Class: Gem::Security::Policy

Inherits:
Object
  • Object
show all
Defined in:
lib/rubygems/security/policy.rb,
lib/rubygems/install_update_options.rb

Overview

:nodoc:

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name, policy = {}, opt = {}) ⇒ Policy

Create a new Gem::Security::Policy object with the given mode and options.



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/rubygems/security/policy.rb', line 22

def initialize name, policy = {}, opt = {}
  @name = name

  @opt = opt

  # Default to security
  @only_signed   = true
  @only_trusted  = true
  @verify_chain  = true
  @verify_data   = true
  @verify_root   = true
  @verify_signer = true

  policy.each_pair do |key, val|
    case key
    when :verify_data   then @verify_data   = val
    when :verify_signer then @verify_signer = val
    when :verify_chain  then @verify_chain  = val
    when :verify_root   then @verify_root   = val
    when :only_trusted  then @only_trusted  = val
    when :only_signed   then @only_signed   = val
    end
  end
end

Instance Attribute Details

#nameObject (readonly) Also known as: to_s

Returns the value of attribute name



9
10
11
 
# File 'lib/rubygems/security/policy.rb', line 9

def name
  @name
end

#only_signedObject

Returns the value of attribute only_signed



11
12
13
 
# File 'lib/rubygems/security/policy.rb', line 11

def only_signed
  @only_signed
end

#only_trustedObject

Returns the value of attribute only_trusted



12
13
14
 
# File 'lib/rubygems/security/policy.rb', line 12

def only_trusted
  @only_trusted
end

#verify_chainObject

Returns the value of attribute verify_chain



13
14
15
 
# File 'lib/rubygems/security/policy.rb', line 13

def verify_chain
  @verify_chain
end

#verify_dataObject

Returns the value of attribute verify_data



14
15
16
 
# File 'lib/rubygems/security/policy.rb', line 14

def verify_data
  @verify_data
end

#verify_rootObject

Returns the value of attribute verify_root



15
16
17
 
# File 'lib/rubygems/security/policy.rb', line 15

def verify_root
  @verify_root
end

#verify_signerObject

Returns the value of attribute verify_signer



16
17
18
 
# File 'lib/rubygems/security/policy.rb', line 16

def verify_signer
  @verify_signer
end

Instance Method Details

#check_cert(signer, issuer, time) ⇒ Object

Ensures that signer is valid for time and was signed by the issuer. If the issuer is nil no verification is performed.

Raises:



81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/rubygems/security/policy.rb', line 81

def check_cert signer, issuer, time
  raise Gem::Security::Exception, 'missing signing certificate' unless
    signer

  message = "certificate #{signer.subject}"

  if not_before = signer.not_before and not_before > time then
    raise Gem::Security::Exception,
          "#{message} not valid before #{not_before}"
  end

  if not_after = signer.not_after and not_after < time then
    raise Gem::Security::Exception, "#{message} not valid after #{not_after}"
  end

  if issuer and not signer.verify issuer.public_key then
    raise Gem::Security::Exception,
          "#{message} was not issued by #{issuer.subject}"
  end

  true
end

#check_chain(chain, time) ⇒ Object

Verifies each certificate in chain has signed the following certificate and is valid for the given time.

Raises:



51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/rubygems/security/policy.rb', line 51

def check_chain chain, time
  raise Gem::Security::Exception, 'missing signing chain' unless chain
  raise Gem::Security::Exception, 'empty signing chain' if chain.empty?

  begin
    chain.each_cons 2 do |issuer, cert|
      check_cert cert, issuer, time
    end

    true
  rescue Gem::Security::Exception => e
    raise Gem::Security::Exception, "invalid signing chain: #{e.message}"
  end
end

#check_data(public_key, digest, signature, data) ⇒ Object

Verifies that data matches the signature created by public_key and the digest algorithm.

Raises:



70
71
72
73
74
75
 
# File 'lib/rubygems/security/policy.rb', line 70

def check_data public_key, digest, signature, data
  raise Gem::Security::Exception, "invalid signature" unless
    public_key.verify digest.new, signature, data.digest

  true
end

#check_key(signer, key) ⇒ Object

Ensures the public key of key matches the public key in signer

Raises:



107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/rubygems/security/policy.rb', line 107

def check_key signer, key
  unless signer and key then
    return true unless @only_signed

    raise Gem::Security::Exception, 'missing key or signature'
  end

  raise Gem::Security::Exception,
    "certificate #{signer.subject} does not match the signing key" unless
      signer.public_key.to_pem == key.public_key.to_pem

  true
end

#check_root(chain, time) ⇒ Object

Ensures the root certificate in chain is self-signed and valid for time.

