPrep\\[\\"C.1.2\\"]) that can
+          #   be mapped to SPACE (U+0020)
           #
           # Equal to \\StringPrep\\[\\"C.1.2\\"].
-          # Redefined here to avoid loading the StringPrep module.
+          # Redefined here to avoid loading StringPrep::Tables unless necessary.
           MAP_TO_SPACE = #{regex_str "C.1.2"}
 
           # RFC4013 §2.1 Mapping - mapped to nothing
-          #   the "commonly mapped to nothing" characters (\\StringPrep\\[\\"B.1\\"])
-          #   that can be mapped to nothing.
+          # >>>
+          #   the "commonly mapped to nothing" characters
+          #   (\\StringPrep\\[\\"B.1\\"]) that can be mapped to nothing.
           #
           # Equal to \\StringPrep\\[\\"B.1\\"].
-          # Redefined here to avoid loading the StringPrep module.
+          # Redefined here to avoid loading StringPrep::Tables unless necessary.
           MAP_TO_NOTHING = #{regex_str "B.1"}
 
-          # RFC4013 §2.3 Prohibited Output::
+          # RFC4013 §2.3 Prohibited Output
+          # >>>
           # * Non-ASCII space characters — \\StringPrep\\[\\"C.1.2\\"]
           # * ASCII control characters — \\StringPrep\\[\\"C.2.1\\"]
           # * Non-ASCII control characters — \\StringPrep\\[\\"C.2.2\\"]
@@ -192,45 +209,52 @@ class StringPrepTablesGenerator
 
           # Adds unassigned (by Unicode 3.2) codepoints to TABLES_PROHIBITED.
           #
-          # RFC4013 §2.5 Unassigned Code Points::
-          #   This profile specifies the \\StringPrep\\[\\"A.1\\"] table as its list of
-          #   unassigned code points.
+          # RFC4013 §2.5 Unassigned Code Points
+          # >>>
+          #   This profile specifies the \\StringPrep\\[\\"A.1\\"] table as its
+          #   list of unassigned code points.
           TABLES_PROHIBITED_STORED = ["A.1", *TABLES_PROHIBITED].freeze
 
-          # Matches codepoints prohibited by RFC4013 §2.3.
+          # A Regexp matching codepoints prohibited by RFC4013 §2.3.
           #
-          # See TABLES_PROHIBITED.
-          #
-          # Equal to +Regexp.union+ of the TABLES_PROHIBITED tables.  Redefined
-          # here to avoid loading the StringPrep module unless necessary.
+          # This combines all of the TABLES_PROHIBITED tables.
           PROHIBITED_OUTPUT = #{regex_str(*SASL_TABLES_PROHIBITED)}
 
-          # RFC4013 §2.5 Unassigned Code Points::
-          #   This profile specifies the \\StringPrep\\[\\"A.1\\"] table as its list of
-          #   unassigned code points.
+          # RFC4013 §2.5 Unassigned Code Points
+          # >>>
+          #   This profile specifies the \\StringPrep\\[\\"A.1\\"] table as its
+          #   list of unassigned code points.
+          #
+          # Equal to \\StringPrep\\[\\"A.1\\"].
+          # Redefined here to avoid loading StringPrep::Tables unless necessary.
           UNASSIGNED = #{regex_str "A.1"}
 
-          # Matches codepoints prohibited by RFC4013 §2.3 and §2.5.
+          # A Regexp matching codepoints prohibited by RFC4013 §2.3 and §2.5.
           #
-          # See TABLES_PROHIBITED_STORED.
+          # This combines PROHIBITED_OUTPUT and UNASSIGNED.
           PROHIBITED_OUTPUT_STORED = Regexp.union(
             UNASSIGNED, PROHIBITED_OUTPUT
           ).freeze
 
           # Bidirectional Characters [StringPrep, §6]
+          #
+          # A Regexp for strings that don't satisfy StringPrep's Bidirectional
+          # Characters rules.
+          #
+          # Equal to StringPrep::Tables::BIDI_FAILURE.
+          # Redefined here to avoid loading StringPrep::Tables unless necessary.
           BIDI_FAILURE = #{bidi_failure_regexp.inspect}.freeze
 
