# File lib/rubygems/commands/cert_command.rb, line 7definitializesuper"cert","Manage RubyGems certificates and signing settings",add: [],remove: [],list: [],build: [],sign: []add_option("-a","--add CERT","Add a trusted certificate.")do|cert_file,options|options[:add]<<open_cert(cert_file)endadd_option("-l","--list [FILTER]","List trusted certificates where the","subject contains FILTER")do|filter,options|filter||=""options[:list]<<filterendadd_option("-r","--remove FILTER","Remove trusted certificates where the","subject contains FILTER")do|filter,options|options[:remove]<<filterendadd_option("-b","--build EMAIL_ADDR","Build private key and self-signed","certificate for EMAIL_ADDR")do|email_address,options|options[:build]<<email_addressendadd_option("-C","--certificate CERT","Signing certificate for --sign")do|cert_file,options|options[:issuer_cert] =open_cert(cert_file)options[:issuer_cert_file] =cert_fileendadd_option("-K","--private-key KEY","Key for --sign or --build")do|key_file,options|options[:key] =open_private_key(key_file)endadd_option("-A","--key-algorithm ALGORITHM","Select which key algorithm to use for --build")do|algorithm,options|options[:key_algorithm] =algorithmendadd_option("-s","--sign CERT","Signs CERT with the key from -K","and the certificate from -C")do|cert_file,options|raiseGem::OptionParser::InvalidArgument,"#{cert_file}: does not exist"unlessFile.file?cert_fileoptions[:sign]<<cert_fileendadd_option("-d","--days NUMBER_OF_DAYS","Days before the certificate expires")do|days,options|options[:expiration_length_days] =days.to_iendadd_option("-R","--re-sign","Re-signs the certificate from -C with the key from -K")do|resign,options|options[:resign] =resignendend

# File lib/rubygems/commands/cert_command.rb, line 138defbuild(email)unlessvalid_email?(email)raiseGem::CommandLineError,"Invalid email address #{email}"endkey,key_path =build_keycert_path =build_certemail,keysay"Certificate: #{cert_path}"ifkey_pathsay"Private Key: #{key_path}"say"Don't forget to move the key file to somewhere private!"endend

# File lib/rubygems/commands/cert_command.rb, line 186defcertificates_matching(filter)returnenum_for__method__,filterunlessblock_given?Gem::Security.trusted_certificates.selectdo|certificate,_|subject =certificate.subject.to_ssubject.downcase.indexfilterend.sort_bydo|certificate,_|certificate.subject.to_a.map {|name,data,| [name,data] }end.eachdo|certificate,path|yieldcertificate,pathendend

# File lib/rubygems/commands/cert_command.rb, line 78defcheck_opensslreturnifGem::HAVE_OPENSSLalert_error"OpenSSL library is required for the cert command"terminate_interaction1end

# File lib/rubygems/commands/cert_command.rb, line 108defexecutecheck_openssloptions[:add].eachdo|certificate|add_certificatecertificateendoptions[:remove].eachdo|filter|remove_certificates_matchingfilterendoptions[:list].eachdo|filter|list_certificates_matchingfilterendoptions[:build].eachdo|email|buildemailendifoptions[:resign]re_sign_cert(options[:issuer_cert],options[:issuer_cert_file],options[:key]    )endsign_certificatesunlessoptions[:sign].empty?end

# File lib/rubygems/commands/cert_command.rb, line 245defload_default_certcert_file =File.joinGem.default_cert_pathcert =File.readcert_fileoptions[:issuer_cert] =OpenSSL::X509::Certificate.newcertrescueErrno::ENOENTalert_error \"--certificate not specified and ~/.gem/gem-public_cert.pem does not exist"terminate_interaction1rescueOpenSSL::X509::CertificateErroralert_error \"--certificate not specified and ~/.gem/gem-public_cert.pem is not valid"terminate_interaction1end

# File lib/rubygems/commands/cert_command.rb, line 261defload_default_keykey_file =File.joinGem.default_key_pathkey =File.readkey_filepassphrase =ENV["GEM_PRIVATE_KEY_PASSPHRASE"]options[:key] =OpenSSL::PKey.readkey,passphraserescueErrno::ENOENTalert_error \"--private-key not specified and ~/.gem/gem-private_key.pem does not exist"terminate_interaction1rescueOpenSSL::PKey::PKeyErroralert_error \"--private-key not specified and ~/.gem/gem-private_key.pem is not valid"terminate_interaction1end

# File lib/rubygems/commands/cert_command.rb, line 85defopen_cert(certificate_file)check_opensslOpenSSL::X509::Certificate.newFile.readcertificate_filerescueErrno::ENOENTraiseGem::OptionParser::InvalidArgument,"#{certificate_file}: does not exist"rescueOpenSSL::X509::CertificateErrorraiseGem::OptionParser::InvalidArgument,"#{certificate_file}: invalid X509 certificate"end

# File lib/rubygems/commands/cert_command.rb, line 95defopen_private_key(key_file)check_opensslpassphrase =ENV["GEM_PRIVATE_KEY_PASSPHRASE"]key =OpenSSL::PKey.readFile.read(key_file),passphraseraiseGem::OptionParser::InvalidArgument,"#{key_file}: private key not found"unlesskey.private?keyrescueErrno::ENOENTraiseGem::OptionParser::InvalidArgument,"#{key_file}: does not exist"rescueOpenSSL::PKey::PKeyError,ArgumentErrorraiseGem::OptionParser::InvalidArgument,"#{key_file}: invalid RSA, DSA, or EC key"end

# File lib/rubygems/commands/cert_command.rb, line 312defre_sign_cert(cert,cert_path,private_key)Gem::Security::Signer.re_sign_cert(cert,cert_path,private_key)do|expired_cert_path,new_expired_cert_path|alert("Your certificate #{expired_cert_path} has been re-signed")alert("Your expired certificate will be located at: #{new_expired_cert_path}")endend

# File lib/rubygems/commands/cert_command.rb, line 290defsign(cert_file)cert =File.readcert_filecert =OpenSSL::X509::Certificate.newcertpermissions =File.stat(cert_file).mode&0o777issuer_cert =options[:issuer_cert]issuer_key =options[:key]cert =Gem::Security.signcert,issuer_key,issuer_certGem::Security.writecert,cert_file,permissionsend

# File lib/rubygems/commands/cert_command.rb, line 321defvalid_email?(email)# It's simple, but is all we needemail=~/\A.+@.+\z/end