- B
- C
- E
- L
- N
- O
- R
- S
Class Public methods
new() Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 7 def initialize super "cert", "Manage RubyGems certificates and signing settings", add: [], remove: [], list: [], build: [], sign: [] add_option("-a", "--add CERT", "Add a trusted certificate.") do |cert_file, options| options[:add] << open_cert(cert_file) end add_option("-l", "--list [FILTER]", "List trusted certificates where the", "subject contains FILTER") do |filter, options| filter ||= "" options[:list] << filter end add_option("-r", "--remove FILTER", "Remove trusted certificates where the", "subject contains FILTER") do |filter, options| options[:remove] << filter end add_option("-b", "--build EMAIL_ADDR", "Build private key and self-signed", "certificate for EMAIL_ADDR") do |email_address, options| options[:build] << email_address end add_option("-C", "--certificate CERT", "Signing certificate for --sign") do |cert_file, options| options[:issuer_cert] = open_cert(cert_file) options[:issuer_cert_file] = cert_file end add_option("-K", "--private-key KEY", "Key for --sign or --build") do |key_file, options| options[:key] = open_private_key(key_file) end add_option("-A", "--key-algorithm ALGORITHM", "Select which key algorithm to use for --build") do |algorithm, options| options[:key_algorithm] = algorithm end add_option("-s", "--sign CERT", "Signs CERT with the key from -K", "and the certificate from -C") do |cert_file, options| raise Gem::OptionParser::InvalidArgument, "#{cert_file}: does not exist" unless File.file? cert_file options[:sign] << cert_file end add_option("-d", "--days NUMBER_OF_DAYS", "Days before the certificate expires") do |days, options| options[:expiration_length_days] = days.to_i end add_option("-R", "--re-sign", "Re-signs the certificate from -C with the key from -K") do |resign, options| options[:resign] = resign end end
Instance Public methods
build(email) Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 138 def build(email) unless valid_email?(email) raise Gem::CommandLineError, "Invalid email address #{email}" end key, key_path = build_key cert_path = build_cert email, key say "Certificate: #{cert_path}" if key_path say "Private Key: #{key_path}" say "Don't forget to move the key file to somewhere private!" end end
certificates_matching(filter) Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 186 def certificates_matching(filter) return enum_for __method__, filter unless block_given? do |certificate, _| subject = certificate.subject.to_s subject.downcase.index filter end.sort_by do |certificate, _| {|name, data,| [name, data] } end.each do |certificate, path| yield certificate, path end end
check_openssl() Link
execute() Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 108 def execute check_openssl options[:add].each do |certificate| add_certificate certificate end options[:remove].each do |filter| remove_certificates_matching filter end options[:list].each do |filter| list_certificates_matching filter end options[:build].each do |email| build email end if options[:resign] re_sign_cert( options[:issuer_cert], options[:issuer_cert_file], options[:key] ) end sign_certificates unless options[:sign].empty? end
load_default_cert() Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 245 def load_default_cert cert_file = File.join Gem.default_cert_path cert = cert_file options[:issuer_cert] = cert rescue Errno::ENOENT alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem does not exist" terminate_interaction 1 rescue OpenSSL::X509::CertificateError alert_error \ "--certificate not specified and ~/.gem/gem-public_cert.pem is not valid" terminate_interaction 1 end
load_default_key() Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 261 def load_default_key key_file = File.join Gem.default_key_path key = key_file passphrase = ENV["GEM_PRIVATE_KEY_PASSPHRASE"] options[:key] = key, passphrase rescue Errno::ENOENT alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem does not exist" terminate_interaction 1 rescue OpenSSL::PKey::PKeyError alert_error \ "--private-key not specified and ~/.gem/gem-private_key.pem is not valid" terminate_interaction 1 end
open_cert(certificate_file) Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 85 def open_cert(certificate_file) check_openssl certificate_file rescue Errno::ENOENT raise Gem::OptionParser::InvalidArgument, "#{certificate_file}: does not exist" rescue OpenSSL::X509::CertificateError raise Gem::OptionParser::InvalidArgument, "#{certificate_file}: invalid X509 certificate" end
open_private_key(key_file) Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 95 def open_private_key(key_file) check_openssl passphrase = ENV["GEM_PRIVATE_KEY_PASSPHRASE"] key =, passphrase raise Gem::OptionParser::InvalidArgument, "#{key_file}: private key not found" unless key.private? key rescue Errno::ENOENT raise Gem::OptionParser::InvalidArgument, "#{key_file}: does not exist" rescue OpenSSL::PKey::PKeyError, ArgumentError raise Gem::OptionParser::InvalidArgument, "#{key_file}: invalid RSA, DSA, or EC key" end
re_sign_cert(cert, cert_path, private_key) Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 312 def re_sign_cert(cert, cert_path, private_key) Gem::Security::Signer.re_sign_cert(cert, cert_path, private_key) do |expired_cert_path, new_expired_cert_path| alert("Your certificate #{expired_cert_path} has been re-signed") alert("Your expired certificate will be located at: #{new_expired_cert_path}") end end
sign(cert_file) Link
# File ruby/lib/rubygems/commands/cert_command.rb, line 290 def sign(cert_file) cert = cert_file cert = cert permissions = File.stat(cert_file).mode & 0o777 issuer_cert = options[:issuer_cert] issuer_key = options[:key] cert = Gem::Security.sign cert, issuer_key, issuer_cert Gem::Security.write cert, cert_file, permissions end