@adobe/aio-cli-plugin-certificate 0.2.1 → 0.4.0-pre.2022-06-15.0957a096

package/README.md

@@ -1,6 +1,6 @@
 [![Version](https://img.shields.io/npm/v/@adobe/aio-cli-plugin-certificate.svg)](https://npmjs.org/package/@adobe/aio-cli-plugin-certificate)
 [![Downloads/week](https://img.shields.io/npm/dw/@adobe/aio-cli-plugin-certificate.svg)](https://npmjs.org/package/@adobe/aio-cli-plugin-certificate)
-[![Build Status](https://travis-ci.com/adobe/aio-cli-plugin-certificate.svg?branch=master)](https://travis-ci.com/adobe/aio-cli-plugin-certificate)
+[![Node.js CI](https://github.com/adobe/aio-cli-plugin-certificate/actions/workflows/node.js.yml/badge.svg)](https://github.com/adobe/aio-cli-plugin-certificate/actions/workflows/node.js.yml)
 [![Codecov Coverage](https://img.shields.io/codecov/c/github/adobe/aio-cli-plugin-certificate/master.svg?style=flat-square)](https://codecov.io/gh/adobe/aio-cli-plugin-certificate/)
 
 
@@ -26,6 +26,7 @@ $ aio certificate --help
 # Commands
 <!-- commands -->
 * [`aio certificate`](#aio-certificate)
+* [`aio certificate:fingerprint FILE`](#aio-certificatefingerprint-file)
 * [`aio certificate:generate`](#aio-certificategenerate)
 * [`aio certificate:verify FILE`](#aio-certificateverify-file)
 
@@ -34,75 +35,83 @@ $ aio certificate --help
 Generate or verify a certificate for use with Adobe I/O
 
 ```
-Generate or verify a certificate for use with Adobe I/O
-
 USAGE
   $ aio certificate
+
+DESCRIPTION
+  Generate or verify a certificate for use with Adobe I/O
 ```
 
-_See code: [src/commands/certificate/index.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.2.1/src/commands/certificate/index.js)_
+_See code: [src/commands/certificate/index.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0-pre.2022-06-15.0957a096/src/commands/certificate/index.js)_
 
-## `aio certificate:generate`
+## `aio certificate:fingerprint FILE`
 
-Generate a new private/public key pair
+Compute the fingerprint of a public key certificate for use with Adobe I/O
 
 ```
-Generate a new private/public key pair
-Generate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe services.
-
-
 USAGE
-  $ aio certificate:generate
+  $ aio certificate:fingerprint [FILE]
 
-OPTIONS
-  -c, --country=country            Country Name
-  -l, --locality=locality          Locality, or city name
-
-  -n, --name=name                  [default: selfsign.localhost] Common Name: typically a host domain name, like
-                                   www.mysite.com
-
-  -o, --organization=organization  Organization name
+ARGUMENTS
+  FILE  file path to certificate to fingerprint
 
-  -s, --state=state                State or Province
+DESCRIPTION
+  Compute the fingerprint of a public key certificate for use with Adobe I/O
+```
 
-  -u, --unit=unit                  Organizational unit or department
+_See code: [src/commands/certificate/fingerprint.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0-pre.2022-06-15.0957a096/src/commands/certificate/fingerprint.js)_
 
-  --days=days                      [default: 365] Number of days the certificate should be valid for. (Max 365)
+## `aio certificate:generate`
 
-  --keyout=keyout                  [default: private.key] file to send the key to
+Generate a new private/public key pair
 
-  --out=out                        [default: certificate_pub.crt] output file
+```
+USAGE
+  $ aio certificate:generate [--keyout <value>] [--out <value>] [-n <value>] [-c <value>] [-s <value>] [-l <value>] [-o
+    <value>] [-u <value>] [--days <value>]
+
+FLAGS
+  -c, --country=<value>       Country Name
+  -l, --locality=<value>      Locality, or city name
+  -n, --name=<value>          [default: selfsign.localhost] Common Name: typically a host domain name, like
+                              www.mysite.com
+  -o, --organization=<value>  Organization name
+  -s, --state=<value>         State or Province
+  -u, --unit=<value>          Organizational unit or department
+  --days=<value>              [default: 365] Number of days the certificate should be valid for. (Max 365)
+  --keyout=<value>            [default: private.key] file to send the key to
+  --out=<value>               [default: certificate_pub.crt] output file
 
 DESCRIPTION
-  Generate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe 
+  Generate a new private/public key pair
+
+  Generate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe
   services.
 ```
 
