@jsenv/https-local 1.1.0 → 3.0.0

package/README.md

@@ -61,19 +61,18 @@ node ./install_certificate_authority.mjs
  *
  * > node ./install_certificate_authority.mjs
  *
- * Read more in https://github.com/jsenv/https-local#requestCertificateForLocalhost
+ * Read more in https://github.com/jsenv/https-local#requestCertificate
  */
 
 import { createServer } from "node:https"
-import { requestCertificateForLocalhost } from "@jsenv/https-local"
+import { requestCertificate } from "@jsenv/https-local"
 
-const { serverCertificate, serverCertificatePrivateKey } =
-  await requestCertificateForLocalhost()
+const { certificate, privateKey } = requestCertificate()
 
 const server = createServer(
   {
-    cert: serverCertificate,
-    key: serverCertificatePrivateKey,
+    cert: certificate,
+    key: privateKey,
   },
   (request, response) => {
     const body = "Hello world"
@@ -100,10 +99,10 @@ The rest of the documentation goes into details.
 
 # Certificate expiration
 
-| Certificate | Expires after | How to renew?                           |
-| ----------- | ------------- | --------------------------------------- |
-| server      | 1 year        | Re-run _requestCertificateForLocalhost_ |
-| authority   | 20 year       | Re-run _installCertificateAuthority_    |
+| Certificate | Expires after | How to renew?                        |
+| ----------- | ------------- | ------------------------------------ |
+| server      | 1 year        | Re-run _requestCertificate_          |
+| authority   | 20 year       | Re-run _installCertificateAuthority_ |
 
 The **server** certificate expires after one year which is the maximum duration allowed by web browsers. In the unlikely scenario where your local server is running for more than a year without interruption, restart it and you're good for one more year.
 
@@ -353,18 +352,17 @@ Check if certificate is trusted by firefox...
 
 </details>
 
-# requestCertificateForLocalhost
+# requestCertificate
 
-_requestCertificateForLocalhost_ function returns a certificate and private key that can be used to start a server in HTTPS.
+_requestCertificate_ function returns a certificate and private key that can be used to start a server in HTTPS.
 
 ```js
 import { createServer } from "node:https"
-import { requestCertificateForLocalhost } from "@jsenv/https-local"
+import { requestCertificate } from "@jsenv/https-local"
 
-const { serverCertificate, serverCertificatePrivateKey } =
-  await requestCertificateForLocalhost({
-    serverCertificateAltNames: ["localhost", "local.example"],
-  })
+const { certificate, privateKey } = requestCertificate({
+  altNames: ["localhost", "local.example"],
+})
 ```
 
 [installCertificateAuthority](#installCertificateAuthority) must be called before this function.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jsenv/https-local",
-  "version": "1.1.0",
+  "version": "3.0.0",
   "description": "A programmatic way to generate locally trusted certificates",
   "license": "MIT",
   "author": {
@@ -21,14 +21,13 @@
   "type": "module",
   "exports": {
     ".": {
-      "import": "./main.js"
+      "import": "./src/main.js"
     },
     "./*": "./*"
   },
-  "main": "./main.js",
+  "main": "./src/main.js",
   "files": [
-    "/src/",
-    "/main.js"
+    "/src/"
   ],
   "scripts": {
     "eslint": "npx eslint . --ext=.js,.mjs,.cjs",
@@ -48,28 +47,25 @@
     "playwright-install": "npx playwright install-deps && npx playwright install"
   },
   "dependencies": {
-    "@jsenv/filesystem": "4.0.2",
-    "@jsenv/log": "1.6.3",
-    "@jsenv/logger": "4.1.1",
-    "@jsenv/urls": "1.1.2",
+    "@jsenv/filesystem": "4.1.2",
+    "@jsenv/log": "3.1.0",
+    "@jsenv/urls": "1.2.7",
     "command-exists": "1.2.9",
     "node-forge": "1.3.1",
     "sudo-prompt": "9.2.1",
     "which": "2.0.2"
   },
   "devDependencies": {
-    "@jsenv/assert": "2.5.4",
-    "@jsenv/core": "27.0.0-alpha.69",
-    "@jsenv/eslint-config": "16.0.9",
-    "@jsenv/eslint-import-resolver": "0.1.11",
-    "@jsenv/github-release-package": "1.4.0",
-    "@jsenv/importmap-eslint-resolver": "5.2.5",
-    "@jsenv/importmap-node-module": "5.1.3",
-    "@jsenv/package-publish": "1.7.5",
-    "@jsenv/performance-impact": "2.2.11",
-    "eslint": "8.17.0",
+    "@jsenv/assert": "2.6.0",
+    "@jsenv/core": "28.0.2",
+    "@jsenv/eslint-config": "16.2.1",
+    "@jsenv/eslint-import-resolver": "0.3.0",
+    "@jsenv/github-release-package": "1.5.0",
+    "@jsenv/package-publish": "1.10.0",
+    "@jsenv/performance-impact": "2.3.0",
+    "eslint": "8.21.0",
     "eslint-plugin-import": "2.26.0",
-    "playwright": "1.22.2",
-    "prettier": "2.7.0"
+    "playwright": "1.24.2",
+    "prettier": "2.7.1"
   }
 }

