123456789_123456789_123456789_123456789_123456789_

Class: Gem::Commands::CertCommand

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Class Chain:
self, ::Gem::Command
Instance Chain:
self, ::Gem::Command, ::Gem::UserInteraction, ::Gem::DefaultUserInteraction
Inherits: Gem::Command
Defined in: lib/rubygems/commands/cert_command.rb

Class Attribute Summary

::Gem::Command - Inherited

.build_args

Arguments used when building gems.
.build_args=, .extra_args, .extra_args=

Class Method Summary

::Gem::Command - Inherited

.add_common_option,
.add_specific_extra_args

Add a list of extra arguments for the given command.
.common_options,
.new

Initializes a generic gem command named command.
.specific_extra_args

Return an array of extra arguments for the command.
.specific_extra_args_hash

Accessor for the specific extra args hash (self initializing).

Instance Attribute Summary

::Gem::Command - Inherited

#defaults

The default options for the command.
#program_name

The name of the command for command-line invocation.
#summary

A short description of the command.
#command

The name of the command.
#options

The options for the command.

::Gem::DefaultUserInteraction - Included

#ui

See DefaultUserInteraction.ui
#ui=

See DefaultUserInteraction.ui=

Instance Method Summary

::Gem::Command - Inherited

#add_extra_args

Adds extra args from ~/.gemrc.
#add_option

Add a command-line option and handler to the command.
#arguments

Override to provide details of the arguments a command takes.
#begins?

True if long begins with the characters from short.
#defaults_str

Override to display the default values of the command options.
#description

Override to display a longer description of what this command does.
#execute

Override to provide command handling.
#get_all_gem_names

Get all gem names from the command line.
#get_all_gem_names_and_versions

Get all [gem, version] from the command line.
#get_one_gem_name

Get a single gem name from the command line.
#get_one_optional_argument

Get a single optional argument from the command line.
#handle_options

Handle the given list of arguments by parsing them and recording the results.
#handles?

True if the command handles the given argument list.
#invoke

Invoke the command with the given list of arguments.
#invoke_with_build_args

Invoke the command with the given list of normal arguments and additional build arguments.
#merge_options

Merge a set of command options with the set of default options (without modifying the default option hash).
#remove_option

Remove previously defined command-line argument name.
#show_help

Display the help message for the command.
#show_lookup_failure

Display to the user that a gem couldn't be found and reasons why.
#usage

Override to display the usage for an individual gem command.
#when_invoked

Call the given block when invoked.
#add_parser_run_info

Adds a section with title and content to the parser help view.
#configure_options,
#create_option_parser

Creates an option parser and fills it in with the help info for the command.
#parser

Create on demand parser.
#wrap

Wraps text to width

::Gem::UserInteraction - Included

#alert

Displays an alert statement.
#alert_error

Displays an error statement to the error output location.
#alert_warning

Displays a warning statement to the warning output location.
#ask

Asks a question and returns the answer.
#ask_for_password

Asks for a password with a prompt
#ask_yes_no

Asks a yes or no question.
#choose_from_list

Asks the user to answer question with an answer from the given list.
#say

Displays the given statement on the standard output (or equivalent).
#terminate_interaction

Terminates the RubyGems process with the given exit_code
#verbose

Calls say with msg or the results of the block if really_verbose is true.

::Gem::DefaultUserInteraction - Included

#use_ui

See DefaultUserInteraction.use_ui

Constructor Details

.newCertCommand

[ GitHub ] 

  


# File 'lib/rubygems/commands/cert_command.rb', line 13



def initialize
  super 'cert', 'Manage RubyGems certificates and signing settings',
        :add => [], :remove => [], :list => [], :build => [], :sign => []

  OptionParser.accept OpenSSL::X509::Certificate do |certificate|
    begin
      OpenSSL::X509::Certificate.new File.read certificate
    rescue Errno::ENOENT
      raise OptionParser::InvalidArgument, "#{certificate}: does not exist"
    rescue OpenSSL::X509::CertificateError
      raise OptionParser::InvalidArgument,
        "#{certificate}: invalid X509 certificate"
    end
  end

  OptionParser.accept OpenSSL::PKey::RSA do |key_file|
    begin
      passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
      key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
    rescue Errno::ENOENT
      raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
    rescue OpenSSL::PKey::RSAError
      raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key"
    end

    raise OptionParser::InvalidArgument,
          "#{key_file}: private key not found" unless key.private?

    key
  end

  add_option('-a', '--add CERT', OpenSSL::X509::Certificate,
             'Add a trusted certificate.') do |cert, options|
    options[:add] << cert
  end

  add_option('-l', '--list [FILTER]',
             'List trusted certificates where the',
             'subject contains FILTER') do |filter, options|
    filter ||= ''

    options[:list] << filter
  end

  add_option('-r', '--remove FILTER',
             'Remove trusted certificates where the',
             'subject contains FILTER') do |filter, options|
    options[:remove] << filter
  end

  add_option('-b', '--build EMAIL_ADDR',
             'Build private key and self-signed',
             'certificate for EMAIL_ADDR') do |email_address, options|
    options[:build] << email_address
  end

  add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate,
             'Signing certificate for --sign') do |cert, options|
    options[:issuer_cert] = cert
  end

  add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA,
             'Key for --sign or --build') do |key, options|
    options[:key] = key
  end

  add_option('-s', '--sign CERT',
             'Signs CERT with the key from -K',
             'and the certificate from -C') do |cert_file, options|
    raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless
      File.file? cert_file

    options[:sign] << cert_file
  end
end


  






