Class: Gem::Security::TrustDir
Relationships & Source Files | |
Inherits: | Object |
Defined in: | lib/rubygems/security/trust_dir.rb |
Overview
The TrustDir manages the trusted certificates for gem signature verification.
Constant Summary
-
DEFAULT_PERMISSIONS =
Default permissions for the trust directory and its contents
{ :trust_dir => 0700, :trusted_cert => 0600, }.freeze
Class Method Summary
-
.new(dir, permissions = DEFAULT_PERMISSIONS) ⇒ TrustDir
constructor
Creates a new
TrustDir
using #dir where the directory and file permissions will be checked according topermissions
Instance Attribute Summary
-
#dir
readonly
The directory where trusted certificates will be stored.
Instance Method Summary
-
#cert_path(certificate)
Returns the path to the trusted
certificate
-
#each_certificate
Enumerates trusted certificates.
-
#issuer_of(certificate)
Returns the issuer certificate of the given
certificate
if it exists in the trust directory. -
#load_certificate(certificate_file)
Loads the given
certificate_file
-
#name_path(name)
Returns the path to the trusted certificate with the given
ASN.1
name
-
#trust_cert(certificate)
Add a certificate to trusted certificate list.
-
#verify
Make sure the trust directory exists.
Constructor Details
.new(dir, permissions = DEFAULT_PERMISSIONS) ⇒ TrustDir
Creates a new TrustDir
using #dir where the directory and file permissions will be checked according to permissions
# File 'lib/rubygems/security/trust_dir.rb', line 24
def initialize(dir, = DEFAULT_PERMISSIONS) @dir = dir @permissions = @digester = Gem::Security.create_digest end
Instance Attribute Details
#dir (readonly)
The directory where trusted certificates will be stored.
# File 'lib/rubygems/security/trust_dir.rb', line 18
attr_reader :dir
Instance Method Details
#cert_path(certificate)
Returns the path to the trusted certificate
# File 'lib/rubygems/security/trust_dir.rb', line 34
def cert_path(certificate) name_path certificate.subject end
#each_certificate
Enumerates trusted certificates.
# File 'lib/rubygems/security/trust_dir.rb', line 41
def each_certificate return enum_for __method__ unless block_given? glob = File.join @dir, '*.pem' Dir[glob].each do |certificate_file| begin certificate = load_certificate certificate_file yield certificate, certificate_file rescue OpenSSL::X509::CertificateError next # HACK warn end end end
#issuer_of(certificate)
Returns the issuer certificate of the given certificate
if it exists in the trust directory.
# File 'lib/rubygems/security/trust_dir.rb', line 61
def issuer_of(certificate) path = name_path certificate.issuer return unless File.exist? path load_certificate path end
#load_certificate(certificate_file)
Loads the given certificate_file
# File 'lib/rubygems/security/trust_dir.rb', line 81
def load_certificate(certificate_file) pem = File.read certificate_file OpenSSL::X509::Certificate.new pem end
#name_path(name)
Returns the path to the trusted certificate with the given ASN.1
name
# File 'lib/rubygems/security/trust_dir.rb', line 72
def name_path(name) digest = @digester.hexdigest name.to_s File.join @dir, "cert-#{digest}.pem" end
#trust_cert(certificate)
Add a certificate to trusted certificate list.
#verify
Make sure the trust directory exists. If it does exist, make sure it’s actually a directory. If not, then create it with the appropriate permissions.
# File 'lib/rubygems/security/trust_dir.rb', line 106
def verify require 'fileutils' if File.exist? @dir raise Gem::Security::Exception, "trust directory #{@dir} is not a directory" unless File.directory? @dir FileUtils.chmod 0700, @dir else FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir] end end