diff options
author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-22 00:27:02 +0000 |
---|---|---|
committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2018-10-22 00:27:02 +0000 |
commit | 615ac3593499f54fde4b1eb0fba66b6bd944821b (patch) | |
tree | 1f0b0e97ee3dd51798658d53cee7eec976a83a97 /lib/rubygems/security/signer.rb | |
parent | ff31b35f6a66f3c1548e3356d506ff65a574be7f (diff) | |
download | ruby-615ac3593499f54fde4b1eb0fba66b6bd944821b.tar.gz |
Merge rubygems master branch from github.com/rubygems/rubygems.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65294 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems/security/signer.rb')
-rw-r--r-- | lib/rubygems/security/signer.rb | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb index fc98f951bc..32dab9fa81 100644 --- a/lib/rubygems/security/signer.rb +++ b/lib/rubygems/security/signer.rb @@ -30,6 +30,15 @@ class Gem::Security::Signer attr_reader :digest_name # :nodoc: ## + # Gem::Security::Signer options + + attr_reader :options + + DEFAULT_OPTIONS = { + expiration_length_days: 365 + }.freeze + + ## # Attemps to re-sign an expired cert with a given private key def self.re_sign_cert(expired_cert, expired_cert_path, private_key) return unless expired_cert.not_after < Time.now @@ -40,7 +49,11 @@ class Gem::Security::Signer Gem::Security.write(expired_cert, new_expired_cert_path) - re_signed_cert = Gem::Security.re_sign(expired_cert, private_key) + re_signed_cert = Gem::Security.re_sign( + expired_cert, + private_key, + (Gem::Security::ONE_DAY * Gem.configuration.cert_expiration_length_days) + ) Gem::Security.write(re_signed_cert, expired_cert_path) @@ -52,10 +65,11 @@ class Gem::Security::Signer # +chain+ containing X509 certificates, encoding certificates or paths to # certificates. - def initialize key, cert_chain, passphrase = nil + def initialize key, cert_chain, passphrase = nil, options = {} @cert_chain = cert_chain @key = key @passphrase = passphrase + @options = DEFAULT_OPTIONS.merge(options) unless @key then default_key = File.join Gem.default_key_path @@ -130,7 +144,9 @@ class Gem::Security::Signer raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty? if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then - re_sign_key + re_sign_key( + expiration_length: (Gem::Security::ONE_DAY * options[:expiration_length_days]) + ) end full_name = extract_name @cert_chain.last @@ -154,7 +170,7 @@ class Gem::Security::Signer # be saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the # expiry time (not after) is used for the timestamp. - def re_sign_key # :nodoc: + def re_sign_key(expiration_length: Gem::Security::ONE_YEAR) # :nodoc: old_cert = @cert_chain.last disk_cert_path = File.join(Gem.default_cert_path) @@ -174,7 +190,7 @@ class Gem::Security::Signer unless File.exist?(old_cert_path) Gem::Security.write(old_cert, old_cert_path) - cert = Gem::Security.re_sign(old_cert, @key) + cert = Gem::Security.re_sign(old_cert, @key, expiration_length) Gem::Security.write(cert, disk_cert_path) |