rubygems_ssl-client-certs 0.0.2.pre.alpha.pre.53 → 0.0.2.pre.alpha.pre.54
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/lib/rubygems_plugin.rb +95 -82
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
ZTJmYzc4N2Y3OWIxMmEyM2E3MGRkOWU2MGJjYjFiOGZhNzU0NzY4ZQ==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
MGIxMDIwNjMzYTEyZjU5M2I5NTgyMGQ0MmNiNTM3ZDVjOGM1NzU0OA==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
Zjk3OTM0ZDg2ZjNjYTk5NWRiMjlmYjJmZDY5NzMwOTBiNmRjNGRiY2FkNDc1
|
10
|
+
NTZlZThjODJlZTE2ODkzYmNmNmJmZTQxZGVjZWJjOGJkZDE4NjY4YmY2NWZj
|
11
|
+
MjNjNzExYjBlZDg1NGQ2Y2UwNWVlMTg3MWE3Y2VlNzk2ZTA4MzU=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
ODUzY2Q5OWY5OGRjZDVkMWM3OTk4MzUyYmUyN2UwOWJjNDk0NDU5MmQyNTU2
|
14
|
+
NmU1Nzk1MjRkM2UzYmIxMGMxNTUyZTkyMjQ1YjVhMDAxMjM4NjdmNjRmOWQ4
|
15
|
+
NjFmNTcxYWEwZmE0MDc1Y2FiYzg0YTM1NmNkOWRjOTViYzdlMzE=
|
data/lib/rubygems_plugin.rb
CHANGED
@@ -1,111 +1,124 @@
|
|
1
1
|
require 'rubygems/remote_fetcher'
|
2
2
|
|
3
|
-
|
3
|
+
$stderr.puts "rubygems ssl client certs plugin loading"
|
4
4
|
|
5
|
-
|
5
|
+
if Gem::Version.new(Gem::VERSION) < Gem::Version.new('2.1.0') then
|
6
6
|
|
7
|
-
|
7
|
+
class Gem::ConfigFile
|
8
8
|
|
9
|
-
|
9
|
+
attr_reader :ssl_client_cert
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
11
|
+
attr_reader :ssl_verify_mode
|
12
|
+
|
13
|
+
attr_reader :ssl_ca_cert
|
14
|
+
$stderr.puts "loading Gem::ConfigFile monkey patch"
|
15
|
+
|
16
|
+
class << self
|
17
|
+
unless self.method_defined? :__new__
|
18
|
+
$stderr.puts "aliasing new to __new__"
|
19
|
+
alias_method :__new__, :new
|
20
|
+
end
|
21
|
+
if Gem.instance_variable_get(:@configuration) then
|
22
|
+
$stderr.puts "forcing a reload of the Gem configuration"
|
23
|
+
Gem.configuration = Gem::ConfigFile.new []
|
24
|
+
end
|
25
|
+
def new(*args)
|
26
|
+
$stderr.puts "instantiating new Gem::ConfigFile with patch"
|
27
|
+
config = __new__(*args)
|
28
|
+
config.set_ssl_vars
|
29
|
+
return config
|
30
|
+
end
|
17
31
|
end
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
32
|
+
|
33
|
+
def set_ssl_vars
|
34
|
+
$stderr.puts "Configuring SSL variables for Gem::ConfigFile"
|
35
|
+
@ssl_verify_mode = @hash[:ssl_verify_mode] if @hash.key? :ssl_verify_mode
|
36
|
+
@ssl_ca_cert = @hash[:ssl_ca_cert] if @hash.key? :ssl_ca_cert
|
37
|
+
@ssl_ca_cert = ENV['BUNDLE_SSL_CA_CERT'] unless @ssl_ca_cert
|
38
|
+
@ssl_client_cert = @hash[:ssl_client_cert] if @hash.key? :ssl_client_cert
|
39
|
+
@ssl_client_cert = ENV['BUNDLE_SSL_CLIENT_CERT'] unless @ssl_client_cert
|
22
40
|
end
|
23
|
-
end
|
24
41
|
|
25
|
-
def set_ssl_vars
|
26
|
-
@ssl_verify_mode = @hash[:ssl_verify_mode] if @hash.key? :ssl_verify_mode
|
27
|
-
@ssl_ca_cert = @hash[:ssl_ca_cert] if @hash.key? :ssl_ca_cert
|
28
|
-
@ssl_ca_cert = ENV['BUNDLE_SSL_CA_CERT'] unless @ssl_ca_cert
|
29
|
-
@ssl_client_cert = @hash[:ssl_client_cert] if @hash.key? :ssl_client_cert
|
30
|
-
@ssl_client_cert = ENV['BUNDLE_SSL_CLIENT_CERT'] unless @ssl_client_cert
|
31
42
|
end
|
32
43
|
|
33
|
-
|
44
|
+
class Gem::RemoteFetcher
|
34
45
|
|
35
|
-
|
46
|
+
def connection_for(uri)
|
47
|
+
net_http_args = [uri.host, uri.port]
|
36
48
|
|
37
|
-
|
38
|
-
|
49
|
+
if @proxy_uri and not no_proxy?(uri.host) then
|
50
|
+
net_http_args += [
|
51
|
+
@proxy_uri.host,
|
52
|
+
@proxy_uri.port,
|
53
|
+
@proxy_uri.user,
|
54
|
+
@proxy_uri.password
|
55
|
+
]
|
56
|
+
end
|
39
57
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
@proxy_uri.port,
|
44
|
-
@proxy_uri.user,
|
45
|
-
@proxy_uri.password
|
46
|
-
]
|
47
|
-
end
|
58
|
+
connection_id = [Thread.current.object_id, *net_http_args].join ':'
|
59
|
+
@connections[connection_id] ||= Net::HTTP.new(*net_http_args)
|
60
|
+
connection = @connections[connection_id]
|
48
61
|
|
49
|
-
|
50
|
-
|
51
|
-
|
62
|
+
if https?(uri) and not connection.started? then
|
63
|
+
configure_connection_for_https(connection)
|
64
|
+
end
|
52
65
|
|
53
|
-
|
54
|
-
|
66
|
+
connection.start unless connection.started?
