Merge upstream revision of rubygems/rubygems.

This commits includes tiny bugfix and new features listed here: * Add --re-sign flag to cert command by bronzdoc: https://github.com/rubygems/rubygems/pull/2391 * Download gems with threads. by indirect: https://github.com/rubygems/rubygems/pull/1898 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64769 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2018-09-18 08:37:18 +00:00 · 2018-09-18 08:37:18 +00:00 · ec6c075702
commit ec6c075702
parent 3367daf716
9 changed files with 165 additions and 80 deletions
--- a/lib/rubygems/commands/cert_command.rb
+++ b/lib/rubygems/commands/cert_command.rb
@ -14,15 +14,16 @@ class Gem::Commands::CertCommand < Gem::Command
    super 'cert', 'Manage RubyGems certificates and signing settings',
          :add => [], :remove => [], :list => [], :build => [], :sign => []

-    OptionParser.accept OpenSSL::X509::Certificate do |certificate|
+    OptionParser.accept OpenSSL::X509::Certificate do |certificate_file|
      begin
-        OpenSSL::X509::Certificate.new File.read certificate
+        certificate = OpenSSL::X509::Certificate.new File.read certificate_file
      rescue Errno::ENOENT
-        raise OptionParser::InvalidArgument, "#{certificate}: does not exist"
+        raise OptionParser::InvalidArgument, "#{certificate_file}: does not exist"
      rescue OpenSSL::X509::CertificateError
        raise OptionParser::InvalidArgument,
-          "#{certificate}: invalid X509 certificate"
+          "#{certificate_file}: invalid X509 certificate"
      end
+      [certificate, certificate_file]
    end

    OptionParser.accept OpenSSL::PKey::RSA do |key_file|
@ -42,7 +43,7 @@ class Gem::Commands::CertCommand < Gem::Command
    end

    add_option('-a', '--add CERT', OpenSSL::X509::Certificate,
-               'Add a trusted certificate.') do |cert, options|
+               'Add a trusted certificate.') do |(cert, _), options|
      options[:add] << cert
    end

@ -67,8 +68,9 @@ class Gem::Commands::CertCommand < Gem::Command
    end

    add_option('-C', '--certificate CERT', OpenSSL::X509::Certificate,
-               'Signing certificate for --sign') do |cert, options|
+               'Signing certificate for --sign') do |(cert, cert_file), options|
      options[:issuer_cert] = cert
+      options[:issuer_cert_file] = cert_file
    end

    add_option('-K', '--private-key KEY', OpenSSL::PKey::RSA,
@ -89,6 +91,11 @@ class Gem::Commands::CertCommand < Gem::Command
               'Days before the certificate expires') do |days, options|
      options[:expiration_length_days] = days.to_i
    end
+
+    add_option('-R', '--re-sign',
+               'Re-signs the certificate from -C with the key from -K') do |resign, options|
+      options[:resign] = resign
+    end
  end

  def add_certificate certificate # :nodoc:
@ -114,6 +121,14 @@ class Gem::Commands::CertCommand < Gem::Command
      build email
    end

+    if options[:resign]
+      re_sign_cert(
+        options[:issuer_cert],
+        options[:issuer_cert_file],
+        options[:key]
+      )
+    end
+
    sign_certificates unless options[:sign].empty?
  end

@ -290,6 +305,13 @@ For further reading on signing gems see `ri Gem::Security`.
    end
  end

+  def re_sign_cert(cert, cert_path, private_key)
+    Gem::Security::Signer.re_sign_cert(cert, cert_path, private_key) do |expired_cert_path, new_expired_cert_path|
+      alert("Your certificate #{expired_cert_path} has been re-signed")
+      alert("Your expired certificate will be located at: #{new_expired_cert_path}")
+    end
+  end
+
  private

  def valid_email? email