Class: Gem::Commands::CertCommand
Relationships & Source Files | |
Super Chains via Extension / Inclusion / Inheritance | |
Class Chain:
self,
::Gem::Command
|
|
Instance Chain:
|
|
Inherits: |
Gem::Command
|
Defined in: | lib/rubygems/commands/cert_command.rb |
Constant Summary
::Gem::Command - Inherited
Class Attribute Summary
::Gem::Command - Inherited
.build_args | Arguments used when building gems. |
.build_args=, .extra_args, .extra_args= |
Class Method Summary
- .new ⇒ CertCommand constructor
::Gem::Command - Inherited
.add_common_option, | |
.add_specific_extra_args | Add a list of extra arguments for the given command. |
.common_options, | |
.new | Initializes a generic gem command named |
.specific_extra_args | Return an array of extra arguments for the command. |
.specific_extra_args_hash | Accessor for the specific extra args hash (self initializing). |
Instance Attribute Summary
::Gem::Command - Inherited
#command | The name of the command. |
#defaults | The default options for the command. |
#options | The options for the command. |
#program_name | The name of the command for command-line invocation. |
#summary | A short description of the command. |
::Gem::DefaultUserInteraction - Included
Instance Method Summary
- #build(email)
- #certificates_matching(filter)
- #execute
- #initialize ⇒ CertCommand constructor
- #load_default_cert
- #load_default_key
- #sign(cert_file)
- #valid_email?(email) ⇒ Boolean private
- #add_certificate(certificate) Internal use only
- #build_cert(email, key) Internal use only
- #build_key Internal use only
- #description Internal use only
- #list_certificates_matching(filter) Internal use only
- #load_defaults Internal use only
- #remove_certificates_matching(filter) Internal use only
- #sign_certificates Internal use only
::Gem::Command - Inherited
#add_extra_args | Adds extra args from ~/.gemrc. |
#add_option | Add a command-line option and handler to the command. |
#arguments | Override to provide details of the arguments a command takes. |
#begins? | True if |
#defaults_str | Override to display the default values of the command options. |
#description | Override to display a longer description of what this command does. |
#execute | Override to provide command handling. |
#get_all_gem_names | Get all gem names from the command line. |
#get_all_gem_names_and_versions | Get all [gem, version] from the command line. |
#get_one_gem_name | Get a single gem name from the command line. |
#get_one_optional_argument | Get a single optional argument from the command line. |
#handle_options | Handle the given list of arguments by parsing them and recording the results. |
#handles? | True if the command handles the given argument list. |
#invoke | Invoke the command with the given list of arguments. |
#invoke_with_build_args | Invoke the command with the given list of normal arguments and additional build arguments. |
#merge_options | Merge a set of command options with the set of default options (without modifying the default option hash). |
#remove_option | Remove previously defined command-line argument |
#show_help | Display the help message for the command. |
#show_lookup_failure | Display to the user that a gem couldn't be found and reasons why. |
#usage | Override to display the usage for an individual gem command. |
#when_invoked | Call the given block when invoked. |
#add_parser_run_info | Adds a section with |
#configure_options, | |
#create_option_parser | Creates an option parser and fills it in with the help info for the command. |
#parser | Create on demand parser. |
#wrap | Wraps |
#add_parser_description, #add_parser_options, #add_parser_summary |
::Gem::UserInteraction - Included
#alert | Displays an alert |
#alert_error | Displays an error |
#alert_warning | Displays a warning |
#ask | Asks a |
#ask_for_password | Asks for a password with a |
#ask_yes_no | Asks a yes or no |
#choose_from_list | Asks the user to answer |
#say | Displays the given |
#terminate_interaction | Terminates the RubyGems process with the given |
#verbose | Calls |
::Gem::DefaultUserInteraction - Included
::Gem::Text - Included
#clean_text | Remove any non-printable characters and make the text suitable for printing. |
#format_text | Wraps |
#levenshtein_distance | This code is based directly on the ::Gem::Text gem implementation Returns a value representing the “cost” of transforming str1 into str2. |
#truncate_text, #min3 |
Constructor Details
.new ⇒ CertCommand
