npm - @rushstack/debug-certificate-manager - Versions diffs - 1.3.8 → 1.3.10 - Mend

@rushstack/debug-certificate-manager 1.3.8 → 1.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/LICENSE +24 -24
package/README.md +50 -50
package/dist/tsdoc-metadata.json +1 -1
package/lib/CertificateManager.js.map +1 -1
package/lib/CertificateStore.js.map +1 -1
package/lib/index.js.map +1 -1
package/lib/runCommand.js.map +1 -1
package/package.json +3 -3

package/LICENSE CHANGED Viewed

@@ -1,24 +1,24 @@
-@rushstack/debug-certificate-manager
-Copyright (c) Microsoft Corporation. All rights reserved.
-MIT License
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+@rushstack/debug-certificate-manager
+Copyright (c) Microsoft Corporation. All rights reserved.
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/README.md CHANGED Viewed

@@ -1,50 +1,50 @@
-# @rushstack/debug-certificate-manager
-## Installation
-`npm install @rushstack/debug-certificate-manager --save-dev`
-## Overview
-This library contains utilities for managing debug certificates in a development server environment. It provides functions to generate, self-sign, trust, and untrust .pem certificates for both Windows and Mac OS. It will also generate self-signed certificates on other OS's, but the user must manually trust and untrust them.
-[![npm version](https://badge.fury.io/js/%40rushstack%2Fdebug-certificate-manager.svg)](https://badge.fury.io/js/%40rushstack%2Fdebug-certificate-manager)
-## `CertificateStore`
-The `CertificateStore` class provides accessors and mutators for the debug certificate data stored in `.rushstack`.
-Retrive certificate data from the store:
-```typescript
-const certificateStore: CertificateStore = new CertificateStore();
-return {
-  pemCertificate: certificateStore.certificateData,
-  pemKey: certificateStore.keyData
-};
-```
-Set data using the same property names `certificateData: string | undefined` and `keyData: string | undefined`.
-## `ensureCertificate`
-Get a development certificate from the store, or optionally, generate a new one and trust it if one does not exist in the store. Returns a certificate object following the `ICertificate` interface.
-```typescript
-export interface ICertificate {
-  pemCertificate: string | undefined;
-  pemKey: string | undefined;
-}
-```
-## `untrustCertificate`
-Attempts to locate a previously generated debug certificate and untrust it. Returns a `boolean` value to denote success.
-## Links
-- [CHANGELOG.md](
-  https://github.com/microsoft/rushstack/blob/main/libraries/debug-certificate-manager/CHANGELOG.md) - Find
-  out what's new in the latest version
-- [API Reference](https://rushstack.io/pages/api/debug-certificate-manager/)
-**@rushstack/debug-certificate-manager** is part of the [Rush Stack](https://rushstack.io/) family of projects.
+# @rushstack/debug-certificate-manager
+## Installation
+`npm install @rushstack/debug-certificate-manager --save-dev`
+## Overview
+This library contains utilities for managing debug certificates in a development server environment. It provides functions to generate, self-sign, trust, and untrust .pem certificates for both Windows and Mac OS. It will also generate self-signed certificates on other OS's, but the user must manually trust and untrust them.
+[![npm version](https://badge.fury.io/js/%40rushstack%2Fdebug-certificate-manager.svg)](https://badge.fury.io/js/%40rushstack%2Fdebug-certificate-manager)
+## `CertificateStore`
+The `CertificateStore` class provides accessors and mutators for the debug certificate data stored in `.rushstack`.
+Retrive certificate data from the store:
+```typescript
+const certificateStore: CertificateStore = new CertificateStore();
+return {
+  pemCertificate: certificateStore.certificateData,
+  pemKey: certificateStore.keyData
+};
+```
+Set data using the same property names `certificateData: string | undefined` and `keyData: string | undefined`.
+## `ensureCertificate`
+Get a development certificate from the store, or optionally, generate a new one and trust it if one does not exist in the store. Returns a certificate object following the `ICertificate` interface.
+```typescript
+export interface ICertificate {
+  pemCertificate: string | undefined;
+  pemKey: string | undefined;
+}
+```
+## `untrustCertificate`
+Attempts to locate a previously generated debug certificate and untrust it. Returns a `boolean` value to denote success.
+## Links
+- [CHANGELOG.md](
+  https://github.com/microsoft/rushstack/blob/main/libraries/debug-certificate-manager/CHANGELOG.md) - Find
+  out what's new in the latest version
+- [API Reference](https://rushstack.io/pages/api/debug-certificate-manager/)
+**@rushstack/debug-certificate-manager** is part of the [Rush Stack](https://rushstack.io/) family of projects.

package/dist/tsdoc-metadata.json CHANGED Viewed

@@ -5,7 +5,7 @@
   "toolPackages": [
     {
       "packageName": "@microsoft/api-extractor",
-      "packageVersion": "7.37.2"
+      "packageVersion": "7.38.0"
     }
   ]
 }

package/lib/CertificateManager.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"CertificateManager.js","sourceRoot":"","sources":["../src/CertificateManager.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;;;;;;;;;;;;;;;;;;;;;;;;AAG3D,2CAA6B;AAC7B,2BAAyB;AACzB,oEAA0E;AAE1E,6CAAuE;AACvE,yDAAsD;AAEtD,MAAM,gBAAgB,GAAW,kCAAkC,CAAC;AACpE,MAAM,iBAAiB,GAAW,kCAAkC,CAAC;AACrE,MAAM,aAAa,GAAW,mDAAmD,CAAC;AAClF,MAAM,YAAY,GAAW,oCAAoC,CAAC;AAClE,MAAM,iBAAiB,GAAW,UAAU,CAAC;AAC7C,MAAM,WAAW,GAAW,yCAAyC,CAAC;AACtE,MAAM,uBAAuB,GAAW,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE5D;;;GAGG;AACU,QAAA,iCAAiC,GAA0B,CAAC,WAAW,CAAC,CAAC;AAEtF;;;GAGG;AACU,QAAA,wCAAwC,GAA0B,CAAC,WAAW,CAAC,CAAC;AAE7F,MAAM,qCAAqC,GACzC,uCAAuC,CAAC;AAiF1C,MAAM,6BAA6B,GAAQ,GAAG,CAAC;AAE/C;;;;GAIG;AACH,MAAa,kBAAkB;IAG7B;QACE,IAAI,CAAC,iBAAiB,GAAG,IAAI,mCAAgB,EAAE,CAAC;IAClD,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,sBAAsB,CACjC,yBAAkC,EAClC,QAAmB,EACnB,iBAAiD;QAEjD,MAAM,mBAAmB,GACvB,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;QAEzC,MAAM,EAAE,eAAe,EAAE,YAAY,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAEvF,IAAI,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,KAAK,GAAG,EAAE;YAC9D,yFAAyF;YACzF,QAAQ,CAAC,SAAS,CAChB,8BAA8B,qCAAqC,uCAAuC,CAC3G,CAAC;YACF,yBAAyB,GAAG,KAAK,CAAC;SACnC;QAED,IAAI,YAAY,IAAI,WAAW,EAAE;YAC/B,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,MAAM,KAAK,GAAgC,wDAAa,YAAY,GAAC,CAAC;YACtE,MAAM,WAAW,GAAoB,KAAK,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;YAChF,MAAM,iBAAiB,GAAyC,WAAW,CAAC,YAAY,CACtF,gBAAgB,CACW,CAAC;YAC9B,IAAI,CAAC,iBAAiB,EAAE;gBACtB,QAAQ,CAAC,IAAI,CACX,qEAAqE;oBACnE,uEAAuE,CAC1E,CAAC;aACH;iBAAM;gBACL,MAAM,mBAAmB,GAAgB,IAAI,GAAG,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;gBACtF,KAAK,MAAM,OAAO,IAAI,iBAAiB,CAAC,QAAQ,EAAE;oBAChD,mBAAmB,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;iBAC/E;gBACD,IAAI,mBAAmB,CAAC,IAAI,EAAE;oBAC5B,QAAQ,CAAC,IAAI,CACX,sGAAsG;wBACpG,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAC5E,CAAC;iBACH;aACF;YAED,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC;YACrD,MAAM,GAAG,GAAS,IAAI,IAAI,EAAE,CAAC;YAC7B,IAAI,GAAG,GAAG,SAAS,EAAE;gBACnB,QAAQ,CAAC,IAAI,CACX,+EAA+E,SAAS,qBAAqB,GAAG,GAAG,CACpH,CAAC;aACH;YAED,IAAI,GAAG,GAAG,QAAQ,EAAE;gBAClB,QAAQ,CAAC,IAAI,CACX,gEAAgE,QAAQ,qBAAqB,GAAG,GAAG,CACpG,CAAC;aACH;YAED,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC;YACtE,IAAI,QAAQ,GAAG,GAAG,EAAE;gBAClB,QAAQ,CAAC,IAAI,CACX,0DAA0D,QAAQ,8BAA8B,GAAG,IAAI;oBACrG,yCAAyC,CAC5C,CAAC;aACH;YAED,IACE,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE;gBACxC,mBAAmB,CAAC,cAAc,GAAG,uBAAuB,EAC5D;gBACA,QAAQ,CAAC,IAAI,CACX,mEAAmE;oBACjE,QAAQ,mBAAmB,CAAC,cAAc,QAAQ,CACrD,CAAC;aACH;YAED,MAAM,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;YAErD,IAAI,CAAC,iBAAiB,EAAE;gBACtB,QAAQ,CAAC,IAAI,CACX,iFAAiF;oBAC/E,uEAAuE,CAC1E,CAAC;aACH;YAED,MAAM,SAAS,GAAY,MAAM,IAAI,CAAC,kCAAkC,CAAC,QAAQ,CAAC,CAAC;YACnF,IAAI,CAAC,SAAS,EAAE;gBACd,QAAQ,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;aAChG;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvB,IAAI,yBAAyB,EAAE;oBAC7B,QAAQ,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;oBAC/E,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC9C,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;oBAC7C,OAAO,MAAM,IAAI,CAAC,+BAA+B,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;iBAClF;qBAAM;oBACL,QAAQ,CAAC,IAAI,CACX,6DAA6D;wBAC3D,wFAAwF,CAC3F,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;iBACrC;aACF;iBAAM;gBACL,OAAO;oBACL,gBAAgB,EAAE,iBAAiB;oBACnC,cAAc,EAAE,YAAY;oBAC5B,MAAM,EAAE,WAAW;oBACnB,eAAe,EAAE,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACxD,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAC5C;iBACF,CAAC;aACH;SACF;aAAM,IAAI,yBAAyB,EAAE;YACpC,OAAO,MAAM,IAAI,CAAC,+BAA+B,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;SAClF;aAAM;YACL,MAAM,IAAI,KAAK,CACb,oFAAoF;gBAClF,wFAAwF,CAC3F,CAAC;SACH;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,uBAAuB,CAAC,QAAmB;QACtD,IAAI,CAAC,iBAAiB,CAAC,eAAe,GAAG,SAAS,CAAC;QACnD,IAAI,CAAC,iBAAiB,CAAC,OAAO,GAAG,SAAS,CAAC;QAE3C,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,MAAM,gBAAgB,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;oBACrE,OAAO;oBACP,WAAW;oBACX,MAAM;oBACN,gBAAgB;iBACjB,CAAC,CAAC;gBAEH,IAAI,gBAAgB,CAAC,IAAI,KAAK,CAAC,EAAE;oBAC/B,QAAQ,CAAC,cAAc,CAAC,UAAU,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBACvE,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CAAC,iDAAiD,CAAC,CAAC;oBAC7E,OAAO,IAAI,CAAC;iBACb;YAEH,KAAK,QAAQ;gBACX,QAAQ,CAAC,gBAAgB,CAAC,8DAA8D,CAAC,CAAC;gBAE1F,MAAM,wBAAwB,GAAe,MAAM,IAAA,qBAAQ,EAAC,UAAU,EAAE;oBACtE,kBAAkB;oBAClB,IAAI;oBACJ,WAAW;oBACX,IAAI;oBACJ,IAAI;oBACJ,YAAY;iBACb,CAAC,CAAC;gBACH,IAAI,wBAAwB,CAAC,IAAI,KAAK,CAAC,EAAE;oBACvC,QAAQ,CAAC,cAAc,CACrB,8CAA8C,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC1F,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;gBAED,MAAM,OAAO,GAAuB,IAAI,CAAC,kCAAkC,CACzE,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAG,CAAC,CAC1C,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,QAAQ,CAAC,cAAc,CAAC,6CAA6C,CAAC,CAAC;oBACvE,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CAAC,6CAA6C,OAAO,EAAE,CAAC,CAAC;iBACnF;gBAED,MAAM,gBAAgB,GAAe,MAAM,IAAA,yBAAY,EAAC,UAAU,EAAE;oBAClE,oBAAoB;oBACpB,IAAI;oBACJ,OAAO;oBACP,YAAY;iBACb,CAAC,CAAC;gBAEH,IAAI,gBAAgB,CAAC,IAAI,KAAK,CAAC,EAAE;oBAC/B,QAAQ,CAAC,gBAAgB,CAAC,iDAAiD,CAAC,CAAC;oBAC7E,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC3D,OAAO,KAAK,CAAC;iBACd;YAEH;gBACE,0DAA0D;gBAC1D,QAAQ,CAAC,SAAS,CAChB,6FAA6F;oBAC3F,+FAA+F;oBAC/F,oCAAoC,IAAI,CAAC,iBAAiB,CAAC,eAAe,SAAS;oBACnF,kCAAkC,gBAAgB,IAAI,CACzD,CAAC;gBACF,OAAO,KAAK,CAAC;SAChB;IACH,CAAC;IAEO,KAAK,CAAC,yBAAyB,CACrC,cAAsB,EACtB,KAAkC;QAElC,MAAM,IAAI,GAAgB,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAoB,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QACnE,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEvC,WAAW,CAAC,YAAY,GAAG,gBAAgB,CAAC;QAE5C,MAAM,SAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAS,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,EAAE,GAAG,cAAc,CAAC,CAAC;QAC7D,WAAW,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3C,WAAW,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzC,MAAM,KAAK,GAA2B;YACpC;gBACE,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;QAEF,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE7B,MAAM,QAAQ,GAAwB;YACpC;gBACE,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;QAEF,WAAW,CAAC,aAAa,CAAC;YACxB;gBACE,IAAI,EAAE,kBAAkB;gBACxB,EAAE,EAAE,IAAI;gBACR,iBAAiB,EAAE,CAAC;gBACpB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,QAAQ;gBACR,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,eAAe;gBACrB,QAAQ;gBACR,QAAQ,EAAE,KAAK;aAChB;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,IAAI;gBACjB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,aAAa;gBACnB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,cAAc;gBACpB,KAAK,