-_See code: [src/commands/certificate/generate.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.2.1/src/commands/certificate/generate.js)_
+_See code: [src/commands/certificate/generate.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0-pre.2022-06-15.0957a096/src/commands/certificate/generate.js)_
 
 ## `aio certificate:verify FILE`
 
 Verify a certificate for use with Adobe I/O
 
 ```
-Verify a certificate for use with Adobe I/O
-Verifies that the certificate is valid, and/or will not expire in [--days] days from now.
-
-
 USAGE
-  $ aio certificate:verify FILE
+  $ aio certificate:verify [FILE] [--days <value>]
 
 ARGUMENTS
   FILE  file path to certificate to verify
 
-OPTIONS
-  --days=days  +- is certificate valid in --days
+FLAGS
+  --days=<value>  +- is certificate valid in --days
 
 DESCRIPTION
+  Verify a certificate for use with Adobe I/O
+
   Verifies that the certificate is valid, and/or will not expire in [--days] days from now.
 ```
 
-_See code: [src/commands/certificate/verify.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.2.1/src/commands/certificate/verify.js)_
+_See code: [src/commands/certificate/verify.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0-pre.2022-06-15.0957a096/src/commands/certificate/verify.js)_
 <!-- commandsstop -->
 
 ## Contributing

package/oclif.manifest.json

@@ -1 +1 @@
-{"version":"0.2.1","commands":{"certificate:generate":{"id":"certificate:generate","description":"Generate a new private/public key pair\nGenerate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe services.\n","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"keyout":{"name":"keyout","type":"option","description":"file to send the key to","default":"private.key"},"out":{"name":"out","type":"option","description":"output file","default":"certificate_pub.crt"},"name":{"name":"name","type":"option","char":"n","description":"Common Name: typically a host domain name, like www.mysite.com","default":"selfsign.localhost"},"country":{"name":"country","type":"option","char":"c","description":"Country Name"},"state":{"name":"state","type":"option","char":"s","description":"State or Province"},"locality":{"name":"locality","type":"option","char":"l","description":"Locality, or city name"},"organization":{"name":"organization","type":"option","char":"o","description":"Organization name"},"unit":{"name":"unit","type":"option","char":"u","description":"Organizational unit or department"},"days":{"name":"days","type":"option","description":"Number of days the certificate should be valid for. (Max 365)","default":365}},"args":[]},"certificate":{"id":"certificate","description":"Generate or verify a certificate for use with Adobe I/O","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{},"args":[]},"certificate:verify":{"id":"certificate:verify","description":"Verify a certificate for use with Adobe I/O\nVerifies that the certificate is valid, and/or will not expire in [--days] days from now.\n","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"days":{"name":"days","type":"option","description":"+- is certificate valid in --days"}},"args":[{"name":"file","description":"file path to certificate to verify","required":true}]}}}
+{"version":"0.4.0-pre.2022-06-15.0957a096","commands":{"certificate:fingerprint":{"id":"certificate:fingerprint","description":"Compute the fingerprint of a public key certificate for use with Adobe I/O","strict":true,"pluginName":"@adobe/aio-cli-plugin-certificate","pluginAlias":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{},"args":[{"name":"file","description":"file path to certificate to fingerprint","required":true}]},"certificate:generate":{"id":"certificate:generate","description":"Generate a new private/public key pair\nGenerate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe services.\n","strict":true,"pluginName":"@adobe/aio-cli-plugin-certificate","pluginAlias":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"keyout":{"name":"keyout","type":"option","description":"file to send the key to","multiple":false,"default":"private.key"},"out":{"name":"out","type":"option","description":"output file","multiple":false,"default":"certificate_pub.crt"},"name":{"name":"name","type":"option","char":"n","description":"Common Name: typically a host domain name, like www.mysite.com","multiple":false,"default":"selfsign.localhost"},"country":{"name":"country","type":"option","char":"c","description":"Country Name","multiple":false},"state":{"name":"state","type":"option","char":"s","description":"State or Province","multiple":false},"locality":{"name":"locality","type":"option","char":"l","description":"Locality, or city name","multiple":false},"organization":{"name":"organization","type":"option","char":"o","description":"Organization name","multiple":false},"unit":{"name":"unit","type":"option","char":"u","description":"Organizational unit or department","multiple":false},"days":{"name":"days","type":"option","description":"Number of days the certificate should be valid for. (Max 365)","multiple":false,"default":365}},"args":[],"_globalFlags":{}},"certificate":{"id":"certificate","description":"Generate or verify a certificate for use with Adobe I/O","strict":true,"pluginName":"@adobe/aio-cli-plugin-certificate","pluginAlias":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{},"args":[]},"certificate:verify":{"id":"certificate:verify","description":"Verify a certificate for use with Adobe I/O\nVerifies that the certificate is valid, and/or will not expire in [--days] days from now.\n","strict":true,"pluginName":"@adobe/aio-cli-plugin-certificate","pluginAlias":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"days":{"name":"days","type":"option","description":"+- is certificate valid in --days","multiple":false}},"args":[{"name":"file","description":"file path to certificate to verify","required":true}],"_globalFlags":{}}}}

