Class: Gem::Security::TrustDir

Inherits:

Object

• Object
• Gem::Security::TrustDir

Defined in:

lib/rubygems/security/trust_dir.rb

Constant Summary

DEFAULT_PERMISSIONS =

{
  :trust_dir    => 0700,
  :trusted_cert => 0600,
}

Instance Attribute Summary

• #dir ⇒ Object readonly

  Returns the value of attribute dir.

Instance Method Summary

• #cert_path(certificate) ⇒ Object

  Returns the path to the trusted certificate.

• #each_certificate ⇒ Object

  Enumerates trusted certificates.

• #initialize(dir, permissions = DEFAULT_PERMISSIONS) ⇒ TrustDir constructor

  A new instance of TrustDir.

• #issuer_of(certificate) ⇒ Object

  Returns the issuer certificate of the given certificate if it exists in the trust directory.

• #load_certificate(certificate_file) ⇒ Object

  Loads the given certificate_file.

• #name_path(name) ⇒ Object

  Returns the path to the trusted certificate with the given ASN.1 name.

• #trust_cert(certificate) ⇒ Object

  Add a certificate to trusted certificate list.

• #verify ⇒ Object

  Make sure the trust directory exists.

Constructor Details

#initialize(dir, permissions = DEFAULT_PERMISSIONS) ⇒ TrustDir

Returns a new instance of TrustDir.

# File 'lib/rubygems/security/trust_dir.rb', line 8

def initialize dir, permissions = DEFAULT_PERMISSIONS
  @dir = dir
  @permissions = permissions

  @digester = Gem::Security::DIGEST_ALGORITHM
end

Instance Attribute Details

#dir ⇒ Object (readonly)

Returns the value of attribute dir

# File 'lib/rubygems/security/trust_dir.rb', line 15

def dir
  @dir
end

Instance Method Details

#cert_path(certificate) ⇒ Object

Returns the path to the trusted certificate

# File 'lib/rubygems/security/trust_dir.rb', line 20

def cert_path certificate
  name_path certificate.subject
end

#each_certificate ⇒ Object

Enumerates trusted certificates.

# File 'lib/rubygems/security/trust_dir.rb', line 27

def each_certificate
  return enum_for __method__ unless block_given?

  glob = File.join @dir, '*.pem'

  Dir[glob].each do |certificate_file|
    begin
      certificate = load_certificate certificate_file

      yield certificate, certificate_file
    rescue OpenSSL::X509::CertificateError
      next # HACK warn
    end
  end
end

#issuer_of(certificate) ⇒ Object

Returns the issuer certificate of the given certificate if it exists in the trust directory.

# File 'lib/rubygems/security/trust_dir.rb', line 47

def issuer_of certificate
  path = name_path certificate.issuer

  return unless File.exist? path

  load_certificate path
end

#load_certificate(certificate_file) ⇒ Object

Loads the given certificate_file

# File 'lib/rubygems/security/trust_dir.rb', line 67

def load_certificate certificate_file
  pem = File.read certificate_file

  OpenSSL::X509::Certificate.new pem
end

#name_path(name) ⇒ Object

Returns the path to the trusted certificate with the given ASN.1 name

# File 'lib/rubygems/security/trust_dir.rb', line 58

def name_path name
  digest = @digester.hexdigest name.to_s

  File.join @dir, "cert-#{digest}.pem"
end

#trust_cert(certificate) ⇒ Object

Add a certificate to trusted certificate list.

# File 'lib/rubygems/security/trust_dir.rb', line 76

def trust_cert certificate
  verify

  destination = cert_path certificate

  open destination, 'wb', @permissions[:trusted_cert] do |io|
    io.write certificate.to_pem
  end
end

#verify ⇒ Object

Make sure the trust directory exists. If it does exist, make sure it’s actually a directory. If not, then create it with the appropriate permissions.

# File 'lib/rubygems/security/trust_dir.rb', line 91

def verify
  if File.exist? @dir then
    raise Gem::Security::Exception,
      "trust directory #{@dir} is not a directory" unless
        File.directory? @dir

    FileUtils.chmod 0700, @dir
  else
    FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir]
  end
end