@cap-kit/tls-fingerprint 8.0.0

package/android/src/main/java/io/capkit/settings/config/TLSFingerprintConfig.kt

@@ -0,0 +1,102 @@
+package io.capkit.tlsfingerprint.config
+
+import com.getcapacitor.Plugin
+
+/**
+ * Plugin configuration container.
+ *
+ * This class is responsible for reading and exposing
+ * static configuration values defined under the
+ * `TLSFingerprint` key in capacitor.config.ts.
+ *
+ * Configuration rules:
+ * - Read once during plugin initialization
+ * - Treated as immutable runtime input
+ * - Accessible only from native code
+ */
+class TLSFingerprintConfig(
+  plugin: Plugin,
+) {
+  // -----------------------------------------------------------------------------
+  // Configuration Keys
+  // -----------------------------------------------------------------------------
+
+  /**
+   * Centralized definition of configuration keys.
+   * Avoids string duplication and typos.
+   */
+  private object Keys {
+    const val VERBOSE_LOGGING = "verboseLogging"
+    const val FINGERPRINT = "fingerprint"
+    const val FINGERPRINTS = "fingerprints"
+    const val EXCLUDED_DOMAINS = "excludedDomains"
+  }
+
+  // -----------------------------------------------------------------------------
+  // Properties
+  // -----------------------------------------------------------------------------
+
+  /**
+   * Enables verbose native logging.
+   *
+   * When enabled, additional debug information
+   * is printed to Logcat.
+   *
+   * Default: false
+   */
+  val verboseLogging: Boolean
+
+  /**
+   * Default SHA-256 fingerprint used by checkCertificate()
+   * when no fingerprint is provided at runtime.
+   */
+  val fingerprint: String?
+
+  /**
+   * Default SHA-256 fingerprints used by checkCertificates()
+   * when no fingerprints are provided at runtime.
+   */
+  val fingerprints: List<String>
+
+  /**
+   * Domains or URL prefixes excluded from SSL pinning.
+   *
+   * Any request whose host matches one of these values
+   * MUST bypass SSL pinning checks.
+   */
+  val excludedDomains: List<String>
+
+  // -----------------------------------------------------------------------------
+  // Initialization
+  // -----------------------------------------------------------------------------
+
+  init {
+    val config = plugin.getConfig()
+
+    // Verbose logging flag
+    verboseLogging =
+      config.getBoolean(Keys.VERBOSE_LOGGING, false)
+
+    // Single fingerprint (optional)
+    val fp = config.getString(Keys.FINGERPRINT)
+    fingerprint =
+      if (!fp.isNullOrBlank()) fp else null
+
+    // Multiple fingerprints (optional)
+    fingerprints =
+      config
+        .getArray(Keys.FINGERPRINTS)
+        ?.toList()
+        ?.mapNotNull { it as? String }
+        ?.filter { it.isNotBlank() }
+        ?: emptyList()
+
+    excludedDomains =
+      config
+        .getArray(Keys.EXCLUDED_DOMAINS)
+        ?.toList()
+        ?.mapNotNull { it as? String }
+        ?.filter { it.isNotBlank() }
+        ?: emptyList()
+  }
+}

