Class: LibGems::Security::Policy
- Inherits:
-
Object
- Object
- LibGems::Security::Policy
- Defined in:
- lib/libgems/security.rb
Overview
A LibGems::Security::Policy object encapsulates the settings for verifying signed gem files. This is the base class. You can either declare an instance of this or use one of the preset security policies below.
Instance Attribute Summary collapse
-
#only_signed ⇒ Object
Returns the value of attribute only_signed.
-
#only_trusted ⇒ Object
Returns the value of attribute only_trusted.
-
#verify_chain ⇒ Object
Returns the value of attribute verify_chain.
-
#verify_data ⇒ Object
Returns the value of attribute verify_data.
-
#verify_root ⇒ Object
Returns the value of attribute verify_root.
-
#verify_signer ⇒ Object
Returns the value of attribute verify_signer.
Class Method Summary collapse
-
.trusted_cert_path(cert, opt = {}) ⇒ Object
Get the path to the file for this cert.
Instance Method Summary collapse
-
#initialize(policy = {}, opt = {}) ⇒ Policy
constructor
Create a new LibGems::Security::Policy object with the given mode and options.
-
#verify_gem(signature, data, chain, time = Time.now) ⇒ Object
Verify that the gem data with the given signature and signing chain matched this security policy at the specified time.
Constructor Details
#initialize(policy = {}, opt = {}) ⇒ Policy
Create a new LibGems::Security::Policy object with the given mode and options.
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 |
# File 'lib/libgems/security.rb', line 409 def initialize(policy = {}, opt = {}) # set options @opt = LibGems::Security::OPT.merge(opt) # build policy policy.each_pair do |key, val| case key when :verify_data then @verify_data = val when :verify_signer then @verify_signer = val when :verify_chain then @verify_chain = val when :verify_root then @verify_root = val when :only_trusted then @only_trusted = val when :only_signed then @only_signed = val end end end |
Instance Attribute Details
#only_signed ⇒ Object
Returns the value of attribute only_signed.
402 403 404 |
# File 'lib/libgems/security.rb', line 402 def only_signed @only_signed end |
#only_trusted ⇒ Object
Returns the value of attribute only_trusted.
402 403 404 |
# File 'lib/libgems/security.rb', line 402 def only_trusted @only_trusted end |
#verify_chain ⇒ Object
Returns the value of attribute verify_chain.
402 403 404 |
# File 'lib/libgems/security.rb', line 402 def verify_chain @verify_chain end |
#verify_data ⇒ Object
Returns the value of attribute verify_data.
402 403 404 |
# File 'lib/libgems/security.rb', line 402 def verify_data @verify_data end |
#verify_root ⇒ Object
Returns the value of attribute verify_root.
402 403 404 |
# File 'lib/libgems/security.rb', line 402 def verify_root @verify_root end |
#verify_signer ⇒ Object
Returns the value of attribute verify_signer.
402 403 404 |
# File 'lib/libgems/security.rb', line 402 def verify_signer @verify_signer end |
Class Method Details
.trusted_cert_path(cert, opt = {}) ⇒ Object
Get the path to the file for this cert.
429 430 431 432 433 434 435 436 437 438 439 440 441 |
# File 'lib/libgems/security.rb', line 429 def self.trusted_cert_path(cert, opt = {}) opt = LibGems::Security::OPT.merge(opt) # get digest algorithm, calculate checksum of root.subject algo = opt[:dgst_algo] dgst = algo.hexdigest(cert.subject.to_s) # build path to trusted cert file name = "cert-#{dgst}.pem" # join and return path components File::join(opt[:trust_dir], name) end |
Instance Method Details
#verify_gem(signature, data, chain, time = Time.now) ⇒ Object
Verify that the gem data with the given signature and signing chain matched this security policy at the specified time.
447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 |
# File 'lib/libgems/security.rb', line 447 def verify_gem(signature, data, chain, time = Time.now) LibGems.ensure_ssl_available cert_class = OpenSSL::X509::Certificate exc = LibGems::Security::Exception chain ||= [] chain = chain.map{ |str| cert_class.new(str) } signer, ch_len = chain[-1], chain.size # make sure signature is valid if @verify_data # get digest algorithm (TODO: this should be configurable) dgst = @opt[:dgst_algo] # verify the data signature (this is the most important part, so don't # screw it up :D) v = signer.public_key.verify(dgst.new, signature, data) raise exc, "Invalid LibGems Signature" unless v # make sure the signer is valid if @verify_signer # make sure the signing cert is valid right now v = signer.check_validity(nil, time) raise exc, "Invalid Signature: #{v[:desc]}" unless v[:is_valid] end end # make sure the certificate chain is valid if @verify_chain # iterate down over the chain and verify each certificate against it's # issuer (ch_len - 1).downto(1) do |i| issuer, cert = chain[i - 1, 2] v = cert.check_validity(issuer, time) raise exc, "%s: cert = '%s', error = '%s'" % [ 'Invalid Signing Chain', cert.subject, v[:desc] ] unless v[:is_valid] end # verify root of chain if @verify_root # make sure root is self-signed root = chain[0] raise exc, "%s: %s (subject = '%s', issuer = '%s')" % [ 'Invalid Signing Chain Root', 'Subject does not match Issuer for LibGems Signing Chain', root.subject.to_s, root.issuer.to_s, ] unless root.issuer.to_s == root.subject.to_s # make sure root is valid v = root.check_validity(root, time) raise exc, "%s: cert = '%s', error = '%s'" % [ 'Invalid Signing Chain Root', root.subject, v[:desc] ] unless v[:is_valid] # verify that the chain root is trusted if @only_trusted # get digest algorithm, calculate checksum of root.subject algo = @opt[:dgst_algo] path = LibGems::Security::Policy.trusted_cert_path(root, @opt) # check to make sure trusted path exists raise exc, "%s: cert = '%s', error = '%s'" % [ 'Untrusted Signing Chain Root', root.subject.to_s, "path \"#{path}\" does not exist", ] unless File.exist?(path) # load calculate digest from saved cert file save_cert = OpenSSL::X509::Certificate.new(File.read(path)) save_dgst = algo.digest(save_cert.public_key.to_s) # create digest of public key pkey_str = root.public_key.to_s cert_dgst = algo.digest(pkey_str) # now compare the two digests, raise exception # if they don't match raise exc, "%s: %s (saved = '%s', root = '%s')" % [ 'Invalid Signing Chain Root', "Saved checksum doesn't match root checksum", save_dgst, cert_dgst, ] unless save_dgst == cert_dgst end end # return the signing chain chain.map { |cert| cert.subject } end end |