class Gem::Security::Policy

def check_trust(chain, digester, trust_dir)

def check_trust(chain, digester, trust_dir)
  raise Gem::Security::Exception, "missing signing chain" unless chain
  root = chain.first
  raise Gem::Security::Exception, "missing root certificate" unless root
  path = Gem::Security.trust_dir.cert_path root
  unless File.exist? path
    message = "root cert #{root.subject} is not trusted".dup
    message << " (root of signing cert #{chain.last.subject})" if
      chain.length > 1
    raise Gem::Security::Exception, message
  end
  save_cert = OpenSSL::X509::Certificate.new File.read path
  save_dgst = digester.digest save_cert.public_key.to_pem
  pkey_str = root.public_key.to_pem
  cert_dgst = digester.digest pkey_str
  raise Gem::Security::Exception,
        "trusted root certificate #{root.subject} checksum " \
        "does not match signing root certificate checksum" unless
    save_dgst == cert_dgst
  true
end

Included Modules

Gem::Security::Policy::Gem::UserInteraction

Modules

Classes

class Gem::Security::Policy

def check_trust(chain, digester, trust_dir)

Included Modules

Instance Methods