@jsenv/https-local 1.0.11 → 2.1.0

package/README.md

@@ -67,13 +67,12 @@ node ./install_certificate_authority.mjs
 import { createServer } from "node:https"
 import { requestCertificateForLocalhost } from "@jsenv/https-local"
 
-const { serverCertificate, serverCertificatePrivateKey } =
-  await requestCertificateForLocalhost()
+const { certificate, privateKey } = requestCertificateForLocalhost()
 
 const server = createServer(
   {
-    cert: serverCertificate,
-    key: serverCertificatePrivateKey,
+    cert: certificate,
+    key: privateKey,
   },
   (request, response) => {
     const body = "Hello world"
@@ -361,10 +360,9 @@ _requestCertificateForLocalhost_ function returns a certificate and private key
 import { createServer } from "node:https"
 import { requestCertificateForLocalhost } from "@jsenv/https-local"
 
-const { serverCertificate, serverCertificatePrivateKey } =
-  await requestCertificateForLocalhost({
-    serverCertificateAltNames: ["localhost", "local.example"],
-  })
+const { certificate, privateKey } = requestCertificateForLocalhost({
+  altNames: ["localhost", "local.example"],
+})
 ```
 
 [installCertificateAuthority](#installCertificateAuthority) must be called before this function.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jsenv/https-local",
-  "version": "1.0.11",
+  "version": "2.1.0",
   "description": "A programmatic way to generate locally trusted certificates",
   "license": "MIT",
   "author": {
@@ -13,7 +13,8 @@
     "url": "https://github.com/jsenv/https-local"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
   },
   "engines": {
     "node": ">=16.13.0"
@@ -21,14 +22,13 @@
   "type": "module",
   "exports": {
     ".": {
-      "import": "./main.js"
+      "import": "./src/main.js"
     },
     "./*": "./*"
   },
-  "main": "./main.js",
+  "main": "./src/main.js",
   "files": [
-    "/src/",
-    "/main.js"
+    "/src/"
   ],
   "scripts": {
     "eslint": "npx eslint . --ext=.js,.mjs,.cjs",
@@ -48,27 +48,25 @@
     "playwright-install": "npx playwright install-deps && npx playwright install"
   },
   "dependencies": {
-    "@jsenv/eslint-import-resolver": "0.1.7",
-    "@jsenv/filesystem": "3.2.2",
-    "@jsenv/log": "1.6.0",
-    "@jsenv/logger": "4.0.1",
+    "@jsenv/filesystem": "4.1.0",
+    "@jsenv/log": "2.0.1",
+    "@jsenv/urls": "1.2.6",
     "command-exists": "1.2.9",
     "node-forge": "1.3.1",
     "sudo-prompt": "9.2.1",
     "which": "2.0.2"
   },
   "devDependencies": {
-    "@jsenv/assert": "2.5.4",
-    "@jsenv/core": "27.0.0-alpha.61",
+    "@jsenv/assert": "2.6.0",
+    "@jsenv/core": "27.0.0-alpha.92",
     "@jsenv/eslint-config": "16.0.9",
+    "@jsenv/eslint-import-resolver": "0.3.0",
     "@jsenv/github-release-package": "1.4.0",
-    "@jsenv/importmap-eslint-resolver": "5.2.5",
-    "@jsenv/importmap-node-module": "5.1.3",
-    "@jsenv/package-publish": "1.7.4",
-    "@jsenv/performance-impact": "2.2.11",
-    "eslint": "8.16.0",
+    "@jsenv/package-publish": "1.7.5",
+    "@jsenv/performance-impact": "2.3.0",
+    "eslint": "8.18.0",
     "eslint-plugin-import": "2.26.0",
     "playwright": "1.22.2",
-    "prettier": "2.6.2"
+    "prettier": "2.7.1"
   }
-}
+}

package/src/certificate_authority.js

@@ -1,14 +1,13 @@
 import { readFile, writeFile, removeEntry } from "@jsenv/filesystem"
-import { createLogger, createDetailedMessage } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { UNICODE, createLogger, createDetailedMessage } from "@jsenv/log"
 
+import { forge } from "./internal/forge.js"
 import { getAuthorityFileInfos } from "./internal/authority_file_infos.js"
 import { attributeDescriptionFromAttributeArray } from "./internal/certificate_data_converter.js"
 import {
   formatTimeDelta,
   formatDuration,
 } from "./internal/validity_formatting.js"
-import { importNodeForge } from "./internal/forge.js"
 import { createAuthorityRootCertificate } from "./internal/certificate_generator.js"
 import { importPlatformMethods } from "./internal/platform.js"
 import { jsenvParameters } from "./jsenvParameters.js"
@@ -79,7 +78,7 @@ export const installCertificateAuthority = async ({
         serialNumber: 0,
       })
 
-    const { pki } = await importNodeForge()
+    const { pki } = forge
     const rootCertificate = pemAsFileContent(
       pki.certificateToPem(rootCertificateForgeObject),
     )
@@ -173,7 +172,7 @@ export const installCertificateAuthority = async ({
   const rootCertificate = await readFile(rootCertificateFileInfo.path, {
     as: "string",
   })
-  const { pki } = await importNodeForge()
