Attempts to re-sign the private key if the signing certificate is expired.
The key will be re-signed if:
The expired certificate is self-signed
The expired certificate is saved at ~/.gem/gem-public_cert.pem
There is no file matching the expiry date at
~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S
If the signing certificate can be re-signed the expired certificate will be
saved as ~/.gem/gem-public_cert.pem.expired.%Y%m%d%H%M%S where the expiry
time (not after) is used for the timestamp.
# File lib/rubygems/security/signer.rb, line 131
def re_sign_key # :nodoc:
old_cert = @cert_chain.last
disk_cert_path = File.join Gem.default_cert_path
disk_cert = File.read disk_cert_path rescue nil
disk_key =
File.read File.join(Gem.default_key_path) rescue nil
if disk_key == @key.to_pem and disk_cert == old_cert.to_pem then
expiry = old_cert.not_after.strftime '%Y%m%d%H%M%S'
old_cert_file = "gem-public_cert.pem.expired.#{expiry}"
old_cert_path = File.join Gem.user_home, ".gem", old_cert_file
unless File.exist? old_cert_path then
Gem::Security.write old_cert, old_cert_path
cert = Gem::Security.re_sign old_cert, @key
Gem::Security.write cert, disk_cert_path
@cert_chain = [cert]
end
end
end