@adobe/ccweb-add-on-ssl 2.5.0 → 3.0.1

package/.mocharc.json

@@ -1,5 +1,12 @@
 {
     "extension": ["ts"],
-    "node-option": ["experimental-specifier-resolution=node", "loader=ts-node/esm", "no-warnings"],
-    "spec": ["src/test/**/*.spec.ts"]
+    "node-option": [
+        "experimental-specifier-resolution=node",
+        "loader=ts-node/esm",
+        "enable-source-maps",
+        "no-warnings"
+    ],
+    "spec": ["src/test/**/*.spec.ts"],
+    "recursive": true,
+    "timeout": 60000
 }

package/README.md

@@ -8,13 +8,14 @@
 
 This package provides commands which can be used to set up your self-signed SSL certificate. This SSL certificate is used to locally host the add-on on your browser trusted HTTPS.
 
-These commands are used by [@adobe/create-ccweb-add-on](https://www.npmjs.com/package/@adobe/create-ccweb-add-on) to set up your one-time SSL certificate during its first run on your system.
+These commands are used by [@adobe/create-ccweb-add-on](https://www.npmjs.com/package/@adobe/create-ccweb-add-on) to set up a locally trusted SSL certificate in your system as a one-time step.
 
 ## Commands
 
-| Command | Description                                          | Basic Usage                                 |
-| ------- | ---------------------------------------------------- | ------------------------------------------- |
-| setup   | Automatically set up self-signed SSL in your system. | ccweb-add-on-ssl setup --hostname localhost |
+| Command | Description                                                  | Basic Usage                                 |
+| ------- | ------------------------------------------------------------ | ------------------------------------------- |
+| setup   | Setup a locally trusted SSL certificate for hosting add-ons. | ccweb-add-on-ssl setup --hostname localhost |
+| purge   | Remove all add-on related SSL artifacts from your system.    | ccweb-add-on-ssl purge                      |
 
 For detailed usage guides, you may check `npx @adobe/ccweb-add-on-ssl --help`.
 

package/bin/run.js

@@ -2,7 +2,7 @@
 
 import oclif from "@oclif/core";
 
-oclif
-    .run(process.argv.slice(2), import.meta.url)
+await oclif
+    .execute({ dir: import.meta.url })
     .then(oclif.flush)
     .catch(oclif.Errors.handle);

package/dist/AnalyticsMarkers.d.ts

@@ -24,12 +24,15 @@
 export declare enum AnalyticsErrorMarkers {
     ERROR_SSL_INVALID_HOSTNAME = "ERROR_SSL_INVALID_HOSTNAME",
     ERROR_SSL_SETUP = "ERROR_SSL_SETUP",
-    ERROR_SSL_REMOVE = "ERROR_SSL_REMOVE"
+    ERROR_SSL_REMOVE = "ERROR_SSL_REMOVE",
+    ERROR_SSL_PURGE = "ERROR_SSL_PURGE"
 }
 export declare enum AnalyticsSuccessMarkers {
     SUCCESSFUL_SSL_MANUAL_SETUP = "SUCCESSFUL_SSL_MANUAL_SETUP",
     SUCCESSFUL_SSL_AUTOMATIC_SETUP = "SUCCESSFUL_SSL_AUTOMATIC_SETUP",
     SUCCESSFUL_SSL_MANUAL_REMOVE = "SUCCESSFUL_SSL_MANUAL_REMOVE",
-    SUCCESSFUL_SSL_AUTOMATIC_REMOVE = "SUCCESSFUL_SSL_AUTOMATIC_REMOVE"
+    SUCCESSFUL_SSL_AUTOMATIC_REMOVE = "SUCCESSFUL_SSL_AUTOMATIC_REMOVE",
+    SUCCESSFUL_SSL_MANUAL_PURGE = "SUCCESSFUL_SSL_MANUAL_PURGE",
+    SUCCESSFUL_SSL_AUTOMATIC_PURGE = "SUCCESSFUL_SSL_AUTOMATIC_PURGE"
 }
 //# sourceMappingURL=AnalyticsMarkers.d.ts.map

