class Gem::Security::TrustDir

The TrustDir manages the trusted certificates for gem signature verification.

Constants

DEFAULT_PERMISSIONS

Default permissions for the trust directory and its contents

Attributes

dir[R]

The directory where trusted certificates will be stored.

Public Class Methods

new(dir, permissions = DEFAULT_PERMISSIONS) click to toggle source

Creates a new TrustDir using dir where the directory and file permissions will be checked according to permissions

# File lib/rubygems/security/trust_dir.rb, line 25
def initialize dir, permissions = DEFAULT_PERMISSIONS
  @dir = dir
  @permissions = permissions

  @digester = Gem::Security::DIGEST_ALGORITHM
end

Public Instance Methods

cert_path(certificate) click to toggle source

Returns the path to the trusted certificate

# File lib/rubygems/security/trust_dir.rb, line 35
def cert_path certificate
  name_path certificate.subject
end
each_certificate() { |certificate, certificate_file| ... } click to toggle source

Enumerates trusted certificates.

# File lib/rubygems/security/trust_dir.rb, line 42
def each_certificate
  return enum_for __method__ unless block_given?

  glob = File.join @dir, '*.pem'

  Dir[glob].each do |certificate_file|
    begin
      certificate = load_certificate certificate_file

      yield certificate, certificate_file
    rescue OpenSSL::X509::CertificateError
      next # HACK warn
    end
  end
end
issuer_of(certificate) click to toggle source

Returns the issuer certificate of the given certificate if it exists in the trust directory.

# File lib/rubygems/security/trust_dir.rb, line 62
  def issuer_of certificate
    path = name_path certificate.issuer

    return unless File.exist? path

    load_certificate path
  end

  ##
  # Returns the path to the trusted certificate with the given ASN.1 +name+

  def name_path name
    digest = @digester.hexdigest name.to_s

    File.join @dir, "cert-#{digest}.pem"
  end

  ##
  # Loads the given +certificate_file+

  def load_certificate certificate_file
    pem = File.read certificate_file

    OpenSSL::X509::Certificate.new pem
  end

  ##
  # Add a certificate to trusted certificate list.

  def trust_cert certificate
    verify

    destination = cert_path certificate

    open destination, 'wb', @permissions[:trusted_cert] do |io|
      io.write certificate.to_pem
    end
  end

  ##
  # Make sure the trust directory exists.  If it does exist, make sure it's
  # actually a directory.  If not, then create it with the appropriate
  # permissions.

  def verify
    if File.exist? @dir then
      raise Gem::Security::Exception,
        "trust directory #{@dir} is not a directory" unless
          File.directory? @dir

      FileUtils.chmod 0700, @dir
    else
      FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir]
    end
  end

end
load_certificate(certificate_file) click to toggle source

Loads the given certificate_file

# File lib/rubygems/security/trust_dir.rb, line 82
def load_certificate certificate_file
  pem = File.read certificate_file

  OpenSSL::X509::Certificate.new pem
end
name_path(name) click to toggle source

Returns the path to the trusted certificate with the given ASN.1 name

# File lib/rubygems/security/trust_dir.rb, line 73
def name_path name
  digest = @digester.hexdigest name.to_s

  File.join @dir, "cert-#{digest}.pem"
end
trust_cert(certificate) click to toggle source

Add a certificate to trusted certificate list.

# File lib/rubygems/security/trust_dir.rb, line 91
def trust_cert certificate
  verify

  destination = cert_path certificate

  open destination, 'wb', @permissions[:trusted_cert] do |io|
    io.write certificate.to_pem
  end
end
verify() click to toggle source

Make sure the trust directory exists. If it does exist, make sure it's actually a directory. If not, then create it with the appropriate permissions.

# File lib/rubygems/security/trust_dir.rb, line 106
def verify
  if File.exist? @dir then
    raise Gem::Security::Exception,
      "trust directory #{@dir} is not a directory" unless
        File.directory? @dir

    FileUtils.chmod 0700, @dir
  else
    FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir]
  end
end