In Files

  • rubygems/commands/cert_command.rb

Class/Module Index [+]

Quicksearch

Gem::Commands::CertCommand

Public Class Methods

new() click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 12
def initialize
  super 'cert', 'Manage RubyGems certificates and signing settings',
        :add => [], :remove => [], :list => [], :build => [], :sign => []

  OptionParser.accept OpenSSL::X509::Certificate do |certificate|
    begin
      OpenSSL::X509::Certificate.new File.read certificate
    rescue Errno::ENOENT
      raise OptionParser::InvalidArgument, "#{certificate}: does not exist"
    rescue OpenSSL::X509::CertificateError
      raise OptionParser::InvalidArgument,
        "#{certificate}: invalid X509 certificate"
    end
  end

  OptionParser.accept OpenSSL::PKey::RSA do |key_file|
    begin
      passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
      key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
    rescue Errno::ENOENT
      raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
    rescue OpenSSL::PKey::RSAError
      raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key"
    end

    raise OptionParser::InvalidArgument,
          "#{key_file}: private key not found" unless key.private?

    key
  end

  add_option('-a', '--add CERT', OpenSSL::X509::Certificate,
             'Add a trusted certificate.') do |cert, options|
    options[:add] << cert
  end

  add_option('-l', '--list [FILTER]',
             'List trusted certificates where the',
             'subject contains FILTER') do |filter, options|
    filter ||= ''

    options[:list] << filter
  end

  add_option('-r', '--remove FILTER',
             'Remove trusted certificates where the',
             'subject contains FILTER') do |filter, options|
    options[:remove] << filter
  end

  add_option('-b', '--build EMAIL_ADDR',
             'Build private key and self-signed',
             'certificate for EMAIL_ADDR') do |email_address, options|
    options[:build] << email_address
  end

  add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate,
             'Signing certificate for --sign') do |cert, options|
    options[:issuer_cert] = cert
  end

  add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA,
             'Key for --sign or --build') do |key, options|
    options[:key] = key
  end

  add_option('-s', '--sign CERT',
             'Signs CERT with the key from -K',
             'and the certificate from -C') do |cert_file, options|
    raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless
      File.file? cert_file

    options[:sign] << cert_file
  end
end
            

Public Instance Methods

build(name) click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 114
def build name
  key, key_path = build_key
  cert_path = build_cert name, key

  say "Certificate: #{cert_path}"

  if key_path
    say "Private Key: #{key_path}"
    say "Don't forget to move the key file to somewhere private!"
  end
end
            
certificates_matching(filter) click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 151
def certificates_matching filter
  return enum_for __method__, filter unless block_given?

  Gem::Security.trusted_certificates.select do |certificate, _|
    subject = certificate.subject.to_s
    subject.downcase.index filter
  end.sort_by do |certificate, _|
    certificate.subject.to_a.map { |name, data,| [name, data] }
  end.each do |certificate, path|
    yield certificate, path
  end
end
            
execute() click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 94
def execute
  options[:add].each do |certificate|
    add_certificate certificate
  end

  options[:remove].each do |filter|
    remove_certificates_matching filter
  end

  options[:list].each do |filter|
    list_certificates_matching filter
  end

  options[:build].each do |name|
    build name
  end

  sign_certificates unless options[:sign].empty?
end
            
load_default_cert() click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 210
def load_default_cert
  cert_file = File.join Gem.default_cert_path
  cert = File.read cert_file
  options[:issuer_cert] = OpenSSL::X509::Certificate.new cert
rescue Errno::ENOENT
  alert_error        "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist"

  terminate_interaction 1
rescue OpenSSL::X509::CertificateError
  alert_error        "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid"

  terminate_interaction 1
end
            
load_default_key() click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 226
def load_default_key
  key_file = File.join Gem.default_key_path
  key = File.read key_file
  passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
  options[:key] = OpenSSL::PKey::RSA.new key, passphrase
rescue Errno::ENOENT
  alert_error        "--private-key not specified and ~/.gem/gem-private_key.pem does not exist"

  terminate_interaction 1
rescue OpenSSL::PKey::RSAError
  alert_error        "--private-key not specified and ~/.gem/gem-private_key.pem is not valid"

  terminate_interaction 1
end
            
sign(cert_file) click to toggle source
 
               # File rubygems/commands/cert_command.rb, line 255
def sign cert_file
  cert = File.read cert_file
  cert = OpenSSL::X509::Certificate.new cert

  permissions = File.stat(cert_file).mode & 0777

  issuer_cert = options[:issuer_cert]
  issuer_key = options[:key]

  cert = Gem::Security.sign cert, issuer_key, issuer_cert

  Gem::Security.write cert, cert_file, permissions
end
            

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please visit Documenting-ruby.org.

blog comments powered by Disqus