diff options
Diffstat (limited to 'lib/rubygems/security/signer.rb')
-rw-r--r-- | lib/rubygems/security/signer.rb | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb index c5c2c4f220..5732fb57fd 100644 --- a/lib/rubygems/security/signer.rb +++ b/lib/rubygems/security/signer.rb @@ -1,4 +1,5 @@ # frozen_string_literal: true + ## # Basic OpenSSL-based package signing class. @@ -42,7 +43,7 @@ class Gem::Security::Signer def self.re_sign_cert(expired_cert, expired_cert_path, private_key) return unless expired_cert.not_after < Time.now - expiry = expired_cert.not_after.strftime('%Y%m%d%H%M%S') + expiry = expired_cert.not_after.strftime("%Y%m%d%H%M%S") expired_cert_file = "#{File.basename(expired_cert_path)}.expired.#{expiry}" new_expired_cert_path = File.join(Gem.user_home, ".gem", expired_cert_file) @@ -83,8 +84,8 @@ class Gem::Security::Signer @digest_name = Gem::Security::DIGEST_NAME @digest_algorithm = Gem::Security.create_digest(@digest_name) - if @key && !@key.is_a?(OpenSSL::PKey::RSA) - @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase) + if @key && !@key.is_a?(OpenSSL::PKey::PKey) + @key = OpenSSL::PKey.read(File.read(@key), @passphrase) end if @cert_chain @@ -105,7 +106,7 @@ class Gem::Security::Signer # this value is preferred, otherwise the subject is used. def extract_name(cert) # :nodoc: - subject_alt_name = cert.extensions.find {|e| 'subjectAltName' == e.oid } + subject_alt_name = cert.extensions.find {|e| e.oid == "subjectAltName" } if subject_alt_name /\Aemail:/ =~ subject_alt_name.value # rubocop:disable Performance/StartWith @@ -139,9 +140,9 @@ class Gem::Security::Signer def sign(data) return unless @key - raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty? + raise Gem::Security::Exception, "no certs provided" if @cert_chain.empty? - if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now + if @cert_chain.length == 1 && @cert_chain.last.not_after < Time.now alert("Your certificate has expired, trying to re-sign it...") re_sign_key( @@ -174,16 +175,23 @@ class Gem::Security::Signer old_cert = @cert_chain.last disk_cert_path = File.join(Gem.default_cert_path) - disk_cert = File.read(disk_cert_path) rescue nil + disk_cert = begin + File.read(disk_cert_path) + rescue StandardError + nil + end disk_key_path = File.join(Gem.default_key_path) - disk_key = - OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil + disk_key = begin + OpenSSL::PKey.read(File.read(disk_key_path), @passphrase) + rescue StandardError + nil + end return unless disk_key if disk_key.to_pem == @key.to_pem && disk_cert == old_cert.to_pem - expiry = old_cert.not_after.strftime('%Y%m%d%H%M%S') + expiry = old_cert.not_after.strftime("%Y%m%d%H%M%S") old_cert_file = "gem-public_cert.pem.expired.#{expiry}" old_cert_path = File.join(Gem.user_home, ".gem", old_cert_file) |