-          # Matches strings prohibited by RFC4013 §2.3 and §2.4.
+          # A Regexp matching strings prohibited by RFC4013 §2.3 and §2.4.
           #
-          # This checks prohibited output and bidirectional characters.
+          # This combines PROHIBITED_OUTPUT and BIDI_FAILURE.
           PROHIBITED = Regexp.union(
             PROHIBITED_OUTPUT, BIDI_FAILURE,
           )
 
-          # Matches strings prohibited by RFC4013 §2.3, §2.4, and §2.5.
+          # A Regexp matching strings prohibited by RFC4013 §2.3, §2.4, and §2.5.
           #
-          # This checks prohibited output, bidirectional characters, and
-          # unassigned codepoints.
+          # This combines PROHIBITED_OUTPUT_STORED and BIDI_FAILURE.
           PROHIBITED_STORED = Regexp.union(
             PROHIBITED_OUTPUT_STORED, BIDI_FAILURE,
           )
@@ -284,6 +308,15 @@ class StringPrepTablesGenerator
       .map{|s,e| s..(e || s)}
   end
 
+  # TODO: DRY with unicode_normalize
+  def to_map(table)
+    table = table.to_hash
+      .transform_keys { Integer _1, 16 }
+      .transform_keys { [_1].pack("U*") }
+      .transform_values {|cps| cps.map { Integer _1, 16 } }
+      .transform_values { _1.pack("U*") }
+  end
+
   # Starting from a codepoints array (rather than ranges) to deduplicate merged
   # tables.
   def to_regexp(codepoints, negate: false)
@@ -352,6 +385,13 @@ class StringPrepTablesGenerator
     asgn_regex(name, regexp_for(name, negate: negate), negate: negate)
   end
 
+  def asgn_mapping(name, replacement = to_map(tables[name]))
+    cname = name.tr(?., ?_).upcase
+    "# Replacements for %s\n%s%s = %p.freeze" % [
+      "IN_#{name}", "  " * 2, "MAP_#{cname}", replacement,
+    ]
+  end
+
   def regexp_const_desc(name, negate: false)
     if negate then "Matches the negation of the %s table" % [name]
     else %q{%s \\StringPrep\\[\\"%s\\"]} % [titles.fetch(name), name]
@@ -376,40 +416,22 @@ class StringPrepTablesGenerator
   def bidi_L        ; regexp_for "D.2" end
 
   def bidi_fails_req2
-    / # RandALCat followed by LCat
-      (?<r_and_al_cat>#{bidi_R_AL.source})
-        .*?
-        (?<l_cat>#{bidi_L.source})
-      | # RandALCat preceded by LCat
-        \g<l_cat> .*? \g<r_and_al_cat>
-    /mux
+    Regexp.union(
+      /#{bidi_R_AL}.*?#{bidi_L}/mu, # RandALCat followed by LCat
+      /#{bidi_L}.*?#{bidi_R_AL}/mu, # RandALCat preceded by LCat
+    )
   end
 
   def bidi_fails_req3
-    / # contains RandALCat but doesn't start with RandALCat
-      \A(?<not_r_nor_al>#{bidi_not_R_AL})
-        .*?
-        (?<r_and_al_cat>#{bidi_R_AL})
-      | # contains RandALCat but doesn't end with RandALCat
-        \g<r_and_al_cat> .*? \g<not_r_nor_al>\z
-    /mux
+    # contains RandALCat:
+    Regexp.union(
+      /\A#{bidi_not_R_AL}.*?#{bidi_R_AL}/mu, # but doesn't start with RandALCat
+      /#{bidi_R_AL}.*?#{bidi_not_R_AL}\z/mu, # but doesn't end   with RandALCat
+    )
   end
 
-  # shares the bidi_R_AL definition between both req2 and req3
   def bidi_failure_regexp
-    req3_with_backref = bidi_fails_req3.source
-      .gsub(%r{\(\?\<r_and_al_cat\>\(.*?\)\)}, "\g<r_and_al_cat>")
-      .then{|re|"(?mx-i:#{re})"}
-    /#{bidi_fails_req2} | #{req3_with_backref}/mux
-  end
-
-  def bidi_consts
-    <<~RUBY
-      #############
-          # Bidirectional checks.
-          #
-
-    RUBY
+    Regexp.union(bidi_fails_req2, bidi_fails_req3)
   end
 
