Class: Gem::Security::Policy
- Inherits:
-
Object
- Object
- Gem::Security::Policy
- Defined in:
- lib/rubygems/security/policy.rb,
lib/rubygems/install_update_options.rb
Overview
:nodoc:
Instance Attribute Summary collapse
-
#name ⇒ Object
(also: #to_s)
readonly
Returns the value of attribute name.
-
#only_signed ⇒ Object
Returns the value of attribute only_signed.
-
#only_trusted ⇒ Object
Returns the value of attribute only_trusted.
-
#verify_chain ⇒ Object
Returns the value of attribute verify_chain.
-
#verify_data ⇒ Object
Returns the value of attribute verify_data.
-
#verify_root ⇒ Object
Returns the value of attribute verify_root.
-
#verify_signer ⇒ Object
Returns the value of attribute verify_signer.
Instance Method Summary collapse
-
#check_cert(signer, issuer, time) ⇒ Object
Ensures that
signer
is valid fortime
and was signed by theissuer
. -
#check_chain(chain, time) ⇒ Object
Verifies each certificate in
chain
has signed the following certificate and is valid for the giventime
. -
#check_data(public_key, digest, signature, data) ⇒ Object
Verifies that
data
matches thesignature
created bypublic_key
and thedigest
algorithm. -
#check_key(signer, key) ⇒ Object
Ensures the public key of
key
matches the public key insigner
. -
#check_root(chain, time) ⇒ Object
Ensures the root certificate in
chain
is self-signed and valid fortime
. -
#check_trust(chain, digester, trust_dir) ⇒ Object
Ensures the root of
chain
has a trusted certificate intrust_dir
and the digests of the two certificates match according todigester
. -
#initialize(name, policy = {}, opt = {}) ⇒ Policy
constructor
Create a new Gem::Security::Policy object with the given mode and options.
-
#inspect ⇒ Object
:nodoc:.
-
#verify(chain, key = nil, digests = {}, signatures = {}) ⇒ Object
Verifies the certificate
chain
is valid, thedigests
match the signaturessignatures
created by the signer depending on thepolicy
settings. -
#verify_signatures(spec, digests, signatures) ⇒ Object
Extracts the certificate chain from the
spec
and calls #verify to ensure the signatures and certificate chain is valid according to the policy..
Constructor Details
#initialize(name, policy = {}, opt = {}) ⇒ Policy
Create a new Gem::Security::Policy object with the given mode and options.
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/rubygems/security/policy.rb', line 22 def initialize name, policy = {}, opt = {} require 'openssl' @name = name @opt = opt # Default to security @only_signed = true @only_trusted = true @verify_chain = true @verify_data = true @verify_root = true @verify_signer = true policy.each_pair do |key, val| case key when :verify_data then @verify_data = val when :verify_signer then @verify_signer = val when :verify_chain then @verify_chain = val when :verify_root then @verify_root = val when :only_trusted then @only_trusted = val when :only_signed then @only_signed = val end end end |
Instance Attribute Details
#name ⇒ Object (readonly) Also known as: to_s
Returns the value of attribute name.
9 10 11 |
# File 'lib/rubygems/security/policy.rb', line 9 def name @name end |
#only_signed ⇒ Object
Returns the value of attribute only_signed.
11 12 13 |
# File 'lib/rubygems/security/policy.rb', line 11 def only_signed @only_signed end |
#only_trusted ⇒ Object
Returns the value of attribute only_trusted.
12 13 14 |
# File 'lib/rubygems/security/policy.rb', line 12 def only_trusted @only_trusted end |
#verify_chain ⇒ Object
Returns the value of attribute verify_chain.
13 14 15 |
# File 'lib/rubygems/security/policy.rb', line 13 def verify_chain @verify_chain end |
#verify_data ⇒ Object
Returns the value of attribute verify_data.
14 15 16 |
# File 'lib/rubygems/security/policy.rb', line 14 def verify_data @verify_data end |
#verify_root ⇒ Object
Returns the value of attribute verify_root.
15 16 17 |
# File 'lib/rubygems/security/policy.rb', line 15 def verify_root @verify_root end |
#verify_signer ⇒ Object
Returns the value of attribute verify_signer.
16 17 18 |
# File 'lib/rubygems/security/policy.rb', line 16 def verify_signer @verify_signer end |
Instance Method Details
#check_cert(signer, issuer, time) ⇒ Object
Ensures that signer
is valid for time
and was signed by the issuer
. If the issuer
is nil
no verification is performed.
83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 |
# File 'lib/rubygems/security/policy.rb', line 83 def check_cert signer, issuer, time raise Gem::Security::Exception, 'missing signing certificate' unless signer = "certificate #{signer.subject}" if not_before = signer.not_before and not_before > time then raise Gem::Security::Exception, "#{message} not valid before #{not_before}" end if not_after = signer.not_after and not_after < time then raise Gem::Security::Exception, "#{message} not valid after #{not_after}" end if issuer and not signer.verify issuer.public_key then raise Gem::Security::Exception, "#{message} was not issued by #{issuer.subject}" end true end |
#check_chain(chain, time) ⇒ Object
Verifies each certificate in chain
has signed the following certificate and is valid for the given time
.
