Merge RubyGems-3.2.22 and Bundler-2.2.22

3 files changed, 58 insertions, 43 deletions

diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb
index 998df0621b..3fc0daea7d 100644
--- a/lib/rubygems/commands/cert_command.rb
+++ b/lib/rubygems/commands/cert_command.rb
@@ -7,37 +7,9 @@ class Gem::Commands::CertCommand < Gem::Command
     super 'cert', 'Manage RubyGems certificates and signing settings',
           :add => [], :remove => [], :list => [], :build => [], :sign => []
 
-    OptionParser.accept OpenSSL::X509::Certificate do |certificate_file|
-      begin
-        certificate = OpenSSL::X509::Certificate.new File.read certificate_file
-      rescue Errno::ENOENT
-        raise OptionParser::InvalidArgument, "#{certificate_file}: does not exist"
-      rescue OpenSSL::X509::CertificateError
-        raise OptionParser::InvalidArgument,
-          "#{certificate_file}: invalid X509 certificate"
-      end
-      [certificate, certificate_file]
-    end
-
-    OptionParser.accept OpenSSL::PKey::RSA do |key_file|
-      begin
-        passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
-        key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
-      rescue Errno::ENOENT
-        raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
-      rescue OpenSSL::PKey::RSAError
-        raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key"
-      end
-
-      raise OptionParser::InvalidArgument,
-            "#{key_file}: private key not found" unless key.private?
-
-      key
-    end
-
-    add_option('-a', '--add CERT', OpenSSL::X509::Certificate,
-               'Add a trusted certificate.') do |(cert, _), options|
-      options[:add] << cert
+    add_option('-a', '--add CERT',
+               'Add a trusted certificate.') do |cert_file, options|
+      options[:add] << open_cert(cert_file)
     end
 
     add_option('-l', '--list [FILTER]',
@@ -60,15 +32,15 @@ class Gem::Commands::CertCommand < Gem::Command
       options[:build] << email_address
     end
 
-    add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate,
-               'Signing certificate for --sign') do |(cert, cert_file), options|
-      options[:issuer_cert] = cert
+    add_option('-C', '--certificate CERT',
+               'Signing certificate for --sign') do |cert_file, options|
+      options[:issuer_cert] = open_cert(cert_file)
       options[:issuer_cert_file] = cert_file
     end
 
-    add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA,
-               'Key for --sign or --build') do |key, options|
-      options[:key] = key
+    add_option('-K', '--private-key KEY',
+               'Key for --sign or --build') do |key_file, options|
+      options[:key] = open_private_key(key_file)
     end
 
     add_option('-s', '--sign CERT',
@@ -97,7 +69,39 @@ class Gem::Commands::CertCommand < Gem::Command
     say "Added '#{certificate.subject}'"
   end
 
+  def check_openssl
+    return if Gem::HAVE_OPENSSL
+
+    alert_error "OpenSSL library is required for the cert command"
+    terminate_interaction 1
+  end
+
+  def open_cert(certificate_file)
+    check_openssl
+    OpenSSL::X509::Certificate.new File.read certificate_file
+  rescue Errno::ENOENT
+    raise OptionParser::InvalidArgument, "#{certificate_file}: does not exist"
+  rescue OpenSSL::X509::CertificateError
+    raise OptionParser::InvalidArgument,
+      "#{certificate_file}: invalid X509 certificate"
+  end
+
+  def open_private_key(key_file)
+    check_openssl
+    passphrase = ENV['GEM_PRIVATE_KEY_PASSPHRASE']
+    key = OpenSSL::PKey::RSA.new File.read(key_file), passphrase
+    raise OptionParser::InvalidArgument,
+      "#{key_file}: private key not found" unless key.private?
+    key
+  rescue Errno::ENOENT
+    raise OptionParser::InvalidArgument, "#{key_file}: does not exist"
+  rescue OpenSSL::PKey::RSAError
+    raise OptionParser::InvalidArgument, "#{key_file}: invalid RSA key"
+  end
+
   def execute
+    check_openssl
+
     options[:add].each do |certificate|
       add_certificate certificate
     end
@@ -311,4 +315,4 @@ For further reading on signing gems see `ri Gem::Security`.
     # It's simple, but is all we need
     email =~ /\A.+@.+\z/
   end
-end if Gem::HAVE_OPENSSL
+end
diff --git a/lib/rubygems/gemcutter_utilities.rb b/lib/rubygems/gemcutter_utilities.rb
index 3687e776e2..00e68916c4 100644
--- a/lib/rubygems/gemcutter_utilities.rb
+++ b/lib/rubygems/gemcutter_utilities.rb
@@ -52,6 +52,13 @@ module Gem::GemcutterUtilities
   end
 
   ##
+  # The OTP code from the command options or from the user's configuration.
+
+  def otp
+    options[:otp] || ENV["GEM_HOST_OTP_CODE"]
+  end
+
+  ##
   # The host to connect to either from the RUBYGEMS_HOST environment variable
   # or from the user's configuration
 
@@ -126,7 +133,7 @@ module Gem::GemcutterUtilities
     response = rubygems_api_request(:put, "api/v1/api_key",
                                     sign_in_host, scope: scope) do |request|
       request.basic_auth email, password
-      request["OTP"] = options[:otp] if options[:otp]
+      request["OTP"] = otp if otp
       request.body = URI.encode_www_form({:api_key => api_key }.merge(update_scope_params))
     end
 
@@ -159,7 +166,7 @@ module Gem::GemcutterUtilities
     response = rubygems_api_request(:post, "api/v1/api_key",
                                     sign_in_host, scope: scope) do |request|
       request.basic_auth email, password
-      request["OTP"] = options[:otp] if options[:otp]
+      request["OTP"] = otp if otp
       request.body = URI.encode_www_form({ name: key_name }.merge(scope_params))
     end
 
@@ -224,7 +231,7 @@ module Gem::GemcutterUtilities
     request_method = Net::HTTP.const_get method.to_s.capitalize
 
     Gem::RemoteFetcher.fetcher.request(uri, request_method) do |req|
-      req["OTP"] = options[:otp] if options[:otp]
+      req["OTP"] = otp if otp
       block.call(req)
     end
   end
diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb
index 7206c3eaf0..23a37e966b 100644
--- a/lib/rubygems/specification.rb
+++ b/lib/rubygems/specification.rb
@@ -2421,7 +2421,6 @@ class Gem::Specification < Gem::BasicSpecification
   # still have their default values are omitted.
 
   def to_ruby
-    require_relative 'openssl'
     mark_version
     result = []
     result << "# -*- encoding: utf-8 -*-"
@@ -2455,16 +2454,21 @@ class Gem::Specification < Gem::BasicSpecification
       :has_rdoc,
       :default_executable,
       :metadata,
+      :signing_key,
     ]
 
     @@attributes.each do |attr_name|
       next if handled.include? attr_name
       current_value = self.send(attr_name)
       if current_value != default_value(attr_name) || self.class.required_attribute?(attr_name)
-        result << "  s.#{attr_name} = #{ruby_code current_value}" unless defined?(OpenSSL::PKey::RSA) && current_value.is_a?(OpenSSL::PKey::RSA)
+        result << "  s.#{attr_name} = #{ruby_code current_value}"
       end
     end
 
+    if String === signing_key
+      result << "  s.signing_key = #{signing_key.dump}.freeze"
+    end
+
     if @installed_by_version
       result << nil
       result << "  s.installed_by_version = \"#{Gem::VERSION}\" if s.respond_to? :installed_by_version"