package/dist/AnalyticsMarkers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AnalyticsMarkers.d.ts","sourceRoot":"","sources":["../src/AnalyticsMarkers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,oBAAY,qBAAqB;IAC7B,0BAA0B,+BAA+B;IACzD,eAAe,oBAAoB;IACnC,gBAAgB,qBAAqB;CACxC;AAED,oBAAY,uBAAuB;IAC/B,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;IACjE,4BAA4B,iCAAiC;IAC7D,+BAA+B,oCAAoC;CACtE"}
+{"version":3,"file":"AnalyticsMarkers.d.ts","sourceRoot":"","sources":["../src/AnalyticsMarkers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,oBAAY,qBAAqB;IAC7B,0BAA0B,+BAA+B;IACzD,eAAe,oBAAoB;IACnC,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;CACtC;AAED,oBAAY,uBAAuB;IAC/B,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;IACjE,4BAA4B,iCAAiC;IAC7D,+BAA+B,oCAAoC;IACnE,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;CACpE"}

package/dist/AnalyticsMarkers.js

@@ -26,6 +26,7 @@ export var AnalyticsErrorMarkers;
     AnalyticsErrorMarkers["ERROR_SSL_INVALID_HOSTNAME"] = "ERROR_SSL_INVALID_HOSTNAME";
     AnalyticsErrorMarkers["ERROR_SSL_SETUP"] = "ERROR_SSL_SETUP";
     AnalyticsErrorMarkers["ERROR_SSL_REMOVE"] = "ERROR_SSL_REMOVE";
+    AnalyticsErrorMarkers["ERROR_SSL_PURGE"] = "ERROR_SSL_PURGE";
 })(AnalyticsErrorMarkers || (AnalyticsErrorMarkers = {}));
 export var AnalyticsSuccessMarkers;
 (function (AnalyticsSuccessMarkers) {
@@ -33,5 +34,7 @@ export var AnalyticsSuccessMarkers;
     AnalyticsSuccessMarkers["SUCCESSFUL_SSL_AUTOMATIC_SETUP"] = "SUCCESSFUL_SSL_AUTOMATIC_SETUP";
     AnalyticsSuccessMarkers["SUCCESSFUL_SSL_MANUAL_REMOVE"] = "SUCCESSFUL_SSL_MANUAL_REMOVE";
     AnalyticsSuccessMarkers["SUCCESSFUL_SSL_AUTOMATIC_REMOVE"] = "SUCCESSFUL_SSL_AUTOMATIC_REMOVE";
+    AnalyticsSuccessMarkers["SUCCESSFUL_SSL_MANUAL_PURGE"] = "SUCCESSFUL_SSL_MANUAL_PURGE";
+    AnalyticsSuccessMarkers["SUCCESSFUL_SSL_AUTOMATIC_PURGE"] = "SUCCESSFUL_SSL_AUTOMATIC_PURGE";
 })(AnalyticsSuccessMarkers || (AnalyticsSuccessMarkers = {}));
 //# sourceMappingURL=AnalyticsMarkers.js.map

package/dist/app/CommandExecutor.d.ts

@@ -31,6 +31,6 @@ export interface CommandExecutor {
      * @param options - Command arguments entered by user represented as {@link CommandOptions}.
      * @returns Promise.
      */
-    execute(options: CommandOptions): Promise<void>;
+    execute(options?: CommandOptions): Promise<void>;
 }
 //# sourceMappingURL=CommandExecutor.d.ts.map

package/dist/app/CommandExecutor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CommandExecutor.d.ts","sourceRoot":"","sources":["../../src/app/CommandExecutor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B;;;;OAIG;IACH,OAAO,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnD"}
+{"version":3,"file":"CommandExecutor.d.ts","sourceRoot":"","sources":["../../src/app/CommandExecutor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC5B;;;;OAIG;IACH,OAAO,CAAC,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpD"}