package/src/certificate_authority.js

@@ -1,14 +1,13 @@
 import { readFile, writeFile, removeEntry } from "@jsenv/filesystem"
-import { createLogger, createDetailedMessage } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { UNICODE, createLogger, createDetailedMessage } from "@jsenv/log"
 
+import { forge } from "./internal/forge.js"
 import { getAuthorityFileInfos } from "./internal/authority_file_infos.js"
 import { attributeDescriptionFromAttributeArray } from "./internal/certificate_data_converter.js"
 import {
   formatTimeDelta,
   formatDuration,
 } from "./internal/validity_formatting.js"
-import { importNodeForge } from "./internal/forge.js"
 import { createAuthorityRootCertificate } from "./internal/certificate_generator.js"
 import { importPlatformMethods } from "./internal/platform.js"
 import { jsenvParameters } from "./jsenvParameters.js"
@@ -79,7 +78,7 @@ export const installCertificateAuthority = async ({
         serialNumber: 0,
       })
 
-    const { pki } = await importNodeForge()
+    const { pki } = forge
     const rootCertificate = pemAsFileContent(
       pki.certificateToPem(rootCertificateForgeObject),
     )
@@ -173,7 +172,7 @@ export const installCertificateAuthority = async ({
   const rootCertificate = await readFile(rootCertificateFileInfo.path, {
     as: "string",
   })
-  const { pki } = await importNodeForge()
+  const { pki } = forge
   const rootCertificateForgeObject = pki.certificateFromPem(rootCertificate)
 
   logger.info(`Checking certificate validity...`)
@@ -232,13 +231,12 @@ export const installCertificateAuthority = async ({
   const rootCertificatePrivateKeyForgeObject = pki.privateKeyFromPem(
     rootCertificatePrivateKey,
   )
-
   const trustInfo = await platformMethods.executeTrustQuery({
     logger,
     certificateCommonName,
     certificateFileUrl: rootCertificateFileInfo.url,
     certificate: rootCertificate,
-    verb: tryToTrust ? "ADD_TRUST" : "CHECK_TRUST",
+    verb: tryToTrust ? "ENSURE_TRUST" : "CHECK_TRUST",
     NSSDynamicInstall,
   })
 
@@ -323,7 +321,7 @@ export const uninstallCertificateAuthority = async ({
       const rootCertificate = await readFile(rootCertificateFileInfo.url, {
         as: "string",
       })
-      const { pki } = await importNodeForge()
+      const { pki } = forge
       const rootCertificateForgeObject = pki.certificateFromPem(rootCertificate)
       const rootCertificateCommonName = attributeDescriptionFromAttributeArray(
         rootCertificateForgeObject.subject.attributes,

package/src/{certificate_for_localhost.js → certificate_request.js}

@@ -1,39 +1,38 @@
-import { readFile, writeFile } from "@jsenv/filesystem"
-import { createLogger, createDetailedMessage } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { readFileSync } from "node:fs"
+import { writeFileSync } from "@jsenv/filesystem"
+import { UNICODE, createLogger, createDetailedMessage } from "@jsenv/log"
 
+import { forge } from "./internal/forge.js"
 import {
   createValidityDurationOfXDays,
   verifyServerCertificateValidityDuration,
 } from "./validity_duration.js"
 import { getAuthorityFileInfos } from "./internal/authority_file_infos.js"
-import { importNodeForge } from "./internal/forge.js"
 import { requestCertificateFromAuthority } from "./internal/certificate_generator.js"
 import { formatDuration } from "./internal/validity_formatting.js"
 