# File 'lib/rubygems/commands/cert_command.rb', line 13
def initialize super 'cert', 'Manage RubyGems certificates and signing settings', :add => [], :remove => [], :list => [], :build => [], :sign => [] OptionParser.accept OpenSSL::X509::Certificate do |certificate| begin OpenSSL::X509::Certificate.new File.read certificate rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{certificate}: does not exist" rescue OpenSSL::X509::CertificateError raise OptionParser::InvalidArgument, "#{certificate}: invalid X509 certificate" end end OptionParser.accept OpenSSL::PKey::RSA do |key_file| begin passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::RSAError raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key" end raise OptionParser::InvalidArgument, "#{key_file}: private key not found" unless key.private? key end add_option('-a', '--add CERT', OpenSSL::X509::Certificate, 'Add a trusted certificate.') do |cert, | [:add] << cert end add_option('-l', '--list [FILTER]', 'List trusted certificates where the', 'subject contains FILTER') do |filter, | filter ||= '' [:list] << filter end add_option('-r', '--remove FILTER', 'Remove trusted certificates where the', 'subject contains FILTER') do |filter, | [:remove] << filter end add_option('-b', '--build EMAIL_ADDR', 'Build private key and self-signed', 'certificate for EMAIL_ADDR') do |email_address, | [:build] << email_address end add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate, 'Signing certificate for --sign') do |cert, | [:issuer_cert] = cert end add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA, 'Key for --sign or --build') do |key, | [:key] = key end add_option('-s', '--sign CERT', 'Signs CERT with the key from -K', 'and the certificate from -C') do |cert_file, | raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless File.file? cert_file [:sign] << cert_file end add_option('-d', '--days NUMBER_OF_DAYS', 'Days before the certificate expires') do |days, | [:expiration_length_days] = days.to_i end end
#initialize ⇒ CertCommand
# File 'lib/rubygems/commands/cert_command.rb', line 13
def initialize super 'cert', 'Manage RubyGems certificates and signing settings', :add => [], :remove => [], :list => [], :build => [], :sign => [] OptionParser.accept OpenSSL::X509::Certificate do |certificate| begin OpenSSL::X509::Certificate.new File.read certificate rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{certificate}: does not exist" rescue OpenSSL::X509::CertificateError raise OptionParser::InvalidArgument, "#{certificate}: invalid X509 certificate" end end OptionParser.accept OpenSSL::PKey::RSA do |key_file| begin passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::RSAError raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key" end raise OptionParser::InvalidArgument, "#{key_file}: private key not found" unless key.private? key end add_option('-a', '--add CERT', OpenSSL::X509::Certificate, 'Add a trusted certificate.') do |cert, | [:add] << cert end add_option('-l', '--list [FILTER]', 'List trusted certificates where the', 'subject contains FILTER') do |filter, | filter ||= '' [:list] << filter end add_option('-r', '--remove FILTER', 'Remove trusted certificates where the', 'subject contains FILTER') do |filter, | [:remove] << filter end add_option('-b', '--build EMAIL_ADDR', 'Build private key and self-signed', 'certificate for EMAIL_ADDR') do |email_address, | [:build] << email_address end add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate, 'Signing certificate for --sign') do |cert, | [:issuer_cert] = cert end add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA, 'Key for --sign or --build') do |key, | [:key] = key end add_option('-s', '--sign CERT', 'Signs CERT with the key from -K', 'and the certificate from -C') do |cert_file, | raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless File.file? cert_file [:sign] << cert_file end add_option('-d', '--days NUMBER_OF_DAYS', 'Days before the certificate expires') do |days, | [:expiration_length_days] = days.to_i end end
Instance Method Details
#add_certificate(certificate)
#build(email)
[ GitHub ]# File 'lib/rubygems/commands/cert_command.rb', line 120
def build email if !valid_email?(email) raise Gem::CommandLineError, "Invalid email address #{email}" end key, key_path = build_key cert_path = build_cert email, key say "Certificate: #{cert_path}" if key_path say "Private Key: #{key_path}" say "Don't forget to move the key file to somewhere private!" end end
#build_cert(email, key)
# File 'lib/rubygems/commands/cert_command.rb', line 136
def build_cert email, key # :nodoc: expiration_length_days = [:expiration_length_days] age = if expiration_length_days.nil? || expiration_length_days == 0 Gem::Security::ONE_YEAR else Gem::Security::ONE_DAY * expiration_length_days end cert = Gem::Security.create_cert_email email, key, age Gem::Security.write cert, "gem-public_cert.pem" end
#build_key
