method

check_trust

v2_4_6 - Show latest stable - Class: Gem::Security::Policy

check_trust(chain, digester, trust_dir)

public

Ensures the root of chain has a trusted certificate in trust_dir and the digests of the two certificates match according to digester

# File lib/rubygems/security/policy.rb, line 151
  def check_trust chain, digester, trust_dir
    raise Gem::Security::Exception, 'missing signing chain' unless chain

    root = chain.first

    raise Gem::Security::Exception, 'missing root certificate' unless root

    path = Gem::Security.trust_dir.cert_path root

    unless File.exist? path then
      message = "root cert #{root.subject} is not trusted".dup

      message << " (root of signing cert #{chain.last.subject})" if
        chain.length > 1

      raise Gem::Security::Exception, message
    end

    save_cert = OpenSSL::X509::Certificate.new File.read path
    save_dgst = digester.digest save_cert.public_key.to_s

    pkey_str = root.public_key.to_s
    cert_dgst = digester.digest pkey_str

    raise Gem::Security::Exception,
          "trusted root certificate #{root.subject} checksum " +
          "does not match signing root certificate checksum" unless
      save_dgst == cert_dgst

    true
  end

check_trust

Related methods