4 files changed, 67 insertions, 63 deletions

diff --git a/lib/rubygems/security/policies.rb b/lib/rubygems/security/policies.rb
index d28005223e..41f66043ad 100644
--- a/lib/rubygems/security/policies.rb
+++ b/lib/rubygems/security/policies.rb
@@ -1,17 +1,17 @@
 # frozen_string_literal: true
-module Gem::Security
 
+module Gem::Security
   ##
   # No security policy: all package signature checks are disabled.
 
   NoSecurity = Policy.new(
     "No Security",
-    :verify_data => false,
-    :verify_signer => false,
-    :verify_chain => false,
-    :verify_root => false,
-    :only_trusted => false,
-    :only_signed => false
+    verify_data: false,
+    verify_signer: false,
+    verify_chain: false,
+    verify_root: false,
+    only_trusted: false,
+    only_signed: false
   )
 
   ##
@@ -24,12 +24,12 @@ module Gem::Security
 
   AlmostNoSecurity = Policy.new(
     "Almost No Security",
-    :verify_data => true,
-    :verify_signer => false,
-    :verify_chain => false,
-    :verify_root => false,
-    :only_trusted => false,
-    :only_signed => false
+    verify_data: true,
+    verify_signer: false,
+    verify_chain: false,
+    verify_root: false,
+    only_trusted: false,
+    only_signed: false
   )
 
   ##
@@ -41,12 +41,12 @@ module Gem::Security
 
   LowSecurity = Policy.new(
     "Low Security",
-    :verify_data => true,
-    :verify_signer => true,
-    :verify_chain => false,
-    :verify_root => false,
-    :only_trusted => false,
-    :only_signed => false
+    verify_data: true,
+    verify_signer: true,
+    verify_chain: false,
+    verify_root: false,
+    only_trusted: false,
+    only_signed: false
   )
 
   ##
@@ -60,12 +60,12 @@ module Gem::Security
 
   MediumSecurity = Policy.new(
     "Medium Security",
-    :verify_data => true,
-    :verify_signer => true,
-    :verify_chain => true,
-    :verify_root => true,
-    :only_trusted => true,
-    :only_signed => false
+    verify_data: true,
+    verify_signer: true,
+    verify_chain: true,
+    verify_root: true,
+    only_trusted: true,
+    only_signed: false
   )
 
   ##
@@ -79,12 +79,12 @@ module Gem::Security
 
   HighSecurity = Policy.new(
     "High Security",
-    :verify_data => true,
-    :verify_signer => true,
-    :verify_chain => true,
-    :verify_root => true,
-    :only_trusted => true,
-    :only_signed => true
+    verify_data: true,
+    verify_signer: true,
+    verify_chain: true,
+    verify_root: true,
+    only_trusted: true,
+    only_signed: true
   )
 
   ##
@@ -92,12 +92,12 @@ module Gem::Security
 
   SigningPolicy = Policy.new(
     "Signing Policy",
-    :verify_data => false,
-    :verify_signer => true,
-    :verify_chain => true,
-    :verify_root => true,
-    :only_trusted => false,
-    :only_signed => false
+    verify_data: false,
+    verify_signer: true,
+    verify_chain: true,
+    verify_root: true,
+    only_trusted: false,
+    only_signed: false
   )
 
   ##
@@ -111,5 +111,4 @@ module Gem::Security
     "HighSecurity" => HighSecurity,
     # SigningPolicy is not intended for use by `gem -P` so do not list it
   }.freeze
-
 end
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index 959880ddc1..7b86ac5763 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require_relative "../user_interaction"
 
 ##
@@ -134,7 +135,7 @@ class Gem::Security::Policy
     raise Gem::Security::Exception, "missing root certificate" unless root
 
     raise Gem::Security::Exception,
-          "root certificate #{root.subject} is not self-signed " +
+          "root certificate #{root.subject} is not self-signed " \
           "(issuer #{root.issuer})" if
       root.issuer != root.subject
 
@@ -170,7 +171,7 @@ class Gem::Security::Policy
     cert_dgst = digester.digest pkey_str
 
     raise Gem::Security::Exception,
-          "trusted root certificate #{root.subject} checksum " +
+          "trusted root certificate #{root.subject} checksum " \
           "does not match signing root certificate checksum" unless
       save_dgst == cert_dgst
 
@@ -191,11 +192,8 @@ class Gem::Security::Policy
   end
 
   def inspect # :nodoc:
-    ("[Policy: %s - data: %p signer: %p chain: %p root: %p " +
-     "signed-only: %p trusted-only: %p]") % [
-       @name, @verify_chain, @verify_data, @verify_root, @verify_signer,
-       @only_signed, @only_trusted
-     ]
+    format("[Policy: %s - data: %p signer: %p chain: %p root: %p " \
+     "signed-only: %p trusted-only: %p]", @name, @verify_chain, @verify_data, @verify_root, @verify_signer, @only_signed, @only_trusted)
   end
 
   ##
@@ -205,8 +203,7 @@ class Gem::Security::Policy
   #
   # If +key+ is given it is used to validate the signing certificate.
 