package/dist/app/PurgeCommandExecutor.d.ts

@@ -0,0 +1,53 @@
+/********************************************************************************
+ * MIT License
+
+ * © Copyright 2025 Adobe. All rights reserved.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ********************************************************************************/
+import type { AnalyticsService } from "@adobe/ccweb-add-on-analytics";
+import type { Logger, Preferences } from "@adobe/ccweb-add-on-core";
+import "reflect-metadata";
+import type { CommandExecutor } from "./CommandExecutor.js";
+/**
+ * Purge command execution implementation class.
+ */
+export declare class PurgeCommandExecutor implements CommandExecutor {
+    private readonly _preferences;
+    private readonly _analyticsService;
+    private readonly _logger;
+    /**
+     * Instantiate {@link PurgeCommandExecutor}.
+     * @param preferences - {@link Preferences} reference.
+     * @param analyticsService - {@link AnalyticsService} reference.
+     * @param logger - {@link Logger} reference.
+     * @returns Reference to a new {@link PurgeCommandExecutor} instance.
+     */
+    constructor(preferences: Preferences, analyticsService: AnalyticsService, logger: Logger);
+    /**
+     * Purge all SSL artifacts and invalidate the certificate authority from the trusted source.
+     * @returns Promise.
+     */
+    execute(): Promise<void>;
+    private _purgeCustomSSL;
+    private _purgeWxpSSL;
+    private _promptMessage;
+    private _promptMessageOption;
+}
+//# sourceMappingURL=PurgeCommandExecutor.d.ts.map

package/dist/app/PurgeCommandExecutor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PurgeCommandExecutor.d.ts","sourceRoot":"","sources":["../../src/app/PurgeCommandExecutor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAEtE,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAOpE,OAAO,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5D;;GAEG;AACH,qBACa,oBAAqB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC;;;;;;OAMG;gBAEiC,WAAW,EAAE,WAAW,EACd,gBAAgB,EAAE,gBAAgB,EACjD,MAAM,EAAE,MAAM;IAO7C;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAqC9B,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,YAAY;IAOpB,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,oBAAoB;CAG/B"}