EAAE,aAAa;aACrB;SACF,CAAC,CAAC;QAEH,wBAAwB;QACxB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAE5D,OAAO;YACL,WAAW;YACX,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,kCAAkC,CAC9C,OAAgD;QAEhD,MAAM,KAAK,GAAgC,wDAAa,YAAY,GAAC,CAAC;QACtE,MAAM,IAAI,GAAgB,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAoB,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAEnE,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACvC,WAAW,CAAC,YAAY,GAAG,iBAAiB,CAAC;QAE7C,MAAM,EAAE,eAAe,EAAE,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;QAE1G,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,yBAAyB,CACnG,cAAc,EACd,KAAK,CACN,CAAC;QAEF,MAAM,SAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAS,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,EAAE,GAAG,cAAc,CAAC,CAAC;QAC7D,WAAW,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3C,WAAW,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzC,MAAM,YAAY,GAA2B;YAC3C;gBACE,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC;aACvB;SACF,CAAC;QACF,MAAM,WAAW,GAA2B,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC;QAE7E,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACrC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAEnC,MAAM,eAAe,GAAe;YAClC,GAAG,YAAY,CAAC,GAAG,CAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBACjD,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,WAAW;aACnB,CAAC,CAAC;YACH,GAAG,kBAAkB,CAAC,GAAG,CAAoB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBACpD,IAAI,EAAE,CAAC;gBACP,EAAE;aACH,CAAC,CAAC;SACJ,CAAC;QAEF,MAAM,cAAc,GAAwB;YAC1C;gBACE,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;QAEF,WAAW,CAAC,aAAa,CAAC;YACxB;gBACE,IAAI,EAAE,kBAAkB;gBACxB,EAAE,EAAE,KAAK;gBACT,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,eAAe;gBACzB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,cAAc;gBACxB,QAAQ,EAAE,KAAK;aAChB;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,gBAAgB,EAAE,IAAI;gBACtB,eAAe,EAAE,IAAI;gBACrB,gBAAgB,EAAE,IAAI;gBACtB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,aAAa;gBACnB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,cAAc;gBACpB,KAAK,EAAE,aAAa;aACrB;SACF,CAAC,CAAC;QAEH,2BAA2B;QAC3B,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAEzD,qCAAqC;QACrC,MAAM,KAAK,GAAW,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAChE,MAAM,GAAG,GAAW,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAW,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAElE,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,cAAc,EAAE,GAAG;YACnB,MAAM,EAAE,MAAM;YACd,eAAe,EAAE,OAAO,CAAC,eAAe;SACzC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,eAAuB,EAAE,QAAmB;QAClF,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,QAAQ,CAAC,SAAS,CAChB,uGAAuG;oBACrG,iFAAiF;oBACjF,uGAAuG,CAC1G,CAAC;gBAEF,MAAM,cAAc,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;oBACnE,OAAO;oBACP,WAAW;oBACX,MAAM;oBACN,eAAe;iBAChB,CAAC,CAAC;gBAEH,IAAI,cAAc,CAAC,IAAI,KAAK,CAAC,EAAE;oBAC7B,QAAQ,CAAC,cAAc,CAAC,UAAU,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;oBAEtE,MAAM,UAAU,GAAa,cAAc,CAAC,MAAM;yBAC/C,QAAQ,EAAE;yBACV,KAAK,CAAC,QAAG,CAAC;yBACV,GAAG,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBAEtC,+EAA+E;oBAC/E,IACE,cAAc,CAAC,IAAI,KAAK,UAAU;wBAClC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,yCAAyC,CAAC,GAAG,CAAC,EACxF;wBACA,QAAQ,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;qBACpD;yBAAM;wBACL,QAAQ,CAAC,cAAc,CAAC,iDAAiD,CAAC,CAAC;qBAC5E;oBAED,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CAAC,+CAA+C,CAAC,CAAC;oBAE3E,OAAO,IAAI,CAAC;iBACb;YAEH,KAAK,QAAQ;gBACX,QAAQ,CAAC,SAAS,CAChB,uGAAuG;oBACrG,iFAAiF;oBACjF,gGAAgG;oBAChG,8BAA8B,CACjC,CAAC;gBAEF,MAAM,MAAM,GAAe,MAAM,IAAA,yBAAY,EAAC,UAAU,EAAE;oBACxD,kBAAkB;oBAClB,IAAI;oBACJ,IAAI;oBACJ,WAAW;oBACX,IAAI;oBACJ,YAAY;oBACZ,eAAe;iBAChB,CAAC,CAAC;gBAEH,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE;oBACrB,QAAQ,CAAC,gBAAgB,CAAC,+CAA+C,CAAC,CAAC;oBAC3E,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,IACE,MAAM,CAAC,MAAM,CAAC,IAAI,CAChB,CAAC,KAAa,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAClF,EACD;wBACA,QAAQ,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;wBACnD,OAAO,KAAK,CAAC;qBACd;yBAAM;wBACL,QAAQ,CAAC,cAAc,CACrB,8DAA8D,MAAM,CAAC,IAAI,IAAI;4BAC3E,UAAU,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACtC,CAAC;wBACF,OAAO,KAAK,CAAC;qBACd;iBACF;YAEH;gBACE,wEAAwE;gBACxE,QAAQ,CAAC,SAAS,CAChB,2FAA2F;oBACzF,6FAA6F;oBAC7F,+BAA+B,eAAe,IAAI,CACrD,CAAC;gBACF,OAAO,IAAI,CAAC;SACf;IACH,CAAC;IAEO,KAAK,CAAC,kCAAkC,CAAC,QAAmB;QAClE,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,MAAM,oBAAoB,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;oBACzE,OAAO;oBACP,cAAc;oBACd,MAAM;oBACN,gBAAgB;iBACjB,CAAC,CAAC;gBAEH,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC,EAAE;oBACnC,QAAQ,CAAC,gBAAgB,CACvB,0EAA0E,EAC1E,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CACtC,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CACvB,uEAAuE,EACvE,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CACtC,CAAC;oBACF,OAAO,IAAI,CAAC;iBACb;YAEH,KAAK,QAAQ;gBACX,QAAQ,CAAC,gBAAgB,CAAC,8DAA8D,CAAC,CAAC;gBAE1F,MAAM,wBAAwB,GAAe,MAAM,IAAA,qBAAQ,EAAC,UAAU,EAAE;oBACtE,kBAAkB;oBAClB,IAAI;oBACJ,WAAW;oBACX,IAAI;oBACJ,IAAI;oBACJ,YAAY;iBACb,CAAC,CAAC;gBAEH,IAAI,wBAAwB,CAAC,IAAI,KAAK,CAAC,EAAE;oBACvC,QAAQ,CAAC,gBAAgB,CACvB,iFAAiF,EACjF,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAC1C,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;gBAED,MAAM,OAAO,GAAuB,IAAI,CAAC,kCAAkC,CACzE,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAG,CAAC,CAC1C,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,QAAQ,CAAC,gBAAgB,CACvB,mFAAmF,EACnF,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAC1C,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;gBAED,QAAQ,CAAC,gBAAgB,CAAC,oDAAoD,CAAC,CAAC;gBAChF,OAAO,IAAI,CAAC;YAEd;gBACE,oEAAoE;gBACpE,QAAQ,CAAC,gBAAgB,CACvB,sGAAsG;oBACpG,qFAAqF;oBACrF,oCAAoC,IAAI,CAAC,iBAAiB,CAAC,eAAe,KAAK;oBAC/E,sCAAsC,gBAAgB,IAAI,CAC7D,CAAC;gBACF,wDAAwD;gBACxD,OAAO,IAAI,CAAC;SACf;IACH,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,eAAuB,EAAE,QAAmB;QACjF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,QAAQ,GAAW,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACvD,MAAM,QAAQ,GAAW,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;YACvF,MAAM,gBAAgB,GAAW,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAExE,MAAM,gBAAgB,GAAW;gBAC/B,WAAW;gBACX,4BAA4B;gBAC5B,cAAc;gBACd,eAAe,aAAa,GAAG;gBAC/B,EAAE;aACH,CAAC,IAAI,CAAC,QAAG,CAAC,CAAC;YAEZ,MAAM,8BAAU,CAAC,cAAc,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;YAEpE,MAAM,iBAAiB,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;gBACtE,cAAc;gBACd,OAAO;gBACP,MAAM;gBACN,gBAAgB;gBAChB,gBAAgB;aACjB,CAAC,CAAC;YAEH,IAAI,iBAAiB,CAAC,IAAI,KAAK,CAAC,EAAE;gBAChC,QAAQ,CAAC,gBAAgB,CAAC,mBAAmB,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAClF,QAAQ,CAAC,gBAAgB,CAAC,aAAa,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC5E,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,QAAQ,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,CAAC;gBAChE,OAAO,IAAI,CAAC;aACb;SACF;aAAM;YACL,2CAA2C;YAC3C,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAEO,KAAK,CAAC,+BAA+B,CAC3C,OAAgD,EAChD,QAAmB;QAEnB,MAAM,gBAAgB,GAAqB,IAAI,CAAC,iBAAiB,CAAC;QAClE,MAAM,oBAAoB,GAAiB,MAAM,IAAI,CAAC,kCAAkC,CAAC,OAAO,CAAC,CAAC;QAElG,MAAM,eAAe,GAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QACtD,MAAM,WAAW,GAAW,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,mBAAmB,GAAW,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,eAAe,MAAM,CAAC,CAAC;QACrF,MAAM,eAAe,GAAuB,oBAAoB,CAAC,gBAAgB,CAAC;QAClF,IAAI,eAAe,EAAE;YACnB,MAAM,8BAAU,CAAC,cAAc,CAAC,mBAAmB,EAAE,eAAe,EAAE;gBACpE,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAC;SACJ;QAED,MAAM,sBAAsB,GAAY,MAAM,IAAI,CAAC,yBAAyB,CAC1E,mBAAmB,EACnB,QAAQ,CACT,CAAC;QAEF,IAAI,eAA8C,CAAC;QACnD,IAAI,sBAAsB,EAAE;YAC1B,gBAAgB,CAAC,iBAAiB,GAAG,oBAAoB,CAAC,gBAAgB,CAAC;YAC3E,gBAAgB,CAAC,eAAe,GAAG,oBAAoB,CAAC,cAAc,CAAC;YACvE,gBAAgB,CAAC,OAAO,GAAG,oBAAoB,CAAC,MAAM,CAAC;YACvD,eAAe,GAAG,oBAAoB,CAAC,eAAe,CAAC;YAEvD,qDAAqD;YACrD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,wBAAwB,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC,EAAE;gBACzE,QAAQ,CAAC,gBAAgB,CAAC,gDAAgD,CAAC,CAAC;aAC7E;SACF;aAAM;YACL,mDAAmD;YACnD,gBAAgB,CAAC,iBAAiB,GAAG,SAAS,CAAC;YAC/C,gBAAgB,CAAC,eAAe,GAAG,SAAS,CAAC;YAC7C,gBAAgB,CAAC,OAAO,GAAG,SAAS,CAAC;SACtC;QAED,MAAM,8BAAU,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC;QAEtD,OAAO;YACL,gBAAgB,EAAE,gBAAgB,CAAC,iBAAiB;YACpD,cAAc,EAAE,gBAAgB,CAAC,eAAe;YAChD,MAAM,EAAE,gBAAgB,CAAC,OAAO;YAChC,eAAe;SAChB,CAAC;IACJ,CAAC;IAEO,kCAAkC,CAAC,oBAA4B;QACrE,IAAI,OAAO,GAAuB,SAAS,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,oBAAoB,CAAC,KAAK,CAAC,QAAG,CAAC,EAAE;YAClD,wGAAwG;YACxG,MAAM,YAAY,GAAoB,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACvE,IAAI,YAAY,EAAE;gBAChB,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;aAC3B;YAED,MAAM,SAAS,GAAoB,IAAI,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChF,IAAI,SAAS,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,EAAE;gBACxE,OAAO,OAAO,CAAC;aAChB;SACF;IACH,CAAC;CACF;AArpBD,gDAqpBC;AAED,SAAS,mBAAmB,CAC1B,OAAkD;;IAElD,MAAM,YAAY,GAAsC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,eAAe,CAAC;IACjF,MAAM,kBAAkB,GAAsC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC1F,OAAO;QACL,eAAe,EAAE,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,MAAM,EAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,yCAAiC;QACxF,kBAAkB,EAAE,CAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,MAAM;YAC5C,CAAC,CAAC,kBAAkB;YACpB,CAAC,CAAC,gDAAwC;QAC5C,cAAc,EAAE,IAAI,CAAC,GAAG,CACtB,6BAA6B,EAC7B,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,mCAAI,6BAA6B,CACzD;KACF,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,OAAiB;IACpC,OAAO,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;AAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport type { pki } from 'node-forge';\nimport * as path from 'path';\nimport { EOL } from 'os';\nimport { FileSystem, type ITerminal } from '@rushstack/node-core-library';\n\nimport { runSudoAsync, type IRunResult, runAsync } from './runCommand';\nimport { CertificateStore } from './CertificateStore';\n\nconst CA_SERIAL_NUMBER: string = '731c321744e34650a202e3ef91c3c1b0';\nconst TLS_SERIAL_NUMBER: string = '731c321744e34650a202e3ef00000001';\nconst FRIENDLY_NAME: string = 'debug-certificate-manager Development Certificate';\nconst MAC_KEYCHAIN: string = '/Library/Keychains/System.keychain';\nconst CERTUTIL_EXE_NAME: string = 'certutil';\nconst CA_ALT_NAME: string = 'rushstack-certificate-manager.localhost';\nconst ONE_DAY_IN_MILLISECONDS: number = 24 * 60 * 60 * 1000;\n\n/*\n The set of names the certificate should be generated for, by default.\n * @public\n /\nexport const DEFAULT_CERTIFICATE_SUBJECT_NAMES: ReadonlyArray<string> = ['localhost'];\n\n/\n The set of ip addresses the certificate should be generated for, by default.\n * @public\n /\nexport const DEFAULT_CERTIFICATE_SUBJECT_IP_ADDRESSES: ReadonlyArray<string> = ['127.0.0.1'];\n\nconst DISABLE_CERT_GENERATION_VARIABLE_NAME: 'RUSHSTACK_DISABLE_DEV_CERT_GENERATION' =\n 'RUSHSTACK_DISABLE_DEV_CERT_GENERATION';\n\n/\n The interface for a debug certificate instance\n \n @public\n /\nexport interface ICertificate {\n /\n Generated pem Certificate Authority certificate contents\n /\n pemCaCertificate: string \| undefined;\n\n /\n Generated pem TLS Server certificate contents\n /\n pemCertificate: string \| undefined;\n\n /\n Private key for the TLS server certificate, used to sign TLS communications\n /\n pemKey: string \| undefined;\n\n /\n The subject names the TLS server certificate is valid for\n /\n subjectAltNames: readonly string[] \| undefined;\n}\n\ninterface ICaCertificate {\n /\n Certificate\n /\n certificate: pki.Certificate;\n\n /\n Private key for the CA cert. Delete after signing the TLS cert.