-
-
Save anonymous/7e0b40628f0b5476ecba to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb | |
index 371ab40..4bb7986 100644 | |
--- a/lib/rubygems/commands/cert_command.rb | |
+++ b/lib/rubygems/commands/cert_command.rb | |
@@ -52,9 +52,9 @@ class Gem::Commands::CertCommand < Gem::Command | |
options[:remove] << filter | |
end | |
- add_option('-b', '--build EMAIL_ADDR', | |
+ add_option('-b', '--build HTTPS_URL', | |
'Build private key and self-signed', | |
- 'certificate for EMAIL_ADDR') do |email_address, options| | |
+ 'certificate for HTTPS_URL') do |email_address, options| | |
options[:build] << email_address | |
end | |
@@ -113,17 +113,22 @@ class Gem::Commands::CertCommand < Gem::Command | |
end | |
end | |
- def build name | |
+ def build url | |
key = options[:key] || Gem::Security.create_key | |
- cert = Gem::Security.create_cert_email name, key | |
+ unless url.start_with? 'https://' | |
+ raise ArgumentError, "URL must start with https://" | |
+ end | |
+ | |
+ cert = Gem::Security.create_cert_url url, key | |
key_path = Gem::Security.write key, "gem-private_key.pem" | |
cert_path = Gem::Security.write cert, "gem-public_cert.pem" | |
say "Certificate: #{cert_path}" | |
say "Private Key: #{key_path}" | |
- say "Don't forget to move the key file to somewhere private!" | |
+ say "Don't forget to move the private key to somewhere private!" | |
+ say "Don't forget to publish the Certificate at #{url}" | |
end | |
def certificates_matching filter | |
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb | |
index 2485729..f56ee18 100644 | |
--- a/lib/rubygems/security.rb | |
+++ b/lib/rubygems/security.rb | |
@@ -7,6 +7,7 @@ | |
require 'rubygems/exceptions' | |
require 'openssl' | |
require 'fileutils' | |
+require 'base64' | |
## | |
# = Signing gems | |
@@ -421,6 +422,16 @@ module Gem::Security | |
end | |
## | |
+ # Creates a self-signed certificate with an issuer and subject from +url+, | |
+ # and the given +extensions+ for the +key+. | |
+ | |
+ def self.create_cert_url url, key, age = ONE_YEAR, extensions = EXTENSIONS | |
+ subject = url_to_name url | |
+ create_cert_self_signed subject, key, age, extensions | |
+ end | |
+ | |
+ | |
+ ## | |
# Creates a self-signed certificate with an issuer and subject of +subject+ | |
# and the given +extensions+ for the +key+. | |
@@ -455,6 +466,19 @@ module Gem::Security | |
end | |
## | |
+ # Turns +url into an OpenSSL::X509::Name | |
+ | |
+ def self.url_to_name url | |
+ | |
+ # Note: This is the quick-and-dirty method, | |
+ # don't release it to the public like this ;) | |
+ name = "CN=#{Base64.urlsafe_encode64(url)}/" | |
+ | |
+ OpenSSL::X509::Name.parse name | |
+ end | |
+ | |
+ | |
+ ## | |
# Signs +expired_certificate+ with +private_key+ if the keys match and the | |
# expired certificate was self-signed. | |
#-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment