Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch 'pietro-key_passphrase'

* pietro-key_passphrase: (154 commits)
  Update missed tests for rebase of #447
  Fixed pull request number type for #461
  Improve documentation of DependencyInstaller
  Alphabetize Gem::DependencyInstaller
  Removed commented out DependencyInstaller code
  Alter #489 to use GEM_SPEC_CACHE
  fix tests when GEM_SPEC is set in environment
  add support for ENV GEM_SPEC, fix #430
  Updated history for #443
  Don't alter Gem::Specification.dirs during install
  Default to Gem.dir as late as possible.
  Updated history for #455
  Update history for #456
  Update history for #462
  Add tests and alter output of #514
  add PATH to gem env
  Update History for #514
  Restore backwards-compatibility for #517
  Alphabetize RequestSet
  Undent RequestSet
  ...

Conflicts:
	test/rubygems/test_gem_commands_cert_command.rb
	test/rubygems/test_gem_package.rb
  • Loading branch information...
commit 03f371ea9bac11c7fc33063450823ecbd484ca95 2 parents 826a93d + 410e5f3
@drbrain drbrain authored
View
31 lib/rubygems/commands/cert_command.rb
@@ -21,7 +21,8 @@ def initialize
OptionParser.accept OpenSSL::PKey::RSA do |key_file|
begin
- key = OpenSSL::PKey::RSA.new File.read key_file
+ passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
+ key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
rescue Errno::ENOENT
raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
rescue OpenSSL::PKey::RSAError
@@ -115,16 +116,31 @@ def execute
end
def build name
- key = options[:key] || Gem::Security.create_key
+ if options[:key]
+ key = options[:key]
+ else
+ passphrase = ask_for_password 'Passphrase for your Private Key:'
+ say "\n"
- cert = Gem::Security.create_cert_email name, key
+ passphrase_confirmation = ask_for_password 'Please repeat the passphrase for your Private Key:'
+ say "\n"
- key_path = Gem::Security.write key, "gem-private_key.pem"
+ raise Gem::CommandLineError,
+ "Passphrase and passphrase confirmation don't match" unless passphrase == passphrase_confirmation
+
+ key = Gem::Security.create_key
+ key_path = Gem::Security.write key, "gem-private_key.pem", 0600, passphrase
+ end
+
+ cert = Gem::Security.create_cert_email name, key
cert_path = Gem::Security.write cert, "gem-public_cert.pem"
say "Certificate: #{cert_path}"
- say "Private Key: #{key_path}"
- say "Don't forget to move the key file to somewhere private!"
+
+ if key_path
+ say "Private Key: #{key_path}"
+ say "Don't forget to move the key file to somewhere private!"
+ end
end
def certificates_matching filter
@@ -198,7 +214,8 @@ def load_default_cert
def load_default_key
key_file = File.join Gem.default_key_path
key = File.read key_file
- options[:key] = OpenSSL::PKey::RSA.new key
+ passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
+ options[:key] = OpenSSL::PKey::RSA.new key, passphrase
rescue Errno::ENOENT
alert_error \
"--private-key not specified and ~/.gem/gem-private_key.pem does not exist"
View
5 lib/rubygems/package.rb
@@ -429,12 +429,13 @@ def read_checksums gem
# certificate and key are not present only checksum generation is set up.
def setup_signer
+ passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
if @spec.signing_key then
- @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain
+ @signer = Gem::Security::Signer.new @spec.signing_key, @spec.cert_chain, passphrase
@spec.signing_key = nil
@spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_s }
else
- @signer = Gem::Security::Signer.new nil, nil
+ @signer = Gem::Security::Signer.new nil, nil, passphrase
@spec.cert_chain = @signer.cert_chain.map { |cert| cert.to_pem } if
@signer.cert_chain
end
View
17 lib/rubygems/security.rb
@@ -370,6 +370,12 @@ class Exception < Gem::Exception; end
KEY_LENGTH = 2048
##
+ # Cipher used to encrypt the key pair used to sign gems.
+ # Must be in the list returned by OpenSSL::Cipher.ciphers
+
+ KEY_CIPHER = OpenSSL::Cipher.new('aes256')
+
+ ##
# One year in seconds
ONE_YEAR = 86400 * 365
@@ -563,13 +569,18 @@ def self.trusted_certificates &block
##
# Writes +pemmable+, which must respond to +to_pem+ to +path+ with the given
- # +permissions+.
+ # +permissions+. If passed +cipher+ and +passphrase+ those arguments will be
+ # passed to +to_pem+.
- def self.write pemmable, path, permissions = 0600
+ def self.write pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER
path = File.expand_path path
open path, 'wb', permissions do |io|
- io.write pemmable.to_pem
+ if passphrase and cipher
+ io.write pemmable.to_pem cipher, passphrase
+ else
+ io.write pemmable.to_pem
+ end
end
path
View
4 lib/rubygems/security/signer.rb
@@ -29,7 +29,7 @@ class Gem::Security::Signer
# +chain+ containing X509 certificates, encoding certificates or paths to
# certificates.
- def initialize key, cert_chain
+ def initialize key, cert_chain, passphrase = nil
@cert_chain = cert_chain
@key = key
@@ -46,7 +46,7 @@ def initialize key, cert_chain
@digest_algorithm = Gem::Security::DIGEST_ALGORITHM
@digest_name = Gem::Security::DIGEST_NAME
- @key = OpenSSL::PKey::RSA.new File.read @key if
+ @key = OpenSSL::PKey::RSA.new File.read(@key), passphrase if
@key and not OpenSSL::PKey::RSA === @key
if @cert_chain then
View
29 lib/rubygems/test_case.rb
@@ -164,6 +164,9 @@ def setup
FileUtils.mkdir_p @gemhome
FileUtils.mkdir_p @userhome
+ @orig_gem_private_key_passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
+ ENV['GEM_PRIVATE_KEY_PASSPHRASE'] = PRIVATE_KEY_PASSPHRASE
+
@default_dir = File.join @tempdir, 'default'
@default_spec_dir = File.join @default_dir, "specifications", "default"
Gem.instance_variable_set :@default_dir, @default_dir
@@ -275,6 +278,8 @@ def teardown
end
Gem.instance_variable_set :@default_dir, nil
+
+ ENV['GEM_PRIVATE_KEY_PASSPHRASE'] = @orig_gem_private_key_passphrase
end
##
@@ -1017,18 +1022,18 @@ def self.cert_path cert_name
end
##
- # Loads an RSA private key named +key_name+ in <tt>test/rubygems/</tt>
+ # Loads an RSA private key named +key_name+ with +passphrase+ in <tt>test/rubygems/</tt>
- def self.load_key key_name
+ def self.load_key key_name, passphrase = nil
key_file = key_path key_name
key = File.read key_file
- OpenSSL::PKey::RSA.new key
+ OpenSSL::PKey::RSA.new key, passphrase
end
##
- # Returns the path tot he key named +key_name+ from <tt>test/rubygems</tt>
+ # Returns the path to the key named +key_name+ from <tt>test/rubygems</tt>
def self.key_path key_name
File.expand_path "../../../test/rubygems/#{key_name}_key.pem", __FILE__
@@ -1038,12 +1043,18 @@ def self.key_path key_name
# only available in RubyGems tests
begin
- PRIVATE_KEY = load_key 'private'
- PRIVATE_KEY_PATH = key_path 'private'
- PUBLIC_KEY = PRIVATE_KEY.public_key
+ PRIVATE_KEY = load_key 'private'
+ PRIVATE_KEY_PATH = key_path 'private'
+
+ PRIVATE_KEY_PASSPHRASE = 'Foo bar'
+ # ENCRYPTED_PRIVATE_KEY is PRIVATE_KEY encrypted with PRIVATE_KEY_PASSPHRASE
+ ENCRYPTED_PRIVATE_KEY = load_key 'encrypted_private', PRIVATE_KEY_PASSPHRASE
+ ENCRYPTED_PRIVATE_KEY_PATH = key_path 'encrypted_private'
+
+ PUBLIC_KEY = PRIVATE_KEY.public_key
- PUBLIC_CERT = load_cert 'public'
- PUBLIC_CERT_PATH = cert_path 'public'
+ PUBLIC_CERT = load_cert 'public'
+ PUBLIC_CERT_PATH = cert_path 'public'
rescue Errno::ENOENT
PRIVATE_KEY = nil
PUBLIC_KEY = nil
View
30 test/rubygems/encrypted_private_key.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,1AC78C928C296A1D7C70D525B0F1051C
+
+QL7dLRBmNpbSYsq+4niIdtP9LpJYQxG9tXaTKjQfgkYtLbDzhQMhxpKcJwCTtZUK
+kJWxt7AOq8JwvvH69kp8fEULR5IThSPyFTjnLxtg1ZpMJZfHyfjAtveBO+Z4pCWA
+Z6xrLI7RoFEVuSEgAkNYlb2JY4Z26nfCakvciEpHOkeYEYsneBQkr7Zf/IcKuKwd
+wjOMzuLwvF3+cYaxcoHViRsuwyI6YrToJvPtin0xJlJczWalVSQciwjuDDGfjzow
+J2o1O5UZc+VnEItpIbLWriRQPGP5ezOiTUCCxN+v/lignaeykfk+apAiKliKl2w6
+eyxfBAIt8yE3RyhE3mX+AZN8sX+mfduEXCcAziZLSTYm3Lfq90eKGs+cUMFmwz1N
+NvFVfIHpiRSzKlrJlvd38SRbSbQfvS2OEo+e0f4ZW7cKCXayczwF0gQQY9VZ23bn
+Sk1CGuA2ugn+cd9T/yrSTtgz1EDpZxp7HYE242DiJb7wUY30nAqgYZ//ug6HGBJA
+OYQldiinj6lWr0i/jEdKknUKIZTQQ+aH0c+hvbsagQRoVFZUCG6RFbKtWHRxL/a0
+teMT1SFeab6pulh3/VfdLzdBKVvHaY3bpujAmOg4lq0O2MQWMGvIPdso9iTBoAJm
+TrLR/YO0RfvnfC0uM2YHXcLlhgsBUiGQUNnk6EZ5qK2aEiZuaCecpsCYEt2uhO9W
+HF7CpAh3T1OUY33HEw/4KdvMG+5uwK+4D1JatKHsU0Umpp2+2C9T6W/iSLXndg0L
+Xr8NFu9ziXdEe4tZy/9VDo4QOnqFhSBXxkimGrdnUrbTxH4nwUzmv4VRnbAXTEJM
+XkVat7zZ1dvUf+iJXiRxjo6BbwXtL6+ZmL1aYbnbN8HrQdhuFN/QD/OzhYj7f9Yn
+sTSQUleAK1+sppcTs6tiEdxWBgnKUeQNCXEBXG4twy7rd2ymamvunBTaoywebcaG
+RTnK8eyOkoDeVEFZx+EI2TrG2PaA0Zuq+7IYqID+6/asa4K/3J/ChXqjIAgqUcML
+56DlF5DCTvaRRUwftARaOqJZ+VxoW62i30nP/oD35xh++Esf8YgxhPeg1Gjzozx7
+ZC1GZ5f44EvDJyFlXUUNtNy3dC3cSdUUM6oYvDLrPI3wVEw3QgLUJ+Tc8lA5Gx7M
+wW2i/Y6JqlVUabvkaKe4d+w8eo219Bnfo7D199TppbEXOob6AaC2CJranActTfrm
+fFrWQKJrdWz1mWZT3efoBpxVAds8fYk2hNaXL6LQepOAF6ObbS4hHcRHbI7HIdVB
+6GNUfVWlrISZ6thj84way/niR1ikXUFipN5gCRERc0+brXK4OCnksyLqYgvMI74Z
+5lW8HfuX4FNp/Gd5uU+tbYnNy6nIqa8oZScLp0Kjg9tPKjjrDbZS2LJ8kxf7q9lb
+YbxhzMy+uKwdmxIB4fKjWZTgPX4MwjA8FAaMncyvA64rxGnfyLExmOOZWSXqZQ8z
+y+xoqA239Wob98mJn+oluneMKwSAM3ActGTmp5X5jHVk++yEcJN9uGYAa3UohKlm
+/wgpQ79yfBywju2rZR0hQXN0ExBdE/UnJucJMv/iB5fxlkJlkNJPwFgq8iMbzQLu
+-----END RSA PRIVATE KEY-----
View
162 test/rubygems/test_gem_commands_cert_command.rb
@@ -98,14 +98,22 @@ def test_execute_add_twice
end
def test_execute_build
+ passphrase = 'Foo bar'
+
@cmd.handle_options %W[--build nobody@example.com]
- use_ui @ui do
+ @build_ui = Gem::MockGemUi.new "#{passphrase}\n#{passphrase}"
+
+ use_ui @build_ui do
@cmd.execute
end
- output = @ui.output.split "\n"
+ output = @build_ui.output.split "\n"
+ assert_equal "Passphrase for your Private Key: ",
+ output.shift
+ assert_equal "Please repeat the passphrase for your Private Key: ",
+ output.shift
assert_equal "Certificate: #{File.join @tempdir, 'gem-public_cert.pem'}",
output.shift
assert_equal "Private Key: #{File.join @tempdir, 'gem-private_key.pem'}",
@@ -115,12 +123,43 @@ def test_execute_build
output.shift
assert_empty output
- assert_empty @ui.error
+ assert_empty @build_ui.error
assert_path_exists File.join(@tempdir, 'gem-private_key.pem')
assert_path_exists File.join(@tempdir, 'gem-public_cert.pem')
end
+ def test_execute_build_bad_passphrase_confirmation
+ passphrase = 'Foo bar'
+ passphrase_confirmation = 'Fu bar'
+
+ @cmd.handle_options %W[--build nobody@example.com]
+
+ @build_ui = Gem::MockGemUi.new "#{passphrase}\n#{passphrase_confirmation}"
+
+ use_ui @build_ui do
+ e = assert_raises Gem::CommandLineError do
+ @cmd.execute
+ end
+
+ output = @build_ui.output.split "\n"
+
+ assert_equal "Passphrase for your Private Key: ",
+ output.shift
+ assert_equal "Please repeat the passphrase for your Private Key: ",
+ output.shift
+
+ assert_empty output
+
+ assert_equal "Passphrase and passphrase confirmation don't match",
+ e.message
+
+ end
+
+ refute_path_exists File.join(@tempdir, 'gem-private_key.pem')
+ refute_path_exists File.join(@tempdir, 'gem-public_cert.pem')
+ end
+
def test_execute_build_key
@cmd.handle_options %W[
--build nobody@example.com
@@ -135,21 +174,32 @@ def test_execute_build_key
assert_equal "Certificate: #{File.join @tempdir, 'gem-public_cert.pem'}",
output.shift
- assert_equal "Private Key: #{File.join @tempdir, 'gem-private_key.pem'}",
- output.shift
-
- assert_equal "Don't forget to move the key file to somewhere private!",
- output.shift
assert_empty output
assert_empty @ui.error
assert_path_exists File.join(@tempdir, 'gem-public_cert.pem')
+ end
+
+ def test_execute_build_encrypted_key
+ @cmd.handle_options %W[
+ --build nobody@example.com
+ --private-key #{ENCRYPTED_PRIVATE_KEY_PATH}
+ ]
+
+ use_ui @ui do
+ @cmd.execute
+ end
+
+ output = @ui.output.split "\n"
+
+ assert_equal "Certificate: #{File.join @tempdir, 'gem-public_cert.pem'}",
+ output.shift
- private_key_file = File.join @tempdir, 'gem-private_key.pem'
- assert_path_exists private_key_file
+ assert_empty output
+ assert_empty @ui.error
- assert_equal PRIVATE_KEY.to_pem, File.read(private_key_file)
+ assert_path_exists File.join(@tempdir, 'gem-public_cert.pem')
end
def test_execute_certificate
@@ -203,6 +253,17 @@ def test_execute_private_key
assert_equal PRIVATE_KEY.to_pem, @cmd.options[:key].to_pem
end
+ def test_execute_encrypted_private_key
+ use_ui @ui do
+ @cmd.send :handle_options, %W[--private-key #{ENCRYPTED_PRIVATE_KEY_PATH}]
+ end
+
+ assert_equal '', @ui.output
+ assert_equal '', @ui.error
+
+ assert_equal ENCRYPTED_PRIVATE_KEY.to_pem, @cmd.options[:key].to_pem
+ end
+
def test_execute_remove
@trust_dir.trust_cert PUBLIC_CERT
@@ -307,6 +368,35 @@ def test_execute_sign
assert_equal mask, File.stat(path).mode unless win_platform?
end
+ def test_execute_sign_encrypted_key
+ path = File.join @tempdir, 'cert.pem'
+ Gem::Security.write ALTERNATE_CERT, path, 0600
+
+ assert_equal '/CN=alternate/DC=example', ALTERNATE_CERT.issuer.to_s
+
+ @cmd.handle_options %W[
+ --private-key #{ENCRYPTED_PRIVATE_KEY_PATH}
+ --certificate #{PUBLIC_CERT_FILE}
+
+ --sign #{path}
+ ]
+
+ use_ui @ui do
+ @cmd.execute
+ end
+
+ assert_equal '', @ui.output
+ assert_equal '', @ui.error
+
+ cert = OpenSSL::X509::Certificate.new File.read path
+
+ assert_equal '/CN=nobody/DC=example', cert.issuer.to_s
+
+ mask = 0100600 & (~File.umask)
+
+ assert_equal mask, File.stat(path).mode unless win_platform?