\n /\n privateKey: pki.PrivateKey;\n}\n\ninterface ISubjectAltNameExtension {\n altNames: readonly IAltName[];\n}\n\n/\n Fields for a Subject Alternative Name of type DNS Name\n /\ninterface IDnsAltName {\n type: 2;\n value: string;\n}\n/\n Fields for a Subject Alternative Name of type IP Address\n * `node-forge` requires the field name to be \"ip\" instead of \"value\", likely due to subtle encoding differences.\n /\ninterface IIPAddressAltName {\n type: 7;\n ip: string;\n}\ntype IAltName = IDnsAltName \| IIPAddressAltName;\n\n/\n Options to use if needing to generate a new certificate\n * @public\n /\nexport interface ICertificateGenerationOptions {\n /\n The DNS Subject names to issue the certificate for. Defaults to ['localhost'].\n /\n subjectAltNames?: ReadonlyArray<string>;\n /\n The IP Address Subject names to issue the certificate for. Defaults to ['127.0.0.1'].\n /\n subjectIPAddresses?: ReadonlyArray<string>;\n /\n How many days the certificate should be valid for.\n /\n validityInDays?: number;\n}\n\nconst MAX_CERTIFICATE_VALIDITY_DAYS: 365 = 365;\n\n/\n A utility class to handle generating, trusting, and untrustring a debug certificate.\n * Contains two public methods to `ensureCertificate` and `untrustCertificate`.\n * @public\n /\nexport class CertificateManager {\n private _certificateStore: CertificateStore;\n\n public constructor() {\n this._certificateStore = new CertificateStore();\n }\n\n /\n Get a development certificate from the store, or optionally, generate a new one\n * and trust it if one doesn't exist in the store.\n \n @public\n /\n public async ensureCertificateAsync(\n canGenerateNewCertificate: boolean,\n terminal: ITerminal,\n generationOptions?: ICertificateGenerationOptions\n ): Promise<ICertificate> {\n const optionsWithDefaults: Required<ICertificateGenerationOptions> =\n applyDefaultOptions(generationOptions);\n\n const { certificateData: existingCert, keyData: existingKey } = this._certificateStore;\n\n if (process.env[DISABLE_CERT_GENERATION_VARIABLE_NAME] === '1') {\n // Allow the environment (e.g. GitHub codespaces) to forcibly disable dev cert generation\n terminal.writeLine(\n `Found environment variable ${DISABLE_CERT_GENERATION_VARIABLE_NAME}=1, disabling certificate generation.`\n );\n canGenerateNewCertificate = false;\n }\n\n if (existingCert && existingKey) {\n const messages: string[] = [];\n\n const forge: typeof import('node-forge') = await import('node-forge');\n const certificate: pki.Certificate = forge.pki.certificateFromPem(existingCert);\n const altNamesExtension: ISubjectAltNameExtension \| undefined = certificate.getExtension(\n 'subjectAltName'\n ) as ISubjectAltNameExtension;\n if (!altNamesExtension) {\n messages.push(\n 'The existing development certificate is missing the subjectAltName ' +\n 'property and will not work with the latest versions of some browsers.'\n );\n } else {\n const missingSubjectNames: Set<string> = new Set(optionsWithDefaults.subjectAltNames);\n for (const altName of altNamesExtension.altNames) {\n missingSubjectNames.delete(isIPAddress(altName) ? altName.ip : altName.value);\n }\n if (missingSubjectNames.size) {\n messages.push(\n `The existing development certificate does not include the following expected subjectAltName values: ` +\n Array.from(missingSubjectNames, (name: string) => `\"${name}\"`).join(', ')\n );\n }\n }\n\n const { notBefore, notAfter } = certificate.validity;\n const now: Date = new Date();\n if (now < notBefore) {\n messages.push(\n `The existing development certificate's validity period does not start until ${notBefore}. It is currently ${now}.`\n );\n }\n\n if (now > notAfter) {\n messages.push(\n `The existing development certificate's validity period ended ${notAfter}. It is currently ${now}.`\n );\n }\n\n now.setUTCDate(now.getUTCDate() + optionsWithDefaults.validityInDays);\n if (notAfter > now) {\n messages.push(\n `The existing development certificate's expiration date ${notAfter} exceeds the allowed limit ${now}. ` +\n `This will be rejected by many browsers.`\n );\n }\n\n if (\n notBefore.getTime() - notAfter.getTime() >\n optionsWithDefaults.validityInDays ONE_DAY_IN_MILLISECONDS\n ) {\n messages.push(\n \"The existing development certificate's validity period is longer \" +\n `than ${optionsWithDefaults.validityInDays} days.`\n );\n }\n\n const { caCertificateData } = this._certificateStore;\n\n if (!caCertificateData) {\n messages.push(\n 'The existing development certificate is missing a separate CA cert as the root ' +\n 'of trust and will not work with the latest versions of some browsers.'\n );\n }\n\n const isTrusted: boolean = await this._detectIfCertificateIsTrustedAsync(terminal);\n if (!isTrusted) {\n messages.push('The existing development certificate is not currently trusted by your system.');\n }\n\n if (messages.length > 0) {\n if (canGenerateNewCertificate) {\n messages.push('Attempting to untrust the certificate and generate a new one.');\n terminal.writeWarningLine(messages.join(' '));\n await this.untrustCertificateAsync(terminal);\n return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal);\n } else {\n messages.push(\n 'Untrust the certificate and generate a new one, or set the ' +\n '`canGenerateNewCertificate` parameter to `true` when calling `ensureCertificateAsync`.'\n );\n throw new Error(messages.join(' '));\n }\n } else {\n return {\n pemCaCertificate: caCertificateData,\n pemCertificate: existingCert,\n pemKey: existingKey,\n subjectAltNames: altNamesExtension.altNames.map((entry) =>\n isIPAddress(entry) ? entry.ip : entry.value\n )\n };\n }\n } else if (canGenerateNewCertificate) {\n return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal);\n } else {\n throw new Error(\n 'No development certificate found. Generate a new certificate manually, or set the ' +\n '`canGenerateNewCertificate` parameter to `true` when calling `ensureCertificateAsync`.'\n );\n }\n }\n\n /*\n Attempt to locate a previously generated debug certificate and untrust it.\n \n @public\n /\n public async untrustCertificateAsync(terminal: ITerminal): Promise<boolean> {\n this._certificateStore.certificateData = undefined;\n this._certificateStore.keyData = undefined;\n\n switch (process.platform) {\n case 'win32':\n const winUntrustResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\n '-user',\n '-delstore',\n 'root',\n CA_SERIAL_NUMBER\n ]);\n\n if (winUntrustResult.code !== 0) {\n terminal.writeErrorLine(`Error: ${winUntrustResult.stderr.join(' ')}`);\n return false;\n } else {\n terminal.writeVerboseLine('Successfully untrusted development certificate.');\n return true;\n }\n\n case 'darwin':\n terminal.writeVerboseLine('Trying to find the signature of the development certificate.');\n\n const macFindCertificateResult: IRunResult = await runAsync('security', [\n 'find-certificate',\n '-c',\n 'localhost',\n '-a',\n '-Z',\n MAC_KEYCHAIN\n ]);\n if (macFindCertificateResult.code !== 0) {\n terminal.writeErrorLine(\n `Error finding the development certificate: ${macFindCertificateResult.stderr.join(' ')}`\n );\n return false;\n }\n\n const shaHash: string \| undefined = this._parseMacOsMatchingCertificateHash(\n macFindCertificateResult.stdout.join(EOL)\n );\n\n if (!shaHash) {\n terminal.writeErrorLine('Unable to find the development certificate.');\n return false;\n } else {\n terminal.writeVerboseLine(`Found the development certificate. SHA is ${shaHash}`);\n }\n\n const macUntrustResult: IRunResult = await runSudoAsync('security', [\n 'delete-certificate',\n '-Z',\n shaHash,\n MAC_KEYCHAIN\n ]);\n\n if (macUntrustResult.code === 0) {\n terminal.writeVerboseLine('Successfully untrusted development certificate.');\n return true;\n } else {\n terminal.writeErrorLine(macUntrustResult.stderr.join(' '));\n return false;\n }\n\n default:\n // Linux + others: Have the user manually untrust the cert\n terminal.writeLine(\n 'Automatic certificate untrust is only implemented for debug-certificate-manager on Windows ' +\n 'and macOS. To untrust the development certificate, remove this certificate from your trusted ' +\n `root certification authorities: \"${this._certificateStore.certificatePath}\". The ` +\n `certificate has serial number \"${CA_SERIAL_NUMBER}\".`\n );\n return false;\n }\n }\n\n private async _createCACertificateAsync(\n validityInDays: number,\n forge: typeof import('node-forge')\n ): Promise<ICaCertificate> {\n const keys: pki.KeyPair = forge.pki.rsa.generateKeyPair(2048);\n const certificate: pki.Certificate = forge.pki.createCertificate();\n certificate.publicKey = keys.publicKey;\n\n certificate.serialNumber = CA_SERIAL_NUMBER;\n\n const notBefore: Date = new Date();\n const notAfter: Date = new Date(notBefore);\n notAfter.setUTCDate(notBefore.getUTCDate() + validityInDays);\n certificate.validity.notBefore = notBefore;\n certificate.validity.notAfter = notAfter;\n\n const attrs: pki.CertificateField[] = [\n {\n name: 'commonName',\n value: CA_ALT_NAME\n }\n ];\n\n certificate.setSubject(attrs);\n certificate.setIssuer(attrs);\n\n const altNames: readonly IAltName[] = [\n {\n type: 2, // DNS\n value: CA_ALT_NAME\n }\n ];\n\n certificate.setExtensions([\n {\n name: 'basicConstraints',\n cA: true,\n pathLenConstraint: 0,\n critical: true\n },\n {\n name: 'subjectAltName',\n altNames,\n critical: true\n },\n {\n name: 'issuerAltName',\n altNames,\n critical: false\n },\n {\n name: 'keyUsage',\n keyCertSign: true,\n critical: true\n },\n {\n name: 'extKeyUsage',\n serverAuth: true,\n critical: true\n },\n {\n name: 'friendlyName',\n value: FRIENDLY_NAME\n }\n ]);\n\n // self-sign certificate\n certificate.sign(keys.privateKey, forge.md.sha256.create());\n\n return {\n certificate,\n privateKey: keys.privateKey\n };\n }\n\n private async _createDevelopmentCertificateAsync(\n options: Required<ICertificateGenerationOptions>\n ): Promise<ICertificate> {\n const forge: typeof import('node-forge') = await import('node-forge');\n const keys: pki.KeyPair = forge.pki.rsa.generateKeyPair(2048);\n const certificate: pki.Certificate = forge.pki.createCertificate();\n\n certificate.publicKey = keys.publicKey;\n certificate.serialNumber = TLS_SERIAL_NUMBER;\n\n const { subjectAltNames: subjectNames, subjectIPAddresses: subjectIpAddresses, validityInDays } = options;\n\n const { certificate: caCertificate, privateKey: caPrivateKey } = await this._createCACertificateAsync(\n validityInDays,\n forge\n );\n\n const notBefore: Date = new Date();\n const notAfter: Date = new Date(notBefore);\n notAfter.setUTCDate(notBefore.getUTCDate() + validityInDays);\n certificate.validity.notBefore = notBefore;\n certificate.validity.notAfter = notAfter;\n\n const subjectAttrs: pki.CertificateField[] = [\n {\n name: 'commonName',\n value: subjectNames[0]\n }\n ];\n const issuerAttrs: pki.CertificateField[] = caCertificate.subject.attributes;\n\n certificate.setSubject(subjectAttrs);\n certificate.setIssuer(issuerAttrs);\n\n const subjectAltNames: IAltName[] = [\n ...subjectNames.map<IDnsAltName>((subjectName) => ({\n type: 2, // DNS\n value: subjectName\n })),\n ...subjectIpAddresses.map<IIPAddressAltName>((ip) => ({\n type: 7, // IP\n ip\n }))\n ];\n\n const issuerAltNames: readonly IAltName[] = [\n {\n type: 2, // DNS\n value: CA_ALT_NAME\n }\n ];\n\n certificate.setExtensions([\n {\n name: 'basicConstraints',\n cA: false,\n critical: true\n },\n {\n name: 'subjectAltName',\n altNames: subjectAltNames,\n critical: true\n },\n {\n name: 'issuerAltName',\n altNames: issuerAltNames,\n critical: false\n },\n {\n name: 'keyUsage',\n digitalSignature: true,\n keyEncipherment: true,\n dataEncipherment: true,\n critical: true\n },\n {\n name: 'extKeyUsage',\n serverAuth: true,\n critical: true\n },\n {\n name: 'friendlyName',\n value: FRIENDLY_NAME\n }\n ]);\n\n // Sign certificate with CA\n certificate.sign(caPrivateKey, forge.md.sha256.create());\n\n // convert a Forge certificate to PEM\n const caPem: string = forge.pki.certificateToPem(caCertificate);\n const pem: string = forge.pki.certificateToPem(certificate);\n const pemKey: string = forge.pki.privateKeyToPem(keys.privateKey);\n\n return {\n pemCaCertificate: caPem,\n pemCertificate: pem,\n pemKey: pemKey,\n subjectAltNames: options.subjectAltNames\n };\n }\n\n private async _tryTrustCertificateAsync(certificatePath: string, terminal: ITerminal): Promise<boolean> {\n switch (process.platform) {\n case 'win32':\n terminal.writeLine(\n 'Attempting to trust a development certificate. This self-signed certificate only points to localhost ' +\n 'and will be stored in your local user profile to be used by other instances of ' +\n 'debug-certificate-manager. If you do not consent to trust this certificate, click \"NO\" in the dialog.'