# File 'lib/rubygems/commands/cert_command.rb', line 149
def build_key # :nodoc: return [:key] if [:key] passphrase = ask_for_password 'Passphrase for your Private Key:' say "\n" passphrase_confirmation = ask_for_password 'Please repeat the passphrase for your Private Key:' say "\n" raise Gem::CommandLineError, "Passphrase and passphrase confirmation don't match" unless passphrase == passphrase_confirmation key = Gem::Security.create_key key_path = Gem::Security.write key, "gem-private_key.pem", 0600, passphrase return key, key_path end
#certificates_matching(filter)
[ GitHub ]# File 'lib/rubygems/commands/cert_command.rb', line 167
def certificates_matching filter return enum_for __method__, filter unless block_given? Gem::Security.trusted_certificates.select do |certificate, _| subject = certificate.subject.to_s subject.downcase.index filter end.sort_by do |certificate, _| certificate.subject.to_a.map { |name, data,| [name, data] } end.each do |certificate, path| yield certificate, path end end
#description
# File 'lib/rubygems/commands/cert_command.rb', line 180
def description # :nodoc: <<-EOF The cert command manages signing keys and certificates for creating signed gems. Your signing certificate and private key are typically stored in ~/.gem/gem-public_cert.pem and ~/.gem/gem-private_key.pem respectively. To build a certificate for signing gems: gem cert --build you@example If you already have an RSA key, or are creating a new certificate for an existing key: gem cert --build you@example --private-key /path/to/key.pem If you wish to trust a certificate you can add it to the trust list with: gem cert --add /path/to/cert.pem You can list trusted certificates with: gem cert --list or: gem cert --list cert_subject_substring If you wish to remove a previously trusted certificate: gem cert --remove cert_subject_substring To sign another gem author's certificate: gem cert --sign /path/to/other_cert.pem For further reading on signing gems see `ri Gem::Security`. EOF end
#execute
[ GitHub ]# File 'lib/rubygems/commands/cert_command.rb', line 100
def execute [:add].each do |certificate| add_certificate certificate end [:remove].each do |filter| remove_certificates_matching filter end [:list].each do |filter| list_certificates_matching filter end [:build].each do |email| build email end sign_certificates unless [:sign].empty? end
#list_certificates_matching(filter)
# File 'lib/rubygems/commands/cert_command.rb', line 219
def list_certificates_matching filter # :nodoc: certificates_matching filter do |certificate, _| # this could probably be formatted more gracefully say certificate.subject.to_s end end
#load_default_cert
[ GitHub ]# File 'lib/rubygems/commands/cert_command.rb', line 226
def load_default_cert cert_file = File.join Gem.default_cert_path cert = File.read cert_file [:issuer_cert] = OpenSSL::X509::Certificate.new cert rescue Errno::ENOENT alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist" terminate_interaction 1 rescue OpenSSL::X509::CertificateError alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid" terminate_interaction 1 end
#load_default_key
[ GitHub ]# File 'lib/rubygems/commands/cert_command.rb', line 242
def load_default_key key_file = File.join Gem.default_key_path key = File.read key_file passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] [:key] = OpenSSL::PKey::RSA.new key, passphrase rescue Errno::ENOENT alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem does not exist" terminate_interaction 1 rescue OpenSSL::PKey::RSAError alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem is not valid" terminate_interaction 1 end
#load_defaults
# File 'lib/rubygems/commands/cert_command.rb', line 259
def load_defaults # :nodoc: load_default_cert unless [:issuer_cert] load_default_key unless [:key] end
#remove_certificates_matching(filter)
# File 'lib/rubygems/commands/cert_command.rb', line 264
def remove_certificates_matching filter # :nodoc: certificates_matching filter do |certificate, path| FileUtils.rm path say "Removed '#{certificate.subject}'" end end
#sign(cert_file)
[ GitHub ]# File 'lib/rubygems/commands/cert_command.rb', line 271
def sign cert_file cert = File.read cert_file cert = OpenSSL::X509::Certificate.new cert = File.stat(cert_file).mode & 0777 issuer_cert = [:issuer_cert] issuer_key = [:key] cert = Gem::Security.sign cert, issuer_key, issuer_cert Gem::Security.write cert, cert_file, end
#sign_certificates
# File 'lib/rubygems/commands/cert_command.rb', line 285
def sign_certificates # :nodoc: load_defaults unless [:sign].empty? [:sign].each do |cert_file| sign cert_file end end
#valid_email?(email) ⇒ Boolean
(private)
# File 'lib/rubygems/commands/cert_command.rb', line 295
def valid_email? email # It's simple, but is all we need email =~ /\A.@.\z/ end