+  const { pki } = forge
   const rootCertificateForgeObject = pki.certificateFromPem(rootCertificate)
 
   logger.info(`Checking certificate validity...`)
@@ -232,13 +231,12 @@ export const installCertificateAuthority = async ({
   const rootCertificatePrivateKeyForgeObject = pki.privateKeyFromPem(
     rootCertificatePrivateKey,
   )
-
   const trustInfo = await platformMethods.executeTrustQuery({
     logger,
     certificateCommonName,
     certificateFileUrl: rootCertificateFileInfo.url,
     certificate: rootCertificate,
-    verb: tryToTrust ? "ADD_TRUST" : "CHECK_TRUST",
+    verb: tryToTrust ? "ENSURE_TRUST" : "CHECK_TRUST",
     NSSDynamicInstall,
   })
 
@@ -323,7 +321,7 @@ export const uninstallCertificateAuthority = async ({
       const rootCertificate = await readFile(rootCertificateFileInfo.url, {
         as: "string",
       })
-      const { pki } = await importNodeForge()
+      const { pki } = forge
       const rootCertificateForgeObject = pki.certificateFromPem(rootCertificate)
       const rootCertificateCommonName = attributeDescriptionFromAttributeArray(
         rootCertificateForgeObject.subject.attributes,

package/src/certificate_for_localhost.js

@@ -1,39 +1,38 @@
-import { readFile, writeFile } from "@jsenv/filesystem"
-import { createLogger, createDetailedMessage } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { readFileSync } from "node:fs"
+import { writeFileSync } from "@jsenv/filesystem"
+import { UNICODE, createLogger, createDetailedMessage } from "@jsenv/log"
 
+import { forge } from "./internal/forge.js"
 import {
   createValidityDurationOfXDays,
   verifyServerCertificateValidityDuration,
 } from "./validity_duration.js"
 import { getAuthorityFileInfos } from "./internal/authority_file_infos.js"
-import { importNodeForge } from "./internal/forge.js"
 import { requestCertificateFromAuthority } from "./internal/certificate_generator.js"
 import { formatDuration } from "./internal/validity_formatting.js"
 
-export const requestCertificateForLocalhost = async ({
+export const requestCertificateForLocalhost = ({
   logLevel,
   logger = createLogger({ logLevel }), // to be able to catch logs during unit tests
 
-  serverCertificateAltNames = ["localhost"],
-  serverCertificateCommonName = "https local server certificate",
-  serverCertificateValidityDurationInMs = createValidityDurationOfXDays(396),
+  altNames = ["localhost"],
+  commonName = "https local server certificate",
+  validityDurationInMs = createValidityDurationOfXDays(396),
 } = {}) => {
-  if (typeof serverCertificateValidityDurationInMs !== "number") {
+  if (typeof validityDurationInMs !== "number") {
     throw new TypeError(
-      `serverCertificateValidityDurationInMs must be a number but received ${serverCertificateValidityDurationInMs}`,
+      `validityDurationInMs must be a number but received ${validityDurationInMs}`,
     )
   }
-  if (serverCertificateValidityDurationInMs < 1) {
+  if (validityDurationInMs < 1) {
     throw new TypeError(
-      `serverCertificateValidityDurationInMs must be > 0 but received ${serverCertificateValidityDurationInMs}`,
+      `validityDurationInMs must be > 0 but received ${validityDurationInMs}`,
     )
   }
-  const validityDurationInfo = verifyServerCertificateValidityDuration(
-    serverCertificateValidityDurationInMs,
-  )
+  const validityDurationInfo =
+    verifyServerCertificateValidityDuration(validityDurationInMs)
   if (!validityDurationInfo.ok) {
-    serverCertificateValidityDurationInMs = validityDurationInfo.maxAllowedValue
+    validityDurationInMs = validityDurationInfo.maxAllowedValue
     logger.warn(
       createDetailedMessage(validityDurationInfo.message, {
         details: validityDurationInfo.details,
@@ -59,19 +58,16 @@ export const requestCertificateForLocalhost = async ({
   }
 
   logger.debug(`Restoring certificate authority from filesystem...`)
-  const { pki } = await importNodeForge()
-  const rootCertificate = await readFile(rootCertificateFileInfo.url, {
-    as: "string",
-  })
-  const rootCertificatePrivateKey = await readFile(
-    rootCertificatePrivateKeyFileInfo.url,
-    {
-      as: "string",
-    },
+  const { pki } = forge
+  const rootCertificate = String(
+    readFileSync(new URL(rootCertificateFileInfo.url)),
+  )
+  const rootCertificatePrivateKey = String(
+    readFileSync(new URL(rootCertificatePrivateKeyFileInfo.url)),
+  )
+  const certificateAuthorityData = JSON.parse(
+    String(readFileSync(new URL(authorityJsonFileInfo.url))),
   )
-  const certificateAuthorityData = await readFile(authorityJsonFileInfo.url, {