package/package.json

@@ -1,24 +1,19 @@
 {
   "name": "@adobe/aio-cli-plugin-certificate",
-  "version": "0.2.1",
+  "version": "0.4.0-pre.2022-06-15.0957a096",
   "description": "Generate and validate private certs, and public key pairs for use with Adobe IO Console",
   "repository": "adobe/aio-cli-plugin-certificate",
   "homepage": "https://github.com/adobe/aio-cli-plugin-certificate",
   "dependencies": {
-    "@oclif/command": "^1",
-    "@oclif/config": "^1",
-    "@oclif/errors": "^1.1.2",
-    "debug": "^4.1.0",
+    "@oclif/core": "^1.9.0",
+    "debug": "^4.3.3",
     "fs-extra": "^9.0.0",
-    "node-forge": "^0.10.0"
+    "node-forge": "^1.3.0"
   },
   "devDependencies": {
-    "@oclif/dev-cli": "^1.21.3",
-    "@oclif/plugin-help": "^2.1.4",
-    "@oclif/test": "^1",
     "codecov": "^3.2.0",
     "eslint": "^6.8.0",
-    "eslint-config-oclif": "^3.1.0",
+    "eslint-config-oclif": "^4.0.0",
     "eslint-config-standard": "^14.1.0",
     "eslint-plugin-import": "^2.13.10",
     "eslint-plugin-jest": "^23.6.0",
@@ -28,10 +23,11 @@
     "jest": "^24.1.0",
     "jest-junit": "^10.0.0",
     "jest-resolve": "^26.0.0",
+    "oclif": "^3.0.1",
     "stdout-stderr": "^0.1.9"
   },
   "engines": {
-    "node": ">=10.0.0"
+    "node": "^14.18 || ^16.13 || >=18"
   },
   "files": [
     "/oclif.manifest.json",
@@ -46,9 +42,6 @@
   "oclif": {
     "commands": "./src/commands",
     "bin": "aio",
-    "devPlugins": [
-      "@oclif/plugin-help"
-    ],
     "repositoryPrefix": "<%- repo %>/blob/<%- version %>/<%- commandPath %>"
   },
   "main": "src/certificate.js",
@@ -56,9 +49,9 @@
     "posttest": "eslint src test",
     "test": "npm run unit-tests",
     "unit-tests": "jest --ci",
-    "prepack": "oclif-dev manifest && oclif-dev readme",
+    "prepack": "oclif manifest && oclif readme",
     "postpack": "rm -f oclif.manifest.json",
-    "version": "oclif-dev readme && git add README.md"
+    "version": "oclif readme && git add README.md"
   },
   "jest": {
     "collectCoverage": true,
@@ -76,5 +69,6 @@
     "setupFilesAfterEnv": [
       "./test/jest.setup.js"
     ]
-  }
-}
+  },
+  "prereleaseSha": "0957a09615dca816fac13e92302c0621f7cde786"
+}