+ end
+
def test_execute_sign_default
FileUtils.mkdir_p File.join Gem.user_home, '.gem'
@@ -339,6 +429,38 @@ def test_execute_sign_default
assert_equal mask, File.stat(path).mode unless win_platform?
end
+ def test_execute_sign_default_encrypted_key
+ FileUtils.mkdir_p File.join(Gem.user_home, '.gem')
+
+ private_key_path = File.join Gem.user_home, '.gem', 'gem-private_key.pem'
+ Gem::Security.write ENCRYPTED_PRIVATE_KEY, private_key_path, 0600, PRIVATE_KEY_PASSPHRASE
+
+ public_cert_path = File.join Gem.user_home, '.gem', 'gem-public_cert.pem'
+ Gem::Security.write PUBLIC_CERT, public_cert_path
+
+ path = File.join @tempdir, 'cert.pem'
+ Gem::Security.write ALTERNATE_CERT, path, 0600
+
+ assert_equal '/CN=alternate/DC=example', ALTERNATE_CERT.issuer.to_s
+
+ @cmd.handle_options %W[--sign #{path}]
+
+ use_ui @ui do
+ @cmd.execute
+ end
+
+ assert_equal '', @ui.output
+ assert_equal '', @ui.error
+
+ cert = OpenSSL::X509::Certificate.new File.read path
+
+ assert_equal '/CN=nobody/DC=example', cert.issuer.to_s
+
+ mask = 0100600 & (~File.umask)
+
+ assert_equal mask, File.stat(path).mode unless win_platform?
+ end
+
def test_execute_sign_no_cert
FileUtils.mkdir_p File.join Gem.user_home, '.gem'
@@ -509,6 +631,24 @@ def test_handle_options_sign
assert_equal [ALTERNATE_CERT_FILE, CHILD_CERT_FILE], @cmd.options[:sign]
end
+ def test_handle_options_sign_encrypted_key
+ @cmd.handle_options %W[
+ --private-key #{ALTERNATE_KEY_FILE}
+ --private-key #{ENCRYPTED_PRIVATE_KEY_PATH}
+
+ --certificate #{ALTERNATE_CERT_FILE}
+ --certificate #{PUBLIC_CERT_FILE}
+
+ --sign #{ALTERNATE_CERT_FILE}
+ --sign #{CHILD_CERT_FILE}
+ ]
+
+ assert_equal ENCRYPTED_PRIVATE_KEY.to_pem, @cmd.options[:key].to_pem
+ assert_equal PUBLIC_CERT.to_pem, @cmd.options[:issuer_cert].to_pem
+
+ assert_equal [ALTERNATE_CERT_FILE, CHILD_CERT_FILE], @cmd.options[:sign]
+ end
+
def test_handle_options_sign_nonexistent
nonexistent = File.join @tempdir, 'nonexistent'
e = assert_raises OptionParser::InvalidArgument do
View
76 test/rubygems/test_gem_package.rb
@@ -168,6 +168,47 @@ def test_build_auto_signed
Gem::Security.write PRIVATE_KEY, private_key_path
public_cert_path = File.join Gem.user_home, '.gem', 'gem-public_cert.pem'
+ FileUtils.cp PUBLIC_CERT_PATH, public_cert_path
+
+ spec = Gem::Specification.new 'build', '1'
+ spec.summary = 'build'
+ spec.authors = 'build'
+ spec.files = ['lib/code.rb']
+
+ FileUtils.mkdir 'lib'
+
+ open 'lib/code.rb', 'w' do |io|
+ io.write '# lib/code.rb'
+ end
+
+ package = Gem::Package.new spec.file_name
+ package.spec = spec
+
+ package.build
+
+ assert_equal Gem::VERSION, spec.rubygems_version
+ assert_path_exists spec.file_name
+
+ reader = Gem::Package.new spec.file_name
+ assert reader.verify
+
+ assert_equal [PUBLIC_CERT.to_pem], reader.spec.cert_chain
+
+ assert_equal %w[metadata.gz metadata.gz.sig
+ data.tar.gz data.tar.gz.sig
+ checksums.yaml.gz checksums.yaml.gz.sig],
+ reader.files
+
+ assert_equal %w[lib/code.rb], reader.contents
+ end
+
+ def test_build_auto_signed_encrypted_key
+ FileUtils.mkdir_p File.join(Gem.user_home, '.gem')
+