  

  

    #initializeCertCommand 
  



  

    
  





  


  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 13



def initialize
  super 'cert', 'Manage RubyGems certificates and signing settings',
        :add => [], :remove => [], :list => [], :build => [], :sign => []

  OptionParser.accept OpenSSL::X509::Certificate do |certificate|
    begin
      OpenSSL::X509::Certificate.new File.read certificate
    rescue Errno::ENOENT
      raise OptionParser::InvalidArgument, "#{certificate}: does not exist"
    rescue OpenSSL::X509::CertificateError
      raise OptionParser::InvalidArgument,
        "#{certificate}: invalid X509 certificate"
    end
  end

  OptionParser.accept OpenSSL::PKey::RSA do |key_file|
    begin
      passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
      key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
    rescue Errno::ENOENT
      raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
    rescue OpenSSL::PKey::RSAError
      raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key"
    end

    raise OptionParser::InvalidArgument,
          "#{key_file}: private key not found" unless key.private?

    key
  end

  add_option('-a', '--add CERT', OpenSSL::X509::Certificate,
             'Add a trusted certificate.') do |cert, options|
    options[:add] << cert
  end

  add_option('-l', '--list [FILTER]',
             'List trusted certificates where the',
             'subject contains FILTER') do |filter, options|
    filter ||= ''

    options[:list] << filter
  end

  add_option('-r', '--remove FILTER',
             'Remove trusted certificates where the',
             'subject contains FILTER') do |filter, options|
    options[:remove] << filter
  end

  add_option('-b', '--build EMAIL_ADDR',
             'Build private key and self-signed',
             'certificate for EMAIL_ADDR') do |email_address, options|
    options[:build] << email_address
  end

  add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate,
             'Signing certificate for --sign') do |cert, options|
    options[:issuer_cert] = cert
  end

  add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA,
             'Key for --sign or --build') do |key, options|
    options[:key] = key
  end

  add_option('-s', '--sign CERT',
             'Signs CERT with the key from -K',
             'and the certificate from -C') do |cert_file, options|
    raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless
      File.file? cert_file

    options[:sign] << cert_file
  end
end


  







Instance Method Details



  

    #build(name)  
  

  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 115



def build name
  key, key_path = build_key
  cert_path = build_cert name, key

  say "Certificate: #{cert_path}"

  if key_path
    say "Private Key: #{key_path}"
    say "Don't forget to move the key file to somewhere private!"
  end
end


  








  

    #certificates_matching(filter)  
  

  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 150



def certificates_matching filter
  return enum_for __method__, filter unless block_given?

  Gem::Security.trusted_certificates.select do |certificate, _|
    subject = certificate.subject.to_s
    subject.downcase.index filter
  end.sort_by do |certificate, _|
    certificate.subject.to_a.map { |name, data,| [name, data] }
  end.each do |certificate, path|
    yield certificate, path
  end
end


  








  

    #execute  
  

  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 95



def execute
  options[:add].each do |certificate|
    add_certificate certificate
  end

  options[:remove].each do |filter|
    remove_certificates_matching filter
  end

  options[:list].each do |filter|
    list_certificates_matching filter
  end

  options[:build].each do |name|
    build name
  end

  sign_certificates unless options[:sign].empty?
end


  








  

    #load_default_cert  
  

  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 209



def load_default_cert
  cert_file = File.join Gem.default_cert_path
  cert = File.read cert_file
  options[:issuer_cert] = OpenSSL::X509::Certificate.new cert
rescue Errno::ENOENT
  alert_error \
    "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist"

  terminate_interaction 1
rescue OpenSSL::X509::CertificateError
  alert_error \
    "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid"

  terminate_interaction 1
end


  








  

    #load_default_key  
  

  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 225



def load_default_key
  key_file = File.join Gem.default_key_path
  key = File.read key_file
  passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
  options[:key] = OpenSSL::PKey::RSA.new key, passphrase
rescue Errno::ENOENT
  alert_error \
    "--private-key not specified and ~/.gem/gem-private_key.pem does not exist"

  terminate_interaction 1
rescue OpenSSL::PKey::RSAError
  alert_error \
    "--private-key not specified and ~/.gem/gem-private_key.pem is not valid"

  terminate_interaction 1
end


  








  

    #sign(cert_file)  
  

  [ GitHub ]


  

  


# File 'lib/rubygems/commands/cert_command.rb', line 254



def sign cert_file
  cert = File.read cert_file
  cert = OpenSSL::X509::Certificate.new cert

  permissions = File.stat(cert_file).mode & 0777

  issuer_cert = options[:issuer_cert]
  issuer_key = options[:key]

  cert = Gem::Security.sign cert, issuer_key, issuer_cert

  Gem::Security.write cert, cert_file, permissions
end