method

verify

v2_6_3 - Show latest stable - 0 notes - Class: Policy

1_8_6_287
1_8_7_72
1_8_7_330
1_9_1_378
1_9_2_180
1_9_3_125
1_9_3_392
2_1_10 (0)
2_2_9 (0)
2_4_6 (0)
2_5_5 (0)
2_6_3 (0)
What's this?

verify(chain, key = nil, digests = {}, signatures = {}, full_name = '(unknown)') public

For full_name, verifies the certificate chain is valid, the digests match the signatures signatures created by the signer depending on the policy settings.

If key is given it is used to validate the signing certificate.

Show source

# File lib/rubygems/security/policy.rb, line 211
  def verify(chain, key = nil, digests = {}, signatures = {},
             full_name = '(unknown)')
    if signatures.empty?
      if @only_signed
        raise Gem::Security::Exception,
          "unsigned gems are not allowed by the #{name} policy"
      elsif digests.empty?
        # lack of signatures is irrelevant if there is nothing to check
        # against
      else
        alert_warning "#{full_name} is not signed"
        return
      end
    end

    opt       = @opt
    digester  = Gem::Security::DIGEST_ALGORITHM
    trust_dir = opt[:trust_dir]
    time      = Time.now

    _, signer_digests = digests.find do |algorithm, file_digests|
      file_digests.values.first.name == Gem::Security::DIGEST_NAME
    end

    if @verify_data
      raise Gem::Security::Exception, 'no digests provided (probable bug)' if
        signer_digests.nil? or signer_digests.empty?
    else
      signer_digests = {}
    end

    signer = chain.last

    check_key signer, key if key

    check_cert signer, nil, time if @verify_signer

    check_chain chain, time if @verify_chain

    check_root chain, time if @verify_root

    if @only_trusted
      check_trust chain, digester, trust_dir
    elsif signatures.empty? and digests.empty?
      # trust is irrelevant if there's no signatures to verify
    else
      alert_warning "#{subject signer} is not trusted for #{full_name}"
    end

    signatures.each do |file, _|
      digest = signer_digests[file]

      raise Gem::Security::Exception, "missing digest for #{file}" unless
        digest
    end

    signer_digests.each do |file, digest|
      signature = signatures[file]

      raise Gem::Security::Exception, "missing signature for #{file}" unless
        signature

      check_data signer.public_key, digester, signature, digest if @verify_data
    end

    true
  end

verify

Related methods