* lib/rubygems/package.rb: Ensure digests are generated for signing.

	* test/rubygems/test_gem_package.rb:  Test for the above.

	* lib/rubygems/security/policy.rb:  Ensure digests are present when
	  verifying a gem and match the number of signatures bidirectionally.
	* test/rubygems/test_gem_security_policy.rb:  Test for the above.

	* lib/rubygems.rb:  Documentation improvements (by zzak)


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39126 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

2 files changed, 128 insertions, 35 deletions

diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb
index 3051147948..d08f46d7d2 100644
--- a/test/rubygems/test_gem_package.rb
+++ b/test/rubygems/test_gem_package.rb
@@ -429,10 +429,17 @@ class TestGemPackage < Gem::Package::TarTestCase
 
       digest = OpenSSL::Digest::SHA1.new
       digest << metadata_gz
-      checksum = "#{digest.name}\t#{digest.hexdigest}\n"
 
-      tar.add_file 'metadata.gz.sum', 0444 do |io|
-        io.write checksum
+      checksums = {
+        'SHA1' => {
+          'metadata.gz' => digest.hexdigest,
+        },
+      }
+
+      tar.add_file 'checksums.yaml.gz', 0444 do |io|
+        Zlib::GzipWriter.wrap io do |gz_io|
+          gz_io.write YAML.dump checksums
+        end
       end
 
       tar.add_file 'data.tar.gz', 0444 do |io|
@@ -504,6 +511,47 @@ class TestGemPackage < Gem::Package::TarTestCase
     assert_empty package.instance_variable_get(:@files), '@files must empty'
   end
 
+  def test_verify_security_policy_checksum_missing
+    @spec.cert_chain = [PUBLIC_CERT.to_pem]
+    @spec.signing_key = PRIVATE_KEY
+
+    build = Gem::Package.new @gem
+    build.spec = @spec
+    build.setup_signer
+
+    FileUtils.mkdir 'lib'
+    FileUtils.touch 'lib/code.rb'
+
+    open @gem, 'wb' do |gem_io|
+      Gem::Package::TarWriter.new gem_io do |gem|
+        build.add_metadata gem
+        build.add_contents gem
+
+        # write bogus data.tar.gz to foil signature
+        bogus_data = Gem.gzip 'hello'
+        gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io|
+          io.write bogus_data
+        end
+
+        # pre rubygems 2.0 gems do not add checksums
+      end
+    end
+
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    package = Gem::Package.new @gem
+    package.security_policy = Gem::Security::HighSecurity
+
+    e = assert_raises Gem::Security::Exception do
+      package.verify
+    end
+
+    assert_equal 'invalid signature', e.message
+
+    refute package.instance_variable_get(:@spec), '@spec must not be loaded'
+    assert_empty package.instance_variable_get(:@files), '@files must empty'
+  end
+
   def test_verify_truncate
     open 'bad.gem', 'wb' do |io|
       io.write File.read(@gem, 1024) # don't care about newlines
diff --git a/test/rubygems/test_gem_security_policy.rb b/test/rubygems/test_gem_security_policy.rb
index 22f5375dbf..568bf69d08 100644
--- a/test/rubygems/test_gem_security_policy.rb
+++ b/test/rubygems/test_gem_security_policy.rb
@@ -31,6 +31,7 @@ class TestGemSecurityPolicy < Gem::TestCase
     @sha1 = OpenSSL::Digest::SHA1
     @trust_dir = Gem::Security.trust_dir.dir # HACK use the object
 
+    @no        = Gem::Security::NoSecurity
     @almost_no = Gem::Security::AlmostNoSecurity
     @low       = Gem::Security::LowSecurity
     @high      = Gem::Security::HighSecurity
@@ -220,73 +221,108 @@ class TestGemSecurityPolicy < Gem::TestCase
   def test_verify
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
-    assert @almost_no.verify [PUBLIC_CERT]
+    assert @almost_no.verify [PUBLIC_CERT], nil, *dummy_signatures
   end
 
   def test_verify_chain_signatures
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, PRIVATE_KEY) }
-
-    assert @high.verify [PUBLIC_CERT], nil, digest, signature
+    assert @high.verify [PUBLIC_CERT], nil, *dummy_signatures
   end
 
   def test_verify_chain_key
-    assert @almost_no.verify [PUBLIC_CERT], PRIVATE_KEY
+    @almost_no.verify [PUBLIC_CERT], PRIVATE_KEY, *dummy_signatures
   end
 