-export const requestCertificateForLocalhost = async ({
+export const requestCertificate = ({
   logLevel,
   logger = createLogger({ logLevel }), // to be able to catch logs during unit tests
 
-  serverCertificateAltNames = ["localhost"],
-  serverCertificateCommonName = "https local server certificate",
-  serverCertificateValidityDurationInMs = createValidityDurationOfXDays(396),
+  altNames = ["localhost"],
+  commonName = "https local server certificate",
+  validityDurationInMs = createValidityDurationOfXDays(396),
 } = {}) => {
-  if (typeof serverCertificateValidityDurationInMs !== "number") {
+  if (typeof validityDurationInMs !== "number") {
     throw new TypeError(
-      `serverCertificateValidityDurationInMs must be a number but received ${serverCertificateValidityDurationInMs}`,
+      `validityDurationInMs must be a number but received ${validityDurationInMs}`,
     )
   }
-  if (serverCertificateValidityDurationInMs < 1) {
+  if (validityDurationInMs < 1) {
     throw new TypeError(
-      `serverCertificateValidityDurationInMs must be > 0 but received ${serverCertificateValidityDurationInMs}`,
+      `validityDurationInMs must be > 0 but received ${validityDurationInMs}`,
     )
   }
-  const validityDurationInfo = verifyServerCertificateValidityDuration(
-    serverCertificateValidityDurationInMs,
-  )
+  const validityDurationInfo =
+    verifyServerCertificateValidityDuration(validityDurationInMs)
   if (!validityDurationInfo.ok) {
-    serverCertificateValidityDurationInMs = validityDurationInfo.maxAllowedValue
+    validityDurationInMs = validityDurationInfo.maxAllowedValue
     logger.warn(
       createDetailedMessage(validityDurationInfo.message, {
         details: validityDurationInfo.details,
@@ -48,7 +47,7 @@ export const requestCertificateForLocalhost = async ({
   } = getAuthorityFileInfos()
   if (!rootCertificateFileInfo.exists) {
     throw new Error(
-      `Certificate authority not found, "installCertificateAuthority" must be called before "requestCertificateForLocalhost"`,
+      `Certificate authority not found, "installCertificateAuthority" must be called before "requestServerCertificate"`,
     )
   }
   if (!rootCertificatePrivateKeyFileInfo.exists) {
@@ -59,19 +58,16 @@ export const requestCertificateForLocalhost = async ({
   }
 
   logger.debug(`Restoring certificate authority from filesystem...`)
-  const { pki } = await importNodeForge()
-  const rootCertificate = await readFile(rootCertificateFileInfo.url, {
-    as: "string",
-  })
-  const rootCertificatePrivateKey = await readFile(
-    rootCertificatePrivateKeyFileInfo.url,
-    {
-      as: "string",
-    },
+  const { pki } = forge
+  const rootCertificate = String(
+    readFileSync(new URL(rootCertificateFileInfo.url)),
+  )
+  const rootCertificatePrivateKey = String(
+    readFileSync(new URL(rootCertificatePrivateKeyFileInfo.url)),
+  )
+  const certificateAuthorityData = JSON.parse(
+    String(readFileSync(new URL(authorityJsonFileInfo.url))),
   )
-  const certificateAuthorityData = await readFile(authorityJsonFileInfo.url, {
-    as: "json",
-  })
   const rootCertificateForgeObject = pki.certificateFromPem(rootCertificate)
   const rootCertificatePrivateKeyForgeObject = pki.privateKeyFromPem(
     rootCertificatePrivateKey,
@@ -80,26 +76,22 @@ export const requestCertificateForLocalhost = async ({
 
   const serverCertificateSerialNumber =
     certificateAuthorityData.serialNumber + 1
-  await writeFile(
+  writeFileSync(
     authorityJsonFileInfo.url,
     JSON.stringify({ serialNumber: serverCertificateSerialNumber }, null, "  "),
   )
 