package/src/certificate.js

@@ -1,6 +1,36 @@
+/*
+Copyright 2019 Adobe Inc. All rights reserved.
+This file is licensed to you under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License. You may obtain a copy
+of the License at http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+OF ANY KIND, either express or implied. See the License for the specific language
+governing permissions and limitations under the License.
+*/
+
 const debug = require('debug')('aio-cli-plugin-certificate:helpers')
 const forge = require('node-forge')
 const pki = forge.pki
+const asn1 = forge.asn1
+
+/**
+ * Computes the SHA-1 digest of the entire DER-encoded x.509 certificate
+ * contained in the provided PEM-encoded string, which gives the same result as
+ * using "openssl x509 -fingerprint", except without delimiters and in
+ * all lowercase.
+ *
+ * @param {string|Buffer} pemCert PEM-encoded sting containing x509 certificate
+ * @returns {{certificateFingerprint: string}} x509 fingerprint
+ */
+function fingerprint (pemCert) {
+  const cert = pki.certificateFromPem(pemCert)
+  const bytes = asn1.toDer(pki.certificateToAsn1(cert)).getBytes()
+  const md = forge.md.sha1.create()
+  md.start()
+  md.update(bytes)
+  return { certificateFingerprint: md.digest().toHex() }
+}
 
 /**
   openssl req -x509 -sha256 -nodes -days 365 -subj "/C=US/" -newkey rsa:2048 -keyout private.key -out certificate_pub.crt
@@ -90,6 +120,13 @@ function generate (commonName, days, /* istanbul ignore next */ attributes = {})
       codeSigning: true,
       emailProtection: true,
       timeStamping: true
+    },
+    {
+      name: 'subjectAltName',
+      altNames: [{
+        type: 2, // DNS
+        value: commonName
+      }]
     }
   ])
 
@@ -128,6 +165,7 @@ function verify (pemCert) {
 }
 
 module.exports = {
+  fingerprint,
   generate,
   verify
 }

package/src/commands/certificate/fingerprint.js

@@ -0,0 +1,52 @@
+/*
+Copyright 2019 Adobe. All rights reserved.
+This file is licensed to you under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License. You may obtain a copy
+of the License at http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+OF ANY KIND, either express or implied. See the License for the specific language
+governing permissions and limitations under the License.
+*/
+
+const { Command } = require('@oclif/core')
+const fs = require('fs-extra')
+const debug = require('debug')('aio-cli-plugin-certificate:fingerprint')
+
+const cert = require('../../certificate')
+
+class FingerprintCommand extends Command {
+  async run () {
+    const { args } = await this.parse(FingerprintCommand)
+
+    if (!fs.existsSync(args.file)) {
+      this.error('input file does not exist: ' + args.file)
+    }
+
+    try {
+      const pemCert = fs.readFileSync(args.file).toString()
+      debug('fingerprinting cert from pem: ', pemCert)
+      // this will throw if file is not a valid pem content
+      const res = cert.fingerprint(pemCert)
+
+      this.log(res.certificateFingerprint)
+      return res.certificateFingerprint
+    } catch (err) {
+      debug('error fingerprinting certificate: ', err)
+      this.error(err.message)
+    }
+  }
+}
+
+FingerprintCommand.description = 'Compute the fingerprint of a public key certificate for use with Adobe I/O'
+
+FingerprintCommand.args = [
+  {
+    name: 'file',
+    required: true,
+    description: 'file path to certificate to fingerprint'
+  }
+]
+
+module.exports = FingerprintCommand

package/src/commands/certificate/generate.js

@@ -10,7 +10,7 @@ OF ANY KIND, either express or implied. See the License for the specific languag
 governing permissions and limitations under the License.
 */
 
