class Gem::Commands::CertCommand
Public Class Methods
new()
click to toggle source
Calls superclass method
Gem::Command.new
# File lib/rubygems/commands/cert_command.rb, line 7 def initialize super 'cert', 'Manage RubyGems certificates and signing settings', :add => [], :remove => [], :list => [], :build => [], :sign => [] OptionParser.accept OpenSSL::X509::Certificate do |certificate| begin OpenSSL::X509::Certificate.new File.read certificate rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{certificate}: does not exist" rescue OpenSSL::X509::CertificateError raise OptionParser::InvalidArgument, "#{certificate}: invalid X509 certificate" end end OptionParser.accept OpenSSL::PKey::RSA do |key_file| begin key = OpenSSL::PKey::RSA.new File.read key_file rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::RSAError raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key" end raise OptionParser::InvalidArgument, "#{key_file}: private key not found" unless key.private? key end add_option('-a', '--add CERT', OpenSSL::X509::Certificate, 'Add a trusted certificate.') do |cert, options| options[:add] << cert end add_option('-l', '--list [FILTER]', 'List trusted certificates where the', 'subject contains FILTER') do |filter, options| filter ||= '' options[:list] << filter end add_option('-r', '--remove FILTER', 'Remove trusted certificates where the', 'subject contains FILTER') do |filter, options| options[:remove] << filter end add_option('-b', '--build EMAIL_ADDR', 'Build private key and self-signed', 'certificate for EMAIL_ADDR') do |email_address, options| options[:build] << email_address end add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate, 'Signing certificate for --sign') do |cert, options| options[:issuer_cert] = cert end add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA, 'Key for --sign or --build') do |key, options| options[:key] = key end add_option('-s', '--sign CERT', 'Signs CERT with the key from -K', 'and the certificate from -C') do |cert_file, options| raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless File.file? cert_file options[:sign] << cert_file end end
Public Instance Methods
build(name)
click to toggle source
# File lib/rubygems/commands/cert_command.rb, line 117 def build name key = options[:key] || Gem::Security.create_key cert = Gem::Security.create_cert_email name, key key_path = Gem::Security.write key, "gem-private_key.pem" cert_path = Gem::Security.write cert, "gem-public_cert.pem" say "Certificate: #{cert_path}" say "Private Key: #{key_path}" say "Don't forget to move the key file to somewhere private!" end
certificates_matching(filter) { |certificate, path| ... }
click to toggle source
# File lib/rubygems/commands/cert_command.rb, line 130 def certificates_matching filter return enum_for __method__, filter unless block_given? Gem::Security.trusted_certificates.select do |certificate, _| subject = certificate.subject.to_s subject.downcase.index filter end.sort_by do |certificate, _| certificate.subject.to_a.map { |name, data,| [name, data] } end.each do |certificate, path| yield certificate, path end end
execute()
click to toggle source
# File lib/rubygems/commands/cert_command.rb, line 82 def execute options[:add].each do |certificate| Gem::Security.trust_dir.trust_cert certificate say "Added '#{certificate.subject}'" end options[:remove].each do |filter| certificates_matching filter do |certificate, path| FileUtils.rm path say "Removed '#{certificate.subject}'" end end options[:list].each do |filter| certificates_matching filter do |certificate, _| # this could probably be formatted more gracefully say certificate.subject.to_s end end options[:build].each do |name| build name end unless options[:sign].empty? then load_default_cert unless options[:issuer_cert] load_default_key unless options[:key] end options[:sign].each do |cert_file| sign cert_file end end
load_default_cert()
click to toggle source
# File lib/rubygems/commands/cert_command.rb, line 182 def load_default_cert cert_file = File.join Gem.default_cert_path cert = File.read cert_file options[:issuer_cert] = OpenSSL::X509::Certificate.new cert rescue Errno::ENOENT alert_error "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist" terminate_interaction 1 rescue OpenSSL::X509::CertificateError alert_error "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid" terminate_interaction 1 end
load_default_key()
click to toggle source
# File lib/rubygems/commands/cert_command.rb, line 198 def load_default_key key_file = File.join Gem.default_key_path key = File.read key_file options[:key] = OpenSSL::PKey::RSA.new key rescue Errno::ENOENT alert_error "--private-key not specified and ~/.gem/gem-private_key.pem does not exist" terminate_interaction 1 rescue OpenSSL::PKey::RSAError alert_error "--private-key not specified and ~/.gem/gem-private_key.pem is not valid" terminate_interaction 1 end
sign(cert_file)
click to toggle source
# File lib/rubygems/commands/cert_command.rb, line 214 def sign cert_file cert = File.read cert_file cert = OpenSSL::X509::Certificate.new cert permissions = File.stat(cert_file).mode & 0777 issuer_cert = options[:issuer_cert] issuer_key = options[:key] cert = Gem::Security.sign cert, issuer_key, issuer_cert Gem::Security.write cert, cert_file, permissions end