package/android/src/main/java/io/capkit/settings/error/TLSFingerprintError.kt

@@ -0,0 +1,114 @@
+package io.capkit.tlsfingerprint.error
+
+/**
+ * Native error model for the TLSFingerprint plugin (Android).
+ *
+ * Architectural rules:
+ * - Must NOT reference Capacitor APIs.
+ * - Must NOT reference JavaScript directly.
+ * - Must be throwable from the Implementation (Impl) layer.
+ * - Mapping to JS-facing error codes happens ONLY in the Plugin layer.
+ */
+sealed class TLSFingerprintError(
+  message: String,
+) : Throwable(message) {
+  // -----------------------------------------------------------------------------
+  // Specific Error Types
+  // -----------------------------------------------------------------------------
+
+  /**
+   * Feature or capability is not available due to device or configuration limitations.
+   * Maps to the 'UNAVAILABLE' error code in JavaScript.
+   */
+  class Unavailable(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * The user cancelled an interactive flow.
+   * Maps to the 'CANCELLED' error code in JavaScript.
+   */
+  class Cancelled(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * Required permission was denied or not granted by the user.
+   * Maps to the 'PERMISSION_DENIED' error code in JavaScript.
+   */
+  class PermissionDenied(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * Plugin failed to initialize or perform a required native operation.
+   * Maps to the 'INIT_FAILED' error code in JavaScript.
+   */
+  class InitFailed(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * Invalid or malformed input was provided by the caller.
+   * Maps to the 'INVALID_INPUT' error code in JavaScript.
+   */
+  class InvalidInput(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * Invalid or unsupported input type was provided to the native implementation.
+   * Maps to the 'UNKNOWN_TYPE' error code in JavaScript.
+   */
+  class UnknownType(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * The requested resource does not exist.
+   * Maps to the 'NOT_FOUND' error code in JavaScript.
+   */
+  class NotFound(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * The operation conflicts with the current state.
+   * Maps to the 'CONFLICT' error code in JavaScript.
+   */
+  class Conflict(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * The operation did not complete within the expected time.
+   * Maps to the 'TIMEOUT' error code in JavaScript.
+   */
+  class Timeout(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * Network connectivity or TLS handshake error.
+   * Maps to the 'NETWORK_ERROR' error code in JavaScript.
+   */
+  class NetworkError(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * Invalid or malformed configuration.
+   * Maps to the 'INVALID_INPUT' error code in JavaScript.
+   */
+  class InvalidConfig(
+    message: String,
+  ) : TLSFingerprintError(message)
+
+  /**
+   * SSL/TLS specific error (certificate expired, handshake failure, etc.).
+   * Maps to the 'SSL_ERROR' error code in JavaScript.
+   */
+  class SslError(
+    message: String,
+  ) : TLSFingerprintError(message)
+}

package/android/src/main/java/io/capkit/settings/error/TLSFingerprintErrorMessages.kt

@@ -0,0 +1,27 @@
+package io.capkit.tlsfingerprint.error
+
+/**
+ * Canonical error messages shared across platforms.
+ * These strings must remain byte-identical on iOS and Android.
+ */
+object TLSFingerprintErrorMessages {
+  const val URL_REQUIRED = "url is required"
+  const val INVALID_URL_MUST_BE_HTTPS = "Invalid URL. Must be https."
+  const val INVALID_URL = "Invalid URL."
+  const val NO_FINGERPRINTS_PROVIDED = "No fingerprints provided"
+  const val NO_HOST_FOUND_IN_URL = "No host found in URL"
+  const val INVALID_FINGERPRINT_FORMAT = "Invalid fingerprint format"
+  const val UNSUPPORTED_HOST = "Unsupported host: %s"
+  const val PINNING_FAILED = "Pinning failed"
+  const val EXCLUDED_DOMAIN = "Excluded domain"
+  const val TIMEOUT = "Timeout"
+  const val NETWORK_ERROR = "Network error"
+  const val INTERNAL_ERROR = "Internal error"
+  const val INVALID_CONFIG = "Invalid configuration: %s"
+
+  @JvmStatic
+  fun unsupportedHost(value: String): String = String.format(UNSUPPORTED_HOST, value)
+
+  @JvmStatic
+  fun invalidConfig(value: String): String = String.format(INVALID_CONFIG, value)
+}

