class Gem::Security::Policy

def check_trust chain, digester, trust_dir
  root = chain.first
  path = Gem::Security.trust_dir.cert_path root
  unless File.exist? path then
    message = "root cert #{root.subject} is not trusted"
    message << " (root of signing cert #{chain.last.subject})" if
      chain.length > 1
    raise Gem::Security::Exception, message
  end
  save_cert = OpenSSL::X509::Certificate.new File.read path
  save_dgst = digester.digest save_cert.public_key.to_s
  pkey_str = root.public_key.to_s
  cert_dgst = digester.digest pkey_str
  raise Gem::Security::Exception,
        "trusted root certificate #{root.subject} checksum " \
        "does not match signing root certificate checksum" unless
    save_dgst == cert_dgst
  true
end