package/dist/app/PurgeCommandExecutor.js

@@ -0,0 +1,125 @@
+/********************************************************************************
+ * MIT License
+
+ * © Copyright 2025 Adobe. All rights reserved.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ********************************************************************************/
+import { __decorate, __metadata, __param } from "tslib";
+import { ITypes as IAnalyticsTypes } from "@adobe/ccweb-add-on-analytics";
+import { ITypes as ICoreTypes } from "@adobe/ccweb-add-on-core";
+import devcert from "@adobe/ccweb-add-on-devcert";
+import chalk from "chalk";
+import fs from "fs-extra";
+import { inject, injectable } from "inversify";
+import prompts from "prompts";
+import "reflect-metadata";
+import { AnalyticsErrorMarkers, AnalyticsSuccessMarkers } from "../AnalyticsMarkers.js";
+import { SSLRemoveOption } from "../models/Types.js";
+/**
+ * Purge command execution implementation class.
+ */
+let PurgeCommandExecutor = class PurgeCommandExecutor {
+    _preferences;
+    _analyticsService;
+    _logger;
+    /**
+     * Instantiate {@link PurgeCommandExecutor}.
+     * @param preferences - {@link Preferences} reference.
+     * @param analyticsService - {@link AnalyticsService} reference.
+     * @param logger - {@link Logger} reference.
+     * @returns Reference to a new {@link PurgeCommandExecutor} instance.
+     */
+    constructor(preferences, analyticsService, logger) {
+        this._preferences = preferences;
+        this._analyticsService = analyticsService;
+        this._logger = logger;
+    }
+    /**
+     * Purge all SSL artifacts and invalidate the certificate authority from the trusted source.
+     * @returns Promise.
+     */
+    async execute() {
+        const response = await prompts.prompt({
+            type: "select",
+            name: "purgeConfirmation",
+            message: this._promptMessage(LOGS.purgeConfirmation),
+            choices: [
+                { title: this._promptMessageOption(LOGS.keepSSL), value: SSLRemoveOption.Keep },
+                { title: this._promptMessageOption(LOGS.removeSSL), value: SSLRemoveOption.Remove }
+            ],
+            initial: 0
+        });
+        if (!response || !response.purgeConfirmation) {
+            this._analyticsService.postEvent(AnalyticsErrorMarkers.ERROR_SSL_PURGE, LOGS.sslPurgeOptionNotSpecified, false);
+            return;
+        }
+        if (response.purgeConfirmation === SSLRemoveOption.Keep) {
+            return;
+        }
+        this._logger.information(LOGS.removingAndInvalidatingSSL, { prefix: LOGS.newLine });
+        this._logger.message(LOGS.requireSystemPassword);
+        this._logger.message(LOGS.requireSystemPasswordReason);
+        this._logger.message(LOGS.retryRunningIfTakingLonger);
+        this._purgeCustomSSL();
+        this._purgeWxpSSL();
+        this._logger.success(LOGS.removedAllSSL, { prefix: LOGS.newLine, postfix: LOGS.newLine });
+    }
+    _purgeCustomSSL() {
+        const userPreference = this._preferences.get();
+        if (userPreference.ssl !== undefined) {
+            userPreference.ssl = undefined;
+            this._preferences.set(userPreference);
+            this._analyticsService.postEvent(AnalyticsSuccessMarkers.SUCCESSFUL_SSL_MANUAL_PURGE, "", true);
+        }
+    }
+    _purgeWxpSSL() {
+        if (fs.existsSync(devcert.location())) {
+            devcert.removeAll();
+            this._analyticsService.postEvent(AnalyticsSuccessMarkers.SUCCESSFUL_SSL_AUTOMATIC_PURGE, "", true);
+        }
+    }
+    _promptMessage(message) {
+        return chalk.hex("#E59400")(message);
+    }
+    _promptMessageOption(message) {
+        return chalk.green.bold(message);
+    }
+};
+PurgeCommandExecutor = __decorate([
+    injectable(),
+    __param(0, inject(ICoreTypes.Preferences)),
+    __param(1, inject(IAnalyticsTypes.AnalyticsService)),
+    __param(2, inject(ICoreTypes.Logger)),
+    __metadata("design:paramtypes", [Object, Object, Object])
+], PurgeCommandExecutor);
+export { PurgeCommandExecutor };
+const LOGS = {
+    newLine: "\n",
+    sslPurgeOptionNotSpecified: "SSL purge option is not specified.",
+    purgeConfirmation: "Are you sure you want to remove all SSL artifacts from your system",
+    keepSSL: "No, keep existing SSL artifacts",
+    removeSSL: "Yes, remove all SSL artifacts",
+    removingAndInvalidatingSSL: "Removing and invalidating all SSL artifacts from your system ...",
+    requireSystemPassword: "This may require you to enter your system's password,",
+    requireSystemPasswordReason: "so that the SSL certificate can be removed from your system's trusted certificate path.",
+    retryRunningIfTakingLonger: "[If this takes longer than expected, please break and retry]",
+    removedAllSSL: "Removed all SSL artifacts."
+};
+//# sourceMappingURL=PurgeCommandExecutor.js.map

package/dist/app/SSLReader.d.ts

@@ -41,8 +41,9 @@ export interface SSLReader {
     /**
      * Read the SSL artifacts.
      * @param hostname - Hostname in the SSL certificate.
+     * @param port - Port where the add-on is being hosted.
      * @returns Promise of {@link SSLData}.
      */
-    read(hostname: string): Promise<SSLData>;
+    read(hostname: string, port: number): Promise<SSLData>;
 }
 //# sourceMappingURL=SSLReader.d.ts.map

package/dist/app/SSLReader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SSLReader.d.ts","sourceRoot":"","sources":["../../src/app/SSLReader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;OAIG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAEpC;;;;OAIG;IACH,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC5C"}
+{"version":3,"file":"SSLReader.d.ts","sourceRoot":"","sources":["../../src/app/SSLReader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,SAAS;IACtB;;;;OAIG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAEvC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;IAEpC;;;;;OAKG;IACH,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1D"}