package/android/src/main/java/io/capkit/settings/logger/TLSFingerprintLogger.kt

@@ -0,0 +1,85 @@
+package io.capkit.tlsfingerprint.logger
+
+import android.util.Log
+
+/**
+ * Centralized logging utility for the TLSFingerprint plugin.
+ *
+ * This logging provides a single entry point for all native logs
+ * and supports runtime-controlled verbose logging.
+ *
+ * The goal is to avoid scattering `if (verbose)` checks across
+ * business logic and keep logging behavior consistent.
+ */
+object TLSFingerprintLogger {
+  /**
+   * Logcat tag used for all plugin logs.
+   * Helps filtering logs during debugging.
+   */
+  private const val TAG = "⚡️ TLSFingerprint"
+
+  /**
+   * Controls whether debug logs are printed.
+   *
+   * This flag should be set once during plugin initialization
+   * based on configuration values.
+   */
+  var verbose: Boolean = false
+
+  /**
+   * Prints a debug / verbose log message.
+   *
+   * This method should be used for development-time diagnostics
+   * and is automatically silenced when [verbose] is false.
+   *
+   * @param messages One or more message fragments to be concatenated.
+   */
+  fun debug(vararg messages: String) {
+    if (verbose) {
+      log(TAG, Log.DEBUG, *messages)
+    }
+  }
+
+  /**
+   * Prints an error log message.
+   *
+   * Error logs are always printed regardless of [verbose] state.
+   *
+   * @param message Human-readable error description.
+   * @param e Optional exception for stack trace logging.
+   */
+  fun error(
+    message: String,
+    e: Throwable? = null,
+  ) {
+    val sb = StringBuilder(message)
+    if (e != null) {
+      sb.append(" | Error: ").append(e.message)
+    }
+    Log.e(TAG, sb.toString(), e)
+  }
+
+  /**
+   * Internal low-level log dispatcher.
+   *
+   * Joins message fragments and forwards them to Android's Log API
+   * using the specified priority.
+   */
+  fun log(
+    tag: String,
+    level: Int,
+    vararg messages: String,
+  ) {
+    val sb = StringBuilder()
+    for (msg in messages) {
+      sb.append(msg).append(" ")
+    }
+    when (level) {
+      Log.DEBUG -> Log.d(tag, sb.toString())
+      Log.INFO -> Log.i(tag, sb.toString())
+      Log.WARN -> Log.w(tag, sb.toString())
+      Log.ERROR -> Log.e(tag, sb.toString())
+      else -> Log.v(tag, sb.toString())
+    }
+  }
+}

package/android/src/main/java/io/capkit/settings/model/TLSFingerprintResultModel.kt

@@ -0,0 +1,32 @@
+package io.capkit.tlsfingerprint.model
+
+/**
+ * Canonical, nominal result model for TLS fingerprint validation operations on Android.
+ * This data class is exchanged between the native implementation (TLSFingerprintImpl)
+ * and the bridge (TLSFingerprintPlugin) and serialized to JavaScript via a JSObject.
+ *
+ * Fields mirror the public JS payload:
+ * - actualFingerprint: server fingerprint used for matching
+ * - fingerprintMatched: whether the fingerprint check succeeded (true) or not (false)
+ * - matchedFingerprint: the fingerprint that matched (only present for fingerprint mode)
+ * - excludedDomain: indicates an excluded-domain bypass (true when applicable)
+ * - mode: active mode: "fingerprint" | "excluded"
+ * - error: human-readable error (empty on success/match)
+ * - errorCode: canonical error code string (empty on success)
+ */
+data class TLSFingerprintResultModel(
+  /** Actual server fingerprint used for matching (if available). */
+  val actualFingerprint: String?,
+  /** Indicates whether the fingerprint check succeeded or not. */
+  val fingerprintMatched: Boolean,
+  /** The fingerprint that matched (if fingerprint mode). */
+  val matchedFingerprint: String? = null,
+  /** Whether the host is excluded and pinning bypass uses system trust. */
+  val excludedDomain: Boolean? = null,
+  /** Active mode: "fingerprint" | "excluded". */
+  val mode: String? = null,
+  /** Human-readable error description, if any. */
+  val error: String? = null,
+  /** Canonical error code for JS consumption. */
+  val errorCode: String? = null,
+)