   SASL_TABLES_PROHIBITED = %w[

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-imap
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.4.1
 platform: ruby
 authors:
 - Shugo Maeda
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-12-23 00:00:00.000000000 Z
+date: 2023-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-protocol
@@ -76,33 +76,52 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
+- ".github/workflows/pages.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
+- benchmarks/generate_parser_benchmarks
+- benchmarks/parser.yml
 - benchmarks/stringprep.yml
 - benchmarks/table-regexps.yml
 - docs/styles.css
 - lib/net/imap.rb
 - lib/net/imap/authenticators.rb
-- lib/net/imap/authenticators/cram_md5.rb
-- lib/net/imap/authenticators/digest_md5.rb
-- lib/net/imap/authenticators/login.rb
-- lib/net/imap/authenticators/plain.rb
-- lib/net/imap/authenticators/xoauth2.rb
 - lib/net/imap/command_data.rb
 - lib/net/imap/data_encoding.rb
+- lib/net/imap/deprecated_client_options.rb
 - lib/net/imap/errors.rb
 - lib/net/imap/flags.rb
 - lib/net/imap/response_data.rb
 - lib/net/imap/response_parser.rb
+- lib/net/imap/response_parser/parser_utils.rb
 - lib/net/imap/sasl.rb
-- lib/net/imap/sasl/saslprep.rb
-- lib/net/imap/sasl/saslprep_tables.rb
+- lib/net/imap/sasl/anonymous_authenticator.rb
+- lib/net/imap/sasl/authentication_exchange.rb
+- lib/net/imap/sasl/authenticators.rb
+- lib/net/imap/sasl/client_adapter.rb
+- lib/net/imap/sasl/cram_md5_authenticator.rb
+- lib/net/imap/sasl/digest_md5_authenticator.rb
+- lib/net/imap/sasl/external_authenticator.rb
+- lib/net/imap/sasl/gs2_header.rb
+- lib/net/imap/sasl/login_authenticator.rb
+- lib/net/imap/sasl/oauthbearer_authenticator.rb
+- lib/net/imap/sasl/plain_authenticator.rb
+- lib/net/imap/sasl/protocol_adapters.rb
+- lib/net/imap/sasl/scram_algorithm.rb
+- lib/net/imap/sasl/scram_authenticator.rb
 - lib/net/imap/sasl/stringprep.rb
-- lib/net/imap/sasl/stringprep_tables.rb
+- lib/net/imap/sasl/xoauth2_authenticator.rb
+- lib/net/imap/sasl_adapter.rb
+- lib/net/imap/stringprep.rb
+- lib/net/imap/stringprep/nameprep.rb
+- lib/net/imap/stringprep/saslprep.rb
+- lib/net/imap/stringprep/saslprep_tables.rb
+- lib/net/imap/stringprep/tables.rb
+- lib/net/imap/stringprep/trace.rb
 - net-imap.gemspec
 - rakelib/rdoc.rake
 - rakelib/rfcs.rake
@@ -123,14 +142,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 2.7.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.0.dev
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Ruby client api for Internet Message Access Protocol