-  if (!serverCertificateAltNames.includes("localhost")) {
-    serverCertificateAltNames.push("localhost")
-  }
-
   logger.debug(`Generating server certificate...`)
   const { certificateForgeObject, certificatePrivateKeyForgeObject } =
-    await requestCertificateFromAuthority({
+    requestCertificateFromAuthority({
       logger,
       authorityCertificateForgeObject: rootCertificateForgeObject,
       auhtorityCertificatePrivateKeyForgeObject:
         rootCertificatePrivateKeyForgeObject,
       serialNumber: serverCertificateSerialNumber,
-      altNames: serverCertificateAltNames,
-      commonName: serverCertificateCommonName,
-      validityDurationInMs: serverCertificateValidityDurationInMs,
+      altNames,
+      commonName,
+      validityDurationInMs,
     })
   const serverCertificate = pki.certificateToPem(certificateForgeObject)
   const serverCertificatePrivateKey = pki.privateKeyToPem(
@@ -109,13 +101,13 @@ export const requestCertificateForLocalhost = async ({
     `${
       UNICODE.OK
     } server certificate generated, it will be valid for ${formatDuration(
-      serverCertificateValidityDurationInMs,
+      validityDurationInMs,
     )}`,
   )
 
   return {
-    serverCertificate,
-    serverCertificatePrivateKey,
+    certificate: serverCertificate,
+    privateKey: serverCertificatePrivateKey,
     rootCertificateFilePath: rootCertificateFileInfo.path,
   }
 }

package/src/hosts_file_verif.js

@@ -1,5 +1,4 @@
-import { createDetailedMessage, createLogger } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { createDetailedMessage, createLogger, UNICODE } from "@jsenv/log"
 
 import {
   HOSTS_FILE_PATH,

package/src/internal/certificate_generator.js

@@ -1,7 +1,7 @@
 // https://github.com/digitalbazaar/forge/blob/master/examples/create-cert.js
 // https://github.com/digitalbazaar/forge/issues/660#issuecomment-467145103
 
-import { importNodeForge } from "./forge.js"
+import { forge } from "./forge.js"
 import {
   attributeArrayFromAttributeDescription,
   attributeDescriptionFromAttributeArray,
@@ -23,7 +23,6 @@ export const createAuthorityRootCertificate = async ({
     throw new TypeError(`serial must be a number but received ${serialNumber}`)
   }
 
-  const forge = await importNodeForge()
   const { pki } = forge
   const rootCertificateForgeObject = pki.createCertificate()
   const keyPair = pki.rsa.generateKeyPair(2048) // TODO: use async version https://github.com/digitalbazaar/forge#rsa
@@ -86,7 +85,7 @@ export const createAuthorityRootCertificate = async ({
   }
 }
 
-export const requestCertificateFromAuthority = async ({
+export const requestCertificateFromAuthority = ({
   authorityCertificateForgeObject, // could be intermediate or root certificate authority
   auhtorityCertificatePrivateKeyForgeObject,
   serialNumber,
@@ -116,7 +115,6 @@ export const requestCertificateFromAuthority = async ({
     )
   }
 
-  const forge = await importNodeForge()
   const { pki } = forge
   const certificateForgeObject = pki.createCertificate()
   const keyPair = pki.rsa.generateKeyPair(2048) // TODO: use async version https://github.com/digitalbazaar/forge#rsa

package/src/internal/forge.js

@@ -2,6 +2,4 @@ import { createRequire } from "node:module"
 
 const require = createRequire(import.meta.url)
 
-export const importNodeForge = async () => {
-  return require("node-forge")
-}
+export const forge = require("node-forge")

package/src/internal/linux/chrome_linux.js

@@ -1,8 +1,9 @@
 import { existsSync } from "node:fs"
 import { execSync } from "node:child_process"
 import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
-
 import { UNICODE } from "@jsenv/log"
+
+import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
 import {
   nssCommandName,
   detectIfNSSIsInstalled,
@@ -10,8 +11,6 @@ import {
   getCertutilBinPath,
 } from "./nss_linux.js"
 
-import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
-
 export const executeTrustQueryOnChrome = ({
   logger,
   certificateCommonName,

package/src/internal/linux/firefox_linux.js

@@ -3,6 +3,7 @@ import { execSync } from "node:child_process"
 import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 import { UNICODE } from "@jsenv/log"
 
+import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
 import {
   nssCommandName,
   detectIfNSSIsInstalled,
@@ -10,8 +11,6 @@ import {
   getCertutilBinPath,
 } from "./nss_linux.js"
 