package/android/src/main/java/io/capkit/settings/utils/TLSFingerprintUtils.kt

@@ -0,0 +1,91 @@
+package io.capkit.tlsfingerprint.utils
+
+import java.net.URL
+import java.security.MessageDigest
+import java.security.cert.Certificate
+
+/**
+ * Utility helpers for SSL pinning logic (Android).
+ *
+ * Pure utilities:
+ * - No Capacitor dependency
+ * - No side effects
+ * - Fully testable
+ */
+object TLSFingerprintUtils {
+  /**
+   * Validates and returns a HTTPS URL.
+   *
+   * Non-HTTPS URLs are explicitly rejected
+   * to prevent insecure usage.
+   */
+  fun httpsUrl(value: String): URL? =
+    try {
+      val url = URL(value)
+      if (url.protocol == "https") url else null
+    } catch (_: Exception) {
+      null
+    }
+
+  /**
+   * Normalizes a fingerprint string by:
+   * - Removing colon separators
+   * - Removing all whitespace
+   * - Converting to lowercase
+   *
+   * Example:
+   * "AA:BB:CC" → "aabbcc"
+   * "AA BB CC" → "aabbcc"
+   */
+  fun normalizeFingerprint(value: String): String =
+    value
+      .replace(":", "")
+      .replace(" ", "")
+      .lowercase()
+
+  /**
+   * Validates that a fingerprint string is a valid SHA-256 hex format.
+   *
+   * Valid fingerprint:
+   * - Exactly 64 hexadecimal characters (after normalization)
+   * - Contains only [a-f0-9]
+   */
+  fun isValidFingerprintFormat(value: String): Boolean {
+    val normalized = normalizeFingerprint(value)
+    return normalized.length == 64 && normalized.matches(Regex("^[a-f0-9]+$"))
+  }
+
+  /**
+   * Validates a fingerprint and returns an error message if invalid, or null if valid.
+   */
+  fun validateFingerprint(value: String): String? {
+    if (value.isBlank()) {
+      return "Fingerprint cannot be blank"
+    }
+    val normalized = normalizeFingerprint(value)
+    if (normalized.length != 64) {
+      return "Invalid fingerprint: must be 64 hex characters"
+    }
+    if (!normalized.matches(Regex("^[a-f0-9]+$"))) {
+      return "Invalid fingerprint: must contain only hex characters [a-f0-9]"
+    }
+    return null
+  }
+
+  /**
+   * Computes the SHA-256 fingerprint of an X.509 certificate.
+   *
+   * Output format:
+   * "aa:bb:cc:dd:..."
+   */
+  fun sha256Fingerprint(cert: Certificate): String {
+    val digest =
+      MessageDigest
+        .getInstance("SHA-256")
+        .digest(cert.encoded)
+
+    return digest.joinToString(separator = ":") {
+      "%02x".format(it)
+    }
+  }
+}

