Class: Gem::Security::TrustDir
- Inherits:
-
Object
- Object
- Gem::Security::TrustDir
- Defined in:
- lib/rubygems/security/trust_dir.rb
Constant Summary collapse
- DEFAULT_PERMISSIONS =
{ :trust_dir => 0700, :trusted_cert => 0600, }
Instance Attribute Summary collapse
-
#dir ⇒ Object
readonly
Returns the value of attribute dir.
Instance Method Summary collapse
-
#cert_path(certificate) ⇒ Object
Returns the path to the trusted
certificate
. -
#each_certificate ⇒ Object
Enumerates trusted certificates.
-
#initialize(dir, permissions = DEFAULT_PERMISSIONS) ⇒ TrustDir
constructor
A new instance of TrustDir.
-
#issuer_of(certificate) ⇒ Object
Returns the issuer certificate of the given
certificate
if it exists in the trust directory. -
#load_certificate(certificate_file) ⇒ Object
Loads the given
certificate_file
. -
#name_path(name) ⇒ Object
Returns the path to the trusted certificate with the given ASN.1
name
. -
#trust_cert(certificate) ⇒ Object
Add a certificate to trusted certificate list.
-
#verify ⇒ Object
Make sure the trust directory exists.
Constructor Details
#initialize(dir, permissions = DEFAULT_PERMISSIONS) ⇒ TrustDir
Returns a new instance of TrustDir.
8 9 10 11 12 13 |
# File 'lib/rubygems/security/trust_dir.rb', line 8 def initialize dir, = DEFAULT_PERMISSIONS @dir = dir @permissions = @digester = Gem::Security::DIGEST_ALGORITHM end |
Instance Attribute Details
#dir ⇒ Object (readonly)
Returns the value of attribute dir
15 16 17 |
# File 'lib/rubygems/security/trust_dir.rb', line 15 def dir @dir end |
Instance Method Details
#cert_path(certificate) ⇒ Object
Returns the path to the trusted certificate
20 21 22 |
# File 'lib/rubygems/security/trust_dir.rb', line 20 def cert_path certificate name_path certificate.subject end |
#each_certificate ⇒ Object
Enumerates trusted certificates.
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/rubygems/security/trust_dir.rb', line 27 def each_certificate return enum_for __method__ unless block_given? glob = File.join @dir, '*.pem' Dir[glob].each do |certificate_file| begin certificate = load_certificate certificate_file yield certificate, certificate_file rescue OpenSSL::X509::CertificateError next # HACK warn end end end |
#issuer_of(certificate) ⇒ Object
Returns the issuer certificate of the given certificate
if it exists in the trust directory.
47 48 49 50 51 52 53 |
# File 'lib/rubygems/security/trust_dir.rb', line 47 def issuer_of certificate path = name_path certificate.issuer return unless File.exist? path load_certificate path end |
#load_certificate(certificate_file) ⇒ Object
Loads the given certificate_file
67 68 69 70 71 |
# File 'lib/rubygems/security/trust_dir.rb', line 67 def load_certificate certificate_file pem = File.read certificate_file OpenSSL::X509::Certificate.new pem end |
#name_path(name) ⇒ Object
Returns the path to the trusted certificate with the given ASN.1 name
58 59 60 61 62 |
# File 'lib/rubygems/security/trust_dir.rb', line 58 def name_path name digest = @digester.hexdigest name.to_s File.join @dir, "cert-#{digest}.pem" end |
#trust_cert(certificate) ⇒ Object
Add a certificate to trusted certificate list.
76 77 78 79 80 81 82 83 84 |
# File 'lib/rubygems/security/trust_dir.rb', line 76 def trust_cert certificate verify destination = cert_path certificate open destination, 'wb', @permissions[:trusted_cert] do |io| io.write certificate.to_pem end end |
#verify ⇒ Object
Make sure the trust directory exists. If it does exist, make sure it’s actually a directory. If not, then create it with the appropriate permissions.
91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/rubygems/security/trust_dir.rb', line 91 def verify if File.exist? @dir then raise Gem::Security::Exception, "trust directory #{@dir} is not a directory" unless File.directory? @dir FileUtils.chmod 0700, @dir else FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir] end end |