re_sign_key(expiration_length: Gem::Security::ONE_YEAR)
public
Attempts to re-sign the private key if the signing certificate is expired.
The key will be re-signed if:
-
The expired certificate is self-signed
-
The expired certificate is saved at ~/.gem/gem-public_cert.pem and the
private key is saved at ~/.gem/gem-private_key.pem
-
There is no file matching the expiry date at
~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S
If the signing certificate can be re-signed the expired certificate will be
saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the expiry
time (not after) is used for the timestamp.
Show source
def re_sign_key(expiration_length: Gem::Security::ONE_YEAR)
old_cert = @cert_chain.last
disk_cert_path = File.join(Gem.default_cert_path)
disk_cert = File.read(disk_cert_path) rescue nil
disk_key_path = File.join(Gem.default_key_path)
disk_key =
OpenSSL::PKey::RSA.new(File.read(disk_key_path), @passphrase) rescue nil
return unless disk_key
if disk_key.to_pem == @key.to_pem && disk_cert == old_cert.to_pem
expiry = old_cert.not_after.strftime('%Y%m%d%H%M%S')
old_cert_file = "gem-public_cert.pem.expired.#{expiry}"
old_cert_path = File.join(Gem.user_home, ".gem", old_cert_file)
unless File.exist?(old_cert_path)
Gem::Security.write(old_cert, old_cert_path)
cert = Gem::Security.re_sign(old_cert, @key, expiration_length)
Gem::Security.write(cert, disk_cert_path)
alert("Your cert: #{disk_cert_path} has been auto re-signed with the key: #{disk_key_path}")
alert("Your expired cert will be located at: #{old_cert_path}")
@cert_chain = [cert]
end
end
end