diff options
| author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-07-09 23:21:36 +0000 |
|---|---|---|
| committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-07-09 23:21:36 +0000 |
| commit | 47f0248b0858898dd24d1e654cedf174059ca677 () | |
| tree | 493e84160f8609db408d88349f0624a3ff92c3c2 /lib/rubygems/security/policy.rb | |
| parent | cd9f9e471977447a991ced4ea38efb2309459ef5 (diff) | |
* lib/rubygems: Import RubyGems 2.1
* test/rubygems: Ditto. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41873 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | lib/rubygems/security/policy.rb | 44 |
1 files changed, 35 insertions, 9 deletions
@@ -1,3 +1,5 @@ ## # A Gem::Security::Policy object encapsulates the settings for verifying # signed gem files. This is the base class. You can either declare an @@ -6,6 +8,8 @@ class Gem::Security::Policy attr_reader :name attr_accessor :only_signed @@ -175,6 +179,19 @@ class Gem::Security::Policy true end def inspect # :nodoc: ("[Policy: %s - data: %p signer: %p chain: %p root: %p " + "signed-only: %p trusted-only: %p]") % [ @@ -184,16 +201,21 @@ class Gem::Security::Policy end ## - # Verifies the certificate +chain+ is valid, the +digests+ match the - # signatures +signatures+ created by the signer depending on the +policy+ - # settings. # # If +key+ is given it is used to validate the signing certificate. - def verify chain, key = nil, digests = {}, signatures = {} - if @only_signed and signatures.empty? then - raise Gem::Security::Exception, - "unsigned gems are not allowed by the #{name} policy" end opt = @opt @@ -222,7 +244,11 @@ class Gem::Security::Policy check_root chain, time if @verify_root - check_trust chain, digester, trust_dir if @only_trusted signatures.each do |file, _| digest = signer_digests[file] @@ -252,7 +278,7 @@ class Gem::Security::Policy OpenSSL::X509::Certificate.new cert_pem end - verify chain, nil, digests, signatures true end |