53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/rubygems/security/policy.rb', line 53 def check_chain chain, time raise Gem::Security::Exception, 'missing signing chain' unless chain raise Gem::Security::Exception, 'empty signing chain' if chain.empty? begin chain.each_cons 2 do |issuer, cert| check_cert cert, issuer, time end true rescue Gem::Security::Exception => e raise Gem::Security::Exception, "invalid signing chain: #{e.message}" end end |
#check_data(public_key, digest, signature, data) ⇒ Object
Verifies that data
matches the signature
created by public_key
and the digest
algorithm.
72 73 74 75 76 77 |
# File 'lib/rubygems/security/policy.rb', line 72 def check_data public_key, digest, signature, data raise Gem::Security::Exception, "invalid signature" unless public_key.verify digest.new, signature, data.digest true end |
#check_key(signer, key) ⇒ Object
Ensures the public key of key
matches the public key in signer
109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/rubygems/security/policy.rb', line 109 def check_key signer, key unless signer and key then return true unless @only_signed raise Gem::Security::Exception, 'missing key or signature' end raise Gem::Security::Exception, "certificate #{signer.subject} does not match the signing key" unless signer.public_key.to_pem == key.public_key.to_pem true end |
#check_root(chain, time) ⇒ Object
Ensures the root certificate in chain
is self-signed and valid for time
.
127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/rubygems/security/policy.rb', line 127 def check_root chain, time raise Gem::Security::Exception, 'missing signing chain' unless chain root = chain.first raise Gem::Security::Exception, 'missing root certificate' unless root raise Gem::Security::Exception, "root certificate #{root.subject} is not self-signed " + "(issuer #{root.issuer})" if root.issuer.to_s != root.subject.to_s # HACK to_s is for ruby 1.8 check_cert root, root, time end |
#check_trust(chain, digester, trust_dir) ⇒ Object
Ensures the root of chain
has a trusted certificate in trust_dir
and the digests of the two certificates match according to digester
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/rubygems/security/policy.rb', line 146 def check_trust chain, digester, trust_dir raise Gem::Security::Exception, 'missing signing chain' unless chain root = chain.first raise Gem::Security::Exception, 'missing root certificate' unless root path = Gem::Security.trust_dir.cert_path root unless File.exist? path then = "root cert #{root.subject} is not trusted" << " (root of signing cert #{chain.last.subject})" if chain.length > 1 raise Gem::Security::Exception, end save_cert = OpenSSL::X509::Certificate.new File.read path save_dgst = digester.digest save_cert.public_key.to_s pkey_str = root.public_key.to_s cert_dgst = digester.digest pkey_str raise Gem::Security::Exception, "trusted root certificate #{root.subject} checksum " + "does not match signing root certificate checksum" unless save_dgst == cert_dgst true end |
#inspect ⇒ Object
:nodoc:
178 179 180 181 182 183 184 |
# File 'lib/rubygems/security/policy.rb', line 178 def inspect # :nodoc: ("[Policy: %s - data: %p signer: %p chain: %p root: %p " + "signed-only: %p trusted-only: %p]") % [ @name, @verify_chain, @verify_data, @verify_root, @verify_signer, @only_signed, @only_trusted, ] end |
#verify(chain, key = nil, digests = {}, signatures = {}) ⇒ Object
Verifies the certificate chain
is valid, the digests
match the signatures signatures
created by the signer depending on the policy
settings.
If key
is given it is used to validate the signing certificate.
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 |
# File 'lib/rubygems/security/policy.rb', line 193 def verify chain, key = nil, digests = {}, signatures = {} if @only_signed and signatures.empty? then raise Gem::Security::Exception, "unsigned gems are not allowed by the #{name} policy" end opt = @opt digester = Gem::Security::DIGEST_ALGORITHM trust_dir = opt[:trust_dir] time = Time.now _, signer_digests = digests.find do |algorithm, file_digests| file_digests.values.first.name == Gem::Security::DIGEST_NAME end if @verify_data then raise Gem::Security::Exception, 'no digests provided (probable bug)' if signer_digests.nil? or signer_digests.empty? else signer_digests = {} end signer = chain.last check_key signer, key if key check_cert signer, nil, time if @verify_signer check_chain chain, time if @verify_chain check_root chain, time if @verify_root check_trust chain, digester, trust_dir if @only_trusted signatures.each do |file, _| digest = signer_digests[file] raise Gem::Security::Exception, "missing digest for #{file}" unless digest end signer_digests.each do |file, digest| signature = signatures[file] raise Gem::Security::Exception, "missing signature for #{file}" unless signature check_data signer.public_key, digester, signature, digest if @verify_data end true end |
#verify_signatures(spec, digests, signatures) ⇒ Object
Extracts the certificate chain from the spec
and calls #verify to ensure the signatures and certificate chain is valid according to the policy..
250 251 252 253 254 255 256 257 258 |
# File 'lib/rubygems/security/policy.rb', line 250 def verify_signatures spec, digests, signatures chain = spec.cert_chain.map do |cert_pem| OpenSSL::X509::Certificate.new cert_pem end verify chain, nil, digests, signatures true end |