Auto merge of rubygems#1605 - djberg96:cert_check, r=segiddins

Raise an explicit error if Signer#sign is called with no certs # Description: This PR addresses an unfriendly error message that I brought up in rubygems#1413. It now explicitly raises an error if no certs are found. I also added a test for it. ______________ I will abide by the [code of conduct](https://github.com/rubygems/rubygems/blob/master/CODE_OF_CONDUCT.md).
copiousfreetime · Apr 29, 2016 · 487dfed · 487dfed
2 parents 9c11011 + fff6e78
commit 487dfed
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/lib/rubygems/security/signer.rb b/lib/rubygems/security/signer.rb
@@ -102,6 +102,8 @@ def load_cert_chain # :nodoc:
   def sign data
     return unless @key
 
+    raise Gem::Security::Exception, 'no certs provided' if @cert_chain.empty?
+
     if @cert_chain.length == 1 and @cert_chain.last.not_after < Time.now then
       re_sign_key
     end

diff --git a/test/rubygems/test_gem_security_signer.rb b/test/rubygems/test_gem_security_signer.rb
@@ -205,5 +205,13 @@ def test_sign_wrong_key
     end
   end
 
+  def test_sign_no_certs
+    signer = Gem::Security::Signer.new ALTERNATE_KEY, []
+
+    assert_raises Gem::Security::Exception do
+      signer.sign 'hello'
+    end
+  end
+
 end if defined?(OpenSSL::SSL)