package/dist/app/SetupCommandExecutor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SetupCommandExecutor.d.ts","sourceRoot":"","sources":["../../src/app/SetupCommandExecutor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAEtE,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAQpE,OAAO,kBAAkB,CAAC;AAI1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAE5E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAIhD;;GAEG;AACH,qBACa,oBAAqB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAY;IACvC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC;;;;;;;OAOG;gBAEiC,WAAW,EAAE,WAAW,EAC9B,SAAS,EAAE,SAAS,EACJ,gBAAgB,EAAE,gBAAgB,EACjD,MAAM,EAAE,MAAM;IAQ7C;;;;;;;OAOG;IACG,OAAO,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;YA2C5C,kBAAkB;YA4BlB,iBAAiB;YAejB,sBAAsB;YAgBtB,kBAAkB;YA0DlB,kBAAkB;IAkChC,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,oBAAoB;CAG/B"}
+{"version":3,"file":"SetupCommandExecutor.d.ts","sourceRoot":"","sources":["../../src/app/SetupCommandExecutor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAEtE,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAQpE,OAAO,kBAAkB,CAAC;AAI1B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AAE5E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAIhD;;GAEG;AACH,qBACa,oBAAqB,YAAW,eAAe;IACxD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAY;IACvC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC;;;;;;;OAOG;gBAEiC,WAAW,EAAE,WAAW,EAC9B,SAAS,EAAE,SAAS,EACJ,gBAAgB,EAAE,gBAAgB,EACjD,MAAM,EAAE,MAAM;IAQ7C;;;;;;;OAOG;IACG,OAAO,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;YA2C5C,kBAAkB;YA0BlB,iBAAiB;YAejB,sBAAsB;YAgBtB,kBAAkB;YA+DlB,kBAAkB;IAkChC,OAAO,CAAC,cAAc;IAItB,OAAO,CAAC,oBAAoB;CAG/B"}

package/dist/app/SetupCommandExecutor.js

@@ -24,8 +24,8 @@
 import { __decorate, __metadata, __param } from "tslib";
 import { ITypes as IAnalyticsTypes } from "@adobe/ccweb-add-on-analytics";
 import { ITypes as ICoreTypes, isFile } from "@adobe/ccweb-add-on-core";
-import chalk from "chalk";
 import devcert from "@adobe/ccweb-add-on-devcert";
+import chalk from "chalk";
 import { inject, injectable } from "inversify";
 import path from "path";
 import process from "process";
@@ -112,8 +112,6 @@ let SetupCommandExecutor = class SetupCommandExecutor {
         this._logger.warning(format(LOGS.sslAlreadyConfigured, { hostname: options.hostname }), {
             prefix: LOGS.newLine
         });
-        // Consider updating the signature of `_removeExistingSSL` to accept only `options`
-        // when we introduce the @oclf command to `remove` an existing SSL.
         return await this._removeExistingSSL(options, isCustomSSL, isWxpSSL);
     }
     async _setupSSLManually(hostname) {
@@ -168,10 +166,15 @@ let SetupCommandExecutor = class SetupCommandExecutor {
             this._analyticsService.postEvent(AnalyticsSuccessMarkers.SUCCESSFUL_SSL_MANUAL_REMOVE, options.hostname, true);
         }
         if (isWxpSSL) {
-            await devcert.removeDomain(options.hostname);
+            if (devcert.caExpiryInDays() <= 0) {
+                devcert.removeAll();
+            }
+            else {
+                await devcert.removeDomain(options.hostname);
+            }
             this._analyticsService.postEvent(AnalyticsSuccessMarkers.SUCCESSFUL_SSL_AUTOMATIC_REMOVE, options.hostname, true);
         }
-        this._logger.success(LOGS.removed, { postfix: LOGS.newLine });
+        this._logger.success(LOGS.removedExistingSSL, { prefix: LOGS.newLine, postfix: LOGS.newLine });
         return true;
     }
     async _promptUserForPath(asset) {
@@ -227,7 +230,7 @@ const LOGS = {
     automatically: "Automatically, set it up for me",
     manually: "Manually, I already have an SSL certificate and key",
     settingUpSSL: "Setting up self-signed SSL certificate ...",
-    requireSystemPassword: "This is only a one time step and may require you to enter your system's password",
+    requireSystemPassword: "This is only a one time step and may require you to enter your system's password,",
     requireSystemPasswordReason: "so that the SSL certificate can be added to your system's trusted certificate path.",
     retryRunningIfTakingLonger: "[If this takes longer than expected, please break and retry]",
     sslSetupComplete: "SSL setup complete!",
@@ -238,6 +241,6 @@ const LOGS = {
     invalidPathSpecified: "Invalid {asset} path specified.",
     sslSetupOptionNotSpecified: "SSL setup option is not specified.",
     sslRemoveOptionNotSpecified: "SSL remove option is not specified.",
-    removed: "Removed."
+    removedExistingSSL: "Removed existing SSL certificate."
 };
 //# sourceMappingURL=SetupCommandExecutor.js.map