data/lib/net/imap/authenticators/digest_md5.rb

@@ -1,115 +0,0 @@
-# frozen_string_literal: true
-
-# Net::IMAP authenticator for the "`DIGEST-MD5`" SASL mechanism type, specified
-# in RFC2831(https://tools.ietf.org/html/rfc2831).  See Net::IMAP#authenticate.
-#
-# == Deprecated
-#
-# "+DIGEST-MD5+" has been deprecated by
-# {RFC6331}[https://tools.ietf.org/html/rfc6331] and should not be relied on for
-# security.  It is included for compatibility with existing servers.
-class Net::IMAP::DigestMD5Authenticator
-  def process(challenge)
-    case @stage
-    when STAGE_ONE
-      @stage = STAGE_TWO
-      sparams = {}
-      c = StringScanner.new(challenge)
-      while c.scan(/(?:\s*,)?\s*(\w+)=("(?:[^\\"]+|\\.)*"|[^,]+)\s*/)
-        k, v = c[1], c[2]
-        if v =~ /^"(.*)"$/
-          v = $1
-          if v =~ /,/
-            v = v.split(',')
-          end
-        end
-        sparams[k] = v
-      end
-
-      raise Net::IMAP::DataFormatError, "Bad Challenge: '#{challenge}'" unless c.eos?
-      raise Net::IMAP::Error, "Server does not support auth (qop = #{sparams['qop'].join(',')})" unless sparams['qop'].include?("auth")
-
-      response = {
-        :nonce => sparams['nonce'],
-        :username => @user,
-        :realm => sparams['realm'],
-        :cnonce => Digest::MD5.hexdigest("%.15f:%.15f:%d" % [Time.now.to_f, rand, Process.pid.to_s]),
-        :'digest-uri' => 'imap/' + sparams['realm'],
-        :qop => 'auth',
-        :maxbuf => 65535,
-        :nc => "%08d" % nc(sparams['nonce']),
-        :charset => sparams['charset'],
-      }
-
-      response[:authzid] = @authname unless @authname.nil?
-
-      # now, the real thing
-      a0 = Digest::MD5.digest( [ response.values_at(:username, :realm), @password ].join(':') )
-
-      a1 = [ a0, response.values_at(:nonce,:cnonce) ].join(':')
-      a1 << ':' + response[:authzid] unless response[:authzid].nil?
-
-      a2 = "AUTHENTICATE:" + response[:'digest-uri']
-      a2 << ":00000000000000000000000000000000" if response[:qop] and response[:qop] =~ /^auth-(?:conf|int)$/
-
-      response[:response] = Digest::MD5.hexdigest(
-        [
-          Digest::MD5.hexdigest(a1),
-          response.values_at(:nonce, :nc, :cnonce, :qop),
-          Digest::MD5.hexdigest(a2)
-        ].join(':')
-      )
-
-      return response.keys.map {|key| qdval(key.to_s, response[key]) }.join(',')
-    when STAGE_TWO
-      @stage = nil
-      # if at the second stage, return an empty string
-      if challenge =~ /rspauth=/
-        return ''
-      else
-        raise ResponseParseError, challenge
-      end
-    else
-      raise ResponseParseError, challenge
-    end
-  end
-
-  def initialize(user, password, authname = nil, warn_deprecation: true)
-    if warn_deprecation
-      warn "WARNING: DIGEST-MD5 SASL mechanism was deprecated by RFC6331."
-      # TODO: recommend SCRAM instead.
-    end
-    require "digest/md5"
-    require "strscan"
-    @user, @password, @authname = user, password, authname
-    @nc, @stage = {}, STAGE_ONE
-  end
-
-
-  private
-
-  STAGE_ONE = :stage_one
-  STAGE_TWO = :stage_two
-
-  def nc(nonce)
-    if @nc.has_key? nonce
-      @nc[nonce] = @nc[nonce] + 1
-    else
-      @nc[nonce] = 1
-    end
-    return @nc[nonce]
-  end
-
-  # some responses need quoting
-  def qdval(k, v)
-    return if k.nil? or v.nil?
-    if %w"username authzid realm nonce cnonce digest-uri qop".include? k
-      v = v.gsub(/([\\"])/, "\\\1")
-      return '%s="%s"' % [k, v]
-    else
-      return '%s=%s' % [k, v]
-    end
-  end
-
-  Net::IMAP.add_authenticator "DIGEST-MD5", self
-end

