diff options
| author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-22 00:27:02 +0000 |
|---|---|---|
| committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-22 00:27:02 +0000 |
| commit | 615ac3593499f54fde4b1eb0fba66b6bd944821b () | |
| tree | 1f0b0e97ee3dd51798658d53cee7eec976a83a97 /lib/rubygems/security | |
| parent | ff31b35f6a66f3c1548e3356d506ff65a574be7f (diff) | |
Merge rubygems master branch from .com/rubygems/rubygems.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | lib/rubygems/security/policies.rb | 2 | ||||
| -rw-r--r-- | lib/rubygems/security/policy.rb | 6 | ||||
| -rw-r--r-- | lib/rubygems/security/signer.rb | 26 | ||||
| -rw-r--r-- | lib/rubygems/security/trust_dir.rb | 2 |
4 files changed, 26 insertions, 10 deletions
@@ -110,7 +110,7 @@ module Gem::Security 'MediumSecurity' => MediumSecurity, 'HighSecurity' => HighSecurity, # SigningPolicy is not intended for use by `gem -P` so do not list it - } end @@ -196,9 +196,9 @@ class Gem::Security::Policy def inspect # :nodoc: ("[Policy: %s - data: %p signer: %p chain: %p root: %p " + "signed-only: %p trusted-only: %p]") % [ - @name, @verify_chain, @verify_data, @verify_root, @verify_signer, - @only_signed, @only_trusted, - ] end ## @@ -30,6 +30,15 @@ class Gem::Security::Signer attr_reader :digest_name # :nodoc: ## # Attemps to re-sign an expired cert with a given private key def self.re_sign_cert(expired_cert, expired_cert_path, private_key) return unless expired_cert.not_after < Time.now @@ -40,7 +49,11 @@ class Gem::Security::Signer Gem::Security.write(expired_cert, new_expired_cert_path) - re_signed_cert = Gem::Security.re_sign(expired_cert, private_key) Gem::Security.write(re_signed_cert, expired_cert_path) @@ -52,10 +65,11 @@ class Gem::Security::Signer # +chain+ containing X509 certificates, encoding certificates or paths to # certificates. - def initialize key, cert_chain, passphrase = nil @cert_chain = cert_chain @key = key @passphrase = passphrase unless @key then default_key = File.join Gem.default_key_path @@ -130,7 +144,9 @@ class Gem::Security::Signer raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty? if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then - re_sign_key end full_name = extract_name @cert_chain.last @@ -154,7 +170,7 @@ class Gem::Security::Signer # be saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the # expiry time (not after) is used for the timestamp. - def re_sign_key # :nodoc: old_cert = @cert_chain.last disk_cert_path = File.join(Gem.default_cert_path) @@ -174,7 +190,7 @@ class Gem::Security::Signer unless File.exist?(old_cert_path) Gem::Security.write(old_cert, old_cert_path) - cert = Gem::Security.re_sign(old_cert, @key) Gem::Security.write(cert, disk_cert_path) @@ -11,7 +11,7 @@ class Gem::Security::TrustDir DEFAULT_PERMISSIONS = { :trust_dir => 0700, :trusted_cert => 0600, - } ## # The directory where trusted certificates will be stored. |