package/dist/app/WxpSSLReader.d.ts

@@ -52,9 +52,16 @@ export declare class WxpSSLReader {
     /**
      * Read the SSL artifacts.
      * @param hostname - Hostname in the SSL certificate.
+     * @param port - Port where the add-on is being hosted.
      * @returns Promise of {@link SSLData}.
      */
-    read(hostname: string): Promise<SSLData>;
+    read(hostname: string, port: number): Promise<SSLData>;
     private _getUserDefinedSSL;
+    private _handleExpiredSSLCertificate;
+    private _handleNearingExpirySSLCertificate;
+    private _handleNoSSLCertificateFound;
+    private _handleInvalidUserSSLCertificate;
+    private _handleUnknownExpirySSLCertificate;
+    private _recreateSSLCertificate;
 }
 //# sourceMappingURL=WxpSSLReader.d.ts.map

package/dist/app/WxpSSLReader.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"WxpSSLReader.d.ts","sourceRoot":"","sources":["../../src/app/WxpSSLReader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAe,MAAM,0BAA0B,CAAC;AAKjF,OAAO,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD;;GAEG;AACH,qBACa,YAAY;IACrB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC;;;;;OAKG;gBACyC,WAAW,EAAE,WAAW,EAA6B,MAAM,EAAE,MAAM;IAK/G;;;;OAIG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAItC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAInC;;;;OAIG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA+B9C,OAAO,CAAC,kBAAkB;CAQ7B"}
+{"version":3,"file":"WxpSSLReader.d.ts","sourceRoot":"","sources":["../../src/app/WxpSSLReader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,KAAK,EAAE,MAAM,EAAE,WAAW,EAAe,MAAM,0BAA0B,CAAC;AAKjF,OAAO,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD;;GAEG;AACH,qBACa,YAAY;IACrB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAc;IAC3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IAEjC;;;;;OAKG;gBACyC,WAAW,EAAE,WAAW,EAA6B,MAAM,EAAE,MAAM;IAK/G;;;;OAIG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAItC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAInC;;;;;OAKG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA8C5D,OAAO,CAAC,kBAAkB;IAS1B,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,kCAAkC;IAK1C,OAAO,CAAC,4BAA4B;IAMpC,OAAO,CAAC,gCAAgC;IAKxC,OAAO,CAAC,kCAAkC;IAO1C,OAAO,CAAC,uBAAuB;CAOlC"}