-    as: "json",
-  })
   const rootCertificateForgeObject = pki.certificateFromPem(rootCertificate)
   const rootCertificatePrivateKeyForgeObject = pki.privateKeyFromPem(
     rootCertificatePrivateKey,
@@ -80,26 +76,26 @@ export const requestCertificateForLocalhost = async ({
 
   const serverCertificateSerialNumber =
     certificateAuthorityData.serialNumber + 1
-  await writeFile(
+  writeFileSync(
     authorityJsonFileInfo.url,
     JSON.stringify({ serialNumber: serverCertificateSerialNumber }, null, "  "),
   )
 
-  if (!serverCertificateAltNames.includes("localhost")) {
-    serverCertificateAltNames.push("localhost")
+  if (!altNames.includes("localhost")) {
+    altNames.push("localhost")
   }
 
   logger.debug(`Generating server certificate...`)
   const { certificateForgeObject, certificatePrivateKeyForgeObject } =
-    await requestCertificateFromAuthority({
+    requestCertificateFromAuthority({
       logger,
       authorityCertificateForgeObject: rootCertificateForgeObject,
       auhtorityCertificatePrivateKeyForgeObject:
         rootCertificatePrivateKeyForgeObject,
       serialNumber: serverCertificateSerialNumber,
-      altNames: serverCertificateAltNames,
-      commonName: serverCertificateCommonName,
-      validityDurationInMs: serverCertificateValidityDurationInMs,
+      altNames,
+      commonName,
+      validityDurationInMs,
     })
   const serverCertificate = pki.certificateToPem(certificateForgeObject)
   const serverCertificatePrivateKey = pki.privateKeyToPem(
@@ -109,13 +105,13 @@ export const requestCertificateForLocalhost = async ({
     `${
       UNICODE.OK
     } server certificate generated, it will be valid for ${formatDuration(
-      serverCertificateValidityDurationInMs,
+      validityDurationInMs,
     )}`,
   )
 
   return {
-    serverCertificate,
-    serverCertificatePrivateKey,
+    certificate: serverCertificate,
+    privateKey: serverCertificatePrivateKey,
     rootCertificateFilePath: rootCertificateFileInfo.path,
   }
 }

package/src/hosts_file_verif.js

@@ -1,5 +1,4 @@
-import { createDetailedMessage, createLogger } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { createDetailedMessage, createLogger, UNICODE } from "@jsenv/log"
 
 import {
   HOSTS_FILE_PATH,

package/src/internal/authority_file_infos.js

@@ -1,5 +1,5 @@
 import { existsSync } from "node:fs"
-import { urlToFileSystemPath } from "@jsenv/filesystem"
+import { fileURLToPath } from "node:url"
 
 import { getCertificateAuthorityFileUrls } from "./certificate_authority_file_urls.js"
 
@@ -10,15 +10,13 @@ export const getAuthorityFileInfos = () => {
     rootCertificatePrivateKeyFileUrl,
   } = getCertificateAuthorityFileUrls()
 
-  const authorityJsonFilePath = urlToFileSystemPath(
-    certificateAuthorityJsonFileUrl,
-  )
+  const authorityJsonFilePath = fileURLToPath(certificateAuthorityJsonFileUrl)
   const authorityJsonFileDetected = existsSync(authorityJsonFilePath)
 
-  const rootCertificateFilePath = urlToFileSystemPath(rootCertificateFileUrl)
+  const rootCertificateFilePath = fileURLToPath(rootCertificateFileUrl)
   const rootCertificateFileDetected = existsSync(rootCertificateFilePath)
 
-  const rootCertificatePrivateKeyFilePath = urlToFileSystemPath(
+  const rootCertificatePrivateKeyFilePath = fileURLToPath(
     rootCertificatePrivateKeyFileUrl,
   )
   const rootCertificatePrivateKeyFileDetected = existsSync(

package/src/internal/certificate_authority_file_urls.js

@@ -1,8 +1,5 @@
-import {
-  assertAndNormalizeDirectoryUrl,
-  resolveUrl,
-  urlToFilename,
-} from "@jsenv/filesystem"
+import { urlToFilename } from "@jsenv/urls"
+import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 
 export const getCertificateAuthorityFileUrls = () => {
   // we need a directory common to every instance of @jsenv/https-local
@@ -20,10 +17,10 @@ export const getCertificateAuthorityFileUrls = () => {
     applicationDirectoryUrl,
   )
 
-  const rootCertificatePrivateKeyFileUrl = resolveUrl(
+  const rootCertificatePrivateKeyFileUrl = new URL(
     "./https_local_root_certificate.key",
     applicationDirectoryUrl,
-  )
+  ).href
 
   return {
     certificateAuthorityJsonFileUrl,
@@ -37,18 +34,19 @@ export const getRootCertificateSymlinkUrls = ({
   rootPrivateKeyFileUrl,
   serverCertificateFileUrl,
 }) => {
-  const serverCertificateDirectory = resolveUrl("./", serverCertificateFileUrl)
+  const serverCertificateDirectory = new URL("./", serverCertificateFileUrl)
+    .href
 
   const rootCertificateFilename = urlToFilename(rootCertificateFileUrl)