package/dist/cli/fingerprint.js

@@ -0,0 +1,163 @@
+#!/usr/bin/env node
+import crypto from 'crypto';
+import fs from 'fs/promises';
+import https from 'https';
+import { createRequire } from 'module';
+import yargs from 'yargs';
+import { hideBin } from 'yargs/helpers';
+
+const require$1 = createRequire(import.meta.url);
+const pkg = require$1('../../package.json');
+async function getCertificate(domain, insecure) {
+    return new Promise((resolve, reject) => {
+        const options = {
+            host: domain,
+            port: 443,
+            method: 'GET',
+            rejectUnauthorized: !insecure,
+        };
+        const req = https.request(options, (res) => {
+            var _a, _b, _c;
+            const socket = res.socket;
+            const cert = (_a = socket === null || socket === void 0 ? void 0 : socket.getPeerCertificate) === null || _a === void 0 ? void 0 : _a.call(socket, true);
+            if (!(cert === null || cert === void 0 ? void 0 : cert.raw)) {
+                reject(new Error('Unable to retrieve peer certificate'));
+                return;
+            }
+            const fingerprint = crypto
+                .createHash('sha256')
+                .update(cert.raw)
+                .digest('hex')
+                .match(/.{2}/g)
+                .join(':')
+                .toUpperCase();
+            resolve({
+                domain,
+                subject: (_b = cert.subject) !== null && _b !== void 0 ? _b : {},
+                issuer: (_c = cert.issuer) !== null && _c !== void 0 ? _c : {},
+                validFrom: cert.valid_from,
+                validTo: cert.valid_to,
+                fingerprint,
+            });
+        });
+        req.on('error', reject);
+        req.end();
+    });
+}
+function formatOutput(results, mode, format) {
+    const fingerprints = results.map((r) => r.fingerprint);
+    switch (format) {
+        case 'fingerprints':
+            return `export const fingerprints = ${JSON.stringify(fingerprints, null, 2)};`;
+        case 'capacitor': {
+            if (mode === 'single') {
+                return `plugins: {
+  TLSFingerprint: {
+    fingerprint: "${fingerprints[0]}"
+  }
+}`;
+            }
+            return `plugins: {
+  TLSFingerprint: {
+    fingerprints: ${JSON.stringify(fingerprints, null, 4)}
+  }
+}`;
+        }
+        case 'capacitor-plugin': {
+            if (mode === 'single') {
+                return `TLSFingerprint: {
+  fingerprint: "${fingerprints[0]}"
+}`;
+            }
+            return `TLSFingerprint: {
+  fingerprints: ${JSON.stringify(fingerprints, null, 4)}
+}`;
+        }
+        case 'capacitor-json': {
+            if (mode === 'single') {
+                return JSON.stringify({
+                    plugins: {
+                        TLSFingerprint: {
+                            fingerprint: fingerprints[0],
+                        },
+                    },
+                }, null, 2);
+            }
+            return JSON.stringify({
+                plugins: {
+                    TLSFingerprint: {
+                        fingerprints,
+                    },
+                },
+            }, null, 2);
+        }
+        case 'json':
+        default:
+            return JSON.stringify(results, null, 2);
+    }
+}
+async function main() {
+    var _a, _b, _c;
+    const argv = await yargs(hideBin(process.argv))
+        .usage('Usage: $0 <domains...> [options]')
+        .version(pkg.version)
+        .option('out', {
+        alias: 'o',
+        type: 'string',
+        description: 'Output file path',
+    })
+        .option('format', {
+        alias: 'f',
+        type: 'string',
+        choices: ['json', 'fingerprints', 'capacitor', 'capacitor-plugin', 'capacitor-json'],
+        default: 'json',
+        description: 'Output format',
+    })
+        .option('mode', {
+        type: 'string',
+        choices: ['single', 'multi'],
+        default: 'single',
+        description: 'Fingerprint mode (single or multi)',
+    })
+        .option('insecure', {
+        type: 'boolean',
+        default: true,
+        description: 'Allow insecure TLS connections (disables certificate validation)',
+    })
+        .demandCommand(1, 'At least one domain is required')
+        .help().argv;
+    const domains = argv._;
+    const results = [];
+    console.log('Fetching certificates...\n');
+    for (const domain of domains) {
+        try {
+            const certInfo = await getCertificate(domain, argv.insecure);
+            results.push(certInfo);
+            console.log(`Domain: ${certInfo.domain}`);
+            console.log(`Subject: ${(_a = certInfo.subject.CN) !== null && _a !== void 0 ? _a : '-'}`);
+            console.log(`Issuer: ${(_b = certInfo.issuer.CN) !== null && _b !== void 0 ? _b : '-'}`);
+            console.log(`Valid From: ${certInfo.validFrom}`);
+            console.log(`Valid To: ${certInfo.validTo}`);
+            console.log(`SHA256 Fingerprint: ${certInfo.fingerprint}`);
+            console.log('-------------------\n');
+        }
+        catch (err) {
+            console.error(`Error fetching cert for ${domain}: ${(_c = err === null || err === void 0 ? void 0 : err.message) !== null && _c !== void 0 ? _c : err}`);
+            console.log('-------------------\n');
+        }
+    }
+    const output = formatOutput(results, argv.mode, argv.format);
+    if (argv.out) {
+        await fs.writeFile(argv.out, output);
+        console.log(`Results written to ${argv.out}`);
+    }
+    else {
+        console.log(output);
+    }
+    process.exit(0);
+}
+main().catch((err) => {
+    console.error(err);
+    process.exit(1);
+});
+//# sourceMappingURL=fingerprint.js.map