package/dist/app/WxpSSLReader.js

@@ -27,6 +27,7 @@ import devcert from "@adobe/ccweb-add-on-devcert";
 import fs from "fs-extra";
 import { inject, injectable } from "inversify";
 import "reflect-metadata";
+import format from "string-template";
 /**
  * Implementation class for reading the SSL artifacts.
  */
@@ -62,21 +63,23 @@ let WxpSSLReader = class WxpSSLReader {
     /**
      * Read the SSL artifacts.
      * @param hostname - Hostname in the SSL certificate.
+     * @param port - Port where the add-on is being hosted.
      * @returns Promise of {@link SSLData}.
      */
-    async read(hostname) {
+    async read(hostname, port) {
         const sslSettings = this._getUserDefinedSSL(hostname);
         // When SSL is set up manuually by the `user`.
         if (sslSettings !== undefined) {
             const { certificatePath, keyPath } = sslSettings;
             if (!certificatePath || !isFile(certificatePath)) {
-                this._logger.error(LOGS.invalidCertificatePath);
+                this._handleInvalidUserSSLCertificate(LOGS.invalidCertificatePath);
                 return process.exit(1);
             }
             if (!keyPath || !isFile(keyPath)) {
-                this._logger.error(LOGS.invalidKeyPath);
+                this._handleInvalidUserSSLCertificate(LOGS.invalidKeyPath);
                 return process.exit(1);
             }
+            this._handleUnknownExpirySSLCertificate(hostname, port);
             return {
                 cert: fs.readFileSync(certificatePath),
                 key: fs.readFileSync(keyPath)
@@ -84,9 +87,19 @@ let WxpSSLReader = class WxpSSLReader {
         }
         // When SSL is set up automatically by `devcert`.
         if (this.isWxpSSL(hostname)) {
+            const caExpiry = devcert.caExpiryInDays();
+            const certificateExpiry = devcert.certificateExpiryInDays(hostname);
+            const expiry = Math.min(certificateExpiry, caExpiry);
+            if (expiry <= 0) {
+                this._handleExpiredSSLCertificate();
+                return process.exit(1);
+            }
+            if (expiry <= 7) {
+                this._handleNearingExpirySSLCertificate(expiry);
+            }
             return await devcert.certificateFor(hostname);
         }
-        this._logger.error(LOGS.noSSLDataFound, { postfix: LOGS.newLine });
+        this._handleNoSSLCertificateFound();
         return process.exit(1);
     }
     _getUserDefinedSSL(hostname) {
@@ -96,6 +109,36 @@ let WxpSSLReader = class WxpSSLReader {
         }
         return ssl.get(hostname);
     }
+    _handleExpiredSSLCertificate() {
+        this._logger.error(LOGS.noValidSSLCertificateFound);
+        this._logger.error(LOGS.expiredSSLCertificate);
+        this._recreateSSLCertificate();
+    }
+    _handleNearingExpirySSLCertificate(expiry) {
+        this._logger.warning(format(LOGS.nearingExpirySSLCertificate, { expiry }));
+        this._recreateSSLCertificate();
+    }
+    _handleNoSSLCertificateFound() {
+        this._logger.error(LOGS.noValidSSLCertificateFound);
+        this._logger.error(LOGS.invalidatedSSLCertificate);
+        this._recreateSSLCertificate();
+    }
+    _handleInvalidUserSSLCertificate(errorMessage) {
+        this._logger.error(errorMessage);
+        this._recreateSSLCertificate();
+    }
+    _handleUnknownExpirySSLCertificate(hostname, port) {
+        this._logger.warning(LOGS.undeterminedExpirySSLCertificate);
+        this._logger.warning(LOGS.unableToSideloadAddOn);
+        this._logger.warning(format(LOGS.checkCertificateValidity, { hostname, port }));
+        this._recreateSSLCertificate();
+    }
+    _recreateSSLCertificate() {
+        this._logger.warning(LOGS.recreateSSLCertificate, { prefix: LOGS.newLine });
+        this._logger.information(LOGS.setupSSLCommand, { prefix: LOGS.tab });
+        this._logger.warning(LOGS.example, { prefix: LOGS.newLine });
+        this._logger.information(LOGS.setupSSLCommandExample, { prefix: LOGS.tab, postfix: LOGS.newLine });
+    }
 };
 WxpSSLReader = __decorate([
     injectable(),
@@ -106,8 +149,19 @@ WxpSSLReader = __decorate([
 export { WxpSSLReader };
 const LOGS = {
     newLine: "\n",
+    tab: "  ",
     invalidCertificatePath: "Invalid SSL certificate file path.",
     invalidKeyPath: "Invalid SSL key file path.",
-    noSSLDataFound: "No SSL related certificate or key files were found. Please retry after setting them up."
+    noValidSSLCertificateFound: "Could not locate a valid SSL certificate to host the add-on.",
+    expiredSSLCertificate: "The SSL certificate has expired.",
+    nearingExpirySSLCertificate: "Your SSL certificate will expire in {expiry} days.",
+    invalidatedSSLCertificate: "If you had previously set it up, it may have been invalidated due to a version upgrade.",
+    undeterminedExpirySSLCertificate: "Could not determine the expiry of your SSL certificate.",
+    unableToSideloadAddOn: "If you are unable to sideload your add-on, please check the validity of:",
+    checkCertificateValidity: "https://{hostname}:{port} certificate in your browser.",
+    recreateSSLCertificate: "To re-create the SSL certificate, you may run:",
+    setupSSLCommand: "npx @adobe/ccweb-add-on-ssl setup --hostname [hostname]",
+    example: "Example:",
+    setupSSLCommandExample: "npx @adobe/ccweb-add-on-ssl setup --hostname localhost"
 };
 //# sourceMappingURL=WxpSSLReader.js.map