-import { executeTrustQueryOnBrowserNSSDB } from "../nssdb_browser.js"
-
 export const executeTrustQueryOnFirefox = ({
   logger,
   certificateCommonName,

package/src/internal/linux/linux_trust_store.js

@@ -4,16 +4,16 @@
 
 import { existsSync } from "node:fs"
 import { fileURLToPath } from "node:url"
-import { createDetailedMessage } from "@jsenv/logger"
 import { readFile } from "@jsenv/filesystem"
-import { UNICODE } from "@jsenv/log"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
 import {
   VERB_CHECK_TRUST,
   VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
   VERB_REMOVE_TRUST,
 } from "../trust_query.js"
+import { exec } from "../exec.js"
 
 const REASON_NEW_AND_TRY_TO_TRUST_DISABLED =
   "certificate is new and tryToTrust is disabled"
@@ -101,7 +101,11 @@ export const executeTrustQueryOnLinux = async ({
   }
 
   logger.info(`${UNICODE.OK} certificate found in linux`)
-  if (verb === VERB_CHECK_TRUST || verb === VERB_ADD_TRUST) {
+  if (
+    verb === VERB_CHECK_TRUST ||
+    verb === VERB_ADD_TRUST ||
+    verb === VERB_ENSURE_TRUST
+  ) {
     return {
       status: "trusted",
       reason: REASON_FOUND_IN_LINUX,

package/src/internal/linux/nss_linux.js

@@ -1,7 +1,7 @@
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
+import { memoize } from "../memoize.js"
+import { exec } from "../exec.js"
 
 export const nssCommandName = "libnss3-tools"
 

package/src/internal/mac/chrome_mac.js

@@ -1,7 +1,7 @@
 import { existsSync } from "node:fs"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
+import { memoize } from "../memoize.js"
 
 const REASON_CHROME_NOT_DETECTED = `Chrome not detected`
 

package/src/internal/mac/mac_keychain.js

@@ -1,14 +1,14 @@
 // https://ss64.com/osx/security.html
 
 import { fileURLToPath } from "node:url"
-import { createDetailedMessage } from "@jsenv/logger"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 
-import { UNICODE } from "@jsenv/log"
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
-import { searchCertificateInCommandOutput } from "@jsenv/https-local/src/internal/search_certificate_in_command_output.js"
+import { exec } from "../exec.js"
+import { searchCertificateInCommandOutput } from "../search_certificate_in_command_output.js"
 import {
   VERB_CHECK_TRUST,
   VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
   VERB_REMOVE_TRUST,
 } from "../trust_query.js"
 
@@ -53,6 +53,35 @@ export const executeTrustQueryOnMacKeychain = async ({
     certificate,
   )
 
+  const removeCert = async () => {
+    // https://ss64.com/osx/security-delete-cert.html
+    const removeTrustedCertCommand = `sudo security delete-certificate -c "${certificateCommonName}"`
+    logger.info(`Removing certificate from mac keychain...`)
+    logger.info(`${UNICODE.COMMAND} ${removeTrustedCertCommand}`)
+    try {
+      await exec(removeTrustedCertCommand)
+      logger.info(`${UNICODE.OK} certificate removed from mac keychain`)
+      return {
+        status: "not_trusted",
+        reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_COMPLETED,
+      }
+    } catch (e) {
+      logger.error(
+        createDetailedMessage(
+          `${UNICODE.FAILURE} failed to remove certificate from mac keychain`,
+          {
+            "error stack": e.stack,
+            "certificate file url": certificateFileUrl,
+          },
+        ),
+      )
+      return {
+        status: "not_trusted",
+        reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_FAILED,
+      }
+    }
+  }
+
   if (!certificateFoundInCommandOutput) {
     logger.info(`${UNICODE.INFO} certificate not found in mac keychain`)
     if (verb === VERB_CHECK_TRUST || verb === VERB_REMOVE_TRUST) {
@@ -61,7 +90,13 @@ export const executeTrustQueryOnMacKeychain = async ({
         reason: REASON_NOT_IN_KEYCHAIN,
       }
     }
-
+    if (verb === VERB_ENSURE_TRUST) {
+      // It seems possible for certificate PEM representation to be different
+      // in mackeychain and in the one we have written on the filesystem
+      // When it happens the certificate is not found but actually exists on mackeychain
+      // and must be deleted first
+      await removeCert()
+    }
     const certificateFilePath = fileURLToPath(certificateFileUrl)
     // https://ss64.com/osx/security-cert.html
     const addTrustedCertCommand = `sudo security add-trusted-cert -d -r trustRoot -k ${systemKeychainPath} "${certificateFilePath}"`
@@ -96,37 +131,16 @@ export const executeTrustQueryOnMacKeychain = async ({
   // but they shouldn't and I couldn't find an API to know if the cert is trusted or not
   // just if it's in the keychain
   logger.info(`${UNICODE.OK} certificate found in mac keychain`)
-  if (verb === VERB_CHECK_TRUST || verb === VERB_ADD_TRUST) {
+  if (
+    verb === VERB_CHECK_TRUST ||
+    verb === VERB_ADD_TRUST ||
+    verb === VERB_ENSURE_TRUST
+  ) {
     return {
       status: "trusted",
       reason: REASON_IN_KEYCHAIN,
     }
   }
 
