/rubygems-sign_with_url.diff Secret

## rubygems-sign_with_url.diff
diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb
index 371ab40..4bb7986 100644
--- a/lib/rubygems/commands/cert_command.rb
+++ b/lib/rubygems/commands/cert_command.rb
@@ -52,9 +52,9 @@ class Gem::Commands::CertCommand < Gem::Command
       options[:remove] << filter
     end

-    add_option('-b', '--build EMAIL_ADDR',
+    add_option('-b', '--build HTTPS_URL',
                'Build private key and self-signed',
-               'certificate for EMAIL_ADDR') do |email_address, options|
+               'certificate for HTTPS_URL') do |email_address, options|
       options[:build] << email_address
     end

@@ -113,17 +113,22 @@ class Gem::Commands::CertCommand < Gem::Command
     end
   end

-  def build name
+  def build url
     key = options[:key] || Gem::Security.create_key

-    cert = Gem::Security.create_cert_email name, key
+    unless url.start_with? 'https://'
+      raise ArgumentError, "URL must start with https://"
+    end
+
+    cert = Gem::Security.create_cert_url url, key

     key_path  = Gem::Security.write key, "gem-private_key.pem"
     cert_path = Gem::Security.write cert, "gem-public_cert.pem"

     say "Certificate: #{cert_path}"
     say "Private Key: #{key_path}"
-    say "Don't forget to move the key file to somewhere private!"
+    say "Don't forget to move the private key to somewhere private!"
+    say "Don't forget to publish the Certificate at #{url}"
   end

   def certificates_matching filter
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
index 2485729..f56ee18 100644
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@@ -7,6 +7,7 @@
 require 'rubygems/exceptions'
 require 'openssl'
 require 'fileutils'
+require 'base64'

 ##
 # = Signing gems
@@ -421,6 +422,16 @@ module Gem::Security
   end

   ##
+  # Creates a self-signed certificate with an issuer and subject from +url+,
+  # and the given +extensions+ for the +key+.
+
+  def self.create_cert_url url, key, age = ONE_YEAR, extensions = EXTENSIONS
+    subject = url_to_name url
+    create_cert_self_signed subject, key, age, extensions
+  end
+
+
+  ##
   # Creates a self-signed certificate with an issuer and subject of +subject+
   # and the given +extensions+ for the +key+.

@@ -455,6 +466,19 @@ module Gem::Security
   end

   ##
+  # Turns +url into an OpenSSL::X509::Name
+
+  def self.url_to_name url
+
+    # Note: This is the quick-and-dirty method,
+    # don't release it to the public like this ;)
+    name = "CN=#{Base64.urlsafe_encode64(url)}/"
+
+    OpenSSL::X509::Name.parse name
+  end
+
+
+  ##
   # Signs +expired_certificate+ with +private_key+ if the keys match and the
   # expired certificate was self-signed.
   #--
	diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb
	index 371ab40..4bb7986 100644
	--- a/lib/rubygems/commands/cert_command.rb
	+++ b/lib/rubygems/commands/cert_command.rb
	@@ -52,9 +52,9 @@ class Gem::Commands::CertCommand < Gem::Command
	options[:remove] << filter
	end

	- add_option('-b', '--build EMAIL_ADDR',
	+ add_option('-b', '--build HTTPS_URL',
	'Build private key and self-signed',
	- 'certificate for EMAIL_ADDR') do \|email_address, options\|
	+ 'certificate for HTTPS_URL') do \|email_address, options\|
	options[:build] << email_address
	end

	@@ -113,17 +113,22 @@ class Gem::Commands::CertCommand < Gem::Command
	end
	end

	- def build name
	+ def build url
	key = options[:key] \|\| Gem::Security.create_key

	- cert = Gem::Security.create_cert_email name, key
	+ unless url.start_with? 'https://'
	+ raise ArgumentError, "URL must start with https://"
	+ end
	+
	+ cert = Gem::Security.create_cert_url url, key

	key_path = Gem::Security.write key, "gem-private_key.pem"
	cert_path = Gem::Security.write cert, "gem-public_cert.pem"

	say "Certificate: #{cert_path}"
	say "Private Key: #{key_path}"
	- say "Don't forget to move the key file to somewhere private!"
	+ say "Don't forget to move the private key to somewhere private!"
	+ say "Don't forget to publish the Certificate at #{url}"
	end

	def certificates_matching filter
	diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
	index 2485729..f56ee18 100644
	--- a/lib/rubygems/security.rb
	+++ b/lib/rubygems/security.rb
	@@ -7,6 +7,7 @@
	require 'rubygems/exceptions'
	require 'openssl'
	require 'fileutils'
	+require 'base64'

	##
	# = Signing gems
	@@ -421,6 +422,16 @@ module Gem::Security
	end

	##
	+ # Creates a self-signed certificate with an issuer and subject from +url+,
	+ # and the given +extensions+ for the +key+.
	+
	+ def self.create_cert_url url, key, age = ONE_YEAR, extensions = EXTENSIONS
	+ subject = url_to_name url
	+ create_cert_self_signed subject, key, age, extensions
	+ end
	+
	+
	+ ##
	# Creates a self-signed certificate with an issuer and subject of +subject+
	# and the given +extensions+ for the +key+.

	@@ -455,6 +466,19 @@ module Gem::Security
	end

	##
	+ # Turns +url into an OpenSSL::X509::Name
	+
	+ def self.url_to_name url
	+
	+ # Note: This is the quick-and-dirty method,
	+ # don't release it to the public like this ;)
	+ name = "CN=#{Base64.urlsafe_encode64(url)}/"
	+
	+ OpenSSL::X509::Name.parse name
	+ end
	+
	+
	+ ##
	# Signs +expired_certificate+ with +private_key+ if the keys match and the
	# expired certificate was self-signed.
	#--