diff options
Diffstat (limited to 'lib/rubygems/security/policy.rb')
-rw-r--r-- | lib/rubygems/security/policy.rb | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index c34b7605c3..d1539e4985 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -152,8 +152,8 @@ class Gem::Security::Policy end def inspect # :nodoc: - "[Policy: %s - data: %p signer: %p chain: %p root: %p " + - "signed-only: %p trusted-only: %p]" % [ + ("[Policy: %s - data: %p signer: %p chain: %p root: %p " + + "signed-only: %p trusted-only: %p]") % [ @name, @verify_chain, @verify_data, @verify_root, @verify_signer, @only_signed, @only_trusted, ] @@ -177,11 +177,16 @@ class Gem::Security::Policy trust_dir = opt[:trust_dir] time = Time.now - signer_digests = digests.find do |algorithm, file_digests| + _, signer_digests = digests.find do |algorithm, file_digests| file_digests.values.first.name == Gem::Security::DIGEST_NAME end - signer_digests = digests.values.first || {} + if @verify_data then + raise Gem::Security::Exception, 'no digests provided (probable bug)' if + signer_digests.nil? or signer_digests.empty? + else + signer_digests = {} + end signer = chain.last @@ -195,6 +200,13 @@ class Gem::Security::Policy check_trust chain, digester, trust_dir if @only_trusted + signatures.each do |file, _| + digest = signer_digests[file] + + raise Gem::Security::Exception, "missing digest for #{file}" unless + digest + end + signer_digests.each do |file, digest| signature = signatures[file] |