@cap-kit/tls-fingerprint 8.0.0

package/ios/Sources/TLSFingerprintPlugin/utils/TLSFingerprintUtils.swift

@@ -0,0 +1,79 @@
+import Foundation
+import Security
+import CommonCrypto
+
+struct TLSFingerprintUtils {
+    // MARK: - URL Helpers
+
+    static func httpsURL(from urlString: String) -> URL? {
+        guard let url = URL(string: urlString), url.scheme?.lowercased() == "https" else {
+            return nil
+        }
+        return url
+    }
+
+    // MARK: - Fingerprint Normalization
+
+    /**
+     Normalizes a fingerprint string by:
+     - Removing colon separators
+     - Removing all whitespace
+     - Converting to lowercase
+
+     Example:
+     "AA:BB:CC" → "aabbcc"
+     "AA BB CC" → "aabbcc"
+     */
+    static func normalizeFingerprint(_ fingerprint: String) -> String {
+        fingerprint
+            .replacingOccurrences(of: ":", with: "")
+            .replacingOccurrences(of: " ", with: "")
+            .lowercased()
+    }
+
+    /**
+     Validates that a fingerprint string is a valid SHA-256 hex format.
+
+     Valid fingerprint:
+     - Exactly 64 hexadecimal characters (after normalization)
+     - Contains only [a-f0-9]
+     */
+    static func isValidFingerprintFormat(_ fingerprint: String) -> Bool {
+        let normalized = normalizeFingerprint(fingerprint)
+        return normalized.count == 64 && normalized.allSatisfy { $0.isHexDigit }
+    }
+
+    /**
+     Validates a fingerprint and returns an error message if invalid, or nil if valid.
+     */
+    static func validateFingerprint(_ fingerprint: String) -> String? {
+        let trimmed = fingerprint.trimmingCharacters(in: .whitespacesAndNewlines)
+        if trimmed.isEmpty {
+            return "Fingerprint cannot be blank"
+        }
+        let normalized = normalizeFingerprint(fingerprint)
+        if normalized.count != 64 {
+            return "Invalid fingerprint: must be 64 hex characters"
+        }
+        if !normalized.allSatisfy({ $0.isHexDigit }) {
+            return "Invalid fingerprint: must contain only hex characters [a-f0-9]"
+        }
+        return nil
+    }
+
+    // MARK: - Certificate Helpers
+
+    static func sha256Fingerprint(from certificate: SecCertificate) -> String {
+        let certData = SecCertificateCopyData(certificate) as Data
+        var hash = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
+        certData.withUnsafeBytes { bytes in
+            _ = CC_SHA256(bytes.baseAddress, CC_LONG(certData.count), &hash)
+        }
+        return hash.map { String(format: "%02x", $0) }.joined()
+    }
+
+    static func leafCertificate(from trust: SecTrust) -> SecCertificate? {
+        guard SecTrustGetCertificateCount(trust) > 0 else { return nil }
+        return SecTrustGetCertificateAtIndex(trust, 0)
+    }
+}

package/ios/Tests/TLSFingerprintPluginTests/TLSFingerprintPluginTests.swift

@@ -0,0 +1,15 @@
+import XCTest
+@testable import TLSFingerprint
+
+/**
+ Basic functional tests for the TLSFingerprint plugin native implementation.
+
+ These tests validate the core behavior of the implementation
+ independently from the Capacitor bridge.
+ */
+class TLSFingerprintPluginTests: XCTestCase {
+    func testInstantiation() {
+        let implementation = TLSFingerprintImpl()
+        XCTAssertTrue(true)
+    }
+}

