diff options
Diffstat (limited to 'lib/rubygems/security.rb')
-rw-r--r-- | lib/rubygems/security.rb | 55 |
1 files changed, 32 insertions, 23 deletions
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb index bed47ab9f3..bfd6fd225b 100644 --- a/lib/rubygems/security.rb +++ b/lib/rubygems/security.rb @@ -12,20 +12,6 @@ begin rescue LoadError => e raise unless (e.respond_to?(:path) && e.path == 'openssl') || e.message =~ / -- openssl$/ - - module OpenSSL # :nodoc: - class Digest # :nodoc: - class SHA1 # :nodoc: - def name - 'SHA1' - end - end - end - module PKey # :nodoc: - class RSA # :nodoc: - end - end - end end ## @@ -352,17 +338,26 @@ module Gem::Security ## # Digest algorithm used to sign gems - DIGEST_ALGORITHM = OpenSSL::Digest::SHA1 + DIGEST_ALGORITHM = + if defined?(OpenSSL::Digest) then + OpenSSL::Digest::SHA1 + end ## # Used internally to select the signing digest from all computed digests - DIGEST_NAME = DIGEST_ALGORITHM.new.name # :nodoc: + DIGEST_NAME = # :nodoc: + if DIGEST_ALGORITHM then + DIGEST_ALGORITHM.new.name + end ## # Algorithm for creating the key pair used to sign gems - KEY_ALGORITHM = OpenSSL::PKey::RSA + KEY_ALGORITHM = + if defined?(OpenSSL::PKey) then + OpenSSL::PKey::RSA + end ## # Length of keys created by KEY_ALGORITHM @@ -370,6 +365,12 @@ module Gem::Security KEY_LENGTH = 2048 ## + # Cipher used to encrypt the key pair used to sign gems. + # Must be in the list returned by OpenSSL::Cipher.ciphers + + KEY_CIPHER = OpenSSL::Cipher.new('AES-256-CBC') if defined?(OpenSSL::Cipher) + + ## # One year in seconds ONE_YEAR = 86400 * 365 @@ -563,13 +564,18 @@ module Gem::Security ## # Writes +pemmable+, which must respond to +to_pem+ to +path+ with the given - # +permissions+. + # +permissions+. If passed +cipher+ and +passphrase+ those arguments will be + # passed to +to_pem+. - def self.write pemmable, path, permissions = 0600 + def self.write pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER path = File.expand_path path open path, 'wb', permissions do |io| - io.write pemmable.to_pem + if passphrase and cipher + io.write pemmable.to_pem cipher, passphrase + else + io.write pemmable.to_pem + end end path @@ -579,8 +585,11 @@ module Gem::Security end -require 'rubygems/security/policy' -require 'rubygems/security/policies' +if defined?(OpenSSL::SSL) then + require 'rubygems/security/policy' + require 'rubygems/security/policies' + require 'rubygems/security/trust_dir' +end + require 'rubygems/security/signer' -require 'rubygems/security/trust_dir' |