diff options
Diffstat (limited to 'lib/rubygems/security/signer.rb')
-rw-r--r-- | lib/rubygems/security/signer.rb | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb index fc98f951bc..32dab9fa81 100644 --- a/lib/rubygems/security/signer.rb +++ b/lib/rubygems/security/signer.rb @@ -30,6 +30,15 @@ class Gem::Security::Signer attr_reader :digest_name # :nodoc: ## + # Gem::Security::Signer options + + attr_reader :options + + DEFAULT_OPTIONS = { + expiration_length_days: 365 + }.freeze + + ## # Attemps to re-sign an expired cert with a given private key def self.re_sign_cert(expired_cert, expired_cert_path, private_key) return unless expired_cert.not_after < Time.now @@ -40,7 +49,11 @@ class Gem::Security::Signer Gem::Security.write(expired_cert, new_expired_cert_path) - re_signed_cert = Gem::Security.re_sign(expired_cert, private_key) + re_signed_cert = Gem::Security.re_sign( + expired_cert, + private_key, + (Gem::Security::ONE_DAY * Gem.configuration.cert_expiration_length_days) + ) Gem::Security.write(re_signed_cert, expired_cert_path) @@ -52,10 +65,11 @@ class Gem::Security::Signer # +chain+ containing X509 certificates, encoding certificates or paths to # certificates. - def initialize key, cert_chain, passphrase = nil + def initialize key, cert_chain, passphrase = nil, options = {} @cert_chain = cert_chain @key = key @passphrase = passphrase + @options = DEFAULT_OPTIONS.merge(options) unless @key then default_key = File.join Gem.default_key_path @@ -130,7 +144,9 @@ class Gem::Security::Signer raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty? if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then - re_sign_key + re_sign_key( + expiration_length: (Gem::Security::ONE_DAY * options[:expiration_length_days]) + ) end full_name = extract_name @cert_chain.last @@ -154,7 +170,7 @@ class Gem::Security::Signer # be saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the # expiry time (not after) is used for the timestamp. - def re_sign_key # :nodoc: + def re_sign_key(expiration_length: Gem::Security::ONE_YEAR) # :nodoc: old_cert = @cert_chain.last disk_cert_path = File.join(Gem.default_cert_path) @@ -174,7 +190,7 @@ class Gem::Security::Signer unless File.exist?(old_cert_path) Gem::Security.write(old_cert, old_cert_path) - cert = Gem::Security.re_sign(old_cert, @key) + cert = Gem::Security.re_sign(old_cert, @key, expiration_length) Gem::Security.write(cert, disk_cert_path) |