@adobe/aio-cli-plugin-certificate 0.2.1 → 0.4.0

package/README.md

@@ -1,6 +1,6 @@
 [![Version](https://img.shields.io/npm/v/@adobe/aio-cli-plugin-certificate.svg)](https://npmjs.org/package/@adobe/aio-cli-plugin-certificate)
 [![Downloads/week](https://img.shields.io/npm/dw/@adobe/aio-cli-plugin-certificate.svg)](https://npmjs.org/package/@adobe/aio-cli-plugin-certificate)
-[![Build Status](https://travis-ci.com/adobe/aio-cli-plugin-certificate.svg?branch=master)](https://travis-ci.com/adobe/aio-cli-plugin-certificate)
+[![Node.js CI](https://github.com/adobe/aio-cli-plugin-certificate/actions/workflows/node.js.yml/badge.svg)](https://github.com/adobe/aio-cli-plugin-certificate/actions/workflows/node.js.yml)
 [![Codecov Coverage](https://img.shields.io/codecov/c/github/adobe/aio-cli-plugin-certificate/master.svg?style=flat-square)](https://codecov.io/gh/adobe/aio-cli-plugin-certificate/)
 
 
@@ -26,6 +26,7 @@ $ aio certificate --help
 # Commands
 <!-- commands -->
 * [`aio certificate`](#aio-certificate)
+* [`aio certificate:fingerprint FILE`](#aio-certificatefingerprint-file)
 * [`aio certificate:generate`](#aio-certificategenerate)
 * [`aio certificate:verify FILE`](#aio-certificateverify-file)
 
@@ -34,23 +35,31 @@ $ aio certificate --help
 Generate or verify a certificate for use with Adobe I/O
 
 ```
-Generate or verify a certificate for use with Adobe I/O
-
 USAGE
   $ aio certificate
 ```
 
-_See code: [src/commands/certificate/index.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.2.1/src/commands/certificate/index.js)_
+_See code: [src/commands/certificate/index.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0/src/commands/certificate/index.js)_
 
-## `aio certificate:generate`
+## `aio certificate:fingerprint FILE`
 
-Generate a new private/public key pair
+Compute the fingerprint of a public key certificate for use with Adobe I/O
 
 ```
-Generate a new private/public key pair
-Generate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe services.
+USAGE
+  $ aio certificate:fingerprint FILE
+
+ARGUMENTS
+  FILE  file path to certificate to fingerprint
+```
 
+_See code: [src/commands/certificate/fingerprint.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0/src/commands/certificate/fingerprint.js)_
 
+## `aio certificate:generate`
+
+Generate a new private/public key pair
+
+```
 USAGE
   $ aio certificate:generate
 
@@ -78,17 +87,13 @@ DESCRIPTION
   services.
 ```
 
-_See code: [src/commands/certificate/generate.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.2.1/src/commands/certificate/generate.js)_
+_See code: [src/commands/certificate/generate.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0/src/commands/certificate/generate.js)_
 
 ## `aio certificate:verify FILE`
 
 Verify a certificate for use with Adobe I/O
 
 ```
-Verify a certificate for use with Adobe I/O
-Verifies that the certificate is valid, and/or will not expire in [--days] days from now.
-
-
 USAGE
   $ aio certificate:verify FILE
 
@@ -102,7 +107,7 @@ DESCRIPTION
   Verifies that the certificate is valid, and/or will not expire in [--days] days from now.
 ```
 
-_See code: [src/commands/certificate/verify.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.2.1/src/commands/certificate/verify.js)_
+_See code: [src/commands/certificate/verify.js](https://github.com/adobe/aio-cli-plugin-certificate/blob/0.4.0/src/commands/certificate/verify.js)_
 <!-- commandsstop -->
 
