6 files changed, 28 insertions, 61 deletions
diff --git a/lib/rubygems/bundler_version_finder.rb b/lib/rubygems/bundler_version_finder.rb
index 9ce0a2378e..14179aebf3 100644
--- a/lib/rubygems/bundler_version_finder.rb
+++ b/lib/rubygems/bundler_version_finder.rb
@@ -2,48 +2,18 @@
 
 module Gem::BundlerVersionFinder
   def self.bundler_version
-    version, _ = bundler_version_with_reason
+    v = ENV["BUNDLER_VERSION"]
 
-    return unless version
+    v ||= bundle_update_bundler_version
+    return if v == true
 
-    Gem::Version.new(version)
-  end
-
-  def self.bundler_version_with_reason
-    if v = ENV["BUNDLER_VERSION"]
-      return [v, "`$BUNDLER_VERSION`"]
-    end
-    if v = bundle_update_bundler_version
-      return if v == true
-      return [v, "`bundle update --bundler`"]
-    end
-    v, lockfile = lockfile_version
-    if v
-      return [v, "your #{lockfile}"]
-    end
-  end
+    v ||= lockfile_version
+    return unless v
 
-  def self.missing_version_message
-    return unless vr = bundler_version_with_reason
-    <<-EOS
-Could not find 'bundler' (#{vr.first}) required by #{vr.last}.
-To update to the latest version installed on your system, run `bundle update --bundler`.
-To install the missing version, run `gem install bundler:#{vr.first}`
-    EOS
+    Gem::Version.new(v)
   end
 
-  def self.compatible?(spec)
-    return true unless spec.name == "bundler".freeze
-    return true unless bundler_version = self.bundler_version
-
-    spec.version.segments.first == bundler_version.segments.first
-  end
-
-  def self.filter!(specs)
-    return unless bundler_version = self.bundler_version
-
-    specs.reject! {|spec| spec.version.segments.first != bundler_version.segments.first }
-
+  def self.prioritize!(specs)
     exact_match_index = specs.find_index {|spec| spec.version == bundler_version }
     return unless exact_match_index
 
@@ -68,12 +38,10 @@ To install the missing version, run `gem install bundler:#{vr.first}`
   private_class_method :bundle_update_bundler_version
 
   def self.lockfile_version
-    return unless lockfile = lockfile_contents
-    lockfile, contents = lockfile
-    lockfile ||= "lockfile"
+    return unless contents = lockfile_contents
     regexp = /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/
     return unless contents =~ regexp
-    [$1, lockfile]
+    $1
   end
   private_class_method :lockfile_version
 
@@ -103,7 +71,7 @@ To install the missing version, run `gem install bundler:#{vr.first}`
 
     return unless File.file?(lockfile)
 
-    [lockfile, File.read(lockfile)]
+    File.read(lockfile)
   end
   private_class_method :lockfile_contents
 end
diff --git a/lib/rubygems/dependency.rb b/lib/rubygems/dependency.rb
index 3721204ab2..3640362364 100644
--- a/lib/rubygems/dependency.rb
+++ b/lib/rubygems/dependency.rb
@@ -277,7 +277,7 @@ class Gem::Dependency
       requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version)
     end.map(&:to_spec)
 
-    Gem::BundlerVersionFinder.filter!(matches) if filters_bundler?
+    Gem::BundlerVersionFinder.prioritize!(matches) if prioritizes_bundler?
 
     if platform_only
       matches.reject! do |spec|
@@ -295,7 +295,7 @@ class Gem::Dependency
     @requirement.specific?
   end
 
-  def filters_bundler?
+  def prioritizes_bundler?
     name == "bundler".freeze && !specific?
   end
 
@@ -325,11 +325,11 @@ class Gem::Dependency
     active = matches.find {|spec| spec.activated? }
     return active if active
 