-  def verify(chain, key = nil, digests = {}, signatures = {},
-             full_name = "(unknown)")
+  def verify(chain, key = nil, digests = {}, signatures = {}, full_name = "(unknown)")
     if signatures.empty?
       if @only_signed
         raise Gem::Security::Exception,
@@ -225,7 +222,7 @@ class Gem::Security::Policy
     trust_dir = opt[:trust_dir]
     time      = Time.now
 
-    _, signer_digests = digests.find do |algorithm, file_digests|
+    _, signer_digests = digests.find do |_algorithm, file_digests|
       file_digests.values.first.name == Gem::Security::DIGEST_NAME
     end
 
@@ -287,5 +284,5 @@ class Gem::Security::Policy
     true
   end
 
-  alias to_s name # :nodoc:
+  alias_method :to_s, :name # :nodoc:
 end
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb
index cca82f1cf8..5732fb57fd 100644
--- a/lib/rubygems/security/signer.rb
+++ b/lib/rubygems/security/signer.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 ##
 # Basic OpenSSL-based package signing class.
 
@@ -105,7 +106,7 @@ class Gem::Security::Signer
   # this value is preferred, otherwise the subject is used.
 
   def extract_name(cert) # :nodoc:
-    subject_alt_name = cert.extensions.find {|e| "subjectAltName" == e.oid }
+    subject_alt_name = cert.extensions.find {|e| e.oid == "subjectAltName" }
 
     if subject_alt_name
       /\Aemail:/ =~ subject_alt_name.value # rubocop:disable Performance/StartWith
@@ -174,10 +175,18 @@ class Gem::Security::Signer
     old_cert = @cert_chain.last
 
     disk_cert_path = File.join(Gem.default_cert_path)
-    disk_cert = File.read(disk_cert_path) rescue nil
+    disk_cert = begin
+                  File.read(disk_cert_path)
+                rescue StandardError
+                  nil
+                end
 
     disk_key_path = File.join(Gem.default_key_path)
-    disk_key = OpenSSL::PKey.read(File.read(disk_key_path), @passphrase) rescue nil
+    disk_key = begin
+                 OpenSSL::PKey.read(File.read(disk_key_path), @passphrase)
+               rescue StandardError
+                 nil
+               end
 
     return unless disk_key
 
diff --git a/lib/rubygems/security/trust_dir.rb b/lib/rubygems/security/trust_dir.rb
index df59680d84..d23d161cfe 100644
--- a/lib/rubygems/security/trust_dir.rb
+++ b/lib/rubygems/security/trust_dir.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 ##
 # The TrustDir manages the trusted certificates for gem signature
 # verification.
@@ -8,8 +9,8 @@ class Gem::Security::TrustDir
   # Default permissions for the trust directory and its contents
 
   DEFAULT_PERMISSIONS = {
-    :trust_dir => 0700,
-    :trusted_cert => 0600,
+    trust_dir: 0o700,
+    trusted_cert: 0o600,
   }.freeze
 
   ##
@@ -44,13 +45,11 @@ class Gem::Security::TrustDir
     glob = File.join @dir, "*.pem"
 
     Dir[glob].each do |certificate_file|
-      begin
-        certificate = load_certificate certificate_file
+      certificate = load_certificate certificate_file
 
-        yield certificate, certificate_file
-      rescue OpenSSL::X509::CertificateError
-        next # HACK warn
-      end
+      yield certificate, certificate_file
+    rescue OpenSSL::X509::CertificateError
+      next # HACK: warn
     end
   end
 
@@ -92,7 +91,7 @@ class Gem::Security::TrustDir
 
     destination = cert_path certificate
 
-    File.open destination, "wb", 0600 do |io|
+    File.open destination, "wb", 0o600 do |io|
       io.write certificate.to_pem
       io.chmod(@permissions[:trusted_cert])
     end
@@ -110,9 +109,9 @@ class Gem::Security::TrustDir
         "trust directory #{@dir} is not a directory" unless
           File.directory? @dir
 
-      FileUtils.chmod 0700, @dir
+      FileUtils.chmod 0o700, @dir
     else
-      FileUtils.mkdir_p @dir, :mode => @permissions[:trust_dir]
+      FileUtils.mkdir_p @dir, mode: @permissions[:trust_dir]
     end
   end
 end