 ## Contributing

package/oclif.manifest.json

@@ -1 +1 @@
-{"version":"0.2.1","commands":{"certificate:generate":{"id":"certificate:generate","description":"Generate a new private/public key pair\nGenerate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe services.\n","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"keyout":{"name":"keyout","type":"option","description":"file to send the key to","default":"private.key"},"out":{"name":"out","type":"option","description":"output file","default":"certificate_pub.crt"},"name":{"name":"name","type":"option","char":"n","description":"Common Name: typically a host domain name, like www.mysite.com","default":"selfsign.localhost"},"country":{"name":"country","type":"option","char":"c","description":"Country Name"},"state":{"name":"state","type":"option","char":"s","description":"State or Province"},"locality":{"name":"locality","type":"option","char":"l","description":"Locality, or city name"},"organization":{"name":"organization","type":"option","char":"o","description":"Organization name"},"unit":{"name":"unit","type":"option","char":"u","description":"Organizational unit or department"},"days":{"name":"days","type":"option","description":"Number of days the certificate should be valid for. (Max 365)","default":365}},"args":[]},"certificate":{"id":"certificate","description":"Generate or verify a certificate for use with Adobe I/O","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{},"args":[]},"certificate:verify":{"id":"certificate:verify","description":"Verify a certificate for use with Adobe I/O\nVerifies that the certificate is valid, and/or will not expire in [--days] days from now.\n","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"days":{"name":"days","type":"option","description":"+- is certificate valid in --days"}},"args":[{"name":"file","description":"file path to certificate to verify","required":true}]}}}
+{"version":"0.4.0","commands":{"certificate:fingerprint":{"id":"certificate:fingerprint","description":"Compute the fingerprint of a public key certificate for use with Adobe I/O","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{},"args":[{"name":"file","description":"file path to certificate to fingerprint","required":true}]},"certificate:generate":{"id":"certificate:generate","description":"Generate a new private/public key pair\nGenerate a self-signed certificate to enable https:// on localhost or signing jwt payloads for interacting with Adobe services.\n","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"keyout":{"name":"keyout","type":"option","description":"file to send the key to","default":"private.key"},"out":{"name":"out","type":"option","description":"output file","default":"certificate_pub.crt"},"name":{"name":"name","type":"option","char":"n","description":"Common Name: typically a host domain name, like www.mysite.com","default":"selfsign.localhost"},"country":{"name":"country","type":"option","char":"c","description":"Country Name"},"state":{"name":"state","type":"option","char":"s","description":"State or Province"},"locality":{"name":"locality","type":"option","char":"l","description":"Locality, or city name"},"organization":{"name":"organization","type":"option","char":"o","description":"Organization name"},"unit":{"name":"unit","type":"option","char":"u","description":"Organizational unit or department"},"days":{"name":"days","type":"option","description":"Number of days the certificate should be valid for. (Max 365)","default":365}},"args":[]},"certificate":{"id":"certificate","description":"Generate or verify a certificate for use with Adobe I/O","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{},"args":[]},"certificate:verify":{"id":"certificate:verify","description":"Verify a certificate for use with Adobe I/O\nVerifies that the certificate is valid, and/or will not expire in [--days] days from now.\n","pluginName":"@adobe/aio-cli-plugin-certificate","pluginType":"core","aliases":[],"flags":{"days":{"name":"days","type":"option","description":"+- is certificate valid in --days"}},"args":[{"name":"file","description":"file path to certificate to verify","required":true}]}}}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/aio-cli-plugin-certificate",
-  "version": "0.2.1",
+  "version": "0.4.0",
   "description": "Generate and validate private certs, and public key pairs for use with Adobe IO Console",
   "repository": "adobe/aio-cli-plugin-certificate",
   "homepage": "https://github.com/adobe/aio-cli-plugin-certificate",
@@ -10,7 +10,7 @@
     "@oclif/errors": "^1.1.2",
     "debug": "^4.1.0",
     "fs-extra": "^9.0.0",
-    "node-forge": "^0.10.0"
+    "node-forge": "^1.3.0"
   },
   "devDependencies": {
     "@oclif/dev-cli": "^1.21.3",

package/src/certificate.js

@@ -1,6 +1,36 @@
+/*
+Copyright 2019 Adobe Inc. All rights reserved.
+This file is licensed to you under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License. You may obtain a copy
+of the License at http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+OF ANY KIND, either express or implied. See the License for the specific language
+governing permissions and limitations under the License.
+*/
+
 const debug = require('debug')('aio-cli-plugin-certificate:helpers')
 const forge = require('node-forge')
 const pki = forge.pki
+const asn1 = forge.asn1
+
+/**
+ * Computes the SHA-1 digest of the entire DER-encoded x.509 certificate
+ * contained in the provided PEM-encoded string, which gives the same result as
+ * using "openssl x509 -fingerprint", except without delimiters and in
+ * all lowercase.
+ *
+ * @param {string|Buffer} pemCert PEM-encoded sting containing x509 certificate
+ * @returns {{certificateFingerprint: string}} x509 fingerprint
+ */
+function fingerprint (pemCert) {
+  const cert = pki.certificateFromPem(pemCert)
+  const bytes = asn1.toDer(pki.certificateToAsn1(cert)).getBytes()
+  const md = forge.md.sha1.create()
+  md.start()
+  md.update(bytes)
+  return { certificateFingerprint: md.digest().toHex() }
+}
 
 /**
   openssl req -x509 -sha256 -nodes -days 365 -subj "/C=US/" -newkey rsa:2048 -keyout private.key -out certificate_pub.crt
@@ -90,6 +120,13 @@ function generate (commonName, days, /* istanbul ignore next */ attributes = {})
       codeSigning: true,
       emailProtection: true,
       timeStamping: true
+    },
+    {
+      name: 'subjectAltName',
+      altNames: [{
+        type: 2, // DNS
+        value: commonName
+      }]
     }
   ])
 
@@ -128,6 +165,7 @@ function verify (pemCert) {
 }
 
 module.exports = {
+  fingerprint,
   generate,
   verify
 }

package/src/commands/certificate/fingerprint.js

@@ -0,0 +1,52 @@
+/*
+Copyright 2019 Adobe. All rights reserved.
+This file is licensed to you under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License. You may obtain a copy
+of the License at http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
+OF ANY KIND, either express or implied. See the License for the specific language
+governing permissions and limitations under the License.
+*/
+
+const { Command } = require('@oclif/command')
+const fs = require('fs-extra')
+const debug = require('debug')('aio-cli-plugin-certificate:fingerprint')
+
+const cert = require('../../certificate')
+
+class FingerprintCommand extends Command {
+  async run () {
+    const { args } = this.parse(FingerprintCommand)
+
+    if (!fs.existsSync(args.file)) {
+      this.error('input file does not exist: ' + args.file)
+    }
+
+    try {
+      const pemCert = fs.readFileSync(args.file).toString()
+      debug('fingerprinting cert from pem: ', pemCert)
+      // this will throw if file is not a valid pem content
+      const res = cert.fingerprint(pemCert)
+
+      this.log(res.certificateFingerprint)
+      return res.certificateFingerprint
+    } catch (err) {
+      debug('error fingerprinting certificate: ', err)
+      this.error(err.message)
+    }
+  }
+}
+
+FingerprintCommand.description = 'Compute the fingerprint of a public key certificate for use with Adobe I/O'
+
+FingerprintCommand.args = [
+  {
+    name: 'file',
+    required: true,
+    description: 'file path to certificate to fingerprint'
+  }
+]
+
+module.exports = FingerprintCommand