package/package.json

@@ -0,0 +1,131 @@
+{
+  "name": "@cap-kit/tls-fingerprint",
+  "version": "8.0.0",
+  "description": "Runtime TLS leaf certificate SHA-256 fingerprint validation plugin for Capacitor (iOS & Android)",
+  "type": "module",
+  "private": false,
+  "sideEffects": false,
+  "engines": {
+    "node": ">=24.0.0",
+    "pnpm": ">=10.0.0"
+  },
+  "main": "dist/plugin.cjs",
+  "module": "dist/esm/index.js",
+  "types": "dist/esm/index.d.ts",
+  "unpkg": "dist/plugin.js",
+  "exports": {
+    ".": {
+      "types": "./dist/esm/index.d.ts",
+      "import": "./dist/esm/index.js",
+      "require": "./dist/plugin.cjs"
+    },
+    "./package.json": "./package.json"
+  },
+  "files": [
+    "android/src/main/",
+    "android/build.gradle",
+    "dist/",
+    "ios/Sources",
+    "ios/Tests",
+    "Package.swift",
+    "CapKitTlsFingerprint.podspec",
+    "LICENSE",
+    "README.md",
+    "bin/",
+    "scripts/"
+  ],
+  "author": "CapKit Team",
+  "funding": {
+    "type": "github",
+    "url": "https://github.com/sponsors/cap-kit"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/cap-kit/capacitor-plugins.git",
+    "directory": "packages/tls-fingerprint"
+  },
+  "bugs": {
+    "url": "https://github.com/cap-kit/capacitor-plugins/issues"
+  },
+  "homepage": "https://github.com/cap-kit/capacitor-plugins/tree/main/packages/tls-fingerprint#readme",
+  "keywords": [
+    "capacitor",
+    "capacitor-plugin",
+    "mobile",
+    "native",
+    "cap-kit",
+    "ios",
+    "android",
+    "tls",
+    "https",
+    "certificate",
+    "certificate-fingerprint",
+    "tls-fingerprint",
+    "sha256",
+    "leaf-certificate",
+    "security"
+  ],
+  "bin": {
+    "cap-kit-tls-fingerprint": "./dist/cli/fingerprint.js"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "yargs": "^18.0.0"
+  },
+  "devDependencies": {
+    "@capacitor/android": "^8.1.0",
+    "@capacitor/cli": "^8.1.0",
+    "@capacitor/core": "^8.1.0",
+    "@capacitor/docgen": "^0.3.1",
+    "@capacitor/ios": "^8.1.0",
+    "@eslint/eslintrc": "^3.3.3",
+    "@eslint/js": "^9.39.2",
+    "eslint": "^9.39.2",
+    "eslint-plugin-import": "^2.32.0",
+    "@types/node": "^25.3.0",
+    "@types/yargs": "^17.0.35",
+    "globals": "^17.3.0",
+    "prettier": "^3.8.1",
+    "prettier-plugin-java": "^2.8.1",
+    "rimraf": "^6.1.3",
+    "rollup": "^4.57.1",
+    "swiftlint": "^2.0.0",
+    "typescript": "~5.9.3",
+    "typescript-eslint": "^8.56.0"
+  },
+  "peerDependencies": {
+    "@capacitor/core": "^8.1.0"
+  },
+  "capacitor": {
+    "ios": {
+      "src": "ios"
+    },
+    "android": {
+      "src": "android"
+    }
+  },
+  "scripts": {
+    "verify": "pnpm run verify:ios && pnpm run verify:android && pnpm run verify:web",
+    "verify:ios": "node ./scripts/sync-version.mjs && xcodebuild -scheme CapKitTlsFingerprint -destination generic/platform=iOS",
+    "verify:android": "cd android && ./gradlew clean build && cd ..",
+    "verify:web": "pnpm run build",
+    "lint:android": "cd android && ./gradlew ktlintCheck",
+    "fmt:android": "cd android && ./gradlew ktlintFormat",
+    "lint": "pnpm run eslint . && pnpm run swiftlint lint --strict || true && pnpm run lint:android || true",
+    "format:check": "prettier --check \"**/*.{css,html,ts,js,java}\" --plugin=prettier-plugin-java",
+    "format": "eslint --fix . && prettier --write \"**/*.{css,html,ts,js,java}\" --plugin=prettier-plugin-java && pnpm run swiftlint --fix --format && pnpm run fmt:android",
+    "eslint": "eslint",
+    "prettier": "prettier \"**/*.{css,html,ts,js,java}\" --plugin=prettier-plugin-java",
+    "swiftlint": "node-swiftlint lint ios/Sources",
+    "docgen": "docgen --api TLSFingerprintPlugin --output-readme README.md --output-json dist/docs.json",
+    "build": "node ./scripts/sync-version.mjs && pnpm run clean && pnpm run docgen && tsc && rollup -c rollup.config.mjs && node scripts/chmod.mjs",
+    "clean": "rimraf ./dist",
+    "watch": "tsc --watch",
+    "test": "pnpm run verify",
+    "removePacked": "rimraf -g cap-kit-tls-fingerprint-*.tgz",
+    "publish:locally": "pnpm run removePacked && pnpm run build && pnpm pack"
+  }
+}

