Class Methods
::
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 13
def initialize
super 'cert', 'Manage RubyGems certificates and signing settings',
:add => [], :remove => [], :list => [], :build => [], :sign => []
OptionParser.accept OpenSSL::X509::Certificate do |certificate_file|
begin
certificate = OpenSSL::X509::Certificate.new File.read certificate_file
rescue Errno::ENOENT
raise OptionParser::InvalidArgument, "#{certificate_file}: does not exist"
rescue OpenSSL::X509::CertificateError
raise OptionParser::InvalidArgument,
"#{certificate_file}: invalid X509 certificate"
end
[certificate, certificate_file]
end
OptionParser.accept OpenSSL::PKey::RSA do |key_file|
begin
passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
rescue Errno::ENOENT
raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
rescue OpenSSL::PKey::RSAError
raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key"
end
raise OptionParser::InvalidArgument,
"#{key_file}: private key not found" unless key.private?
key
end
add_option('-a', '--add CERT', OpenSSL::X509::Certificate,
'Add a trusted certificate.') do |(cert, _), options|
options[:add] << cert
end
add_option('-l', '--list [FILTER]',
'List trusted certificates where the',
'subject contains FILTER') do |filter, options|
filter ||= ''
options[:list] << filter
end
add_option('-r', '--remove FILTER',
'Remove trusted certificates where the',
'subject contains FILTER') do |filter, options|
options[:remove] << filter
end
add_option('-b', '--build EMAIL_ADDR',
'Build private key and self-signed',
'certificate for EMAIL_ADDR') do |email_address, options|
options[:build] << email_address
end
add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate,
'Signing certificate for --sign') do |(cert, cert_file), options|
options[:issuer_cert] = cert
options[:issuer_cert_file] = cert_file
end
add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA,
'Key for --sign or --build') do |key, options|
options[:key] = key
end
add_option('-s', '--sign CERT',
'Signs CERT with the key from -K',
'and the certificate from -C') do |cert_file, options|
raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless
File.file? cert_file
options[:sign] << cert_file
end
add_option('-d', '--days NUMBER_OF_DAYS',
'Days before the certificate expires') do |days, options|
options[:expiration_length_days] = days.to_i
end
add_option('-R', '--re-sign',
'Re-signs the certificate from -C with the key from -K') do |resign, options|
options[:resign] = resign
end
end
No documentation available
Instance Methods
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 135
def build(email)
if !valid_email?(email)
raise Gem::CommandLineError, "Invalid email address #{email}"
end
key, key_path = build_key
cert_path = build_cert email, key
say "Certificate: #{cert_path}"
if key_path
say "Private Key: #{key_path}"
say "Don't forget to move the key file to somewhere private!"
end
end
No documentation available
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 182
def certificates_matching(filter)
return enum_for __method__, filter unless block_given?
Gem::Security.trusted_certificates.select do |certificate, _|
subject = certificate.subject.to_s
subject.downcase.index filter
end.sort_by do |certificate, _|
certificate.subject.to_a.map { |name, data,| [name, data] }
end.each do |certificate, path|
yield certificate, path
end
end
No documentation available
#
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 107
def execute
options[:add].each do |certificate|
add_certificate certificate
end
options[:remove].each do |filter|
remove_certificates_matching filter
end
options[:list].each do |filter|
list_certificates_matching filter
end
options[:build].each do |email|
build email
end
if options[:resign]
re_sign_cert(
options[:issuer_cert],
options[:issuer_cert_file],
options[:key]
)
end
sign_certificates unless options[:sign].empty?
end
No documentation available
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 241
def load_default_cert
cert_file = File.join Gem.default_cert_path
cert = File.read cert_file
options[:issuer_cert] = OpenSSL::X509::Certificate.new cert
rescue Errno::ENOENT
alert_error \
"--certificate not specified and ~/.gem/gem-public_cert.pem does not exist"
terminate_interaction 1
rescue OpenSSL::X509::CertificateError
alert_error \
"--certificate not specified and ~/.gem/gem-public_cert.pem is not valid"
terminate_interaction 1
end
No documentation available
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 257
def load_default_key
key_file = File.join Gem.default_key_path
key = File.read key_file
passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
options[:key] = OpenSSL::PKey::RSA.new key, passphrase
rescue Errno::ENOENT
alert_error \
"--private-key not specified and ~/.gem/gem-private_key.pem does not exist"
terminate_interaction 1
rescue OpenSSL::PKey::RSAError
alert_error \
"--private-key not specified and ~/.gem/gem-private_key.pem is not valid"
terminate_interaction 1
end
No documentation available
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 308
def re_sign_cert(cert, cert_path, private_key)
Gem::Security::Signer.re_sign_cert(cert, cert_path, private_key) do |expired_cert_path, new_expired_cert_path|
alert("Your certificate #{expired_cert_path} has been re-signed")
alert("Your expired certificate will be located at: #{new_expired_cert_path}")
end
end
No documentation available
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 286
def sign(cert_file)
cert = File.read cert_file
cert = OpenSSL::X509::Certificate.new cert
permissions = File.stat(cert_file).mode & 0777
issuer_cert = options[:issuer_cert]
issuer_key = options[:key]
cert = Gem::Security.sign cert, issuer_key, issuer_cert
Gem::Security.write cert, cert_file, permissions
end
No documentation available
lib/rubygems/commands/cert_command.rb
View on GitHub
# File tmp/rubies/ruby-2.7.6/lib/rubygems/commands/cert_command.rb, line 317
def valid_email?(email)
# It's simple, but is all we need
email =~ /\A.+@.+\z/
end
No documentation available