|
67
|
+
|
68
|
+
connection
|
69
|
+
rescue defined?(OpenSSL::SSL) ? OpenSSL::SSL::SSLError : Errno::EHOSTDOWN,
|
70
|
+
Errno::EHOSTDOWN => e
|
71
|
+
raise FetchError.new(e.message, uri)
|
55
72
|
end
|
56
73
|
|
57
|
-
|
74
|
+
def configure_connection_for_https(connection)
|
75
|
+
require 'net/https'
|
76
|
+
connection.use_ssl = true
|
77
|
+
connection.verify_mode =
|
78
|
+
Gem.configuration.ssl_verify_mode || OpenSSL::SSL::VERIFY_PEER
|
79
|
+
store = OpenSSL::X509::Store.new
|
80
|
+
|
81
|
+
if Gem.configuration.ssl_client_cert
|
82
|
+
pem = File.read(Gem.configuration.ssl_client_cert)
|
83
|
+
connection.cert = OpenSSL::X509::Certificate.new(pem)
|
84
|
+
connection.key = OpenSSL::PKey::RSA.new(pem)
|
85
|
+
else
|
86
|
+
puts "no Client Cert configured!"
|
87
|
+
if !Gem.configuration.respond_to?(:ssl_client_cert)
|
88
|
+
puts "Loaded Gem::ConfigFile does not support ssl_client_cert"
|
89
|
+
end
|
90
|
+
end
|
58
91
|
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
92
|
+
if Gem.configuration.ssl_ca_cert
|
93
|
+
if File.directory? Gem.configuration.ssl_ca_cert
|
94
|
+
store.add_path Gem.configuration.ssl_ca_cert
|
95
|
+
else
|
96
|
+
store.add_file Gem.configuration.ssl_ca_cert
|
97
|
+
end
|
98
|
+
else
|
99
|
+
puts "no CA Cert configured!"
|
100
|
+
store.set_default_paths
|
101
|
+
add_rubygems_trusted_certs(store)
|
102
|
+
end
|
103
|
+
connection.cert_store = store
|
104
|
+
rescue LoadError => e
|
105
|
+
raise unless (e.respond_to?(:path) && e.path == 'openssl') ||
|
106
|
+
e.message =~ / -- openssl$/
|
64
107
|
|
65
|
-
|
66
|
-
|
67
|
-
connection.use_ssl = true
|
68
|
-
connection.verify_mode =
|
69
|
-
Gem.configuration.ssl_verify_mode || OpenSSL::SSL::VERIFY_PEER
|
70
|
-
store = OpenSSL::X509::Store.new
|
71
|
-
|
72
|
-
if Gem.configuration.ssl_client_cert
|
73
|
-
pem = File.read(Gem.configuration.ssl_client_cert)
|
74
|
-
connection.cert = OpenSSL::X509::Certificate.new(pem)
|
75
|
-
connection.key = OpenSSL::PKey::RSA.new(pem)
|
76
|
-
else
|
77
|
-
puts "no Client Cert configured!"
|
108
|
+
raise Gem::Exception.new(
|
109
|
+
'Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources')
|
78
110
|
end
|
79
111
|
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
store.add_file Gem.configuration.ssl_ca_cert
|
112
|
+
def add_rubygems_trusted_certs(store)
|
113
|
+
pattern = File.expand_path("./ssl_certs/*.pem", File.dirname(__FILE__))
|
114
|
+
Dir.glob(pattern).each do |ssl_cert_file|
|
115
|
+
store.add_file ssl_cert_file
|
85
116
|
end
|
86
|
-
else
|
87
|
-
puts "no CA Cert configured!"
|
88
|
-
store.set_default_paths
|
89
|
-
add_rubygems_trusted_certs(store)
|
90
117
|
end
|
91
|
-
connection.cert_store = store
|
92
|
-
rescue LoadError => e
|
93
|
-
raise unless (e.respond_to?(:path) && e.path == 'openssl') ||
|
94
|
-
e.message =~ / -- openssl$/
|
95
|
-
|
96
|
-
raise Gem::Exception.new(
|
97
|
-
'Unable to require openssl, install OpenSSL and rebuild ruby (preferred) or use non-HTTPS sources')
|
98
|
-
end
|
99
118
|
|
100
|
-
|
101
|
-
|
102
|
-
Dir.glob(pattern).each do |ssl_cert_file|
|
103
|
-
store.add_file ssl_cert_file
|
119
|
+
def https?(uri)
|
120
|
+
uri.scheme.downcase == 'https'
|
104
121
|
end
|
105
|
-
end
|
106
122
|
|
107
|
-
def https?(uri)
|
108
|
-
uri.scheme.downcase == 'https'
|
109
123
|
end
|
110
|
-
|
111
124
|
end
|