package/dist/cli/fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fingerprint.js","sources":["../esm/cli/fingerprint.js"],"sourcesContent":["import crypto from 'crypto';\nimport fs from 'fs/promises';\nimport https from 'https';\nimport { createRequire } from 'module';\nimport yargs from 'yargs';\nimport { hideBin } from 'yargs/helpers';\nconst require = createRequire(import.meta.url);\nconst pkg = require('../../package.json');\nasync function getCertificate(domain, insecure) {\n    return new Promise((resolve, reject) => {\n        const options = {\n            host: domain,\n            port: 443,\n            method: 'GET',\n            rejectUnauthorized: !insecure,\n        };\n        const req = https.request(options, (res) => {\n            var _a, _b, _c;\n            const socket = res.socket;\n            const cert = (_a = socket === null || socket === void 0 ? void 0 : socket.getPeerCertificate) === null || _a === void 0 ? void 0 : _a.call(socket, true);\n            if (!(cert === null || cert === void 0 ? void 0 : cert.raw)) {\n                reject(new Error('Unable to retrieve peer certificate'));\n                return;\n            }\n            const fingerprint = crypto\n                .createHash('sha256')\n                .update(cert.raw)\n                .digest('hex')\n                .match(/.{2}/g)\n                .join(':')\n                .toUpperCase();\n            resolve({\n                domain,\n                subject: (_b = cert.subject) !== null && _b !== void 0 ? _b : {},\n                issuer: (_c = cert.issuer) !== null && _c !== void 0 ? _c : {},\n                validFrom: cert.valid_from,\n                validTo: cert.valid_to,\n                fingerprint,\n            });\n        });\n        req.on('error', reject);\n        req.end();\n    });\n}\nfunction formatOutput(results, mode, format) {\n    const fingerprints = results.map((r) => r.fingerprint);\n    switch (format) {\n        case 'fingerprints':\n            return `export const fingerprints = ${JSON.stringify(fingerprints, null, 2)};`;\n        case 'capacitor': {\n            if (mode === 'single') {\n                return `plugins: {\n  TLSFingerprint: {\n    fingerprint: \"${fingerprints[0]}\"\n  }\n}`;\n            }\n            return `plugins: {\n  TLSFingerprint: {\n    fingerprints: ${JSON.stringify(fingerprints, null, 4)}\n  }\n}`;\n        }\n        case 'capacitor-plugin': {\n            if (mode === 'single') {\n                return `TLSFingerprint: {\n  fingerprint: \"${fingerprints[0]}\"\n}`;\n            }\n            return `TLSFingerprint: {\n  fingerprints: ${JSON.stringify(fingerprints, null, 4)}\n}`;\n        }\n        case 'capacitor-json': {\n            if (mode === 'single') {\n                return JSON.stringify({\n                    plugins: {\n                        TLSFingerprint: {\n                            fingerprint: fingerprints[0],\n                        },\n                    },\n                }, null, 2);\n            }\n            return JSON.stringify({\n                plugins: {\n                    TLSFingerprint: {\n                        fingerprints,\n                    },\n                },\n            }, null, 2);\n        }\n        case 'json':\n        default:\n            return JSON.stringify(results, null, 2);\n    }\n}\nasync function main() {\n    var _a, _b, _c;\n    const argv = await yargs(hideBin(process.argv))\n        .usage('Usage: $0 <domains...