Class: Gem::Commands::CertCommand
- Inherits:
-
Gem::Command
- Object
- Gem::Command
- Gem::Commands::CertCommand
- Defined in:
- lib/rubygems/commands/cert_command.rb
Instance Attribute Summary
Attributes inherited from Gem::Command
#command, #defaults, #options, #program_name, #summary
Instance Method Summary collapse
-
#add_certificate(certificate) ⇒ Object
:nodoc:.
- #build(name) ⇒ Object
-
#build_cert(name, key) ⇒ Object
:nodoc:.
-
#build_key ⇒ Object
:nodoc:.
- #certificates_matching(filter) ⇒ Object
-
#description ⇒ Object
:nodoc:.
- #execute ⇒ Object
-
#initialize ⇒ CertCommand
constructor
A new instance of CertCommand.
-
#list_certificates_matching(filter) ⇒ Object
:nodoc:.
- #load_default_cert ⇒ Object
- #load_default_key ⇒ Object
-
#load_defaults ⇒ Object
:nodoc:.
-
#remove_certificates_matching(filter) ⇒ Object
:nodoc:.
- #sign(cert_file) ⇒ Object
-
#sign_certificates ⇒ Object
:nodoc:.
Methods inherited from Gem::Command
add_common_option, #add_extra_args, #add_option, add_specific_extra_args, #arguments, #begins?, build_args, build_args=, common_options, #defaults_str, extra_args, extra_args=, #get_all_gem_names, #get_all_gem_names_and_versions, #get_one_gem_name, #get_one_optional_argument, #handle_options, #handles?, #invoke, #invoke_with_build_args, #merge_options, #remove_option, #show_help, #show_lookup_failure, specific_extra_args, specific_extra_args_hash, #usage, #when_invoked
Methods included from UserInteraction
#alert, #alert_error, #alert_warning, #ask, #ask_for_password, #ask_yes_no, #choose_from_list, #say, #terminate_interaction, #verbose
Methods included from DefaultUserInteraction
ui, #ui, ui=, #ui=, use_ui, #use_ui
Constructor Details
#initialize ⇒ CertCommand
Returns a new instance of CertCommand.
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/rubygems/commands/cert_command.rb', line 13 def initialize super 'cert', 'Manage RubyGems certificates and signing settings', :add => [], :remove => [], :list => [], :build => [], :sign => [] OptionParser.accept OpenSSL::X509::Certificate do |certificate| begin OpenSSL::X509::Certificate.new File.read certificate rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{certificate}: does not exist" rescue OpenSSL::X509::CertificateError raise OptionParser::InvalidArgument, "#{certificate}: invalid X509 certificate" end end OptionParser.accept OpenSSL::PKey::RSA do |key_file| begin passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::RSAError raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key" end raise OptionParser::InvalidArgument, "#{key_file}: private key not found" unless key.private? key end add_option('-a', '--add CERT', OpenSSL::X509::Certificate, 'Add a trusted certificate.') do |cert, | [:add] << cert end add_option('-l', '--list [FILTER]', 'List trusted certificates where the', 'subject contains FILTER') do |filter, | filter ||= '' [:list] << filter end add_option('-r', '--remove FILTER', 'Remove trusted certificates where the', 'subject contains FILTER') do |filter, | [:remove] << filter end add_option('-b', '--build EMAIL_ADDR', 'Build private key and self-signed', 'certificate for EMAIL_ADDR') do |email_address, | [:build] << email_address end add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate, 'Signing certificate for --sign') do |cert, | [:issuer_cert] = cert end add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA, 'Key for --sign or --build') do |key, | [:key] = key end add_option('-s', '--sign CERT', 'Signs CERT with the key from -K', 'and the certificate from -C') do |cert_file, | raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless File.file? cert_file [:sign] << cert_file end end |
Instance Method Details
#add_certificate(certificate) ⇒ Object
:nodoc:
89 90 91 92 93 |
# File 'lib/rubygems/commands/cert_command.rb', line 89 def add_certificate certificate # :nodoc: Gem::Security.trust_dir.trust_cert certificate say "Added '#{certificate.subject}'" end |
#build(name) ⇒ Object
115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/rubygems/commands/cert_command.rb', line 115 def build name key, key_path = build_key cert_path = build_cert name, key say "Certificate: #{cert_path}" if key_path say "Private Key: #{key_path}" say "Don't forget to move the key file to somewhere private!" end end |
#build_cert(name, key) ⇒ Object
:nodoc:
127 128 129 130 |
# File 'lib/rubygems/commands/cert_command.rb', line 127 def build_cert name, key # :nodoc: cert = Gem::Security.create_cert_email name, key Gem::Security.write cert, "gem-public_cert.pem" end |
#build_key ⇒ Object
:nodoc:
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
