[rubygems/rubygems] Add support to build and sign certificates with multiple key algorithms

https://github.com/rubygems/rubygems/commit/967876f15d Co-Authored-By: Frederik Dudzik <frederik.dudzik@shopify.com>
author: Jenny Shen <jenny.shen@shopify.com> 2021-10-06 17:39:23 -0400
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2021-10-26 08:01:55 +0900
commit: 92ec010595bed29567fc08dd4d52d4c4518f0fd4 (patch)
tree: dd979fbf6aba6d5638153c54ca03f3363e9a8827 /lib/rubygems/security
parent: 10fe8495cd9568be79b4c254742eb0f667e84988 (diff)
2 files changed, 8 insertions, 7 deletions
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index 9683e55b32..3c3cb647ee 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -115,9 +115,11 @@ class Gem::Security::Policy
       raise Gem::Security::Exception, 'missing key or signature'
     end
 
+    public_key = Gem::Security.get_public_key(key)
+
     raise Gem::Security::Exception,
       "certificate #{signer.subject} does not match the signing key" unless
-        signer.public_key.to_pem == key.public_key.to_pem
+        signer.public_key.to_pem == public_key.to_pem
 
     true
   end
@@ -164,9 +166,9 @@ class Gem::Security::Policy
     end
 
     save_cert = OpenSSL::X509::Certificate.new File.read path
-    save_dgst = digester.digest save_cert.public_key.to_s
+    save_dgst = digester.digest save_cert.public_key.to_pem
 
-    pkey_str = root.public_key.to_s
+    pkey_str = root.public_key.to_pem
     cert_dgst = digester.digest pkey_str
 
     raise Gem::Security::Exception,
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb
index c5c2c4f220..968cf88973 100644
--- a/lib/rubygems/security/signer.rb
+++ b/lib/rubygems/security/signer.rb
@@ -83,8 +83,8 @@ class Gem::Security::Signer
     @digest_name      = Gem::Security::DIGEST_NAME
     @digest_algorithm = Gem::Security.create_digest(@digest_name)
 
-    if @key && !@key.is_a?(OpenSSL::PKey::RSA)
-      @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
+    if @key && !@key.is_a?(OpenSSL::PKey::PKey)
+      @key = OpenSSL::PKey.read(File.read(@key), @passphrase)
     end
 
     if @cert_chain
@@ -177,8 +177,7 @@ class Gem::Security::Signer
     disk_cert = File.read(disk_cert_path) rescue nil
 
     disk_key_path = File.join(Gem.default_key_path)
-    disk_key =
-      OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil
+    disk_key = OpenSSL::PKey.read(File.read(disk_key_path), @passphrase) rescue nil
 
     return unless disk_key
author	Jenny Shen <jenny.shen@shopify.com>	2021-10-06 17:39:23 -0400
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2021-10-26 08:01:55 +0900
commit	92ec010595bed29567fc08dd4d52d4c4518f0fd4 (patch)
tree	dd979fbf6aba6d5638153c54ca03f3363e9a8827 /lib/rubygems/security
parent	10fe8495cd9568be79b4c254742eb0f667e84988 (diff)