-  // https://ss64.com/osx/security-delete-cert.html
-  const removeTrustedCertCommand = `sudo security delete-certificate -c "${certificateCommonName}"`
-  logger.info(`Removing certificate from mac keychain...`)
-  logger.info(`${UNICODE.COMMAND} ${removeTrustedCertCommand}`)
-  try {
-    await exec(removeTrustedCertCommand)
-    logger.info(`${UNICODE.OK} certificate removed from mac keychain`)
-    return {
-      status: "not_trusted",
-      reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_COMPLETED,
-    }
-  } catch (e) {
-    logger.error(
-      createDetailedMessage(
-        `${UNICODE.FAILURE} failed to remove certificate from mac keychain`,
-        {
-          "error stack": e.stack,
-          "certificate file url": certificateFileUrl,
-        },
-      ),
-    )
-    return {
-      status: "not_trusted",
-      reason: REASON_REMOVE_FROM_KEYCHAIN_COMMAND_FAILED,
-    }
-  }
+  return removeCert()
 }

package/src/internal/mac/nss_mac.js

@@ -2,9 +2,9 @@ import { fileURLToPath } from "node:url"
 import { assertAndNormalizeDirectoryUrl } from "@jsenv/filesystem"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
-import { commandExists } from "@jsenv/https-local/src/internal/command.js"
+import { memoize } from "../memoize.js"
+import { exec } from "../exec.js"
+import { commandExists } from "../command.js"
 
 export const nssCommandName = "nss"
 

package/src/internal/nssdb_browser.js

@@ -5,14 +5,17 @@
 
 import { existsSync } from "node:fs"
 import { fileURLToPath } from "node:url"
-import { createDetailedMessage } from "@jsenv/logger"
 import { urlToFilename } from "@jsenv/urls"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 import { assertAndNormalizeDirectoryUrl, collectFiles } from "@jsenv/filesystem"
-import { UNICODE } from "@jsenv/log"
 
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
-import { searchCertificateInCommandOutput } from "@jsenv/https-local/src/internal/search_certificate_in_command_output.js"
-import { VERB_CHECK_TRUST, VERB_ADD_TRUST } from "./trust_query.js"
+import { exec } from "./exec.js"
+import { searchCertificateInCommandOutput } from "./search_certificate_in_command_output.js"
+import {
+  VERB_CHECK_TRUST,
+  VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
+} from "./trust_query.js"
 
 export const executeTrustQueryOnBrowserNSSDB = async ({
   logger,
@@ -53,7 +56,7 @@ export const executeTrustQueryOnBrowserNSSDB = async ({
   const nssIsInstalled = await detectIfNSSIsInstalled({ logger })
   const cannotCheckMessage = `${UNICODE.FAILURE} cannot check if certificate is in ${browserName}`
   if (!nssIsInstalled) {
-    if (verb === VERB_ADD_TRUST) {
+    if (verb === VERB_ADD_TRUST || verb === VERB_ENSURE_TRUST) {
       const nssDynamicInstallInfo = await getNSSDynamicInstallInfo({ logger })
       if (!nssDynamicInstallInfo.isInstallable) {
         const reason = `"${nssCommandName}" is not installed and not cannot be installed`
@@ -210,7 +213,7 @@ export const executeTrustQueryOnBrowserNSSDB = async ({
     }
   }
 