-const { Command, flags } = require('@oclif/command')
+const { Command, Flags } = require('@oclif/core')
 const fs = require('fs-extra')
 const debug = require('debug')('aio-cli-plugin-certificate:generate')
 
@@ -18,7 +18,7 @@ const cert = require('../../certificate')
 
 class GenerateCommand extends Command {
   async run () {
-    const { flags } = this.parse(GenerateCommand)
+    const { flags } = await this.parse(GenerateCommand)
     if (fs.existsSync(flags.keyout)) {
       this.error('--keyout file exists: ' + flags.keyout)
     }
@@ -40,40 +40,40 @@ Generate a self-signed certificate to enable https:// on localhost or signing jw
 `
 
 GenerateCommand.flags = {
-  keyout: flags.string({
+  keyout: Flags.string({
     description: 'file to send the key to',
     default: 'private.key'
   }),
-  out: flags.string({
+  out: Flags.string({
     description: 'output file',
     default: 'certificate_pub.crt'
   }),
-  name: flags.string({
+  name: Flags.string({
     char: 'n',
     description: 'Common Name: typically a host domain name, like www.mysite.com',
     default: 'selfsign.localhost'
   }),
-  country: flags.string({
+  country: Flags.string({
     char: 'c',
     description: 'Country Name'
   }),
-  state: flags.string({
+  state: Flags.string({
     char: 's',
     description: 'State or Province'
   }),
-  locality: flags.string({
+  locality: Flags.string({
     char: 'l',
     description: 'Locality, or city name'
   }),
-  organization: flags.string({
+  organization: Flags.string({
     char: 'o',
     description: 'Organization name'
   }),
-  unit: flags.string({
+  unit: Flags.string({
     char: 'u',
     description: 'Organizational unit or department'
   }),
-  days: flags.integer({
+  days: Flags.integer({
     description: 'Number of days the certificate should be valid for. (Max 365)',
     default: 365
   })

package/src/commands/certificate/index.js

@@ -10,13 +10,12 @@ OF ANY KIND, either express or implied. See the License for the specific languag
 governing permissions and limitations under the License.
 */
 
-const HHelp = require('@oclif/plugin-help').default
-const { Command } = require('@oclif/command')
+const { Command, Help } = require('@oclif/core')
 
 class AIOCommand extends Command {
   async run () {
-    const help = new HHelp(this.config)
-    help.showHelp(['certificate:generate', '--help'])
+    const help = new Help(this.config)
+    return await help.showHelp(['certificate:generate', '--help'])
   }
 }
 

package/src/commands/certificate/verify.js

@@ -10,7 +10,7 @@ OF ANY KIND, either express or implied. See the License for the specific languag
 governing permissions and limitations under the License.
 */
 
-const { Command, flags } = require('@oclif/command')
+const { Command, Flags } = require('@oclif/core')
 const fs = require('fs-extra')
 const debug = require('debug')('aio-cli-plugin-certificate:verify')
 
@@ -18,7 +18,7 @@ const cert = require('../../certificate')
 
 class VerifyCommand extends Command {
   async run () {
-    const { flags, args } = this.parse(VerifyCommand)
+    const { flags, args } = await this.parse(VerifyCommand)
 
     if (!fs.existsSync(args.file)) {
       this.error('input file does not exist: ' + args.file)
@@ -65,7 +65,7 @@ Verifies that the certificate is valid, and/or will not expire in [--days] days
 `
 
 VerifyCommand.flags = {
-  days: flags.integer({
+  days: Flags.integer({
     description: '+- is certificate valid in --days'
   })
 }