package/dist/app/index.d.ts

@@ -22,7 +22,8 @@
  * SOFTWARE.
  ********************************************************************************/
 export * from "./CommandExecutor.js";
-export * from "./SSLReader.js";
+export * from "./PurgeCommandExecutor.js";
 export * from "./SetupCommandExecutor.js";
+export * from "./SSLReader.js";
 export * from "./WxpSSLReader.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/app/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/app/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,cAAc,sBAAsB,CAAC;AACrC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/app/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,cAAc,sBAAsB,CAAC;AACrC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gBAAgB,CAAC;AAC/B,cAAc,mBAAmB,CAAC"}

package/dist/app/index.js

@@ -22,7 +22,8 @@
  * SOFTWARE.
  ********************************************************************************/
 export * from "./CommandExecutor.js";
-export * from "./SSLReader.js";
+export * from "./PurgeCommandExecutor.js";
 export * from "./SetupCommandExecutor.js";
+export * from "./SSLReader.js";
 export * from "./WxpSSLReader.js";
 //# sourceMappingURL=index.js.map

package/dist/commands/purge.d.ts

@@ -0,0 +1,41 @@
+/********************************************************************************
+ * MIT License
+
+ * © Copyright 2025 Adobe. All rights reserved.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ********************************************************************************/
+import { BaseCommand } from "@adobe/ccweb-add-on-analytics";
+import type { Config } from "@oclif/core";
+import "reflect-metadata";
+/**
+ * SSL Purge command.
+ */
+export declare class Purge extends BaseCommand {
+    private readonly _commandExecutor;
+    static description: string;
+    static args: {};
+    static flags: {};
+    constructor(argv: string[], config: Config);
+    run(): Promise<void>;
+    catch(error: {
+        message: string;
+    }): Promise<void>;
+}
+//# sourceMappingURL=purge.d.ts.map

package/dist/commands/purge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"purge.d.ts","sourceRoot":"","sources":["../../src/commands/purge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;kFAsBkF;AAElF,OAAO,EAAE,WAAW,EAAc,MAAM,+BAA+B,CAAC;AAExE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,kBAAkB,CAAC;AAM1B;;GAEG;AACH,qBAAa,KAAM,SAAQ,WAAW;IAClC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAkB;IAEnD,MAAM,CAAC,WAAW,SAA8E;IAEhG,MAAM,CAAC,IAAI,KAAM;IAEjB,MAAM,CAAC,KAAK,KAAM;gBAEN,IAAI,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM;IAMpC,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAepB,KAAK,CAAC,KAAK,EAAE;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAIzD"}

package/dist/commands/purge.js

@@ -0,0 +1,56 @@
+/********************************************************************************
+ * MIT License
+
+ * © Copyright 2025 Adobe. All rights reserved.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ********************************************************************************/
+import { BaseCommand, CLIProgram } from "@adobe/ccweb-add-on-analytics";
+import { UncaughtExceptionHandler } from "@adobe/ccweb-add-on-core";
+import process from "process";
+import "reflect-metadata";
+import { AnalyticsErrorMarkers } from "../AnalyticsMarkers.js";
+import { IContainer, ITypes } from "../config/index.js";
+import { PROGRAM_NAME } from "../constants.js";
+/**
+ * SSL Purge command.
+ */
+export class Purge extends BaseCommand {
+    _commandExecutor;
+    static description = "Remove and invalidate all add-on related SSL artifacts from your system.";
+    static args = {};
+    static flags = {};
+    constructor(argv, config) {
+        super(argv, config, new CLIProgram(PROGRAM_NAME, config.name + "@" + config.version));
+        this._commandExecutor = IContainer.getNamed(ITypes.CommandExecutor, "purge");
+    }
+    async run() {
+        UncaughtExceptionHandler.registerExceptionHandler(PROGRAM_NAME);
+        const rootDirectory = process.cwd();
+        process.chdir(rootDirectory);
+        const { flags: { analytics } } = await this.parse(Purge);
+        await this._seekAnalyticsConsent(analytics);
+        await this._commandExecutor.execute();
+    }
+    async catch(error) {
+        this._analyticsService.postEvent(AnalyticsErrorMarkers.ERROR_SSL_PURGE, error.message, false);
+        throw error;
+    }
+}
+//# sourceMappingURL=purge.js.map