-    return matches.first if prerelease?
-
-    # Move prereleases to the end of the list for >= 0 requirements
-    pre, matches = matches.partition {|spec| spec.version.prerelease? }
-    matches += pre if requirement == Gem::Requirement.default
+    unless prerelease?
+      # Move prereleases to the end of the list for >= 0 requirements
+      pre, matches = matches.partition {|spec| spec.version.prerelease? }
+      matches += pre if requirement == Gem::Requirement.default
+    end
 
     matches.first
   end
diff --git a/lib/rubygems/errors.rb b/lib/rubygems/errors.rb
index 86f0d1da14..f115ce23d0 100644
--- a/lib/rubygems/errors.rb
+++ b/lib/rubygems/errors.rb
@@ -59,9 +59,6 @@ module Gem
     private
 
     def build_message
-      if name == "bundler" && message = Gem::BundlerVersionFinder.missing_version_message
-        return message
-      end
       names = specs.map(&:full_name)
       "Could not find '#{name}' (#{requirement}) - did find: [#{names.join ','}]\n"
     end
diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
index 2275997207..f21c175642 100644
--- a/lib/rubygems/security.rb
+++ b/lib/rubygems/security.rb
@@ -424,6 +424,8 @@ module Gem::Security
   # Gets the right public key from a PKey instance
 
   def self.get_public_key(key)
+    # Ruby 3.0 (Ruby/OpenSSL 2.2) or later
+    return OpenSSL::PKey.read(key.public_to_der) if key.respond_to?(:public_to_der)
     return key.public_key unless key.is_a?(OpenSSL::PKey::EC)
 
     ec_key = OpenSSL::PKey::EC.new(key.group.curve_name)
@@ -490,9 +492,13 @@ module Gem::Security
       when 'rsa'
         OpenSSL::PKey::RSA.new(RSA_DSA_KEY_LENGTH)
       when 'ec'
-        domain_key = OpenSSL::PKey::EC.new(EC_NAME)
-        domain_key.generate_key
-        domain_key
+        if RUBY_VERSION >= "2.4.0"
+          OpenSSL::PKey::EC.generate(EC_NAME)
+        else
+          domain_key = OpenSSL::PKey::EC.new(EC_NAME)
+          domain_key.generate_key
+          domain_key
+        end
       else
         raise Gem::Security::Exception,
         "#{algorithm} algorithm not found. RSA, DSA, and EC algorithms are supported."
@@ -527,7 +533,7 @@ module Gem::Security
     raise Gem::Security::Exception,
           "incorrect signing key for re-signing " +
           "#{expired_certificate.subject}" unless
-      expired_certificate.public_key.to_pem == get_public_key(private_key).to_pem
+      expired_certificate.check_private_key(private_key)
 
     unless expired_certificate.subject.to_s ==
            expired_certificate.issuer.to_s
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb
index 3c3cb647ee..06eae073f4 100644
--- a/lib/rubygems/security/policy.rb
+++ b/lib/rubygems/security/policy.rb
@@ -115,11 +115,9 @@ class Gem::Security::Policy
       raise Gem::Security::Exception, 'missing key or signature'
     end
 
-    public_key = Gem::Security.get_public_key(key)
-
     raise Gem::Security::Exception,
       "certificate #{signer.subject} does not match the signing key" unless
-        signer.public_key.to_pem == public_key.to_pem
+        signer.check_private_key(key)
 
     true
   end
diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb
index dc5e5ba013..f162eb4a84 100644
--- a/lib/rubygems/specification.rb
+++ b/lib/rubygems/specification.rb
@@ -995,7 +995,6 @@ class Gem::Specification < Gem::BasicSpecification
   def self.find_by_path(path)
     path = path.dup.freeze
     spec = @@spec_with_requirable_file[path] ||= (stubs.find do |s|
-      next unless Gem::BundlerVersionFinder.compatible?(s)
       s.contains_requirable_file? path
     end || NOT_FOUND)
     spec.to_spec
@@ -1008,7 +1007,6 @@ class Gem::Specification < Gem::BasicSpecification
   def self.find_inactive_by_path(path)
     stub = stubs.find do |s|
       next if s.activated?
-      next unless Gem::BundlerVersionFinder.compatible?(s)
       s.contains_requirable_file? path
     end
     stub && stub.to_spec