# File lib/rubygems/commands/cert_command.rb, line 6 6: def initialize 7: super 'cert', 'Manage RubyGems certificates and signing settings' 8: 9: add_option('-a', '--add CERT', 10: 'Add a trusted certificate.') do |value, options| 11: cert = OpenSSL::X509::Certificate.new(File.read(value)) 12: Gem::Security.add_trusted_cert(cert) 13: say "Added '#{cert.subject.to_s}'" 14: end 15: 16: add_option('-l', '--list', 17: 'List trusted certificates.') do |value, options| 18: glob_str = File::join(Gem::Security::OPT[:trust_dir], '*.pem') 19: Dir::glob(glob_str) do |path| 20: begin 21: cert = OpenSSL::X509::Certificate.new(File.read(path)) 22: # this could probably be formatted more gracefully 23: say cert.subject.to_s 24: rescue OpenSSL::X509::CertificateError 25: next 26: end 27: end 28: end 29: 30: add_option('-r', '--remove STRING', 31: 'Remove trusted certificates containing', 32: 'STRING.') do |value, options| 33: trust_dir = Gem::Security::OPT[:trust_dir] 34: glob_str = File::join(trust_dir, '*.pem') 35: 36: Dir::glob(glob_str) do |path| 37: begin 38: cert = OpenSSL::X509::Certificate.new(File.read(path)) 39: if cert.subject.to_s.downcase.index(value) 40: say "Removed '#{cert.subject.to_s}'" 41: File.unlink(path) 42: end 43: rescue OpenSSL::X509::CertificateError 44: next 45: end 46: end 47: end 48: 49: add_option('-b', '--build EMAIL_ADDR', 50: 'Build private key and self-signed', 51: 'certificate for EMAIL_ADDR.') do |value, options| 52: vals = Gem::Security.build_self_signed_cert(value) 53: FileUtils.chmod 0600, vals[:key_path] 54: say "Public Cert: #{vals[:cert_path]}" 55: say "Private Key: #{vals[:key_path]}" 56: say "Don't forget to move the key file to somewhere private..." 57: end 58: 59: add_option('-C', '--certificate CERT', 60: 'Certificate for --sign command.') do |value, options| 61: cert = OpenSSL::X509::Certificate.new(File.read(value)) 62: options[:issuer_cert] = cert 63: end 64: 65: add_option('-K', '--private-key KEY', 66: 'Private key for --sign command.') do |value, options| 67: key = OpenSSL::PKey::RSA.new(File.read(value)) 68: options[:issuer_key] = key 69: end 70: 71: add_option('-s', '--sign NEWCERT', 72: 'Sign a certificate with my key and', 73: 'certificate.') do |value, options| 74: cert = OpenSSL::X509::Certificate.new(File.read(value)) 75: my_cert = options[:issuer_cert] 76: my_key = options[:issuer_key] 77: cert = Gem::Security.sign_cert(cert, my_key, my_cert) 78: File.open(value, 'wb') { |file| file.write(cert.to_pem) } 79: end 80: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.