diff options
author | Jenny Shen <jenny.shen@shopify.com> | 2021-10-06 17:39:23 -0400 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2021-10-26 08:01:55 +0900 |
commit | 92ec010595bed29567fc08dd4d52d4c4518f0fd4 (patch) | |
tree | dd979fbf6aba6d5638153c54ca03f3363e9a8827 /lib/rubygems/security/policy.rb | |
parent | 10fe8495cd9568be79b4c254742eb0f667e84988 (diff) | |
download | ruby-92ec010595bed29567fc08dd4d52d4c4518f0fd4.tar.gz |
[rubygems/rubygems] Add support to build and sign certificates with multiple key algorithms
https://github.com/rubygems/rubygems/commit/967876f15d
Co-Authored-By: Frederik Dudzik <frederik.dudzik@shopify.com>
Diffstat (limited to 'lib/rubygems/security/policy.rb')
-rw-r--r-- | lib/rubygems/security/policy.rb | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/rubygems/security/policy.rb b/lib/rubygems/security/policy.rb index 9683e55b32..3c3cb647ee 100644 --- a/lib/rubygems/security/policy.rb +++ b/lib/rubygems/security/policy.rb @@ -115,9 +115,11 @@ class Gem::Security::Policy raise Gem::Security::Exception, 'missing key or signature' end + public_key = Gem::Security.get_public_key(key) + raise Gem::Security::Exception, "certificate #{signer.subject} does not match the signing key" unless - signer.public_key.to_pem == key.public_key.to_pem + signer.public_key.to_pem == public_key.to_pem true end @@ -164,9 +166,9 @@ class Gem::Security::Policy end save_cert = OpenSSL::X509::Certificate.new File.read path - save_dgst = digester.digest save_cert.public_key.to_s + save_dgst = digester.digest save_cert.public_key.to_pem - pkey_str = root.public_key.to_s + pkey_str = root.public_key.to_pem cert_dgst = digester.digest pkey_str raise Gem::Security::Exception, |