[rubygems/rubygems] Add support to build and sign certificates with multiple key algorithms

https://.com/rubygems/rubygems/commit/967876f15d Co-Authored-By: Frederik Dudzik <[email protected]>
author: Jenny Shen <[email protected]> 2021-10-06 17:39:23 -0400
committer: Hiroshi SHIBATA <[email protected]> 2021-10-26 08:01:55 +0900
commit: 92ec010595bed29567fc08dd4d52d4c4518f0fd4 ()
tree: dd979fbf6aba6d5638153c54ca03f3363e9a8827 /lib/rubygems/security
parent: 10fe8495cd9568be79b4c254742eb0f667e84988 (diff)
2 files changed, 8 insertions, 7 deletions
@@ -115,9 +115,11 @@ class Gem::Security::Policy
 raise Gem::Security::Exception, 'missing key or signature'
 end
 raise Gem::Security::Exception,
 "certificate #{signer.subject} does not match the signing key" unless
- signer.public_key.to_pem == key.public_key.to_pem
 true
 end
@@ -164,9 +166,9 @@ class Gem::Security::Policy
 end
 save_cert = OpenSSL::X509::Certificate.new File.read path
- save_dgst = digester.digest save_cert.public_key.to_s
- pkey_str = root.public_key.to_s
 cert_dgst = digester.digest pkey_str
 raise Gem::Security::Exception,
@@ -83,8 +83,8 @@ class Gem::Security::Signer
 @digest_name = Gem::Security::DIGEST_NAME
 @digest_algorithm = Gem::Security.create_digest(@digest_name)
- if @key && [email protected]_a?(OpenSSL::PKey::RSA)
- @key = OpenSSL::PKey::RSA.new(File.read(@key), @passphrase)
 end
 if @cert_chain
@@ -177,8 +177,7 @@ class Gem::Security::Signer
 disk_cert = File.read(disk_cert_path) rescue nil
 disk_key_path = File.join(Gem.default_key_path)
- disk_key =
- OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil
 return unless disk_key
author	Jenny Shen <[email protected]>	2021-10-06 17:39:23 -0400
committer	Hiroshi SHIBATA <[email protected]>	2021-10-26 08:01:55 +0900
commit	92ec010595bed29567fc08dd4d52d4c4518f0fd4 ()
tree	dd979fbf6aba6d5638153c54ca03f3363e9a8827 /lib/rubygems/security
parent	10fe8495cd9568be79b4c254742eb0f667e84988 (diff)