-  if (verb === VERB_ADD_TRUST) {
+  if (verb === VERB_ADD_TRUST || verb === VERB_ENSURE_TRUST) {
     if (missingCount === 0 && outdatedCount === 0) {
       logger.info(`${UNICODE.OK} certificate found in ${browserName}`)
       return {

package/src/internal/trust_query.js

@@ -1,5 +1,4 @@
 export const VERB_CHECK_TRUST = "CHECK_TRUST"
-
 export const VERB_ADD_TRUST = "ADD_TRUST"
-
+export const VERB_ENSURE_TRUST = "ENSURE_TRUST"
 export const VERB_REMOVE_TRUST = "REMOVE_TRUST"

package/src/internal/windows/chrome_windows.js

@@ -2,7 +2,7 @@ import { createRequire } from "node:module"
 import { existsSync } from "node:fs"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
+import { memoize } from "../memoize.js"
 
 const require = createRequire(import.meta.url)
 

package/src/internal/windows/firefox_windows.js

@@ -7,7 +7,7 @@ import { createRequire } from "node:module"
 import { existsSync } from "node:fs"
 import { UNICODE } from "@jsenv/log"
 
-import { memoize } from "@jsenv/https-local/src/internal/memoize.js"
+import { memoize } from "../memoize.js"
 
 const require = createRequire(import.meta.url)
 

package/src/internal/windows/windows_certutil.js

@@ -4,13 +4,13 @@
  */
 
 import { fileURLToPath } from "node:url"
-import { createDetailedMessage } from "@jsenv/logger"
-import { UNICODE } from "@jsenv/log"
+import { createDetailedMessage, UNICODE } from "@jsenv/log"
 
-import { exec } from "@jsenv/https-local/src/internal/exec.js"
+import { exec } from "../exec.js"
 import {
   VERB_CHECK_TRUST,
   VERB_ADD_TRUST,
+  VERB_ENSURE_TRUST,
   VERB_REMOVE_TRUST,
 } from "../trust_query.js"
 
@@ -94,7 +94,11 @@ export const executeTrustQueryOnWindows = async ({
   }
 
   logger.info(`${UNICODE.OK} certificate found in windows`)
-  if (verb === VERB_CHECK_TRUST || verb === VERB_ADD_TRUST) {
+  if (
+    verb === VERB_CHECK_TRUST ||
+    verb === VERB_ADD_TRUST ||
+    verb === VERB_ENSURE_TRUST
+  ) {
     return {
       status: "trusted",
       reason: REASON_FOUND_IN_WINDOWS,

package/{main.js → src/main.js}

@@ -7,13 +7,13 @@
 export {
   installCertificateAuthority,
   uninstallCertificateAuthority,
-} from "./src/certificate_authority.js"
+} from "./certificate_authority.js"
 
 export {
   createValidityDurationOfXYears,
   createValidityDurationOfXDays,
-} from "./src/validity_duration.js"
+} from "./validity_duration.js"
 
-export { verifyHostsFile } from "./src/hosts_file_verif.js"
+export { verifyHostsFile } from "./hosts_file_verif.js"
 
-export { requestCertificateForLocalhost } from "./src/certificate_for_localhost.js"
+export { requestCertificate } from "./certificate_request.js"

package/src/validity_duration.js

@@ -3,7 +3,6 @@ const MILLISECONDS_PER_YEAR = MILLISECONDS_PER_DAY * 365
 
 export const verifyRootCertificateValidityDuration = (validityDurationInMs) => {
   const durationInYears = validityDurationInMs / MILLISECONDS_PER_YEAR
-
   if (durationInYears > 25) {
     return {
       ok: false,
@@ -13,26 +12,22 @@ export const verifyRootCertificateValidityDuration = (validityDurationInMs) => {
         "https://serverfault.com/questions/847190/in-theory-could-a-ca-make-a-certificate-that-is-valid-for-arbitrarily-long",
     }
   }
-
   return { ok: true }
 }
 
 export const verifyServerCertificateValidityDuration = (
-  serverCertificateValidityDurationInMs,
+  validityDurationInMs,
 ) => {
-  const serverCertificateValidityDurationInDays =
-    serverCertificateValidityDurationInMs / MILLISECONDS_PER_DAY
-
-  if (serverCertificateValidityDurationInDays > 397) {
+  const validityDurationInDays = validityDurationInMs / MILLISECONDS_PER_DAY
+  if (validityDurationInDays > 397) {
     return {
       ok: false,
       maxAllowedValue: MILLISECONDS_PER_DAY * 397,
-      message: `certificate validity duration of ${serverCertificateValidityDurationInMs} days is too much, using the max recommended duration: 397 days`,
+      message: `certificate validity duration of ${validityDurationInMs} days is too much, using the max recommended duration: 397 days`,
       details:
         "https://www.globalsign.com/en/blog/maximum-ssltls-certificate-validity-now-one-year",
     }
   }
-
   return { ok: true }
 }