method

re_sign_key

v2_2_9 - Show latest stable - Class: Gem::Security::Signer

re_sign_key()

public

Attempts to re-sign the private key if the signing certificate is expired.

The key will be re-signed if:

The expired certificate is self-signed
The expired certificate is saved at ~/.gem/gem-public_cert.pem
There is no file matching the expiry date at ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S

If the signing certificate can be re-signed the expired certificate will be saved as ~/.gem/gem-pubilc_cert.pem.expired.%Y%m%d%H%M%S where the expiry time (not after) is used for the timestamp.

# File lib/rubygems/security/signer.rb, line 128
  def re_sign_key # :nodoc:
    old_cert = @cert_chain.last

    disk_cert_path = File.join Gem.default_cert_path
    disk_cert = File.read disk_cert_path rescue nil
    disk_key  =
      File.read File.join(Gem.default_key_path) rescue nil

    if disk_key == @key.to_pem and disk_cert == old_cert.to_pem then
      expiry = old_cert.not_after.strftime '%Y%m%d%H%M%S'
      old_cert_file = "gem-public_cert.pem.expired.#{expiry}"
      old_cert_path = File.join Gem.user_home, ".gem", old_cert_file

      unless File.exist? old_cert_path then
        Gem::Security.write old_cert, old_cert_path

        cert = Gem::Security.re_sign old_cert, @key

        Gem::Security.write cert, disk_cert_path

        @cert_chain = [cert]
      end
    end
  end

re_sign_key

Related methods