-  const rootCertificateSymlinkUrl = resolveUrl(
+  const rootCertificateSymlinkUrl = new URL(
     rootCertificateFilename,
     serverCertificateDirectory,
-  )
+  ).href
   const rootPrivateKeyFilename = urlToFilename(rootPrivateKeyFileUrl)
-  const rootPrivateKeySymlinkUrl = resolveUrl(
+  const rootPrivateKeySymlinkUrl = new URL(
     rootPrivateKeyFilename,
     serverCertificateDirectory,
-  )
+  ).href
 
   return {
     rootCertificateSymlinkUrl,
@@ -61,37 +59,37 @@ const getJsenvApplicationDirectoryUrl = () => {
   const { platform } = process
 
   if (platform === "darwin") {
-    return resolveUrl(
+    return new URL(
       `./Library/Application Support/https_local/`,
       assertAndNormalizeDirectoryUrl(process.env.HOME),
-    )
+    ).href
   }
 
   if (platform === "linux") {
     if (process.env.XDG_CONFIG_HOME) {
-      return resolveUrl(
+      return new URL(
         `./https_local/`,
         assertAndNormalizeDirectoryUrl(process.env.XDG_CONFIG_HOME),
-      )
+      ).href
     }
-    return resolveUrl(
+    return new URL(
       `./.config/https_local/`,
       assertAndNormalizeDirectoryUrl(process.env.HOME),
-    )
+    ).href
   }
 
   if (platform === "win32") {
     if (process.env.LOCALAPPDATA) {
-      return resolveUrl(
+      return new URL(
         `./https_local/`,
         assertAndNormalizeDirectoryUrl(process.env.LOCALAPPDATA),
-      )
+      ).href
     }
 
-    return resolveUrl(
+    return new URL(
       `./Local Settings/Application Data/https_local/`,
       assertAndNormalizeDirectoryUrl(process.env.USERPROFILE),
-    )
+    ).href
   }
 
   throw new Error(`platform not supported`)

package/src/internal/certificate_generator.js

@@ -1,7 +1,7 @@
 // https://github.com/digitalbazaar/forge/blob/master/examples/create-cert.js
 // https://github.com/digitalbazaar/forge/issues/660#issuecomment-467145103
 
-import { importNodeForge } from "./forge.js"
+import { forge } from "./forge.js"
 import {
   attributeArrayFromAttributeDescription,
   attributeDescriptionFromAttributeArray,
@@ -23,7 +23,6 @@ export const createAuthorityRootCertificate = async ({
     throw new TypeError(`serial must be a number but received ${serialNumber}`)
   }
 
-  const forge = await importNodeForge()
   const { pki } = forge
   const rootCertificateForgeObject = pki.createCertificate()
   const keyPair = pki.rsa.generateKeyPair(2048) // TODO: use async version https://github.com/digitalbazaar/forge#rsa
@@ -86,7 +85,7 @@ export const createAuthorityRootCertificate = async ({
   }
 }
 
-export const requestCertificateFromAuthority = async ({
+export const requestCertificateFromAuthority = ({
   authorityCertificateForgeObject, // could be intermediate or root certificate authority
   auhtorityCertificatePrivateKeyForgeObject,
   serialNumber,
@@ -116,7 +115,6 @@ export const requestCertificateFromAuthority = async ({
     )
   }
 
-  const forge = await importNodeForge()
   const { pki } = forge
   const certificateForgeObject = pki.createCertificate()
   const keyPair = pki.rsa.generateKeyPair(2048) // TODO: use async version https://github.com/digitalbazaar/forge#rsa

package/src/internal/forge.js

@@ -2,6 +2,4 @@ import { createRequire } from "node:module"
 
 const require = createRequire(import.meta.url)
 
-export const importNodeForge = async () => {
-  return require("node-forge")
-}
+export const forge = require("node-forge")

package/src/internal/linux/chrome_linux.js

@@ -1,8 +1,9 @@
 import { existsSync } from "node:fs"
 import { execSync } from "node:child_process"
-import { resolveUrl, assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
-
+import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 import { UNICODE } from "@jsenv/log"
+
+import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
 import {
   nssCommandName,
   detectIfNSSIsInstalled,
@@ -10,8 +11,6 @@ import {
   getCertutilBinPath,
 } from "./nss_linux.js"
 
-import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
-
 export const executeTrustQueryOnChrome = ({
   logger,
   certificateCommonName,
@@ -48,10 +47,10 @@ export const executeTrustQueryOnChrome = ({
       logger.debug(`${UNICODE.INFO} Chrome not detected`)
       return false
     },
-    browserNSSDBDirectoryUrl: resolveUrl(
+    browserNSSDBDirectoryUrl: new URL(
       ".pki/nssdb",
       assertAndNormalizeDirectoryUrl(process.env.HOME),
-    ),
+    ).href,
     getBrowserClosedPromise: async () => {
       if (!isChromeOpen()) {
         return

package/src/internal/linux/firefox_linux.js