-  def test_verify_signatures_chain
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, CHILD_KEY) }
+  def test_verify_no_digests
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    _, signatures = dummy_signatures
+
+    e = assert_raises Gem::Security::Exception do
+      @almost_no.verify [PUBLIC_CERT], nil, {}, signatures
+    end
+
+    assert_equal 'no digests provided (probable bug)', e.message
+  end
+
+  def test_verify_no_digests_no_security
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    _, signatures = dummy_signatures
+
+    e = assert_raises Gem::Security::Exception do
+      @no.verify [PUBLIC_CERT], nil, {}, signatures
+    end
+
+    assert_equal 'missing digest for 0', e.message
+  end
+
+  def test_verify_not_enough_signatures
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    digests, signatures = dummy_signatures
+
+    data = digest 'goodbye'
+
+    signatures[1] = PRIVATE_KEY.sign @sha1.new, data.digest
+
+    e = assert_raises Gem::Security::Exception do
+      @almost_no.verify [PUBLIC_CERT], nil, digests, signatures
+    end
 
+    assert_equal 'missing digest for 1', e.message
+  end
+
+  def test_verify_wrong_digest_type
+    Gem::Security.trust_dir.trust_cert PUBLIC_CERT
+
+    sha512 = OpenSSL::Digest::SHA512
+
+    data = sha512.new
+    data << 'hello'
+
+    digests    = { 'SHA512' => { 0 => data } }
+    signature  = PRIVATE_KEY.sign sha512.new, data.digest
+    signatures = { 0 => signature }
+
+    e = assert_raises Gem::Security::Exception do
+      @almost_no.verify [PUBLIC_CERT], nil, digests, signatures
+    end
+
+    assert_equal 'no digests provided (probable bug)', e.message
+  end
+
+  def test_verify_signatures_chain
     @spec.cert_chain = [PUBLIC_CERT, CHILD_CERT]
 
-    assert @chain.verify_signatures @spec, digest, signature
+    assert @chain.verify_signatures @spec, *dummy_signatures(CHILD_KEY)
   end
 
   def test_verify_signatures_data
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data) }
-
     @spec.cert_chain = [PUBLIC_CERT]
 
-    @almost_no.verify_signatures @spec, digest, signature
+    @almost_no.verify_signatures @spec, *dummy_signatures
   end
 
   def test_verify_signatures_root
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, CHILD_KEY) }
-
     @spec.cert_chain = [PUBLIC_CERT, CHILD_CERT]
 
-    assert @root.verify_signatures @spec, digest, signature
+    assert @root.verify_signatures @spec, *dummy_signatures(CHILD_KEY)
   end
 
   def test_verify_signatures_signer
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data) }
-
     @spec.cert_chain = [PUBLIC_CERT]
 
-    assert @low.verify_signatures @spec, digest, signature
+    assert @low.verify_signatures @spec, *dummy_signatures
   end
 
   def test_verify_signatures_trust
     Gem::Security.trust_dir.trust_cert PUBLIC_CERT
 
-    data = digest 'hello'
-    digest    = { 'SHA1' => { 0 => data } }
-    signature = { 0 => sign(data, PRIVATE_KEY) }
-
     @spec.cert_chain = [PUBLIC_CERT]
 
-    assert @high.verify_signatures @spec, digest, signature
+    assert @high.verify_signatures @spec, *dummy_signatures
   end
 
   def test_verify_signatures
@@ -372,5 +408,14 @@ class TestGemSecurityPolicy < Gem::TestCase
     key.sign @sha1.new, data.digest
   end
 
+  def dummy_signatures key = PRIVATE_KEY
+    data = digest 'hello'
+
+    digests    = { 'SHA1' => { 0 => data } }
+    signatures = { 0 => sign(data, key) }
+
+    return digests, signatures
+  end
+
 end