Class
Basic OpenSSL-based package signing class.
Attributes
Read & Write
The chain of certificates for signing including the signing certificate
Read & Write
The private key for the signing certificate
Read
The digest algorithm used to create the signature
Class Methods
lib/rubygems/security/signer.rb
View on GitHub
# File tmp/rubies/ruby-2.4.10/lib/rubygems/security/signer.rb, line 33
def initialize key, cert_chain, passphrase = nil
@cert_chain = cert_chain
@key = key
unless @key then
default_key = File.join Gem.default_key_path
@key = default_key if File.exist? default_key
end
unless @cert_chain then
default_cert = File.join Gem.default_cert_path
@cert_chain = [default_cert] if File.exist? default_cert
end
@digest_algorithm = Gem::Security::DIGEST_ALGORITHM
@digest_name = Gem::Security::DIGEST_NAME
@key = OpenSSL::PKey::RSA.new File.read(@key), passphrase if
@key and not OpenSSL::PKey::RSA === @key
if @cert_chain then
@cert_chain = @cert_chain.compact.map do |cert|
next cert if OpenSSL::X509::Certificate === cert
cert = File.read cert if File.exist? cert
OpenSSL::X509::Certificate.new cert
end
load_cert_chain
end
end
Creates a new signer with an RSA key or path to a key, and a certificate chain containing X509 certificates, encoding certificates or paths to certificates.
Instance Methods
lib/rubygems/security/signer.rb
View on GitHub
# File tmp/rubies/ruby-2.4.10/lib/rubygems/security/signer.rb, line 102
def sign data
return unless @key
raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty?
if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then
re_sign_key
end
full_name = extract_name @cert_chain.last
Gem::Security::SigningPolicy.verify @cert_chain, @key, {}, {}, full_name
@key.sign @digest_algorithm.new, data
end
Sign data with given digest algorithm