# File lib/rubygems/security.rb, line 672
  def self.build_self_signed_cert(email_addr, opt = {})
    Gem.ensure_ssl_available
    opt = OPT.merge(opt)
    path = { :key => nil, :cert => nil }

    # split email address up
    cn, dcs = email_addr.split('@')
    dcs = dcs.split('.')

    # munge email CN and DCs
    cn = cn.gsub(opt[:munge_re], '_')
    dcs = dcs.map { |dc| dc.gsub(opt[:munge_re], '_') }

    # create DN
    name = "CN=#{cn}/" << dcs.map { |dc| "DC=#{dc}" }.join('/')
    name = OpenSSL::X509::Name::parse(name)

    # build private key
    key = opt[:key_algo].new(opt[:key_size])

    # method name pretty much says it all :)
    verify_trust_dir(opt[:trust_dir], opt[:perms][:trust_dir])

    # if we're saving the key, then write it out
    if opt[:save_key]
      path[:key] = opt[:save_key_path] || (opt[:output_fmt] % 'private_key')
      File.open(path[:key], 'wb') do |file|
        file.chmod(opt[:perms][:signing_key])
        file.write(key.to_pem)
      end
    end

    # build self-signed public cert from key
    cert = build_cert(name, key, opt)

    # if we're saving the cert, then write it out
    if opt[:save_cert]
      path[:cert] = opt[:save_cert_path] || (opt[:output_fmt] % 'public_cert')
      File.open(path[:cert], 'wb') do |file|
        file.chmod(opt[:perms][:signing_cert])
        file.write(cert.to_pem)
      end
    end

    # return key, cert, and paths (if applicable)
    { :key => key, :cert => cert,
      :key_path => path[:key], :cert_path => path[:cert] }
  end