@@ -1,8 +1,9 @@
 import { existsSync } from "node:fs"
 import { execSync } from "node:child_process"
-import { resolveUrl, assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
+import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 import { UNICODE } from "@jsenv/log"
 
+import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
 import {
   nssCommandName,
   detectIfNSSIsInstalled,
@@ -10,8 +11,6 @@ import {
   getCertutilBinPath,
 } from "./nss_linux.js"
 
-import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
-
 export const executeTrustQueryOnFirefox = ({
   logger,
   certificateCommonName,
@@ -48,10 +47,10 @@ export const executeTrustQueryOnFirefox = ({
       logger.debug(`${UNICODE.INFO} Firefox not detected`)
       return false
     },
-    browserNSSDBDirectoryUrl: resolveUrl(
+    browserNSSDBDirectoryUrl: new URL(
       ".mozilla/firefox/",
       assertAndNormalizeDirectoryUrl(process.env.HOME),
-    ),
+    ).href,
     getBrowserClosedPromise: async () => {
       if (!isFirefoxOpen()) {
         return

package/src/internal/linux/linux_trust_store.js

@@ -3,16 +3,17 @@
  */
 
 import { existsSync } from "node:fs"
-import { createDetailedMessage } from "@jsenv/logger"
-import { readFile, urlToFileSystemPath } from "@jsenv/filesystem"
-import { UNICODE } from "@jsenv/log"
+import { fileURLToPath } from "node:url"
+import { readFile } from "@jsenv/filesystem"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
 import {
   VERB_CHECK_TRUST,
   VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
   VERB_REMOVE_TRUST,
 } from "../trust_query.js"
+import { exec } from "../exec.js"
 
 const REASON_NEW_AND_TRY_TO_TRUST_DISABLED =
   "certificate is new and tryToTrust is disabled"
@@ -50,7 +51,7 @@ export const executeTrustQueryOnLinux = async ({
   logger.debug(
     `Searching certificate file at ${JSENV_AUTHORITY_ROOT_CERTIFICATE_PATH}...`,
   )
-  const certificateFilePath = urlToFileSystemPath(certificateFileUrl)
+  const certificateFilePath = fileURLToPath(certificateFileUrl)
   const certificateStatus = await getCertificateStatus({ certificate })
 
   if (certificateStatus === "missing" || certificateStatus === "outdated") {
@@ -100,7 +101,11 @@ export const executeTrustQueryOnLinux = async ({
   }
 
   logger.info(`${UNICODE.OK} certificate found in linux`)
-  if (verb === VERB_CHECK_TRUST || verb === VERB_ADD_TRUST) {
+  if (
+    verb === VERB_CHECK_TRUST ||
+    verb === VERB_ADD_TRUST ||
+    verb === VERB_ENSURE_TRUST
+  ) {
     return {
       status: "trusted",
       reason: REASON_FOUND_IN_LINUX,

package/src/internal/linux/nss_linux.js

@@ -1,7 +1,7 @@
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
+import { memoize } from "../memoize.js"
+import { exec } from "../exec.js"
 
 export const nssCommandName = "libnss3-tools"
 

package/src/internal/mac/chrome_mac.js

@@ -1,7 +1,7 @@
 import { existsSync } from "node:fs"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
+import { memoize } from "../memoize.js"
 
 const REASON_CHROME_NOT_DETECTED = `Chrome not detected`
 

package/src/internal/mac/firefox_mac.js

@@ -1,6 +1,6 @@
 import { existsSync } from "node:fs"
 import { execSync } from "node:child_process"
-import { resolveUrl, assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
+import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 import { UNICODE, createTaskLog } from "@jsenv/log"
 
 import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
@@ -47,10 +47,10 @@ export const executeTrustQueryOnFirefox = ({
       logger.debug(`${UNICODE.INFO} firefox not detected`)
       return false
     },
-    browserNSSDBDirectoryUrl: resolveUrl(
+    browserNSSDBDirectoryUrl: new URL(
       `./Library/Application Support/Firefox/Profiles/`,
       assertAndNormalizeDirectoryUrl(process.env.HOME),
-    ),
+    ).href,
     getBrowserClosedPromise: async () => {
       if (!isFirefoxOpen()) {
         return

package/src/internal/mac/mac_keychain.js

@@ -1,14 +1,14 @@
 // https://ss64.com/osx/security.html
 
-import { urlToFileSystemPath } from "@jsenv/filesystem"
-import { createDetailedMessage } from "@jsenv/logger"
+import { fileURLToPath } from "node:url"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 
-import { UNICODE } from "@jsenv/log"
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
-import { searchCertificateInCommandOutput } from "@jsenv/https-local/src/internal/search_certificate_in_command_output.js"
+import { exec } from "../exec.js"
+import { searchCertificateInCommandOutput } from "../search_certificate_in_command_output.js"