\n );\n\n const winTrustResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\n '-user',\n '-addstore',\n 'root',\n certificatePath\n ]);\n\n if (winTrustResult.code !== 0) {\n terminal.writeErrorLine(`Error: ${winTrustResult.stdout.toString()}`);\n\n const errorLines: string[] = winTrustResult.stdout\n .toString()\n .split(EOL)\n .map((line: string) => line.trim());\n\n // Not sure if this is always the status code for \"cancelled\" - should confirm.\n if (\n winTrustResult.code === 2147943623 \|\|\n errorLines[errorLines.length - 1].indexOf('The operation was canceled by the user.') > 0\n ) {\n terminal.writeLine('Certificate trust cancelled.');\n } else {\n terminal.writeErrorLine('Certificate trust failed with an unknown error.');\n }\n\n return false;\n } else {\n terminal.writeVerboseLine('Successfully trusted development certificate.');\n\n return true;\n }\n\n case 'darwin':\n terminal.writeLine(\n 'Attempting to trust a development certificate. This self-signed certificate only points to localhost ' +\n 'and will be stored in your local user profile to be used by other instances of ' +\n 'debug-certificate-manager. If you do not consent to trust this certificate, do not enter your ' +\n 'root password in the prompt.'\n );\n\n const result: IRunResult = await runSudoAsync('security', [\n 'add-trusted-cert',\n '-d',\n '-r',\n 'trustRoot',\n '-k',\n MAC_KEYCHAIN,\n certificatePath\n ]);\n\n if (result.code === 0) {\n terminal.writeVerboseLine('Successfully trusted development certificate.');\n return true;\n } else {\n if (\n result.stderr.some(\n (value: string) => !!value.match(/The authorization was cancelled by the user\\./)\n )\n ) {\n terminal.writeLine('Certificate trust cancelled.');\n return false;\n } else {\n terminal.writeErrorLine(\n `Certificate trust failed with an unknown error. Exit code: ${result.code}. ` +\n `Error: ${result.stderr.join(' ')}`\n );\n return false;\n }\n }\n\n default:\n // Linux + others: Have the user manually trust the cert if they want to\n terminal.writeLine(\n 'Automatic certificate trust is only implemented for debug-certificate-manager on Windows ' +\n 'and macOS. To trust the development certificate, add this certificate to your trusted root ' +\n `certification authorities: \"${certificatePath}\".`\n );\n return true;\n }\n }\n\n private async _detectIfCertificateIsTrustedAsync(terminal: ITerminal): Promise<boolean> {\n switch (process.platform) {\n case 'win32':\n const winVerifyStoreResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\n '-user',\n '-verifystore',\n 'root',\n CA_SERIAL_NUMBER\n ]);\n\n if (winVerifyStoreResult.code !== 0) {\n terminal.writeVerboseLine(\n 'The development certificate was not found in the store. CertUtil error: ',\n winVerifyStoreResult.stderr.join(' ')\n );\n return false;\n } else {\n terminal.writeVerboseLine(\n 'The development certificate was found in the store. CertUtil output: ',\n winVerifyStoreResult.stdout.join(' ')\n );\n return true;\n }\n\n case 'darwin':\n terminal.writeVerboseLine('Trying to find the signature of the development certificate.');\n\n const macFindCertificateResult: IRunResult = await runAsync('security', [\n 'find-certificate',\n '-c',\n 'localhost',\n '-a',\n '-Z',\n MAC_KEYCHAIN\n ]);\n\n if (macFindCertificateResult.code !== 0) {\n terminal.writeVerboseLine(\n 'The development certificate was not found in keychain. Find certificate error: ',\n macFindCertificateResult.stderr.join(' ')\n );\n return false;\n }\n\n const shaHash: string \| undefined = this._parseMacOsMatchingCertificateHash(\n macFindCertificateResult.stdout.join(EOL)\n );\n\n if (!shaHash) {\n terminal.writeVerboseLine(\n 'The development certificate was not found in keychain. Find certificate output:\\n',\n macFindCertificateResult.stdout.join(' ')\n );\n return false;\n }\n\n terminal.writeVerboseLine(`The development certificate was found in keychain.`);\n return true;\n\n default:\n // Linux + others: Have the user manually verify the cert is trusted\n terminal.writeVerboseLine(\n 'Automatic certificate trust validation is only implemented for debug-certificate-manager on Windows ' +\n 'and macOS. Manually verify this development certificate is present in your trusted ' +\n `root certification authorities: \"${this._certificateStore.certificatePath}\". ` +\n `The certificate has serial number \"${CA_SERIAL_NUMBER}\".`\n );\n // Always return true on Linux to prevent breaking flow.\n return true;\n }\n }\n\n private async _trySetFriendlyNameAsync(certificatePath: string, terminal: ITerminal): Promise<boolean> {\n if (process.platform === 'win32') {\n const basePath: string = path.dirname(certificatePath);\n const fileName: string = path.basename(certificatePath, path.extname(certificatePath));\n const friendlyNamePath: string = path.join(basePath, `${fileName}.inf`);\n\n const friendlyNameFile: string = [\n '[Version]',\n 'Signature = \"$Windows NT$\"',\n '[Properties]',\n `11 = \"{text}${FRIENDLY_NAME}\"`,\n ''\n ].join(EOL);\n\n await FileSystem.writeFileAsync(friendlyNamePath, friendlyNameFile);\n\n const repairStoreResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\n '-repairstore',\n '-user',\n 'root',\n CA_SERIAL_NUMBER,\n friendlyNamePath\n ]);\n\n if (repairStoreResult.code !== 0) {\n terminal.writeVerboseLine(`CertUtil Error: ${repairStoreResult.stderr.join('')}`);\n terminal.writeVerboseLine(`CertUtil: ${repairStoreResult.stdout.join('')}`);\n return false;\n } else {\n terminal.writeVerboseLine('Successfully set certificate name.');\n return true;\n }\n } else {\n // No equivalent concept outside of Windows\n return true;\n }\n }\n\n private async _ensureCertificateInternalAsync(\n options: Required<ICertificateGenerationOptions>,\n terminal: ITerminal\n ): Promise<ICertificate> {\n const certificateStore: CertificateStore = this._certificateStore;\n const generatedCertificate: ICertificate = await this._createDevelopmentCertificateAsync(options);\n\n const certificateName: string = Date.now().toString();\n const tempDirName: string = path.join(__dirname, '..', 'temp');\n\n const tempCertificatePath: string = path.join(tempDirName, `${certificateName}.pem`);\n const pemFileContents: string \| undefined = generatedCertificate.pemCaCertificate;\n if (pemFileContents) {\n await FileSystem.writeFileAsync(tempCertificatePath, pemFileContents, {\n ensureFolderExists: true\n });\n }\n\n const trustCertificateResult: boolean = await this._tryTrustCertificateAsync(\n tempCertificatePath,\n terminal\n );\n\n let subjectAltNames: readonly string[] \| undefined;\n if (trustCertificateResult) {\n certificateStore.caCertificateData = generatedCertificate.pemCaCertificate;\n certificateStore.certificateData = generatedCertificate.pemCertificate;\n certificateStore.keyData = generatedCertificate.pemKey;\n subjectAltNames = generatedCertificate.subjectAltNames;\n\n // Try to set the friendly name, and warn if we can't\n if (!(await this._trySetFriendlyNameAsync(tempCertificatePath, terminal))) {\n terminal.writeWarningLine(\"Unable to set the certificate's friendly name.\");\n }\n } else {\n // Clear out the existing store data, if any exists\n certificateStore.caCertificateData = undefined;\n certificateStore.certificateData = undefined;\n certificateStore.keyData = undefined;\n }\n\n await FileSystem.deleteFileAsync(tempCertificatePath);\n\n return {\n pemCaCertificate: certificateStore.caCertificateData,\n pemCertificate: certificateStore.certificateData,\n pemKey: certificateStore.keyData,\n subjectAltNames\n };\n }\n\n private _parseMacOsMatchingCertificateHash(findCertificateOuput: string): string \| undefined {\n let shaHash: string \| undefined = undefined;\n for (const line of findCertificateOuput.split(EOL)) {\n // Sets `shaHash` to the current certificate SHA-1 as we progress through the lines of certificate text.\n const shaHashMatch: string[] \| null = line.match(/^SHA-1 hash: (.+)$/);\n if (shaHashMatch) {\n shaHash = shaHashMatch[1];\n }\n\n const snbrMatch: string[] \| null = line.match(/^\\s\"snbr\"<blob>=0x([^\\s]+).+$/);\n if (snbrMatch && (snbrMatch[1] \|\| '').toLowerCase() === CA_SERIAL_NUMBER) {\n return shaHash;\n }\n }\n }\n}\n\nfunction applyDefaultOptions(\n options: ICertificateGenerationOptions \| undefined\n): Required<ICertificateGenerationOptions> {\n const subjectNames: ReadonlyArray<string> \| undefined = options?.subjectAltNames;\n const subjectIpAddresses: ReadonlyArray<string> \| undefined = options?.subjectIPAddresses;\n return {\n subjectAltNames: subjectNames?.length ? subjectNames : DEFAULT_CERTIFICATE_SUBJECT_NAMES,\n subjectIPAddresses: subjectIpAddresses?.length\n ? subjectIpAddresses\n : DEFAULT_CERTIFICATE_SUBJECT_IP_ADDRESSES,\n validityInDays: Math.min(\n MAX_CERTIFICATE_VALIDITY_DAYS,\n options?.validityInDays ?? MAX_CERTIFICATE_VALIDITY_DAYS\n )\n };\n}\n\nfunction isIPAddress(altName: IAltName): altName is IIPAddressAltName {\n return altName.type === 7;\n}\n"]}
1	+ {"version":3,"file":"CertificateManager.js","sourceRoot":"","sources":["../src/CertificateManager.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;;;;;;;;;;;;;;;;;;;;;;;;AAG3D,2CAA6B;AAC7B,2BAAyB;AACzB,oEAA0E;AAE1E,6CAAuE;AACvE,yDAAsD;AAEtD,MAAM,gBAAgB,GAAW,kCAAkC,CAAC;AACpE,MAAM,iBAAiB,GAAW,kCAAkC,CAAC;AACrE,MAAM,aAAa,GAAW,mDAAmD,CAAC;AAClF,MAAM,YAAY,GAAW,oCAAoC,CAAC;AAClE,MAAM,iBAAiB,GAAW,UAAU,CAAC;AAC7C,MAAM,WAAW,GAAW,yCAAyC,CAAC;AACtE,MAAM,uBAAuB,GAAW,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE5D;;;GAGG;AACU,QAAA,iCAAiC,GAA0B,CAAC,WAAW,CAAC,CAAC;AAEtF;;;GAGG;AACU,QAAA,wCAAwC,GAA0B,CAAC,WAAW,CAAC,CAAC;AAE7F,MAAM,qCAAqC,GACzC,uCAAuC,CAAC;AAiF1C,MAAM,6BAA6B,GAAQ,GAAG,CAAC;AAE/C;;;;GAIG;AACH,MAAa,kBAAkB;IAG7B;QACE,IAAI,CAAC,iBAAiB,GAAG,IAAI,mCAAgB,EAAE,CAAC;IAClD,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,sBAAsB,CACjC,yBAAkC,EAClC,QAAmB,EACnB,iBAAiD;QAEjD,MAAM,mBAAmB,GACvB,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;QAEzC,MAAM,EAAE,eAAe,EAAE,YAAY,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAEvF,IAAI,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,KAAK,GAAG,EAAE;YAC9D,yFAAyF;YACzF,QAAQ,CAAC,SAAS,CAChB,8BAA8B,qCAAqC,uCAAuC,CAC3G,CAAC;YACF,yBAAyB,GAAG,KAAK,CAAC;SACnC;QAED,IAAI,YAAY,IAAI,WAAW,EAAE;YAC/B,MAAM,QAAQ,GAAa,EAAE,CAAC;YAE9B,MAAM,KAAK,GAAgC,wDAAa,YAAY,GAAC,CAAC;YACtE,MAAM,WAAW,GAAoB,KAAK,CAAC,GAAG,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;YAChF,MAAM,iBAAiB,GAAyC,WAAW,CAAC,YAAY,CACtF,gBAAgB,CACW,CAAC;YAC9B,IAAI,CAAC,iBAAiB,EAAE;gBACtB,QAAQ,CAAC,IAAI,CACX,qEAAqE;oBACnE,uEAAuE,CAC1E,CAAC;aACH;iBAAM;gBACL,MAAM,mBAAmB,GAAgB,IAAI,GAAG,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;gBACtF,KAAK,MAAM,OAAO,IAAI,iBAAiB,CAAC,QAAQ,EAAE;oBAChD,mBAAmB,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;iBAC/E;gBACD,IAAI,mBAAmB,CAAC,IAAI,EAAE;oBAC5B,QAAQ,CAAC,IAAI,CACX,sGAAsG;wBACpG,KAAK,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAC5E,CAAC;iBACH;aACF;YAED,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC;YACrD,MAAM,GAAG,GAAS,IAAI,IAAI,EAAE,CAAC;YAC7B,IAAI,GAAG,GAAG,SAAS,EAAE;gBACnB,QAAQ,CAAC,IAAI,CACX,+EAA+E,SAAS,qBAAqB,GAAG,GAAG,CACpH,CAAC;aACH;YAED,IAAI,GAAG,GAAG,QAAQ,EAAE;gBAClB,QAAQ,CAAC,IAAI,CACX,gEAAgE,QAAQ,qBAAqB,GAAG,GAAG,CACpG,CAAC;aACH;YAED,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC;YACtE,IAAI,QAAQ,GAAG,GAAG,EAAE;gBAClB,QAAQ,CAAC,IAAI,CACX,0DAA0D,QAAQ,8BAA8B,GAAG,IAAI;oBACrG,yCAAyC,CAC5C,CAAC;aACH;YAED,IACE,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE;gBACxC,mBAAmB,CAAC,cAAc,GAAG,uBAAuB,EAC5D;gBACA,QAAQ,CAAC,IAAI,CACX,mEAAmE;oBACjE,QAAQ,mBAAmB,CAAC,cAAc,QAAQ,CACrD,CAAC;aACH;YAED,MAAM,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;YAErD,IAAI,CAAC,iBAAiB,EAAE;gBACtB,QAAQ,CAAC,IAAI,CACX,iFAAiF;oBAC/E,uEAAuE,CAC1E,CAAC;aACH;YAED,MAAM,SAAS,GAAY,MAAM,IAAI,CAAC,kCAAkC,CAAC,QAAQ,CAAC,CAAC;YACnF,IAAI,CAAC,SAAS,EAAE;gBACd,QAAQ,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;aAChG;YAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvB,IAAI,yBAAyB,EAAE;oBAC7B,QAAQ,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;oBAC/E,QAAQ,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC9C,MAAM,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;oBAC7C,OAAO,MAAM,IAAI,CAAC,+BAA+B,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;iBAClF;qBAAM;oBACL,QAAQ,CAAC,IAAI,CACX,6DAA6D;wBAC3D,wFAAwF,CAC3F,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;iBACrC;aACF;iBAAM;gBACL,OAAO;oBACL,gBAAgB,EAAE,iBAAiB;oBACnC,cAAc,EAAE,YAAY;oBAC5B,MAAM,EAAE,WAAW;oBACnB,eAAe,EAAE,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACxD,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAC5C;iBACF,CAAC;aACH;SACF;aAAM,IAAI,yBAAyB,EAAE;YACpC,OAAO,MAAM,IAAI,CAAC,+BAA+B,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;SAClF;aAAM;YACL,MAAM,IAAI,KAAK,CACb,oFAAoF;gBAClF,wFAAwF,CAC3F,CAAC;SACH;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,uBAAuB,CAAC,QAAmB;QACtD,IAAI,CAAC,iBAAiB,CAAC,eAAe,GAAG,SAAS,CAAC;QACnD,IAAI,CAAC,iBAAiB,CAAC,OAAO,GAAG,SAAS,CAAC;QAE3C,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,MAAM,gBAAgB,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;oBACrE,OAAO;oBACP,WAAW;oBACX,MAAM;oBACN,gBAAgB;iBACjB,CAAC,CAAC;gBAEH,IAAI,gBAAgB,CAAC,IAAI,KAAK,CAAC,EAAE;oBAC/B,QAAQ,CAAC,cAAc,CAAC,UAAU,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBACvE,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CAAC,iDAAiD,CAAC,CAAC;oBAC7E,OAAO,IAAI,CAAC;iBACb;YAEH,KAAK,QAAQ;gBACX,QAAQ,CAAC,gBAAgB,CAAC,8DAA8D,CAAC,CAAC;gBAE1F,MAAM,wBAAwB,GAAe,MAAM,IAAA,qBAAQ,EAAC,UAAU,EAAE;oBACtE,kBAAkB;oBAClB,IAAI;oBACJ,WAAW;oBACX,IAAI;oBACJ,IAAI;oBACJ,YAAY;iBACb,CAAC,CAAC;gBACH,IAAI,wBAAwB,CAAC,IAAI,KAAK,CAAC,EAAE;oBACvC,QAAQ,CAAC,cAAc,CACrB,8CAA8C,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAC1F,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;gBAED,MAAM,OAAO,GAAuB,IAAI,CAAC,kCAAkC,CACzE,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAG,CAAC,CAC1C,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,QAAQ,CAAC,cAAc,CAAC,6CAA6C,CAAC,CAAC;oBACvE,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CAAC,6CAA6C,OAAO,EAAE,CAAC,CAAC;iBACnF;gBAED,MAAM,gBAAgB,GAAe,MAAM,IAAA,yBAAY,EAAC,UAAU,EAAE;oBAClE,oBAAoB;oBACpB,IAAI;oBACJ,OAAO;oBACP,YAAY;iBACb,CAAC,CAAC;gBAEH,IAAI,gBAAgB,CAAC,IAAI,KAAK,CAAC,EAAE;oBAC/B,QAAQ,CAAC,gBAAgB,CAAC,iDAAiD,CAAC,CAAC;oBAC7E,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,QAAQ,CAAC,cAAc,CAAC,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC3D,OAAO,KAAK,CAAC;iBACd;YAEH;gBACE,0DAA0D;gBAC1D,QAAQ,CAAC,SAAS,CAChB,6FAA6F;oBAC3F,+FAA+F;oBAC/F,oCAAoC,IAAI,CAAC,iBAAiB,CAAC,eAAe,SAAS;oBACnF,kCAAkC,gBAAgB,IAAI,CACzD,CAAC;gBACF,OAAO,KAAK,CAAC;SAChB;IACH,CAAC;IAEO,KAAK,CAAC,yBAAyB,CACrC,cAAsB,EACtB,KAAkC;QAElC,MAAM,IAAI,GAAgB,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAoB,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QACnE,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAEvC,WAAW,CAAC,YAAY,GAAG,gBAAgB,CAAC;QAE5C,MAAM,SAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAS,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,EAAE,GAAG,cAAc,CAAC,CAAC;QAC7D,WAAW,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3C,WAAW,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzC,MAAM,KAAK,GAA2B;YACpC;gBACE,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;QAEF,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAE7B,MAAM,QAAQ,GAAwB;YACpC;gBACE,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;QAEF,WAAW,CAAC,aAAa,CAAC;YACxB;gBACE,IAAI,EAAE,kBAAkB;gBACxB,EAAE,EAAE,IAAI;gBACR,iBAAiB,EAAE,CAAC;gBACpB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,QAAQ;gBACR,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,eAAe;gBACrB,QAAQ;gBACR,QAAQ,EAAE,KAAK;aAChB;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,IAAI;gBACjB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,aAAa;gBACnB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,cAAc;gBACpB,KAAK,EAAE,aAAa;aACrB;SACF,CAAC,CAAC;QAEH,wBAAwB;QACxB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAE5D,OAAO;YACL,WAAW;YACX,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,kCAAkC,CAC9C,OAAgD;QAEhD,MAAM,KAAK,GAAgC,wDAAa,YAAY,GAAC,CAAC;QACtE,MAAM,IAAI,GAAgB,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAoB,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;QAEnE,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QACvC,WAAW,CAAC,YAAY,GAAG,iBAAiB,CAAC;QAE7C,MAAM,EAAE,eAAe,EAAE,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;QAE1G,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,yBAAyB,CACnG,cAAc,EACd,KAAK,CACN,CAAC;QAEF,MAAM,SAAS,GAAS,IAAI,IAAI,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAS,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,EAAE,GAAG,cAAc,CAAC,CAAC;QAC7D,WAAW,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3C,WAAW,CAAC,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAEzC,MAAM,YAAY,GAA2B;YAC3C;gBACE,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC;aACvB;SACF,CAAC;QACF,MAAM,WAAW,GAA2B,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC;QAE7E,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACrC,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAEnC,MAAM,eAAe,GAAe;YAClC,GAAG,YAAY,CAAC,GAAG,CAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBACjD,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,WAAW;aACnB,CAAC,CAAC;YACH,GAAG,kBAAkB,CAAC,GAAG,CAAoB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBACpD,IAAI,EAAE,CAAC;gBACP,EAAE;aACH,CAAC,CAAC;SACJ,CAAC;QAEF,MAAM,cAAc,GAAwB;YAC1C;gBACE,IAAI,EAAE,CAAC;gBACP,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;QAEF,WAAW,CAAC,aAAa,CAAC;YACxB;gBACE,IAAI,EAAE,kBAAkB;gBACxB,EAAE,EAAE,KAAK;gBACT,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,eAAe;gBACzB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,cAAc;gBACxB,QAAQ,EAAE,KAAK;aAChB;YACD;gBACE,IAAI,EAAE,UAAU;gBAChB,gBAAgB,EAAE,IAAI;gBACtB,eAAe,EAAE,IAAI;gBACrB,gBAAgB,EAAE,IAAI;gBACtB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,aAAa;gBACnB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,IAAI;aACf;YACD;gBACE,IAAI,EAAE,cAAc;gBACpB,KAAK,EAAE,aAAa;aACrB;SACF,CAAC,CAAC;QAEH,2BAA2B;QAC3B,WAAW,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAEzD,qCAAqC;QACrC,MAAM,KAAK,GAAW,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAChE,MAAM,GAAG,GAAW,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,MAAM,GAAW,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAElE,OAAO;YACL,gBAAgB,EAAE,KAAK;YACvB,cAAc,EAAE,GAAG;YACnB,MAAM,EAAE,MAAM;YACd,eAAe,EAAE,OAAO,CAAC,eAAe;SACzC,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,eAAuB,EAAE,QAAmB;QAClF,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,QAAQ,CAAC,SAAS,CAChB,uGAAuG;oBACrG,iFAAiF;oBACjF,uGAAuG,CAC1G,CAAC;gBAEF,MAAM,cAAc,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;oBACnE,OAAO;oBACP,WAAW;oBACX,MAAM;oBACN,eAAe;iBAChB,CAAC,CAAC;gBAEH,IAAI,cAAc,CAAC,IAAI,KAAK,CAAC,EAAE;oBAC7B,QAAQ,CAAC,cAAc,CAAC,UAAU,cAAc,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;oBAEtE,MAAM,UAAU,GAAa,cAAc,CAAC,MAAM;yBAC/C,QAAQ,EAAE;yBACV,KAAK,CAAC,QAAG,CAAC;yBACV,GAAG,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBAEtC,+EAA+E;oBAC/E,IACE,cAAc,CAAC,IAAI,KAAK,UAAU;wBAClC,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,yCAAyC,CAAC,GAAG,CAAC,EACxF;wBACA,QAAQ,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;qBACpD;yBAAM;wBACL,QAAQ,CAAC,cAAc,CAAC,iDAAiD,CAAC,CAAC;qBAC5E;oBAED,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CAAC,+CAA+C,CAAC,CAAC;oBAE3E,OAAO,IAAI,CAAC;iBACb;YAEH,KAAK,QAAQ;gBACX,QAAQ,CAAC,SAAS,CAChB,uGAAuG;oBACrG,iFAAiF;oBACjF,gGAAgG;oBAChG,8BAA8B,CACjC,CAAC;gBAEF,MAAM,MAAM,GAAe,MAAM,IAAA,yBAAY,EAAC,UAAU,EAAE;oBACxD,kBAAkB;oBAClB,IAAI;oBACJ,IAAI;oBACJ,WAAW;oBACX,IAAI;oBACJ,YAAY;oBACZ,eAAe;iBAChB,CAAC,CAAC;gBAEH,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE;oBACrB,QAAQ,CAAC,gBAAgB,CAAC,+CAA+C,CAAC,CAAC;oBAC3E,OAAO,IAAI,CAAC;iBACb;qBAAM;oBACL,IACE,MAAM,CAAC,MAAM,CAAC,IAAI,CAChB,CAAC,KAAa,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAClF,EACD;wBACA,QAAQ,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;wBACnD,OAAO,KAAK,CAAC;qBACd;yBAAM;wBACL,QAAQ,CAAC,cAAc,CACrB,8DAA8D,MAAM,CAAC,IAAI,IAAI;4BAC3E,UAAU,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CACtC,CAAC;wBACF,OAAO,KAAK,CAAC;qBACd;iBACF;YAEH;gBACE,wEAAwE;gBACxE,QAAQ,CAAC,SAAS,CAChB,2FAA2F;oBACzF,6FAA6F;oBAC7F,+BAA+B,eAAe,IAAI,CACrD,CAAC;gBACF,OAAO,IAAI,CAAC;SACf;IACH,CAAC;IAEO,KAAK,CAAC,kCAAkC,CAAC,QAAmB;QAClE,QAAQ,OAAO,CAAC,QAAQ,EAAE;YACxB,KAAK,OAAO;gBACV,MAAM,oBAAoB,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;oBACzE,OAAO;oBACP,cAAc;oBACd,MAAM;oBACN,gBAAgB;iBACjB,CAAC,CAAC;gBAEH,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC,EAAE;oBACnC,QAAQ,CAAC,gBAAgB,CACvB,0EAA0E,EAC1E,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CACtC,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;qBAAM;oBACL,QAAQ,CAAC,gBAAgB,CACvB,uEAAuE,EACvE,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CACtC,CAAC;oBACF,OAAO,IAAI,CAAC;iBACb;YAEH,KAAK,QAAQ;gBACX,QAAQ,CAAC,gBAAgB,CAAC,8DAA8D,CAAC,CAAC;gBAE1F,MAAM,wBAAwB,GAAe,MAAM,IAAA,qBAAQ,EAAC,UAAU,EAAE;oBACtE,kBAAkB;oBAClB,IAAI;oBACJ,WAAW;oBACX,IAAI;oBACJ,IAAI;oBACJ,YAAY;iBACb,CAAC,CAAC;gBAEH,IAAI,wBAAwB,CAAC,IAAI,KAAK,CAAC,EAAE;oBACvC,QAAQ,CAAC,gBAAgB,CACvB,iFAAiF,EACjF,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAC1C,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;gBAED,MAAM,OAAO,GAAuB,IAAI,CAAC,kCAAkC,CACzE,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAG,CAAC,CAC1C,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,QAAQ,CAAC,gBAAgB,CACvB,mFAAmF,EACnF,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAC1C,CAAC;oBACF,OAAO,KAAK,CAAC;iBACd;gBAED,QAAQ,CAAC,gBAAgB,CAAC,oDAAoD,CAAC,CAAC;gBAChF,OAAO,IAAI,CAAC;YAEd;gBACE,oEAAoE;gBACpE,QAAQ,CAAC,gBAAgB,CACvB,sGAAsG;oBACpG,qFAAqF;oBACrF,oCAAoC,IAAI,CAAC,iBAAiB,CAAC,eAAe,KAAK;oBAC/E,sCAAsC,gBAAgB,IAAI,CAC7D,CAAC;gBACF,wDAAwD;gBACxD,OAAO,IAAI,CAAC;SACf;IACH,CAAC;IAEO,KAAK,CAAC,wBAAwB,CAAC,eAAuB,EAAE,QAAmB;QACjF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,MAAM,QAAQ,GAAW,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACvD,MAAM,QAAQ,GAAW,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC;YACvF,MAAM,gBAAgB,GAAW,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAExE,MAAM,gBAAgB,GAAW;gBAC/B,WAAW;gBACX,4BAA4B;gBAC5B,cAAc;gBACd,eAAe,aAAa,GAAG;gBAC/B,EAAE;aACH,CAAC,IAAI,CAAC,QAAG,CAAC,CAAC;YAEZ,MAAM,8BAAU,CAAC,cAAc,CAAC,gBAAgB,EAAE,gBAAgB,CAAC,CAAC;YAEpE,MAAM,iBAAiB,GAAe,MAAM,IAAA,qBAAQ,EAAC,iBAAiB,EAAE;gBACtE,cAAc;gBACd,OAAO;gBACP,MAAM;gBACN,gBAAgB;gBAChB,gBAAgB;aACjB,CAAC,CAAC;YAEH,IAAI,iBAAiB,CAAC,IAAI,KAAK,CAAC,EAAE;gBAChC,QAAQ,CAAC,gBAAgB,CAAC,mBAAmB,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAClF,QAAQ,CAAC,gBAAgB,CAAC,aAAa,iBAAiB,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC5E,OAAO,KAAK,CAAC;aACd;iBAAM;gBACL,QAAQ,CAAC,gBAAgB,CAAC,oCAAoC,CAAC,CAAC;gBAChE,OAAO,IAAI,CAAC;aACb;SACF;aAAM;YACL,2CAA2C;YAC3C,OAAO,IAAI,CAAC;SACb;IACH,CAAC;IAEO,KAAK,CAAC,+BAA+B,CAC3C,OAAgD,EAChD,QAAmB;QAEnB,MAAM,gBAAgB,GAAqB,IAAI,CAAC,iBAAiB,CAAC;QAClE,MAAM,oBAAoB,GAAiB,MAAM,IAAI,CAAC,kCAAkC,CAAC,OAAO,CAAC,CAAC;QAElG,MAAM,eAAe,GAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QACtD,MAAM,WAAW,GAAW,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAE/D,MAAM,mBAAmB,GAAW,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,eAAe,MAAM,CAAC,CAAC;QACrF,MAAM,eAAe,GAAuB,oBAAoB,CAAC,gBAAgB,CAAC;QAClF,IAAI,eAAe,EAAE;YACnB,MAAM,8BAAU,CAAC,cAAc,CAAC,mBAAmB,EAAE,eAAe,EAAE;gBACpE,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAC;SACJ;QAED,MAAM,sBAAsB,GAAY,MAAM,IAAI,CAAC,yBAAyB,CAC1E,mBAAmB,EACnB,QAAQ,CACT,CAAC;QAEF,IAAI,eAA8C,CAAC;QACnD,IAAI,sBAAsB,EAAE;YAC1B,gBAAgB,CAAC,iBAAiB,GAAG,oBAAoB,CAAC,gBAAgB,CAAC;YAC3E,gBAAgB,CAAC,eAAe,GAAG,oBAAoB,CAAC,cAAc,CAAC;YACvE,gBAAgB,CAAC,OAAO,GAAG,oBAAoB,CAAC,MAAM,CAAC;YACvD,eAAe,GAAG,oBAAoB,CAAC,eAAe,CAAC;YAEvD,qDAAqD;YACrD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,wBAAwB,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC,EAAE;gBACzE,QAAQ,CAAC,gBAAgB,CAAC,gDAAgD,CAAC,CAAC;aAC7E;SACF;aAAM;YACL,mDAAmD;YACnD,gBAAgB,CAAC,iBAAiB,GAAG,SAAS,CAAC;YAC/C,gBAAgB,CAAC,eAAe,GAAG,SAAS,CAAC;YAC7C,gBAAgB,CAAC,OAAO,GAAG,SAAS,CAAC;SACtC;QAED,MAAM,8BAAU,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC;QAEtD,OAAO;YACL,gBAAgB,EAAE,gBAAgB,CAAC,iBAAiB;YACpD,cAAc,EAAE,gBAAgB,CAAC,eAAe;YAChD,MAAM,EAAE,gBAAgB,CAAC,OAAO;YAChC,eAAe;SAChB,CAAC;IACJ,CAAC;IAEO,kCAAkC,CAAC,oBAA4B;QACrE,IAAI,OAAO,GAAuB,SAAS,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,oBAAoB,CAAC,KAAK,CAAC,QAAG,CAAC,EAAE;YAClD,wGAAwG;YACxG,MAAM,YAAY,GAAoB,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;YACvE,IAAI,YAAY,EAAE;gBAChB,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;aAC3B;YAED,MAAM,SAAS,GAAoB,IAAI,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChF,IAAI,SAAS,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,EAAE;gBACxE,OAAO,OAAO,CAAC;aAChB;SACF;IACH,CAAC;CACF;AArpBD,gDAqpBC;AAED,SAAS,mBAAmB,CAC1B,OAAkD;;IAElD,MAAM,YAAY,GAAsC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,eAAe,CAAC;IACjF,MAAM,kBAAkB,GAAsC,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,kBAAkB,CAAC;IAC1F,OAAO;QACL,eAAe,EAAE,CAAA,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,MAAM,EAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,yCAAiC;QACxF,kBAAkB,EAAE,CAAA,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,MAAM;YAC5C,CAAC,CAAC,kBAAkB;YACpB,CAAC,CAAC,gDAAwC;QAC5C,cAAc,EAAE,IAAI,CAAC,GAAG,CACtB,6BAA6B,EAC7B,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,mCAAI,6BAA6B,CACzD;KACF,CAAC;AACJ,CAAC;AAED,SAAS,WAAW,CAAC,OAAiB;IACpC,OAAO,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC;AAC5B,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\r\n// See LICENSE in the project root for license information.\r\n\r\nimport type { pki } from 'node-forge';\r\nimport * as path from 'path';\r\nimport { EOL } from 'os';\r\nimport { FileSystem, type ITerminal } from '@rushstack/node-core-library';\r\n\r\nimport { runSudoAsync, type IRunResult, runAsync } from './runCommand';\r\nimport { CertificateStore } from './CertificateStore';\r\n\r\nconst CA_SERIAL_NUMBER: string = '731c321744e34650a202e3ef91c3c1b0';\r\nconst TLS_SERIAL_NUMBER: string = '731c321744e34650a202e3ef00000001';\r\nconst FRIENDLY_NAME: string = 'debug-certificate-manager Development Certificate';\r\nconst MAC_KEYCHAIN: string = '/Library/Keychains/System.keychain';\r\nconst CERTUTIL_EXE_NAME: string = 'certutil';\r\nconst CA_ALT_NAME: string = 'rushstack-certificate-manager.localhost';\r\nconst ONE_DAY_IN_MILLISECONDS: number = 24 * 60 * 60 * 1000;\r\n\r\n/*\r\n The set of names the certificate should be generated for, by default.\r\n * @public\r\n /\r\nexport const DEFAULT_CERTIFICATE_SUBJECT_NAMES: ReadonlyArray<string> = ['localhost'];\r\n\r\n/\r\n The set of ip addresses the certificate should be generated for, by default.\r\n * @public\r\n /\r\nexport const DEFAULT_CERTIFICATE_SUBJECT_IP_ADDRESSES: ReadonlyArray<string> = ['127.0.0.1'];\r\n\r\nconst DISABLE_CERT_GENERATION_VARIABLE_NAME: 'RUSHSTACK_DISABLE_DEV_CERT_GENERATION' =\r\n 'RUSHSTACK_DISABLE_DEV_CERT_GENERATION';\r\n\r\n/\r\n The interface for a debug certificate instance\r\n \r\n @public\r\n /\r\nexport interface ICertificate {\r\n /\r\n Generated pem Certificate Authority certificate contents\r\n /\r\n pemCaCertificate: string \| undefined;\r\n\r\n /\r\n Generated pem TLS Server certificate contents\r\n /\r\n pemCertificate: string \| undefined;\r\n\r\n /\r\n Private key for the TLS server certificate, used to sign TLS communications\r\n /\r\n pemKey: string \| undefined;\r\n\r\n /\r\n The subject names the TLS server certificate is valid for\r\n /\r\n subjectAltNames: readonly string[] \| undefined;\r\n}\r\n\r\ninterface ICaCertificate {\r\n /\r\n Certificate\r\n /\r\n certificate: pki.Certificate;\r\n\r\n /\r\n Private key for the CA cert. Delete after signing the TLS cert.\r\n /\r\n privateKey: pki.PrivateKey;\r\n}\r\n\r\ninterface ISubjectAltNameExtension {\r\n altNames: readonly IAltName[];\r\n}\r\n\r\n/\r\n Fields for a Subject Alternative Name of type DNS Name\r\n /\r\ninterface IDnsAltName {\r\n type: 2;\r\n value: string;\r\n}\r\n/\r\n Fields for a Subject Alternative Name of type IP Address\r\n * `node-forge` requires the field name to be \"ip\" instead of \"value\", likely due to subtle encoding differences.\r\n /\r\ninterface IIPAddressAltName {\r\n type: 7;\r\n ip: string;\r\n}\r\ntype IAltName = IDnsAltName \| IIPAddressAltName;\r\n\r\n/\r\n Options to use if needing to generate a new certificate\r\n * @public\r\n /\r\nexport interface ICertificateGenerationOptions {\r\n /\r\n The DNS Subject names to issue the certificate for. Defaults to ['localhost'].\r\n /\r\n subjectAltNames?: ReadonlyArray<string>;\r\n /\r\n The IP Address Subject names to issue the certificate for. Defaults to ['127.0.0.1'].\r\n /\r\n subjectIPAddresses?: ReadonlyArray<string>;\r\n /\r\n How many days the certificate should be valid for.\r\n /\r\n validityInDays?: number;\r\n}\r\n\r\nconst MAX_CERTIFICATE_VALIDITY_DAYS: 365 = 365;\r\n\r\n/\r\n A utility class to handle generating, trusting, and untrustring a debug certificate.\r\n * Contains two public methods to `ensureCertificate` and `untrustCertificate`.\r\n * @public\r\n /\r\nexport class CertificateManager {\r\n private _certificateStore: CertificateStore;\r\n\r\n public constructor() {\r\n this._certificateStore = new CertificateStore();\r\n }\r\n\r\n /\r\n Get a development certificate from the store, or optionally, generate a new one\r\n * and trust it if one doesn't exist in the store.\r\n \r\n @public\r\n /\r\n public async ensureCertificateAsync(\r\n canGenerateNewCertificate: boolean,\r\n terminal: ITerminal,\r\n generationOptions?: ICertificateGenerationOptions\r\n ): Promise<ICertificate> {\r\n const optionsWithDefaults: Required<ICertificateGenerationOptions> =\r\n applyDefaultOptions(generationOptions);\r\n\r\n const { certificateData: existingCert, keyData: existingKey } = this._certificateStore;\r\n\r\n if (process.env[DISABLE_CERT_GENERATION_VARIABLE_NAME] === '1') {\r\n // Allow the environment (e.g. GitHub codespaces) to forcibly disable dev cert generation\r\n terminal.writeLine(\r\n `Found environment variable ${DISABLE_CERT_GENERATION_VARIABLE_NAME}=1, disabling certificate generation.`\r\n );\r\n canGenerateNewCertificate = false;\r\n }\r\n\r\n if (existingCert && existingKey) {\r\n const messages: string[] = [];\r\n\r\n const forge: typeof import('node-forge') = await import('node-forge');\r\n const certificate: pki.Certificate = forge.pki.certificateFromPem(existingCert);\r\n const altNamesExtension: ISubjectAltNameExtension \| undefined = certificate.getExtension(\r\n 'subjectAltName'\r\n ) as ISubjectAltNameExtension;\r\n if (!altNamesExtension) {\r\n messages.push(\r\n 'The existing development certificate is missing the subjectAltName ' +\r\n 'property and will not work with the latest versions of some browsers.'\r\n );\r\n } else {\r\n const missingSubjectNames: Set<string> = new Set(optionsWithDefaults.subjectAltNames);\r\n for (const altName of altNamesExtension.altNames) {\r\n missingSubjectNames.delete(isIPAddress(altName) ? altName.ip : altName.value);\r\n }\r\n if (missingSubjectNames.size) {\r\n messages.push(\r\n `The existing development certificate does not include the following expected subjectAltName values: ` +\r\n Array.from(missingSubjectNames, (name: string) => `\"${name}\"`).join(', ')\r\n );\r\n }\r\n }\r\n\r\n const { notBefore, notAfter } = certificate.validity;\r\n const now: Date = new Date();\r\n if (now < notBefore) {\r\n messages.push(\r\n `The existing development certificate's validity period does not start until ${notBefore}. It is currently ${now}.`\r\n );\r\n }\r\n\r\n if (now > notAfter) {\r\n messages.push(\r\n `The existing development certificate's validity period ended ${notAfter}. It is currently ${now}.`\r\n );\r\n }\r\n\r\n now.setUTCDate(now.getUTCDate() + optionsWithDefaults.validityInDays);\r\n if (notAfter > now) {\r\n messages.push(\r\n `The existing development certificate's expiration date ${notAfter} exceeds the allowed limit ${now}. ` +\r\n `This will be rejected by many browsers.`\r\n );\r\n }\r\n\r\n if (\r\n notBefore.getTime() - notAfter.getTime() >\r\n optionsWithDefaults.validityInDays ONE_DAY_IN_MILLISECONDS\r\n ) {\r\n messages.push(\r\n \"The existing development certificate's validity period is longer \" +\r\n `than ${optionsWithDefaults.validityInDays} days.`\r\n );\r\n }\r\n\r\n const { caCertificateData } = this._certificateStore;\r\n\r\n if (!caCertificateData) {\r\n messages.push(\r\n 'The existing development certificate is missing a separate CA cert as the root ' +\r\n 'of trust and will not work with the latest versions of some browsers.'\r\n );\r\n }\r\n\r\n const isTrusted: boolean = await this._detectIfCertificateIsTrustedAsync(terminal);\r\n if (!isTrusted) {\r\n messages.push('The existing development certificate is not currently trusted by your system.');\r\n }\r\n\r\n if (messages.length > 0) {\r\n if (canGenerateNewCertificate) {\r\n messages.push('Attempting to untrust the certificate and generate a new one.');\r\n terminal.writeWarningLine(messages.join(' '));\r\n await this.untrustCertificateAsync(terminal);\r\n return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal);\r\n } else {\r\n messages.push(\r\n 'Untrust the certificate and generate a new one, or set the ' +\r\n '`canGenerateNewCertificate` parameter to `true` when calling `ensureCertificateAsync`.'\r\n );\r\n throw new Error(messages.join(' '));\r\n }\r\n } else {\r\n return {\r\n pemCaCertificate: caCertificateData,\r\n pemCertificate: existingCert,\r\n pemKey: existingKey,\r\n subjectAltNames: altNamesExtension.altNames.map((entry) =>\r\n isIPAddress(entry) ? entry.ip : entry.value\r\n )\r\n };\r\n }\r\n } else if (canGenerateNewCertificate) {\r\n return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal);\r\n } else {\r\n throw new Error(\r\n 'No development certificate found. Generate a new certificate manually, or set the ' +\r\n '`canGenerateNewCertificate` parameter to `true` when calling `ensureCertificateAsync`.'\r\n );\r\n }\r\n }\r\n\r\n /*\r\n Attempt to locate a previously generated debug certificate and untrust it.\r\n \r\n @public\r\n /\r\n public async untrustCertificateAsync(terminal: ITerminal): Promise<boolean> {\r\n this._certificateStore.certificateData = undefined;\r\n this._certificateStore.keyData = undefined;\r\n\r\n switch (process.platform) {\r\n case 'win32':\r\n const winUntrustResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\r\n '-user',\r\n '-delstore',\r\n 'root',\r\n CA_SERIAL_NUMBER\r\n ]);\r\n\r\n if (winUntrustResult.code !== 0) {\r\n terminal.writeErrorLine(`Error: ${winUntrustResult.stderr.join(' ')}`);\r\n return false;\r\n } else {\r\n terminal.writeVerboseLine('Successfully untrusted development certificate.');\r\n return true;\r\n }\r\n\r\n case 'darwin':\r\n terminal.writeVerboseLine('Trying to find the signature of the development certificate.');\r\n\r\n const macFindCertificateResult: IRunResult = await runAsync('security', [\r\n 'find-certificate',\r\n '-c',\r\n 'localhost',\r\n '-a',\r\n '-Z',\r\n MAC_KEYCHAIN\r\n ]);\r\n if (macFindCertificateResult.code !