Raises:



125
126
127
128
129
130
131
132
133
134
135
136
137
138
 
# File 'lib/rubygems/security/policy.rb', line 125

def check_root chain, time
  raise Gem::Security::Exception, 'missing signing chain' unless chain

  root = chain.first

  raise Gem::Security::Exception, 'missing root certificate' unless root

  raise Gem::Security::Exception,
        "root certificate #{root.subject} is not self-signed " +
        "(issuer #{root.issuer})" if
    root.issuer.to_s != root.subject.to_s # HACK to_s is for ruby 1.8

  check_cert root, root, time
end

#check_trust(chain, digester, trust_dir) ⇒ Object

Ensures the root of chain has a trusted certificate in trust_dir and the digests of the two certificates match according to digester

Raises:



144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
# File 'lib/rubygems/security/policy.rb', line 144

def check_trust chain, digester, trust_dir
  raise Gem::Security::Exception, 'missing signing chain' unless chain

  root = chain.first

  raise Gem::Security::Exception, 'missing root certificate' unless root

  path = Gem::Security.trust_dir.cert_path root

  unless File.exist? path then
    message = "root cert #{root.subject} is not trusted"

    message << " (root of signing cert #{chain.last.subject})" if
      chain.length > 1

    raise Gem::Security::Exception, message
  end

  save_cert = OpenSSL::X509::Certificate.new File.read path
  save_dgst = digester.digest save_cert.public_key.to_s

  pkey_str = root.public_key.to_s
  cert_dgst = digester.digest pkey_str

  raise Gem::Security::Exception,
        "trusted root certificate #{root.subject} checksum " +
        "does not match signing root certificate checksum" unless
    save_dgst == cert_dgst

  true
end

#inspectObject

:nodoc:



176
177
178
179
180
181
182
 
# File 'lib/rubygems/security/policy.rb', line 176

def inspect # :nodoc:
  ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
   "signed-only: %p trusted-only: %p]") % [
    @name, @verify_chain, @verify_data, @verify_root, @verify_signer,
    @only_signed, @only_trusted,
  ]
end

#verify(chain, key = nil, digests = {}, signatures = {}) ⇒ Object

Verifies the certificate chain is valid, the digests match the signatures signatures created by the signer depending on the policy settings.

If key is given it is used to validate the signing certificate.



191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
 
# File 'lib/rubygems/security/policy.rb', line 191

def verify chain, key = nil, digests = {}, signatures = {}
  if @only_signed and signatures.empty? then
    raise Gem::Security::Exception,
      "unsigned gems are not allowed by the #{name} policy"
  end

  opt       = @opt
  digester  = Gem::Security::DIGEST_ALGORITHM
  trust_dir = opt[:trust_dir]
  time      = Time.now

  _, signer_digests = digests.find do |algorithm, file_digests|
    file_digests.values.first.name == Gem::Security::DIGEST_NAME
  end

  if @verify_data then
    raise Gem::Security::Exception, 'no digests provided (probable bug)' if
      signer_digests.nil? or signer_digests.empty?
  else
    signer_digests = {}
  end

  signer = chain.last

  check_key signer, key if key

  check_cert signer, nil, time if @verify_signer

  check_chain chain, time if @verify_chain

  check_root chain, time if @verify_root

  check_trust chain, digester, trust_dir if @only_trusted

  signatures.each do |file, _|
    digest = signer_digests[file]

    raise Gem::Security::Exception, "missing digest for #{file}" unless
      digest
  end

  signer_digests.each do |file, digest|
    signature = signatures[file]

    raise Gem::Security::Exception, "missing signature for #{file}" unless
      signature

    check_data signer.public_key, digester, signature, digest if @verify_data
  end

  true
end

#verify_signatures(spec, digests, signatures) ⇒ Object

Extracts the certificate chain from the spec and calls #verify to ensure the signatures and certificate chain is valid according to the policy..



248
249
250
251
252
253
254
255
256
 
# File 'lib/rubygems/security/policy.rb', line 248

def verify_signatures spec, digests, signatures
  chain = spec.cert_chain.map do |cert_pem|
    OpenSSL::X509::Certificate.new cert_pem
  end

  verify chain, nil, digests, signatures

  true
end