 import {
   VERB_CHECK_TRUST,
   VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
   VERB_REMOVE_TRUST,
 } from "../trust_query.js"
 
@@ -53,6 +53,35 @@ export const executeTrustQueryOnMacKeychain = async ({
     certificate,
   )
 
+  const removeCert = async () => {
+    // https://ss64.com/osx/security-delete-cert.html
+    const removeTrustedCertCommand = `sudo security delete-certificate -c "${certificateCommonName}"`
+    logger.info(`Removing certificate from mac keychain...`)
+    logger.info(`${UNICODE.COMMAND} ${removeTrustedCertCommand}`)
+    try {
+      await exec(removeTrustedCertCommand)
+      logger.info(`${UNICODE.OK} certificate removed from mac keychain`)
+      return {
+        status: "not_trusted",
+        reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_COMPLETED,
+      }
+    } catch (e) {
+      logger.error(
+        createDetailedMessage(
+          `${UNICODE.FAILURE} failed to remove certificate from mac keychain`,
+          {
+            "error stack": e.stack,
+            "certificate file url": certificateFileUrl,
+          },
+        ),
+      )
+      return {
+        status: "not_trusted",
+        reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_FAILED,
+      }
+    }
+  }
+
   if (!certificateFoundInCommandOutput) {
     logger.info(`${UNICODE.INFO} certificate not found in mac keychain`)
     if (verb === VERB_CHECK_TRUST || verb === VERB_REMOVE_TRUST) {
@@ -61,8 +90,14 @@ export const executeTrustQueryOnMacKeychain = async ({
         reason: REASON_NOT_IN_KEYCHAIN,
       }
     }
-
-    const certificateFilePath = urlToFileSystemPath(certificateFileUrl)
+    if (verb === VERB_ENSURE_TRUST) {
+      // It seems possible for certificate PEM representation to be different
+      // in mackeychain and in the one we have written on the filesystem
+      // When it happens the certificate is not found but actually exists on mackeychain
+      // and must be deleted first
+      await removeCert()
+    }
+    const certificateFilePath = fileURLToPath(certificateFileUrl)
     // https://ss64.com/osx/security-cert.html
     const addTrustedCertCommand = `sudo security add-trusted-cert -d -r trustRoot -k ${systemKeychainPath} "${certificateFilePath}"`
     logger.info(`Adding certificate to mac keychain...`)
@@ -96,37 +131,16 @@ export const executeTrustQueryOnMacKeychain = async ({
   // but they shouldn't and I couldn't find an API to know if the cert is trusted or not
   // just if it's in the keychain
   logger.info(`${UNICODE.OK} certificate found in mac keychain`)
-  if (verb === VERB_CHECK_TRUST || verb === VERB_ADD_TRUST) {
+  if (
+    verb === VERB_CHECK_TRUST ||
+    verb === VERB_ADD_TRUST ||
+    verb === VERB_ENSURE_TRUST
+  ) {
     return {
       status: "trusted",
       reason: REASON_IN_KEYCHAIN,
     }
   }
 
-  // https://ss64.com/osx/security-delete-cert.html
-  const removeTrustedCertCommand = `sudo security delete-certificate -c "${certificateCommonName}"`
-  logger.info(`Removing certificate from mac keychain...`)
-  logger.info(`${UNICODE.COMMAND} ${removeTrustedCertCommand}`)
-  try {
-    await exec(removeTrustedCertCommand)
-    logger.info(`${UNICODE.OK} certificate removed from mac keychain`)
-    return {
-      status: "not_trusted",
-      reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_COMPLETED,
-    }
-  } catch (e) {
-    logger.error(
-      createDetailedMessage(
-        `${UNICODE.FAILURE} failed to remove certificate from mac keychain`,
-        {
-          "error stack": e.stack,
-          "certificate file url": certificateFileUrl,
-        },
-      ),
-    )
-    return {
-      status: "not_trusted",
-      reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_FAILED,
-    }
-  }
+  return removeCert()
 }

package/src/internal/mac/nss_mac.js

@@ -1,13 +1,10 @@
-import {
-  assertAndNormalizeDirectoryUrl,
-  resolveUrl,
-  urlToFileSystemPath,
-} from "@jsenv/filesystem"
+import { fileURLToPath } from "node:url"
+import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
-import { commandExists } from "@jsenv/https-local/src/internal/command.js"
+import { memoize } from "../memoize.js"
+import { exec } from "../exec.js"
+import { commandExists } from "../command.js"
 
 export const nssCommandName = "nss"
 
@@ -31,8 +28,8 @@ export const getCertutilBinPath = memoize(async () => {
   const nssCommandDirectoryUrl = assertAndNormalizeDirectoryUrl(
     brewCommandOutput.trim(),
   )
-  const certutilBinUrl = resolveUrl(`./bin/certutil`, nssCommandDirectoryUrl)
