In Files

  • rubygems/security/trust_dir.rb

Class/Module Index [+]

Quicksearch

Gem::Security::TrustDir

The TrustDir manages the trusted certificates for gem signature verification.

Constants

DEFAULT_PERMISSIONS

Default permissions for the trust directory and its contents

Attributes

dir[R]

The directory where trusted certificates will be stored.

Public Class Methods

new(dir, permissions = DEFAULT_PERMISSIONS) click to toggle source

Creates a new TrustDir using dir where the directory and file permissions will be checked according to permissions

 
               # File rubygems/security/trust_dir.rb, line 24
def initialize dir, permissions = DEFAULT_PERMISSIONS
  @dir = dir
  @permissions = permissions

  @digester = Gem::Security::DIGEST_ALGORITHM
end
            

Public Instance Methods

cert_path(certificate) click to toggle source

Returns the path to the trusted certificate

 
               # File rubygems/security/trust_dir.rb, line 34
def cert_path certificate
  name_path certificate.subject
end
            
each_certificate() click to toggle source

Enumerates trusted certificates.

 
               # File rubygems/security/trust_dir.rb, line 41
def each_certificate
  return enum_for __method__ unless block_given?

  glob = File.join @dir, '*.pem'

  Dir[glob].each do |certificate_file|
    begin
      certificate = load_certificate certificate_file

      yield certificate, certificate_file
    rescue OpenSSL::X509::CertificateError
      next # HACK warn
    end
  end
end
            
issuer_of(certificate) click to toggle source

Returns the issuer certificate of the given certificate if it exists in the trust directory.

 
               # File rubygems/security/trust_dir.rb, line 61
def issuer_of certificate
  path = name_path certificate.issuer

  return unless File.exist? path

  load_certificate path
end
            
load_certificate(certificate_file) click to toggle source

Loads the given certificate_file

 
               # File rubygems/security/trust_dir.rb, line 81
def load_certificate certificate_file
  pem = File.read certificate_file

  OpenSSL::X509::Certificate.new pem
end
            
name_path(name) click to toggle source

Returns the path to the trusted certificate with the given ASN.1 name

 
               # File rubygems/security/trust_dir.rb, line 72
def name_path name
  digest = @digester.hexdigest name.to_s

  File.join @dir, "cert-#{digest}.pem"
end
            
trust_cert(certificate) click to toggle source

Add a certificate to trusted certificate list.

 
               # File rubygems/security/trust_dir.rb, line 90
def trust_cert certificate
  verify

  destination = cert_path certificate

  open destination, 'wb', @permissions[:trusted_cert] do |io|
    io.write certificate.to_pem
  end
end
            
verify() click to toggle source

Make sure the trust directory exists. If it does exist, make sure it’s actually a directory. If not, then create it with the appropriate permissions.

 
               # File rubygems/security/trust_dir.rb, line 105
def verify
  if File.exist? @dir then
    raise Gem::Security::Exception,
      "trust directory #{@dir} is not a directory" unless
        File.directory? @dir

    FileUtils.chmod 0700, @dir
  else
    FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir]
  end
end
            

Commenting is here to help enhance the documentation. For example, code samples, or clarification of the documentation.

If you have questions about Ruby or the documentation, please post to one of the Ruby mailing lists. You will get better, faster, help that way.

If you wish to post a correction of the docs, please do so, but also file bug report so that it can be corrected for the next release. Thank you.

If you want to help improve the Ruby documentation, please visit Documenting-ruby.org.

blog comments powered by Disqus