Class: Gem::Commands::CertCommand
- Inherits:
-
Gem::Command
- Object
- Gem::Command
- Gem::Commands::CertCommand
- Defined in:
- lib/rubygems/commands/cert_command.rb
Instance Attribute Summary
Attributes inherited from Gem::Command
#command, #defaults, #options, #program_name, #summary
Instance Method Summary collapse
- #build(name) ⇒ Object
- #certificates_matching(filter) ⇒ Object
-
#description ⇒ Object
:nodoc:.
- #execute ⇒ Object
-
#initialize ⇒ CertCommand
constructor
A new instance of CertCommand.
- #load_default_cert ⇒ Object
- #load_default_key ⇒ Object
- #sign(cert_file) ⇒ Object
Methods inherited from Gem::Command
add_common_option, #add_extra_args, #add_option, add_specific_extra_args, #arguments, #begins?, build_args, build_args=, common_options, #defaults_str, extra_args, extra_args=, #get_all_gem_names, #get_all_gem_names_and_versions, #get_one_gem_name, #get_one_optional_argument, #handle_options, #handles?, #invoke, #invoke_with_build_args, #merge_options, #remove_option, #show_help, #show_lookup_failure, specific_extra_args, specific_extra_args_hash, #usage, #when_invoked
Methods included from UserInteraction
#alert, #alert_error, #alert_warning, #ask, #ask_for_password, #ask_yes_no, #choose_from_list, #say, #terminate_interaction
Methods included from DefaultUserInteraction
ui, #ui, ui=, #ui=, use_ui, #use_ui
Constructor Details
#initialize ⇒ CertCommand
Returns a new instance of CertCommand.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
# File 'lib/rubygems/commands/cert_command.rb', line 6 def initialize super 'cert', 'Manage RubyGems certificates and signing settings', :add => [], :remove => [], :list => [], :build => [], :sign => [] OptionParser.accept OpenSSL::X509::Certificate do |certificate| begin OpenSSL::X509::Certificate.new File.read certificate rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{certificate}: does not exist" rescue OpenSSL::X509::CertificateError raise OptionParser::InvalidArgument, "#{certificate}: invalid X509 certificate" end end OptionParser.accept OpenSSL::PKey::RSA do |key_file| begin key = OpenSSL::PKey::RSA.new File.read key_file rescue Errno::ENOENT raise OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::RSAError raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key" end raise OptionParser::InvalidArgument, "#{key_file}: private key not found" unless key.private? key end add_option('-a', '--add CERT', OpenSSL::X509::Certificate, 'Add a trusted certificate.') do |cert, | [:add] << cert end add_option('-l', '--list [FILTER]', 'List trusted certificates where the', 'subject contains FILTER') do |filter, | filter ||= '' [:list] << filter end add_option('-r', '--remove FILTER', 'Remove trusted certificates where the', 'subject contains FILTER') do |filter, | [:remove] << filter end add_option('-b', '--build EMAIL_ADDR', 'Build private key and self-signed', 'certificate for EMAIL_ADDR') do |email_address, | [:build] << email_address end add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate, 'Signing certificate for --sign') do |cert, | [:issuer_cert] = cert end add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA, 'Key for --sign or --build') do |key, | [:key] = key end add_option('-s', '--sign CERT', 'Signs CERT with the key from -K', 'and the certificate from -C') do |cert_file, | raise OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless File.file? cert_file [:sign] << cert_file end end |
Instance Method Details
#build(name) ⇒ Object
116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/rubygems/commands/cert_command.rb', line 116 def build name key = [:key] || Gem::Security.create_key cert = Gem::Security.create_cert_email name, key key_path = Gem::Security.write key, "gem-private_key.pem" cert_path = Gem::Security.write cert, "gem-public_cert.pem" say "Certificate: #{cert_path}" say "Private Key: #{key_path}" say "Don't forget to move the key file to somewhere private!" end |
#certificates_matching(filter) ⇒ Object
129 130 131 132 133 134 135 136 137 138 139 140 |
# File 'lib/rubygems/commands/cert_command.rb', line 129 def certificates_matching filter return enum_for __method__, filter unless block_given? Gem::Security.trusted_certificates.select do |certificate, _| subject = certificate.subject.to_s subject.downcase.index filter end.sort_by do |certificate, _| certificate.subject.to_a.map { |name, data,| [name, data] } end.each do |certificate, path| yield certificate, path end end |
#description ⇒ Object
:nodoc:
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 |
# File 'lib/rubygems/commands/cert_command.rb', line 142 def description # :nodoc: <<-EOF The cert command manages signing keys and certificates for creating signed gems. Your signing certificate and private key are typically stored in ~/.gem/gem-public_cert.pem and ~/.gem/gem-private_key.pem respectively. To build a certificate for signing gems: gem cert --build you@example If you already have an RSA key, or are creating a new certificate for an existing key: gem cert --build you@example --private-key /path/to/key.pem If you wish to trust a certificate you can add it to the trust list with: gem cert --add /path/to/cert.pem You can list trusted certificates with: gem cert --list or: gem cert --list cert_subject_substring If you wish to remove a previously trusted certificate: gem cert --remove cert_subject_substring To sign another gem author's certificate: gem cert --sign /path/to/other_cert.pem For further reading on signing gems see `ri Gem::Security`. EOF end |
#execute ⇒ Object
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/rubygems/commands/cert_command.rb', line 81 def execute [:add].each do |certificate| Gem::Security.trust_dir.trust_cert certificate say "Added '#{certificate.subject}'" end [:remove].each do |filter| certificates_matching filter do |certificate, path| FileUtils.rm path say "Removed '#{certificate.subject}'" end end [:list].each do |filter| certificates_matching filter do |certificate, _| # this could probably be formatted more gracefully say certificate.subject.to_s end end [:build].each do |name| build name end unless [:sign].empty? then load_default_cert unless [:issuer_cert] load_default_key unless [:key] end [:sign].each do |cert_file| sign cert_file end end |
#load_default_cert ⇒ Object
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 |
# File 'lib/rubygems/commands/cert_command.rb', line 181 def load_default_cert cert_file = File.join Gem.user_home, 'gem-public_cert.pem' cert = File.read cert_file [:issuer_cert] = OpenSSL::X509::Certificate.new cert rescue Errno::ENOENT alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist" terminate_interaction 1 rescue OpenSSL::X509::CertificateError alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid" terminate_interaction 1 end |
#load_default_key ⇒ Object
197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 |
# File 'lib/rubygems/commands/cert_command.rb', line 197 def load_default_key key_file = File.join Gem.user_home, 'gem-private_key.pem' key = File.read key_file [:key] = OpenSSL::PKey::RSA.new key rescue Errno::ENOENT alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem does not exist" terminate_interaction 1 rescue OpenSSL::PKey::RSAError alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem is not valid" terminate_interaction 1 end |
#sign(cert_file) ⇒ Object
213 214 215 216 217 218 219 220 221 222 223 224 225 |
# File 'lib/rubygems/commands/cert_command.rb', line 213 def sign cert_file cert = File.read cert_file cert = OpenSSL::X509::Certificate.new cert = File.stat(cert_file).mode & 0777 issuer_cert = [:issuer_cert] issuer_key = [:key] cert = Gem::Security.sign cert, issuer_key, issuer_cert Gem::Security.write cert, cert_file, end |