-  const certutilBinPath = urlToFileSystemPath(certutilBinUrl)
+  const certutilBinUrl = new URL(`./bin/certutil`, nssCommandDirectoryUrl).href
+  const certutilBinPath = fileURLToPath(certutilBinUrl)
   return certutilBinPath
 })
 

package/src/internal/nssdb_browser.js

@@ -4,19 +4,18 @@
  */
 
 import { existsSync } from "node:fs"
-import { createDetailedMessage } from "@jsenv/logger"
-import {
-  assertAndNormalizeDirectoryUrl,
-  collectFiles,
-  resolveUrl,
-  urlToFilename,
-  urlToFileSystemPath,
-} from "@jsenv/filesystem"
-import { UNICODE } from "@jsenv/log"
+import { fileURLToPath } from "node:url"
+import { urlToFilename } from "@jsenv/urls"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
+import { assertAndNormalizeDirectoryUrl, collectFiles } from "@jsenv/filesystem"
 
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
-import { searchCertificateInCommandOutput } from "@jsenv/https-local/src/internal/search_certificate_in_command_output.js"
-import { VERB_CHECK_TRUST, VERB_ADD_TRUST } from "./trust_query.js"
+import { exec } from "./exec.js"
+import { searchCertificateInCommandOutput } from "./search_certificate_in_command_output.js"
+import {
+  VERB_CHECK_TRUST,
+  VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
+} from "./trust_query.js"
 
 export const executeTrustQueryOnBrowserNSSDB = async ({
   logger,
@@ -57,7 +56,7 @@ export const executeTrustQueryOnBrowserNSSDB = async ({
   const nssIsInstalled = await detectIfNSSIsInstalled({ logger })
   const cannotCheckMessage = `${UNICODE.FAILURE} cannot check if certificate is in ${browserName}`
   if (!nssIsInstalled) {
-    if (verb === VERB_ADD_TRUST) {
+    if (verb === VERB_ADD_TRUST || verb === VERB_ENSURE_TRUST) {
       const nssDynamicInstallInfo = await getNSSDynamicInstallInfo({ logger })
       if (!nssDynamicInstallInfo.isInstallable) {
         const reason = `"${nssCommandName}" is not installed and not cannot be installed`
@@ -131,7 +130,7 @@ export const executeTrustQueryOnBrowserNSSDB = async ({
     }
   }
 
-  const certificateFilePath = urlToFileSystemPath(certificateFileUrl)
+  const certificateFilePath = fileURLToPath(certificateFileUrl)
   const certutilBinPath = await getCertutilBinPath()
 
   const checkNSSDB = async ({ NSSDBFileUrl }) => {
@@ -214,7 +213,7 @@ export const executeTrustQueryOnBrowserNSSDB = async ({
     }
   }
 
-  if (verb === VERB_ADD_TRUST) {
+  if (verb === VERB_ADD_TRUST || verb === VERB_ENSURE_TRUST) {
     if (missingCount === 0 && outdatedCount === 0) {
       logger.info(`${UNICODE.OK} certificate found in ${browserName}`)
       return {
@@ -288,7 +287,7 @@ const findNSSDBFiles = async ({ logger, NSSDBDirectoryUrl }) => {
   }
 
   logger.debug(`Searching nss database files in directory...`)
-  const NSSDBDirectoryPath = urlToFileSystemPath(NSSDBDirectoryUrl)
+  const NSSDBDirectoryPath = fileURLToPath(NSSDBDirectoryUrl)
   const NSSDBDirectoryExists = existsSync(NSSDBDirectoryPath)
   if (!NSSDBDirectoryExists) {
     logger.info(
@@ -300,13 +299,9 @@ const findNSSDBFiles = async ({ logger, NSSDBDirectoryUrl }) => {
   NSSDBDirectoryUrl = assertAndNormalizeDirectoryUrl(NSSDBDirectoryUrl)
   const NSSDBFiles = await collectFiles({
     directoryUrl: NSSDBDirectoryUrl,
-    structuredMetaMap: {
-      isLegacyNSSDB: {
-        "./**/cert8.db": true,
-      },
-      isModernNSSDB: {
-        "./**/cert9.db": true,
-      },
+    associations: {
+      isLegacyNSSDB: { "./**/cert8.db": true },
+      isModernNSSDB: { "./**/cert9.db": true },
     },
     predicate: ({ isLegacyNSSDB, isModernNSSDB }) =>
       isLegacyNSSDB || isModernNSSDB,
@@ -324,7 +319,7 @@ const findNSSDBFiles = async ({ logger, NSSDBDirectoryUrl }) => {
     `${UNICODE.OK} found ${fileCount} nss database file in ${NSSDBDirectoryUrl}`,
   )
   const files = NSSDBFiles.map((file) => {
-    return resolveUrl(file.relativeUrl, NSSDBDirectoryUrl)
+    return new URL(file.relativeUrl, NSSDBDirectoryUrl).href
   })
   NSSDirectoryCache[NSSDBDirectoryUrl] = files
   return files
@@ -332,8 +327,8 @@ const findNSSDBFiles = async ({ logger, NSSDBDirectoryUrl }) => {
 
 const getDirectoryArgFromNSSDBFileUrl = (NSSDBFileUrl) => {
   const nssDBFilename = urlToFilename(NSSDBFileUrl)
-  const nssDBDirectoryUrl = resolveUrl("./", NSSDBFileUrl)
-  const nssDBDirectoryPath = urlToFileSystemPath(nssDBDirectoryUrl)
+  const nssDBDirectoryUrl = new URL("./", NSSDBFileUrl).href
+  const nssDBDirectoryPath = fileURLToPath(nssDBDirectoryUrl)
   return nssDBFilename === "cert8.db"
     ? `"${nssDBDirectoryPath}"`