> [options]')\n        .version(pkg.version)\n        .option('out', {\n        alias: 'o',\n        type: 'string',\n        description: 'Output file path',\n    })\n        .option('format', {\n        alias: 'f',\n        type: 'string',\n        choices: ['json', 'fingerprints', 'capacitor', 'capacitor-plugin', 'capacitor-json'],\n        default: 'json',\n        description: 'Output format',\n    })\n        .option('mode', {\n        type: 'string',\n        choices: ['single', 'multi'],\n        default: 'single',\n        description: 'Fingerprint mode (single or multi)',\n    })\n        .option('insecure', {\n        type: 'boolean',\n        default: true,\n        description: 'Allow insecure TLS connections (disables certificate validation)',\n    })\n        .demandCommand(1, 'At least one domain is required')\n        .help().argv;\n    const domains = argv._;\n    const results = [];\n    console.log('Fetching certificates...\\n');\n    for (const domain of domains) {\n        try {\n            const certInfo = await getCertificate(domain, argv.insecure);\n            results.push(certInfo);\n            console.log(`Domain: ${certInfo.domain}`);\n            console.log(`Subject: ${(_a = certInfo.subject.CN) !== null && _a !== void 0 ? _a : '-'}`);\n            console.log(`Issuer: ${(_b = certInfo.issuer.CN) !== null && _b !== void 0 ? _b : '-'}`);\n            console.log(`Valid From: ${certInfo.validFrom}`);\n            console.log(`Valid To: ${certInfo.validTo}`);\n            console.log(`SHA256 Fingerprint: ${certInfo.fingerprint}`);\n            console.log('-------------------\\n');\n        }\n        catch (err) {\n            console.error(`Error fetching cert for ${domain}: ${(_c = err === null || err === void 0 ? void 0 : err.message) !== null && _c !== void 0 ? _c : err}`);\n            console.log('-------------------\\n');\n        }\n    }\n    const output = formatOutput(results, argv.mode, argv.format);\n    if (argv.out) {\n        await fs.writeFile(argv.out, output);\n        console.log(`Results written to ${argv.out}`);\n    }\n    else {\n        console.log(output);\n    }\n    process.exit(0);\n}\nmain().catch((err) => {\n    console.error(err);\n    process.exit(1);\n});\n//# sourceMappingURL=fingerprint.js.map"],"names":["require"],"mappings":";;;;;;;;AAMA,MAAMA,SAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;AAC9C,MAAM,GAAG,GAAGA,SAAO,CAAC,oBAAoB,CAAC;AACzC,eAAe,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE;AAChD,IAAI,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,KAAK;AAC5C,QAAQ,MAAM,OAAO,GAAG;AACxB,YAAY,IAAI,EAAE,MAAM;AACxB,YAAY,IAAI,EAAE,GAAG;AACrB,YAAY,MAAM,EAAE,KAAK;AACzB,YAAY,kBAAkB,EAAE,CAAC,QAAQ;AACzC,SAAS;AACT,QAAQ,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,GAAG,KAAK;AACpD,YAAY,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;AAC1B,YAAY,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM;AACrC,YAAY,MAAM,IAAI,GAAG,CAAC,EAAE,GAAG,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC,kBAAkB,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACpK,YAAY,IAAI,EAAE,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE;AACzE,gBAAgB,MAAM,CAAC,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;AACxE,gBAAgB;AAChB,YAAY;AACZ,YAAY,MAAM,WAAW,GAAG;AAChC,iBAAiB,UAAU,CAAC,QAAQ;AACpC,iBAAiB,MAAM,CAAC,IAAI,CAAC,GAAG;AAChC,iBAAiB,MAAM,CAAC,KAAK;AAC7B,iBAAiB,KAAK,CAAC,OAAO;AAC9B,iBAAiB,IAAI,CAAC,GAAG;AACzB,iBAAiB,WAAW,EAAE;AAC9B,YAAY,OAAO,CAAC;AACpB,gBAAgB,MAAM;AACtB,gBAAgB,OAAO,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,EAAE,GAAG,EAAE;AAChF,gBAAgB,MAAM,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,EAAE,GAAG,EAAE;AAC9E,gBAAgB,SAAS,EAAE,IAAI,CAAC,UAAU;AAC1C,gBAAgB,OAAO,EAAE,IAAI,CAAC,QAAQ;AACtC,gBAAgB,WAAW;AAC3B,aAAa,CAAC;AACd,QAAQ,CAAC,CAAC;AACV,QAAQ,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;AAC/B,QAAQ,GAAG,CAAC,GAAG,EAAE;AACjB,IAAI,CAAC,CAAC;AACN;AACA,SAAS,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE;AAC7C,IAAI,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC;AAC1D,IAAI,QAAQ,MAAM;AAClB,QAAQ,KAAK,cAAc;AAC3B,YAAY,OAAO,CAAC,4BAA4B,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1F,QAAQ,KAAK,WAAW,EAAE;AAC1B,YAAY,IAAI,IAAI,KAAK,QAAQ,EAAE;AACnC,gBAAgB,OAAO,CAAC;AACxB;AACA,kBAAkB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