data/lib/net/imap/authenticators/plain.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-# Authenticator for the "+PLAIN+" SASL mechanism, specified in
-# RFC4616[https://tools.ietf.org/html/rfc4616].  See Net::IMAP#authenticate.
-#
-# +PLAIN+ authentication sends the password in cleartext.
-# RFC3501[https://tools.ietf.org/html/rfc3501] encourages servers to disable
-# cleartext authentication until after TLS has been negotiated.
-# RFC8314[https://tools.ietf.org/html/rfc8314] recommends TLS version 1.2 or
-# greater be used for all traffic, and deprecate cleartext access ASAP.  +PLAIN+
-# can be secured by TLS encryption.
-class Net::IMAP::PlainAuthenticator
-
-  def process(data)
-    return "#@authzid\0#@username\0#@password"
-  end
-
-  # :nodoc:
-  NULL = -"\0".b
-
-  private
-
-  # +username+ is the authentication identity, the identity whose +password+ is
-  # used.  +username+ is referred to as +authcid+ by
-  # RFC4616[https://tools.ietf.org/html/rfc4616].
-  #
-  # +authzid+ is the authorization identity (identity to act as).  It can
-  # usually be left blank. When +authzid+ is left blank (nil or empty string)
-  # the server will derive an identity from the credentials and use that as the
-  # authorization identity.
-  def initialize(username, password, authzid: nil)
-    raise ArgumentError, "username contains NULL" if username&.include?(NULL)
-    raise ArgumentError, "password contains NULL" if password&.include?(NULL)
-    raise ArgumentError, "authzid  contains NULL" if authzid&.include?(NULL)
-    @username = username
-    @password = password
-    @authzid  = authzid
-  end
-
-  Net::IMAP.add_authenticator "PLAIN", self
-end

data/lib/net/imap/authenticators/xoauth2.rb

@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-class Net::IMAP::XOauth2Authenticator
-  def process(_data)
-    build_oauth2_string(@user, @oauth2_token)
-  end
-
-  private
-
-  def initialize(user, oauth2_token)
-    @user = user
-    @oauth2_token = oauth2_token
-  end
-
-  def build_oauth2_string(user, oauth2_token)
-    format("user=%s\1auth=Bearer %s\1\1", user, oauth2_token)
-  end
-
-  Net::IMAP.add_authenticator 'XOAUTH2', self
-end

data/lib/net/imap/sasl/saslprep.rb

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "saslprep_tables"
-
-module Net::IMAP::SASL
-
-  # SASLprep#saslprep can be used to prepare a string according to [RFC4013].
-  #
-  # \SASLprep maps characters three ways: to nothing, to space, and Unicode
-  # normalization form KC.  \SASLprep prohibits codepoints from nearly all
-  # standard StringPrep tables (RFC3454, Appendix "C"), and uses \StringPrep's
-  # standard bidirectional characters requirements (Appendix "D").  \SASLprep
-  # also uses \StringPrep's definition of "Unassigned" codepoints (Appendix "A").
-  module SASLprep
-
-    # Used to short-circuit strings that don't need preparation.
-    ASCII_NO_CTRLS = /\A[\x20-\x7e]*\z/u.freeze
-
-    module_function
-
-    # Prepares a UTF-8 +string+ for comparison, using the \SASLprep profile
-    # RFC4013 of the StringPrep algorithm RFC3454.
-    #
-    # By default, prohibited strings will return +nil+.  When +exception+ is
-    # +true+, a StringPrepError describing the violation will be raised.
-    #
-    # When +stored+ is +true+, "unassigned" codepoints will be prohibited. For
-    # \StringPrep and the \SASLprep profile, "unassigned" refers to Unicode 3.2,
-    # and not later versions.  See RFC3454 §7 for more information.
-    #
-    def saslprep(str, stored: false, exception: false)
-      return str if ASCII_NO_CTRLS.match?(str) # raises on incompatible encoding
-      str = str.encode("UTF-8") # also dups (and raises for invalid encoding)
-      str.gsub!(MAP_TO_SPACE, " ")
-      str.gsub!(MAP_TO_NOTHING, "")
-      str.unicode_normalize!(:nfkc)
-      # These regexps combine the prohibited and bidirectional checks
-      return str unless str.match?(stored ? PROHIBITED_STORED : PROHIBITED)
-      return nil unless exception
-      # raise helpful errors to indicate *why* it failed:
-      tables = stored ? TABLES_PROHIBITED_STORED : TABLES_PROHIBITED
-      StringPrep.check_prohibited! str, *tables, bidi: true, profile: "SASLprep"
-      raise StringPrep::InvalidStringError.new(
-        "unknown error", string: string, profile: "SASLprep"
-      )
-    rescue ArgumentError, Encoding::CompatibilityError => ex
-      if /invalid byte sequence|incompatible encoding/.match? ex.message
-        return nil unless exception
-        raise StringPrepError.new(ex.message, string: str, profile: "saslprep")
-      end
-      raise ex
-    end
-
-  end
-end