package/scripts/chmod.mjs

@@ -0,0 +1,34 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+// Reconstruct __dirname, which does not exist in ESM
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// Correct path to the compiled CLI
+const cliPath = path.resolve(__dirname, '../dist/cli/fingerprint.js');
+
+try {
+  if (fs.existsSync(cliPath)) {
+    // 1. Read the file contents
+    let content = fs.readFileSync(cliPath, 'utf8');
+
+    // 2. Add shebang if missing
+    if (!content.startsWith('#!/usr/bin/env node')) {
+      content = '#!/usr/bin/env node\n' + content;
+      fs.writeFileSync(cliPath, content);
+      console.log('✅ Shebang added to CLI.');
+    }
+
+    // 3. Make the file executable
+    fs.chmodSync(cliPath, '755');
+    console.log('✅ CLI permissions set to 755.');
+  } else {
+    console.error(`❌ CLI file not found at: ${cliPath}`);
+    // Do not fail the build if the file does not exist yet, just warn
+  }
+} catch (err) {
+  console.error('❌ Error setting permissions:', err);
+  process.exit(1);
+}

package/scripts/sync-version.mjs

@@ -0,0 +1,68 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+// 1. Setup __dirname equivalent for ES Modules
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+// 2. Load the plugin's package.json
+const pkgPath = path.join(__dirname, '../package.json');
+const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+
+// 3. Automatically find the iOS source directory
+// Capacitor standard structure: ios/Sources/<PluginName>
+const sourcesDir = path.join(__dirname, '../ios/Sources');
+
+if (!fs.existsSync(sourcesDir)) {
+  console.warn('⚠️  [CapKit] ios/Sources directory not found. Skipping Version.swift generation.');
+  process.exit(0);
+}
+
+const pluginFolderName = fs.readdirSync(sourcesDir).find((f) => fs.statSync(path.join(sourcesDir, f)).isDirectory());
+
+if (!pluginFolderName) {
+  console.error('❌ [CapKit] Could not find a source directory in ios/Sources');
+  process.exit(1);
+}
+
+const versionFilePath = path.join(sourcesDir, pluginFolderName, 'Version.swift');
+const webVersionFilePath = path.join(__dirname, '../src/version.ts');
+
+const content = `// This file is automatically generated. Do not modify manually.
+import Foundation
+
+/**
+  Container for the plugin's version information.
+  This enum provides a centralized, single source of truth for the native 
+  version string, synchronized directly from the project's 'package.json'.
+  It ensures parity across JavaScript, Android, and iOS platforms.
+ */
+public enum PluginVersion {
+    /**
+      The semantic version string of the plugin.
+      Value synchronized from package.json: "${pkg.version}"
+     */
+    public static let number = "${pkg.version}"
+}
+`;
+
+try {
+  fs.writeFileSync(versionFilePath, content);
+  console.log(`✅ [CapKit] Version.swift updated to v${pkg.version} in ${pluginFolderName}`);
+} catch (err) {
+  console.error('❌ [CapKit] Error generating Version.swift:', err);
+  process.exit(1);
+}
+
+const webVersionContent = `// This file is automatically generated. Do not modify manually.
+export const PLUGIN_VERSION = '${pkg.version}';
+`;
+
+try {
+  fs.writeFileSync(webVersionFilePath, webVersionContent);
+  console.log(`✅ [CapKit] src/version.ts updated to v${pkg.version}`);
+} catch (err) {
+  console.error('❌ [CapKit] Error generating src/version.ts:', err);
+  process.exit(1);
+}