+ private_key_path = File.join Gem.user_home, '.gem', 'gem-private_key.pem'
+ FileUtils.cp ENCRYPTED_PRIVATE_KEY_PATH, private_key_path
+
+ public_cert_path = File.join Gem.user_home, '.gem', 'gem-public_cert.pem'
Gem::Security.write PUBLIC_CERT, public_cert_path
spec = Gem::Specification.new 'build', '1'
@@ -250,6 +291,41 @@ def test_build_signed
assert_equal %w[lib/code.rb], reader.contents
end
+ def test_build_signed_encryped_key
+ spec = Gem::Specification.new 'build', '1'
+ spec.summary = 'build'
+ spec.authors = 'build'
+ spec.files = ['lib/code.rb']
+ spec.cert_chain = [PUBLIC_CERT.to_pem]
+ spec.signing_key = ENCRYPTED_PRIVATE_KEY
+
+ FileUtils.mkdir 'lib'
+
+ open 'lib/code.rb', 'w' do |io|
+ io.write '# lib/code.rb'
+ end
+
+ package = Gem::Package.new spec.file_name
+ package.spec = spec
+
+ package.build
+
+ assert_equal Gem::VERSION, spec.rubygems_version
+ assert_path_exists spec.file_name
+
+ reader = Gem::Package.new spec.file_name
+ assert reader.verify
+
+ assert_equal spec, reader.spec
+
+ assert_equal %w[metadata.gz metadata.gz.sig
+ data.tar.gz data.tar.gz.sig
+ checksums.yaml.gz checksums.yaml.gz.sig],
+ reader.files
+
+ assert_equal %w[lib/code.rb], reader.contents
+ end
+
def test_contents
package = Gem::Package.new @gem
View
53 test/rubygems/test_gem_security.rb
@@ -246,5 +246,58 @@ def test_class_trust_dir
assert_equal expected, trust_dir.dir
end
+ def test_class_write
+ key = @SEC.create_key 256
+
+ path = File.join @tempdir, 'test-private_key.pem'
+
+ @SEC.write key, path
+
+ assert_path_exists path
+
+ key_from_file = File.read path
+
+ assert_equal key.to_pem, key_from_file
+ end
+
+ def test_class_write_encrypted
+ key = @SEC.create_key 256
+
+ path = File.join @tempdir, 'test-private_encrypted_key.pem'
+
+ passphrase = 'It should be long.'
+
+ @SEC.write key, path, 0600, passphrase
+
+ assert_path_exists path
+
+ key_from_file = OpenSSL::PKey::RSA.new File.read(path), passphrase
+
+ assert_equal key.to_pem, key_from_file.to_pem
+ end
+
+ def test_class_write_encrypted_cipher
+ key = @SEC.create_key 256
+
+ path = File.join @tempdir, 'test-private_encrypted__with_non_default_cipher_key.pem'
+
+ passphrase = 'It should be long.'
+
+ cipher = OpenSSL::Cipher.new('aes192')
+
+ @SEC.write key, path, 0600, passphrase, cipher
+
+ assert_path_exists path
+
+ key_file_contents = File.read(path)
+
+ assert key_file_contents.split("\n")[2].match(cipher.name)
+
+ key_from_file = OpenSSL::PKey::RSA.new key_file_contents, passphrase
+
+ assert_equal key.to_pem, key_from_file.to_pem
+ end
+
+
end
View
8 test/rubygems/test_gem_security_signer.rb
@@ -72,6 +72,14 @@ def test_initialize_key_path
assert_equal PRIVATE_KEY.to_s, signer.key.to_s
end
+ def test_initialize_encrypted_key_path
+ key_file = ENCRYPTED_PRIVATE_KEY_PATH
+
+ signer = Gem::Security::Signer.new key_file, nil, PRIVATE_KEY_PASSPHRASE
+
+ assert_equal ENCRYPTED_PRIVATE_KEY.to_s, signer.key.to_s
+ end
+
def test_load_cert_chain
Gem::Security.trust_dir.trust_cert PUBLIC_CERT
Please sign in to comment.
Something went wrong with that request. Please try again.