== 0) {\r\n terminal.writeErrorLine(\r\n `Error finding the development certificate: ${macFindCertificateResult.stderr.join(' ')}`\r\n );\r\n return false;\r\n }\r\n\r\n const shaHash: string \| undefined = this._parseMacOsMatchingCertificateHash(\r\n macFindCertificateResult.stdout.join(EOL)\r\n );\r\n\r\n if (!shaHash) {\r\n terminal.writeErrorLine('Unable to find the development certificate.');\r\n return false;\r\n } else {\r\n terminal.writeVerboseLine(`Found the development certificate. SHA is ${shaHash}`);\r\n }\r\n\r\n const macUntrustResult: IRunResult = await runSudoAsync('security', [\r\n 'delete-certificate',\r\n '-Z',\r\n shaHash,\r\n MAC_KEYCHAIN\r\n ]);\r\n\r\n if (macUntrustResult.code === 0) {\r\n terminal.writeVerboseLine('Successfully untrusted development certificate.');\r\n return true;\r\n } else {\r\n terminal.writeErrorLine(macUntrustResult.stderr.join(' '));\r\n return false;\r\n }\r\n\r\n default:\r\n // Linux + others: Have the user manually untrust the cert\r\n terminal.writeLine(\r\n 'Automatic certificate untrust is only implemented for debug-certificate-manager on Windows ' +\r\n 'and macOS. To untrust the development certificate, remove this certificate from your trusted ' +\r\n `root certification authorities: \"${this._certificateStore.certificatePath}\". The ` +\r\n `certificate has serial number \"${CA_SERIAL_NUMBER}\".`\r\n );\r\n return false;\r\n }\r\n }\r\n\r\n private async _createCACertificateAsync(\r\n validityInDays: number,\r\n forge: typeof import('node-forge')\r\n ): Promise<ICaCertificate> {\r\n const keys: pki.KeyPair = forge.pki.rsa.generateKeyPair(2048);\r\n const certificate: pki.Certificate = forge.pki.createCertificate();\r\n certificate.publicKey = keys.publicKey;\r\n\r\n certificate.serialNumber = CA_SERIAL_NUMBER;\r\n\r\n const notBefore: Date = new Date();\r\n const notAfter: Date = new Date(notBefore);\r\n notAfter.setUTCDate(notBefore.getUTCDate() + validityInDays);\r\n certificate.validity.notBefore = notBefore;\r\n certificate.validity.notAfter = notAfter;\r\n\r\n const attrs: pki.CertificateField[] = [\r\n {\r\n name: 'commonName',\r\n value: CA_ALT_NAME\r\n }\r\n ];\r\n\r\n certificate.setSubject(attrs);\r\n certificate.setIssuer(attrs);\r\n\r\n const altNames: readonly IAltName[] = [\r\n {\r\n type: 2, // DNS\r\n value: CA_ALT_NAME\r\n }\r\n ];\r\n\r\n certificate.setExtensions([\r\n {\r\n name: 'basicConstraints',\r\n cA: true,\r\n pathLenConstraint: 0,\r\n critical: true\r\n },\r\n {\r\n name: 'subjectAltName',\r\n altNames,\r\n critical: true\r\n },\r\n {\r\n name: 'issuerAltName',\r\n altNames,\r\n critical: false\r\n },\r\n {\r\n name: 'keyUsage',\r\n keyCertSign: true,\r\n critical: true\r\n },\r\n {\r\n name: 'extKeyUsage',\r\n serverAuth: true,\r\n critical: true\r\n },\r\n {\r\n name: 'friendlyName',\r\n value: FRIENDLY_NAME\r\n }\r\n ]);\r\n\r\n // self-sign certificate\r\n certificate.sign(keys.privateKey, forge.md.sha256.create());\r\n\r\n return {\r\n certificate,\r\n privateKey: keys.privateKey\r\n };\r\n }\r\n\r\n private async _createDevelopmentCertificateAsync(\r\n options: Required<ICertificateGenerationOptions>\r\n ): Promise<ICertificate> {\r\n const forge: typeof import('node-forge') = await import('node-forge');\r\n const keys: pki.KeyPair = forge.pki.rsa.generateKeyPair(2048);\r\n const certificate: pki.Certificate = forge.pki.createCertificate();\r\n\r\n certificate.publicKey = keys.publicKey;\r\n certificate.serialNumber = TLS_SERIAL_NUMBER;\r\n\r\n const { subjectAltNames: subjectNames, subjectIPAddresses: subjectIpAddresses, validityInDays } = options;\r\n\r\n const { certificate: caCertificate, privateKey: caPrivateKey } = await this._createCACertificateAsync(\r\n validityInDays,\r\n forge\r\n );\r\n\r\n const notBefore: Date = new Date();\r\n const notAfter: Date = new Date(notBefore);\r\n notAfter.setUTCDate(notBefore.getUTCDate() + validityInDays);\r\n certificate.validity.notBefore = notBefore;\r\n certificate.validity.notAfter = notAfter;\r\n\r\n const subjectAttrs: pki.CertificateField[] = [\r\n {\r\n name: 'commonName',\r\n value: subjectNames[0]\r\n }\r\n ];\r\n const issuerAttrs: pki.CertificateField[] = caCertificate.subject.attributes;\r\n\r\n certificate.setSubject(subjectAttrs);\r\n certificate.setIssuer(issuerAttrs);\r\n\r\n const subjectAltNames: IAltName[] = [\r\n ...subjectNames.map<IDnsAltName>((subjectName) => ({\r\n type: 2, // DNS\r\n value: subjectName\r\n })),\r\n ...subjectIpAddresses.map<IIPAddressAltName>((ip) => ({\r\n type: 7, // IP\r\n ip\r\n }))\r\n ];\r\n\r\n const issuerAltNames: readonly IAltName[] = [\r\n {\r\n type: 2, // DNS\r\n value: CA_ALT_NAME\r\n }\r\n ];\r\n\r\n certificate.setExtensions([\r\n {\r\n name: 'basicConstraints',\r\n cA: false,\r\n critical: true\r\n },\r\n {\r\n name: 'subjectAltName',\r\n altNames: subjectAltNames,\r\n critical: true\r\n },\r\n {\r\n name: 'issuerAltName',\r\n altNames: issuerAltNames,\r\n critical: false\r\n },\r\n {\r\n name: 'keyUsage',\r\n digitalSignature: true,\r\n keyEncipherment: true,\r\n dataEncipherment: true,\r\n critical: true\r\n },\r\n {\r\n name: 'extKeyUsage',\r\n serverAuth: true,\r\n critical: true\r\n },\r\n {\r\n name: 'friendlyName',\r\n value: FRIENDLY_NAME\r\n }\r\n ]);\r\n\r\n // Sign certificate with CA\r\n certificate.sign(caPrivateKey, forge.md.sha256.create());\r\n\r\n // convert a Forge certificate to PEM\r\n const caPem: string = forge.pki.certificateToPem(caCertificate);\r\n const pem: string = forge.pki.certificateToPem(certificate);\r\n const pemKey: string = forge.pki.privateKeyToPem(keys.privateKey);\r\n\r\n return {\r\n pemCaCertificate: caPem,\r\n pemCertificate: pem,\r\n pemKey: pemKey,\r\n subjectAltNames: options.subjectAltNames\r\n };\r\n }\r\n\r\n private async _tryTrustCertificateAsync(certificatePath: string, terminal: ITerminal): Promise<boolean> {\r\n switch (process.platform) {\r\n case 'win32':\r\n terminal.writeLine(\r\n 'Attempting to trust a development certificate. This self-signed certificate only points to localhost ' +\r\n 'and will be stored in your local user profile to be used by other instances of ' +\r\n 'debug-certificate-manager. If you do not consent to trust this certificate, click \"NO\" in the dialog.'\r\n );\r\n\r\n const winTrustResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\r\n '-user',\r\n '-addstore',\r\n 'root',\r\n certificatePath\r\n ]);\r\n\r\n if (winTrustResult.code !== 0) {\r\n terminal.writeErrorLine(`Error: ${winTrustResult.stdout.toString()}`);\r\n\r\n const errorLines: string[] = winTrustResult.stdout\r\n .toString()\r\n .split(EOL)\r\n .map((line: string) => line.trim());\r\n\r\n // Not sure if this is always the status code for \"cancelled\" - should confirm.\r\n if (\r\n winTrustResult.code === 2147943623 \|\|\r\n errorLines[errorLines.length - 1].indexOf('The operation was canceled by the user.') > 0\r\n ) {\r\n terminal.writeLine('Certificate trust cancelled.');\r\n } else {\r\n terminal.writeErrorLine('Certificate trust failed with an unknown error.');\r\n }\r\n\r\n return false;\r\n } else {\r\n terminal.writeVerboseLine('Successfully trusted development certificate.');\r\n\r\n return true;\r\n }\r\n\r\n case 'darwin':\r\n terminal.writeLine(\r\n 'Attempting to trust a development certificate. This self-signed certificate only points to localhost ' +\r\n 'and will be stored in your local user profile to be used by other instances of ' +\r\n 'debug-certificate-manager. If you do not consent to trust this certificate, do not enter your ' +\r\n 'root password in the prompt.'\r\n );\r\n\r\n const result: IRunResult = await runSudoAsync('security', [\r\n 'add-trusted-cert',\r\n '-d',\r\n '-r',\r\n 'trustRoot',\r\n '-k',\r\n MAC_KEYCHAIN,\r\n certificatePath\r\n ]);\r\n\r\n if (result.code === 0) {\r\n terminal.writeVerboseLine('Successfully trusted development certificate.');\r\n return true;\r\n } else {\r\n if (\r\n result.stderr.some(\r\n (value: string) => !!value.match(/The authorization was cancelled by the user\\./)\r\n )\r\n ) {\r\n terminal.writeLine('Certificate trust cancelled.');\r\n return false;\r\n } else {\r\n terminal.writeErrorLine(\r\n `Certificate trust failed with an unknown error. Exit code: ${result.code}. ` +\r\n `Error: ${result.stderr.join(' ')}`\r\n );\r\n return false;\r\n }\r\n }\r\n\r\n default:\r\n // Linux + others: Have the user manually trust the cert if they want to\r\n terminal.writeLine(\r\n 'Automatic certificate trust is only implemented for debug-certificate-manager on Windows ' +\r\n 'and macOS. To trust the development certificate, add this certificate to your trusted root ' +\r\n `certification authorities: \"${certificatePath}\".`\r\n );\r\n return true;\r\n }\r\n }\r\n\r\n private async _detectIfCertificateIsTrustedAsync(terminal: ITerminal): Promise<boolean> {\r\n switch (process.platform) {\r\n case 'win32':\r\n const winVerifyStoreResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\r\n '-user',\r\n '-verifystore',\r\n 'root',\r\n CA_SERIAL_NUMBER\r\n ]);\r\n\r\n if (winVerifyStoreResult.code !== 0) {\r\n terminal.writeVerboseLine(\r\n 'The development certificate was not found in the store. CertUtil error: ',\r\n winVerifyStoreResult.stderr.join(' ')\r\n );\r\n return false;\r\n } else {\r\n terminal.writeVerboseLine(\r\n 'The development certificate was found in the store. CertUtil output: ',\r\n winVerifyStoreResult.stdout.join(' ')\r\n );\r\n return true;\r\n }\r\n\r\n case 'darwin':\r\n terminal.writeVerboseLine('Trying to find the signature of the development certificate.');\r\n\r\n const macFindCertificateResult: IRunResult = await runAsync('security', [\r\n 'find-certificate',\r\n '-c',\r\n 'localhost',\r\n '-a',\r\n '-Z',\r\n MAC_KEYCHAIN\r\n ]);\r\n\r\n if (macFindCertificateResult.code !== 0) {\r\n terminal.writeVerboseLine(\r\n 'The development certificate was not found in keychain. Find certificate error: ',\r\n macFindCertificateResult.stderr.join(' ')\r\n );\r\n return false;\r\n }\r\n\r\n const shaHash: string \| undefined = this._parseMacOsMatchingCertificateHash(\r\n macFindCertificateResult.stdout.join(EOL)\r\n );\r\n\r\n if (!shaHash) {\r\n terminal.writeVerboseLine(\r\n 'The development certificate was not found in keychain. Find certificate output:\\n',\r\n macFindCertificateResult.stdout.join(' ')\r\n );\r\n return false;\r\n }\r\n\r\n terminal.writeVerboseLine(`The development certificate was found in keychain.`);\r\n return true;\r\n\r\n default:\r\n // Linux + others: Have the user manually verify the cert is trusted\r\n terminal.writeVerboseLine(\r\n 'Automatic certificate trust validation is only implemented for debug-certificate-manager on Windows ' +\r\n 'and macOS. Manually verify this development certificate is present in your trusted ' +\r\n `root certification authorities: \"${this._certificateStore.certificatePath}\". ` +\r\n `The certificate has serial number \"${CA_SERIAL_NUMBER}\".`\r\n );\r\n // Always return true on Linux to prevent breaking flow.\r\n return true;\r\n }\r\n }\r\n\r\n private async _trySetFriendlyNameAsync(certificatePath: string, terminal: ITerminal): Promise<boolean> {\r\n if (process.platform === 'win32') {\r\n const basePath: string = path.dirname(certificatePath);\r\n const fileName: string = path.basename(certificatePath, path.extname(certificatePath));\r\n const friendlyNamePath: string = path.join(basePath, `${fileName}.inf`);\r\n\r\n const friendlyNameFile: string = [\r\n '[Version]',\r\n 'Signature = \"$Windows NT$\"',\r\n '[Properties]',\r\n `11 = \"{text}${FRIENDLY_NAME}\"`,\r\n ''\r\n ].join(EOL);\r\n\r\n await FileSystem.writeFileAsync(friendlyNamePath, friendlyNameFile);\r\n\r\n const repairStoreResult: IRunResult = await runAsync(CERTUTIL_EXE_NAME, [\r\n '-repairstore',\r\n '-user',\r\n 'root',\r\n CA_SERIAL_NUMBER,\r\n friendlyNamePath\r\n ]);\r\n\r\n if (repairStoreResult.code !