1 files changed, 86 insertions, 0 deletions
diff --git a/lib/rubygems/commands/cert_command.rb b/lib/rubygems/commands/cert_command.rb
new file mode 100644
index 0000000000..2c32099254
--- /dev/null
+++ b/lib/rubygems/commands/cert_command.rb
@@ -0,0 +1,86 @@
+require 'rubygems/command'
+require 'rubygems/security'
+
+class Gem::Commands::CertCommand < Gem::Command
+
+  def initialize
+    super 'cert', 'Manage RubyGems certificates and signing settings'
+
+    add_option('-a', '--add CERT',
+               'Add a trusted certificate.') do |value, options|
+      cert = OpenSSL::X509::Certificate.new(File.read(value))
+      Gem::Security.add_trusted_cert(cert)
+      say "Added '#{cert.subject.to_s}'"
+    end
+
+    add_option('-l', '--list',
+               'List trusted certificates.') do |value, options|
+      glob_str = File::join(Gem::Security::OPT[:trust_dir], '*.pem')
+      Dir::glob(glob_str) do |path|
+        begin
+          cert = OpenSSL::X509::Certificate.new(File.read(path))
+          # this could proably be formatted more gracefully
+          say cert.subject.to_s
+        rescue OpenSSL::X509::CertificateError
+          next
+        end
+      end
+    end
+
+    add_option('-r', '--remove STRING',
+               'Remove trusted certificates containing',
+               'STRING.') do |value, options|
+      trust_dir = Gem::Security::OPT[:trust_dir]
+      glob_str = File::join(trust_dir, '*.pem')
+
+      Dir::glob(glob_str) do |path|
+        begin
+          cert = OpenSSL::X509::Certificate.new(File.read(path))
+          if cert.subject.to_s.downcase.index(value)
+            say "Removed '#{cert.subject.to_s}'"
+            File.unlink(path)
+          end
+        rescue OpenSSL::X509::CertificateError
+          next
+        end
+      end
+    end
+
+    add_option('-b', '--build EMAIL_ADDR',
+               'Build private key and self-signed',
+               'certificate for EMAIL_ADDR.') do |value, options|
+      vals = Gem::Security.build_self_signed_cert(value)
+      File.chmod 0600, vals[:key_path]
+      say "Public Cert: #{vals[:cert_path]}"
+      say "Private Key: #{vals[:key_path]}"
+      say "Don't forget to move the key file to somewhere private..."
+    end
+
+    add_option('-C', '--certificate CERT',
+               'Certificate for --sign command.') do |value, options|
+      cert = OpenSSL::X509::Certificate.new(File.read(value))
+      Gem::Security::OPT[:issuer_cert] = cert
+    end
+
+    add_option('-K', '--private-key KEY',
+               'Private key for --sign command.') do |value, options|
+      key = OpenSSL::PKey::RSA.new(File.read(value))
+      Gem::Security::OPT[:issuer_key] = key
+    end
+
+    add_option('-s', '--sign NEWCERT',
+               'Sign a certificate with my key and',
+               'certificate.') do |value, options|
+      cert = OpenSSL::X509::Certificate.new(File.read(value))
+      my_cert = Gem::Security::OPT[:issuer_cert]
+      my_key = Gem::Security::OPT[:issuer_key]
+      cert = Gem::Security.sign_cert(cert, my_key, my_cert)
+      File.open(value, 'wb') { |file| file.write(cert.to_pem) }
+    end
+  end
+
+  def execute
+  end
+
+end
+