Class: Gem::Security::Policy
- Inherits:
-
Object
- Object
- Gem::Security::Policy
- Defined in:
- lib/rubygems/security.rb,
lib/rubygems/install_update_options.rb
Overview
:nodoc:
Instance Attribute Summary collapse
-
#only_signed ⇒ Object
Returns the value of attribute only_signed.
-
#only_trusted ⇒ Object
Returns the value of attribute only_trusted.
-
#verify_chain ⇒ Object
Returns the value of attribute verify_chain.
-
#verify_data ⇒ Object
Returns the value of attribute verify_data.
-
#verify_root ⇒ Object
Returns the value of attribute verify_root.
-
#verify_signer ⇒ Object
Returns the value of attribute verify_signer.
Class Method Summary collapse
-
.trusted_cert_path(cert, opt = {}) ⇒ Object
Get the path to the file for this cert.
Instance Method Summary collapse
-
#initialize(policy = {}, opt = {}) ⇒ Policy
constructor
Create a new Gem::Security::Policy object with the given mode and options.
-
#verify_gem(signature, data, chain, time = Time.now) ⇒ Object
Verify that the gem data with the given signature and signing chain matched this security policy at the specified time.
Constructor Details
#initialize(policy = {}, opt = {}) ⇒ Policy
Create a new Gem::Security::Policy object with the given mode and options.
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 |
# File 'lib/rubygems/security.rb', line 414 def initialize(policy = {}, opt = {}) # set options @opt = Gem::Security::OPT.merge(opt) # build policy policy.each_pair do |key, val| case key when :verify_data then @verify_data = val when :verify_signer then @verify_signer = val when :verify_chain then @verify_chain = val when :verify_root then @verify_root = val when :only_trusted then @only_trusted = val when :only_signed then @only_signed = val end end end |
Instance Attribute Details
#only_signed ⇒ Object
Returns the value of attribute only_signed.
407 408 409 |
# File 'lib/rubygems/security.rb', line 407 def only_signed @only_signed end |
#only_trusted ⇒ Object
Returns the value of attribute only_trusted.
407 408 409 |
# File 'lib/rubygems/security.rb', line 407 def only_trusted @only_trusted end |
#verify_chain ⇒ Object
Returns the value of attribute verify_chain.
407 408 409 |
# File 'lib/rubygems/security.rb', line 407 def verify_chain @verify_chain end |
#verify_data ⇒ Object
Returns the value of attribute verify_data.
407 408 409 |
# File 'lib/rubygems/security.rb', line 407 def verify_data @verify_data end |
#verify_root ⇒ Object
Returns the value of attribute verify_root.
407 408 409 |
# File 'lib/rubygems/security.rb', line 407 def verify_root @verify_root end |
#verify_signer ⇒ Object
Returns the value of attribute verify_signer.
407 408 409 |
# File 'lib/rubygems/security.rb', line 407 def verify_signer @verify_signer end |
Class Method Details
.trusted_cert_path(cert, opt = {}) ⇒ Object
Get the path to the file for this cert.
434 435 436 437 438 439 440 441 442 443 444 445 446 |
# File 'lib/rubygems/security.rb', line 434 def self.trusted_cert_path(cert, opt = {}) opt = Gem::Security::OPT.merge(opt) # get digest algorithm, calculate checksum of root.subject algo = opt[:dgst_algo] dgst = algo.hexdigest(cert.subject.to_s) # build path to trusted cert file name = "cert-#{dgst}.pem" # join and return path components File::join(opt[:trust_dir], name) end |
Instance Method Details
#verify_gem(signature, data, chain, time = Time.now) ⇒ Object
Verify that the gem data with the given signature and signing chain matched this security policy at the specified time.
452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 |
# File 'lib/rubygems/security.rb', line 452 def verify_gem(signature, data, chain, time = Time.now) Gem.ensure_ssl_available cert_class = OpenSSL::X509::Certificate exc = Gem::Security::Exception chain ||= [] chain = chain.map{ |str| cert_class.new(str) } signer, ch_len = chain[-1], chain.size # make sure signature is valid if @verify_data # get digest algorithm (TODO: this should be configurable) dgst = @opt[:dgst_algo] # verify the data signature (this is the most important part, so don't # screw it up :D) v = signer.public_key.verify(dgst.new, signature, data) raise exc, "Invalid Gem Signature" unless v # make sure the signer is valid if @verify_signer # make sure the signing cert is valid right now v = signer.check_validity(nil, time) raise exc, "Invalid Signature: #{v[:desc]}" unless v[:is_valid] end end # make sure the certificate chain is valid if @verify_chain # iterate down over the chain and verify each certificate against it's # issuer (ch_len - 1).downto(1) do |i| issuer, cert = chain[i - 1, 2] v = cert.check_validity(issuer, time) raise exc, "%s: cert = '%s', error = '%s'" % [ 'Invalid Signing Chain', cert.subject, v[:desc] ] unless v[:is_valid] end # verify root of chain if @verify_root # make sure root is self-signed root = chain[0] raise exc, "%s: %s (subject = '%s', issuer = '%s')" % [ 'Invalid Signing Chain Root', 'Subject does not match Issuer for Gem Signing Chain', root.subject.to_s, root.issuer.to_s, ] unless root.issuer.to_s == root.subject.to_s # make sure root is valid v = root.check_validity(root, time) raise exc, "%s: cert = '%s', error = '%s'" % [ 'Invalid Signing Chain Root', root.subject, v[:desc] ] unless v[:is_valid] # verify that the chain root is trusted if @only_trusted # get digest algorithm, calculate checksum of root.subject algo = @opt[:dgst_algo] path = Gem::Security::Policy.trusted_cert_path(root, @opt) # check to make sure trusted path exists raise exc, "%s: cert = '%s', error = '%s'" % [ 'Untrusted Signing Chain Root', root.subject.to_s, "path \"#{path}\" does not exist", ] unless File.exist?(path) # load calculate digest from saved cert file save_cert = OpenSSL::X509::Certificate.new(File.read(path)) save_dgst = algo.digest(save_cert.public_key.to_s) # create digest of public key pkey_str = root.public_key.to_s cert_dgst = algo.digest(pkey_str) # now compare the two digests, raise exception # if they don't match raise exc, "%s: %s (saved = '%s', root = '%s')" % [ 'Invalid Signing Chain Root', "Saved checksum doesn't match root checksum", save_dgst, cert_dgst, ] unless save_dgst == cert_dgst end end # return the signing chain chain.map { |cert| cert.subject } end end |