     : `sql:"${nssDBDirectoryPath}"`

package/src/internal/trust_query.js

@@ -1,5 +1,4 @@
 export const VERB_CHECK_TRUST = "CHECK_TRUST"
-
 export const VERB_ADD_TRUST = "ADD_TRUST"
-
+export const VERB_ENSURE_TRUST = "ENSURE_TRUST"
 export const VERB_REMOVE_TRUST = "REMOVE_TRUST"

package/src/internal/windows/chrome_windows.js

@@ -2,7 +2,7 @@ import { createRequire } from "node:module"
 import { existsSync } from "node:fs"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
+import { memoize } from "../memoize.js"
 
 const require = createRequire(import.meta.url)
 

package/src/internal/windows/firefox_windows.js

@@ -7,7 +7,7 @@ import { createRequire } from "node:module"
 import { existsSync } from "node:fs"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
+import { memoize } from "../memoize.js"
 
 const require = createRequire(import.meta.url)
 

package/src/internal/windows/windows_certutil.js

@@ -3,14 +3,14 @@
  * https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil
  */
 
-import { createDetailedMessage } from "@jsenv/logger"
-import { urlToFileSystemPath } from "@jsenv/filesystem"
-import { UNICODE } from "@jsenv/log"
+import { fileURLToPath } from "node:url"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
+import { exec } from "../exec.js"
 import {
   VERB_CHECK_TRUST,
   VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
   VERB_REMOVE_TRUST,
 } from "../trust_query.js"
 
@@ -49,7 +49,7 @@ export const executeTrustQueryOnWindows = async ({
   const certutilListCommand = `certutil -store -user root`
   logger.debug(`${UNICODE.COMMAND} ${certutilListCommand}`)
   const certutilListCommandOutput = await exec(certutilListCommand)
-  const certificateFilePath = urlToFileSystemPath(certificateFileUrl)
+  const certificateFilePath = fileURLToPath(certificateFileUrl)
 
   // it's not super accurate and do not take into account if the cert is different
   // but it's the best I could do with certutil command on windows
@@ -94,7 +94,11 @@ export const executeTrustQueryOnWindows = async ({
   }
 
   logger.info(`${UNICODE.OK} certificate found in windows`)
-  if (verb === VERB_CHECK_TRUST || verb === VERB_ADD_TRUST) {
+  if (
+    verb === VERB_CHECK_TRUST ||
+    verb === VERB_ADD_TRUST ||
+    verb === VERB_ENSURE_TRUST
+  ) {
     return {
       status: "trusted",
       reason: REASON_FOUND_IN_WINDOWS,

package/{main.js → src/main.js}

@@ -7,13 +7,13 @@
 export {
   installCertificateAuthority,
   uninstallCertificateAuthority,
-} from "./src/certificate_authority.js"
+} from "./certificate_authority.js"
 
 export {
   createValidityDurationOfXYears,
   createValidityDurationOfXDays,
-} from "./src/validity_duration.js"
+} from "./validity_duration.js"
 
-export { verifyHostsFile } from "./src/hosts_file_verif.js"
+export { verifyHostsFile } from "./hosts_file_verif.js"
 
-export { requestCertificateForLocalhost } from "./src/certificate_for_localhost.js"
+export { requestCertificateForLocalhost } from "./certificate_for_localhost.js"

package/src/validity_duration.js

@@ -3,7 +3,6 @@ const MILLISECONDS_PER_YEAR = MILLISECONDS_PER_DAY * 365
 
 export const verifyRootCertificateValidityDuration = (validityDurationInMs) => {
   const durationInYears = validityDurationInMs / MILLISECONDS_PER_YEAR
-
   if (durationInYears > 25) {
     return {
       ok: false,
@@ -13,26 +12,22 @@ export const verifyRootCertificateValidityDuration = (validityDurationInMs) => {
         "https://serverfault.com/questions/847190/in-theory-could-a-ca-make-a-certificate-that-is-valid-for-arbitrarily-long",
     }
   }
-
   return { ok: true }
 }
 
 export const verifyServerCertificateValidityDuration = (
-  serverCertificateValidityDurationInMs,
+  validityDurationInMs,
 ) => {
-  const serverCertificateValidityDurationInDays =
-    serverCertificateValidityDurationInMs / MILLISECONDS_PER_DAY
-
-  if (serverCertificateValidityDurationInDays > 397) {
+  const validityDurationInDays = validityDurationInMs / MILLISECONDS_PER_DAY
+  if (validityDurationInDays > 397) {
     return {
       ok: false,
       maxAllowedValue: MILLISECONDS_PER_DAY * 397,
-      message: `certificate validity duration of ${serverCertificateValidityDurationInMs} days is too much, using the max recommended duration: 397 days`,
+      message: `certificate validity duration of ${validityDurationInMs} days is too much, using the max recommended duration: 397 days`,
       details:
         "https://www.globalsign.com/en/blog/maximum-ssltls-certificate-validity-now-one-year",
     }
   }
-
   return { ok: true }
 }