;AACpC;AACA,CAAC,CAAC;AACF,YAAY;AACZ,YAAY,OAAO,CAAC;AACpB;AACA,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;AACzD;AACA,CAAC,CAAC;AACF,QAAQ;AACR,QAAQ,KAAK,kBAAkB,EAAE;AACjC,YAAY,IAAI,IAAI,KAAK,QAAQ,EAAE;AACnC,gBAAgB,OAAO,CAAC;AACxB,gBAAgB,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;AAClC,CAAC,CAAC;AACF,YAAY;AACZ,YAAY,OAAO,CAAC;AACpB,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC;AACF,QAAQ;AACR,QAAQ,KAAK,gBAAgB,EAAE;AAC/B,YAAY,IAAI,IAAI,KAAK,QAAQ,EAAE;AACnC,gBAAgB,OAAO,IAAI,CAAC,SAAS,CAAC;AACtC,oBAAoB,OAAO,EAAE;AAC7B,wBAAwB,cAAc,EAAE;AACxC,4BAA4B,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;AACxD,yBAAyB;AACzB,qBAAqB;AACrB,iBAAiB,EAAE,IAAI,EAAE,CAAC,CAAC;AAC3B,YAAY;AACZ,YAAY,OAAO,IAAI,CAAC,SAAS,CAAC;AAClC,gBAAgB,OAAO,EAAE;AACzB,oBAAoB,cAAc,EAAE;AACpC,wBAAwB,YAAY;AACpC,qBAAqB;AACrB,iBAAiB;AACjB,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACvB,QAAQ;AACR,QAAQ,KAAK,MAAM;AACnB,QAAQ;AACR,YAAY,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;AACnD;AACA;AACA,eAAe,IAAI,GAAG;AACtB,IAAI,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;AAClB,IAAI,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;AAClD,SAAS,KAAK,CAAC,kCAAkC;AACjD,SAAS,OAAO,CAAC,GAAG,CAAC,OAAO;AAC5B,SAAS,MAAM,CAAC,KAAK,EAAE;AACvB,QAAQ,KAAK,EAAE,GAAG;AAClB,QAAQ,IAAI,EAAE,QAAQ;AACtB,QAAQ,WAAW,EAAE,kBAAkB;AACvC,KAAK;AACL,SAAS,MAAM,CAAC,QAAQ,EAAE;AAC1B,QAAQ,KAAK,EAAE,GAAG;AAClB,QAAQ,IAAI,EAAE,QAAQ;AACtB,QAAQ,OAAO,EAAE,CAAC,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,kBAAkB,EAAE,gBAAgB,CAAC;AAC5F,QAAQ,OAAO,EAAE,MAAM;AACvB,QAAQ,WAAW,EAAE,eAAe;AACpC,KAAK;AACL,SAAS,MAAM,CAAC,MAAM,EAAE;AACxB,QAAQ,IAAI,EAAE,QAAQ;AACtB,QAAQ,OAAO,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC;AACpC,QAAQ,OAAO,EAAE,QAAQ;AACzB,QAAQ,WAAW,EAAE,oCAAoC;AACzD,KAAK;AACL,SAAS,MAAM,CAAC,UAAU,EAAE;AAC5B,QAAQ,IAAI,EAAE,SAAS;AACvB,QAAQ,OAAO,EAAE,IAAI;AACrB,QAAQ,WAAW,EAAE,kEAAkE;AACvF,KAAK;AACL,SAAS,aAAa,CAAC,CAAC,EAAE,iCAAiC;AAC3D,SAAS,IAAI,EAAE,CAAC,IAAI;AACpB,IAAI,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC;AAC1B,IAAI,MAAM,OAAO,GAAG,EAAE;AACtB,IAAI,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;AAC7C,IAAI,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;AAClC,QAAQ,IAAI;AACZ,YAAY,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC;AACxE,YAAY,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;AAClC,YAAY,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AACrD,YAAY,OAAO,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,CAAC,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;AACtG,YAAY,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,EAAE,GAAG,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;AACpG,YAAY,OAAO,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;AAC5D,YAAY,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AACxD,YAAY,OAAO,CAAC,GAAG,CAAC,CAAC,oBAAoB,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;AACtE,YAAY,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAChD,QAAQ;AACR,QAAQ,OAAO,GAAG,EAAE;AACpB,YAAY,OAAO,CAAC,KAAK,CAAC,CAAC,wBAAwB,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,MAAM,GAAG,MAAM,GAAG,GAAG,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;AACpK,YAAY,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAChD,QAAQ;AACR,IAAI;AACJ,IAAI,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC;AAChE,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE;AAClB,QAAQ,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC;AAC5C,QAAQ,OAAO,CAAC,GAAG,CAAC,CAAC,mBAAmB,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACrD,IAAI;AACJ,SAAS;AACT,QAAQ,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC;AAC3B,IAAI;AACJ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AACnB;AACA,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK;AACtB,IAAI,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;AACtB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AACnB,CAAC,CAAC"}