# File 'lib/rubygems/commands/cert_command.rb', line 132 def build_key # :nodoc: return [:key] if [:key] passphrase = ask_for_password 'Passphrase for your Private Key:' say "\n" passphrase_confirmation = ask_for_password 'Please repeat the passphrase for your Private Key:' say "\n" raise Gem::CommandLineError, "Passphrase and passphrase confirmation don't match" unless passphrase == passphrase_confirmation key = Gem::Security.create_key key_path = Gem::Security.write key, "gem-private_key.pem", 0600, passphrase return key, key_path end |
#certificates_matching(filter) ⇒ Object
150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'lib/rubygems/commands/cert_command.rb', line 150 def certificates_matching filter return enum_for __method__, filter unless block_given? Gem::Security.trusted_certificates.select do |certificate, _| subject = certificate.subject.to_s subject.downcase.index filter end.sort_by do |certificate, _| certificate.subject.to_a.map { |name, data,| [name, data] } end.each do |certificate, path| yield certificate, path end end |
#description ⇒ Object
:nodoc:
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 |
# File 'lib/rubygems/commands/cert_command.rb', line 163 def description # :nodoc: <<-EOF The cert command manages signing keys and certificates for creating signed gems. Your signing certificate and private key are typically stored in ~/.gem/gem-public_cert.pem and ~/.gem/gem-private_key.pem respectively. To build a certificate for signing gems: gem cert --build you@example If you already have an RSA key, or are creating a new certificate for an existing key: gem cert --build you@example --private-key /path/to/key.pem If you wish to trust a certificate you can add it to the trust list with: gem cert --add /path/to/cert.pem You can list trusted certificates with: gem cert --list or: gem cert --list cert_subject_substring If you wish to remove a previously trusted certificate: gem cert --remove cert_subject_substring To sign another gem author's certificate: gem cert --sign /path/to/other_cert.pem For further reading on signing gems see `ri Gem::Security`. EOF end |
#execute ⇒ Object
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'lib/rubygems/commands/cert_command.rb', line 95 def execute [:add].each do |certificate| add_certificate certificate end [:remove].each do |filter| remove_certificates_matching filter end [:list].each do |filter| list_certificates_matching filter end [:build].each do |name| build name end sign_certificates unless [:sign].empty? end |
#list_certificates_matching(filter) ⇒ Object
:nodoc:
202 203 204 205 206 207 |
# File 'lib/rubygems/commands/cert_command.rb', line 202 def list_certificates_matching filter # :nodoc: certificates_matching filter do |certificate, _| # this could probably be formatted more gracefully say certificate.subject.to_s end end |
#load_default_cert ⇒ Object
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 |
# File 'lib/rubygems/commands/cert_command.rb', line 209 def load_default_cert cert_file = File.join Gem.default_cert_path cert = File.read cert_file [:issuer_cert] = OpenSSL::X509::Certificate.new cert rescue Errno::ENOENT alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist" terminate_interaction 1 rescue OpenSSL::X509::CertificateError alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid" terminate_interaction 1 end |
#load_default_key ⇒ Object
225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 |
# File 'lib/rubygems/commands/cert_command.rb', line 225 def load_default_key key_file = File.join Gem.default_key_path key = File.read key_file passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE'] [:key] = OpenSSL::PKey::RSA.new key, passphrase rescue Errno::ENOENT alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem does not exist" terminate_interaction 1 rescue OpenSSL::PKey::RSAError alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem is not valid" terminate_interaction 1 end |
#load_defaults ⇒ Object
:nodoc:
242 243 244 245 |
# File 'lib/rubygems/commands/cert_command.rb', line 242 def load_defaults # :nodoc: load_default_cert unless [:issuer_cert] load_default_key unless [:key] end |
#remove_certificates_matching(filter) ⇒ Object
:nodoc:
247 248 249 250 251 252 |
# File 'lib/rubygems/commands/cert_command.rb', line 247 def remove_certificates_matching filter # :nodoc: certificates_matching filter do |certificate, path| FileUtils.rm path say "Removed '#{certificate.subject}'" end end |
#sign(cert_file) ⇒ Object
254 255 256 257 258 259 260 261 262 263 264 265 266 |
# File 'lib/rubygems/commands/cert_command.rb', line 254 def sign cert_file cert = File.read cert_file cert = OpenSSL::X509::Certificate.new cert = File.stat(cert_file).mode & 0777 issuer_cert = [:issuer_cert] issuer_key = [:key] cert = Gem::Security.sign cert, issuer_key, issuer_cert Gem::Security.write cert, cert_file, end |
#sign_certificates ⇒ Object
:nodoc:
268 269 270 271 272 273 274 |
# File 'lib/rubygems/commands/cert_command.rb', line 268 def sign_certificates # :nodoc: load_defaults unless [:sign].empty? [:sign].each do |cert_file| sign cert_file end end |