== 0) {\r\n terminal.writeVerboseLine(`CertUtil Error: ${repairStoreResult.stderr.join('')}`);\r\n terminal.writeVerboseLine(`CertUtil: ${repairStoreResult.stdout.join('')}`);\r\n return false;\r\n } else {\r\n terminal.writeVerboseLine('Successfully set certificate name.');\r\n return true;\r\n }\r\n } else {\r\n // No equivalent concept outside of Windows\r\n return true;\r\n }\r\n }\r\n\r\n private async _ensureCertificateInternalAsync(\r\n options: Required<ICertificateGenerationOptions>,\r\n terminal: ITerminal\r\n ): Promise<ICertificate> {\r\n const certificateStore: CertificateStore = this._certificateStore;\r\n const generatedCertificate: ICertificate = await this._createDevelopmentCertificateAsync(options);\r\n\r\n const certificateName: string = Date.now().toString();\r\n const tempDirName: string = path.join(__dirname, '..', 'temp');\r\n\r\n const tempCertificatePath: string = path.join(tempDirName, `${certificateName}.pem`);\r\n const pemFileContents: string \| undefined = generatedCertificate.pemCaCertificate;\r\n if (pemFileContents) {\r\n await FileSystem.writeFileAsync(tempCertificatePath, pemFileContents, {\r\n ensureFolderExists: true\r\n });\r\n }\r\n\r\n const trustCertificateResult: boolean = await this._tryTrustCertificateAsync(\r\n tempCertificatePath,\r\n terminal\r\n );\r\n\r\n let subjectAltNames: readonly string[] \| undefined;\r\n if (trustCertificateResult) {\r\n certificateStore.caCertificateData = generatedCertificate.pemCaCertificate;\r\n certificateStore.certificateData = generatedCertificate.pemCertificate;\r\n certificateStore.keyData = generatedCertificate.pemKey;\r\n subjectAltNames = generatedCertificate.subjectAltNames;\r\n\r\n // Try to set the friendly name, and warn if we can't\r\n if (!(await this._trySetFriendlyNameAsync(tempCertificatePath, terminal))) {\r\n terminal.writeWarningLine(\"Unable to set the certificate's friendly name.\");\r\n }\r\n } else {\r\n // Clear out the existing store data, if any exists\r\n certificateStore.caCertificateData = undefined;\r\n certificateStore.certificateData = undefined;\r\n certificateStore.keyData = undefined;\r\n }\r\n\r\n await FileSystem.deleteFileAsync(tempCertificatePath);\r\n\r\n return {\r\n pemCaCertificate: certificateStore.caCertificateData,\r\n pemCertificate: certificateStore.certificateData,\r\n pemKey: certificateStore.keyData,\r\n subjectAltNames\r\n };\r\n }\r\n\r\n private _parseMacOsMatchingCertificateHash(findCertificateOuput: string): string \| undefined {\r\n let shaHash: string \| undefined = undefined;\r\n for (const line of findCertificateOuput.split(EOL)) {\r\n // Sets `shaHash` to the current certificate SHA-1 as we progress through the lines of certificate text.\r\n const shaHashMatch: string[] \| null = line.match(/^SHA-1 hash: (.+)$/);\r\n if (shaHashMatch) {\r\n shaHash = shaHashMatch[1];\r\n }\r\n\r\n const snbrMatch: string[] \| null = line.match(/^\\s\"snbr\"<blob>=0x([^\\s]+).+$/);\r\n if (snbrMatch && (snbrMatch[1] \|\| '').toLowerCase() === CA_SERIAL_NUMBER) {\r\n return shaHash;\r\n }\r\n }\r\n }\r\n}\r\n\r\nfunction applyDefaultOptions(\r\n options: ICertificateGenerationOptions \| undefined\r\n): Required<ICertificateGenerationOptions> {\r\n const subjectNames: ReadonlyArray<string> \| undefined = options?.subjectAltNames;\r\n const subjectIpAddresses: ReadonlyArray<string> \| undefined = options?.subjectIPAddresses;\r\n return {\r\n subjectAltNames: subjectNames?.length ? subjectNames : DEFAULT_CERTIFICATE_SUBJECT_NAMES,\r\n subjectIPAddresses: subjectIpAddresses?.length\r\n ? subjectIpAddresses\r\n : DEFAULT_CERTIFICATE_SUBJECT_IP_ADDRESSES,\r\n validityInDays: Math.min(\r\n MAX_CERTIFICATE_VALIDITY_DAYS,\r\n options?.validityInDays ?? MAX_CERTIFICATE_VALIDITY_DAYS\r\n )\r\n };\r\n}\r\n\r\nfunction isIPAddress(altName: IAltName): altName is IIPAddressAltName {\r\n return altName.type === 7;\r\n}\r\n"]}

package/lib/CertificateStore.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"CertificateStore.js","sourceRoot":"","sources":["../src/CertificateStore.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;;;;;;;;;;;;;;;;;;;;;;;;AAE3D,2CAA6B;AAC7B,2BAA6B;AAE7B,oEAA0D;AAE1D;;;GAGG;AACH,MAAa,gBAAgB;IAS3B;QACE,MAAM,oBAAoB,GAAW,IAAA,YAAO,GAAE,CAAC;QAC/C,MAAM,eAAe,GAAW,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnE,IAAI,CAAC,8BAAU,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE;YACvC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;QAED,MAAM,aAAa,GAAW,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QACvE,8BAAU,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAEvC,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;QACxE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,IAAW,iBAAiB;QAC1B,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,IAAW,iBAAiB;QAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC5B,IAAI;gBACF,IAAI,CAAC,kBAAkB,GAAG,8BAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,8BAAU,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED,IAAW,iBAAiB,CAAC,WAA+B;QAC1D,IAAI,WAAW,EAAE;YACf,8BAAU,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;SAC5D;aAAM,IAAI,8BAAU,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;YACrD,8BAAU,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;SAChD;QAED,IAAI,CAAC,kBAAkB,GAAG,WAAW,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,IAAW,eAAe;QACxB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC1B,IAAI;gBACF,IAAI,CAAC,gBAAgB,GAAG,8BAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;aACpE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,8BAAU,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,IAAW,eAAe,CAAC,WAA+B;QACxD,IAAI,WAAW,EAAE;YACf,8BAAU,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;SAC1D;aAAM,IAAI,8BAAU,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE;YACnD,8BAAU,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;SAC9C;QAED,IAAI,CAAC,gBAAgB,GAAG,WAAW,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,IAAW,OAAO;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAClB,IAAI;gBACF,IAAI,CAAC,QAAQ,GAAG,8BAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;aACpD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,8BAAU,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAW,OAAO,CAAC,GAAuB;QACxC,IAAI,GAAG,EAAE;YACP,8BAAU,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;SAC1C;aAAM,IAAI,8BAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC3C,8BAAU,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACtC;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;IACtB,CAAC;CACF;AAtHD,4CAsHC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport * as path from 'path';\nimport { homedir } from 'os';\n\nimport { FileSystem } from '@rushstack/node-core-library';\n\n/*\n Store to retrieve and save debug certificate data.\n * @public\n /\nexport class CertificateStore {\n private readonly _caCertificatePath: string;\n private readonly _certificatePath: string;\n private readonly _keyPath: string;\n\n private _caCertificateData: string \| undefined;\n private _certificateData: string \| undefined;\n private _keyData: string \| undefined;\n\n public constructor() {\n const unresolvedUserFolder: string = homedir();\n const userProfilePath: string = path.resolve(unresolvedUserFolder);\n if (!FileSystem.exists(userProfilePath)) {\n throw new Error(\"Unable to determine the current user's home directory\");\n }\n\n const serveDataPath: string = path.join(userProfilePath, '.rushstack');\n FileSystem.ensureFolder(serveDataPath);\n\n this._caCertificatePath = path.join(serveDataPath, 'rushstack-ca.pem');\n this._certificatePath = path.join(serveDataPath, 'rushstack-serve.pem');\n this._keyPath = path.join(serveDataPath, 'rushstack-serve.key');\n }\n\n /\n Path to the saved debug CA certificate\n /\n public get caCertificatePath(): string {\n return this._caCertificatePath;\n }\n\n /\n Path to the saved debug TLS certificate\n /\n public get certificatePath(): string {\n return this._certificatePath;\n }\n\n /\n Debug Certificate Authority certificate pem file contents.\n /\n public get caCertificateData(): string \| undefined {\n if (!this._caCertificateData) {\n try {\n this._caCertificateData = FileSystem.readFile(this._caCertificatePath);\n } catch (err) {\n if (!FileSystem.isNotExistError(err)) {\n throw err;\n }\n }\n }\n\n return this._caCertificateData;\n }\n\n public set caCertificateData(certificate: string \| undefined) {\n if (certificate) {\n FileSystem.writeFile(this._caCertificatePath, certificate);\n } else if (FileSystem.exists(this._caCertificatePath)) {\n FileSystem.deleteFile(this._caCertificatePath);\n }\n\n this._caCertificateData = certificate;\n }\n\n /\n Debug TLS Server certificate pem file contents.\n /\n public get certificateData(): string \| undefined {\n if (!this._certificateData) {\n try {\n this._certificateData = FileSystem.readFile(this._certificatePath);\n } catch (err) {\n if (!FileSystem.isNotExistError(err)) {\n throw err;\n }\n }\n }\n\n return this._certificateData;\n }\n\n public set certificateData(certificate: string \| undefined) {\n if (certificate) {\n FileSystem.writeFile(this._certificatePath, certificate);\n } else if (FileSystem.exists(this._certificatePath)) {\n FileSystem.deleteFile(this._certificatePath);\n }\n\n this._certificateData = certificate;\n }\n\n /\n Key used to sign the debug pem certificate.\n */\n public get keyData(): string \| undefined {\n if (!this._keyData) {\n try {\n this._keyData = FileSystem.readFile(this._keyPath);\n } catch (err) {\n if (!FileSystem.isNotExistError(err)) {\n throw err;\n }\n }\n }\n\n return this._keyData;\n }\n\n public set keyData(key: string \| undefined) {\n if (key) {\n FileSystem.writeFile(this._keyPath, key);\n } else if (FileSystem.exists(this._keyPath)) {\n FileSystem.deleteFile(this._keyPath);\n }\n\n this._keyData = key;\n }\n}\n"]}
1	+ {"version":3,"file":"CertificateStore.js","sourceRoot":"","sources":["../src/CertificateStore.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;;;;;;;;;;;;;;;;;;;;;;;;AAE3D,2CAA6B;AAC7B,2BAA6B;AAE7B,oEAA0D;AAE1D;;;GAGG;AACH,MAAa,gBAAgB;IAS3B;QACE,MAAM,oBAAoB,GAAW,IAAA,YAAO,GAAE,CAAC;QAC/C,MAAM,eAAe,GAAW,IAAI,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnE,IAAI,CAAC,8BAAU,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE;YACvC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;SAC1E;QAED,MAAM,aAAa,GAAW,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QACvE,8BAAU,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;QAEvC,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,kBAAkB,CAAC,CAAC;QACvE,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;QACxE,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,IAAW,iBAAiB;QAC1B,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,IAAW,eAAe;QACxB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,IAAW,iBAAiB;QAC1B,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC5B,IAAI;gBACF,IAAI,CAAC,kBAAkB,GAAG,8BAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;aACxE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,8BAAU,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED,IAAW,iBAAiB,CAAC,WAA+B;QAC1D,IAAI,WAAW,EAAE;YACf,8BAAU,CAAC,SAAS,CAAC,IAAI,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;SAC5D;aAAM,IAAI,8BAAU,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;YACrD,8BAAU,CAAC,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;SAChD;QAED,IAAI,CAAC,kBAAkB,GAAG,WAAW,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,IAAW,eAAe;QACxB,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC1B,IAAI;gBACF,IAAI,CAAC,gBAAgB,GAAG,8BAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;aACpE;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,8BAAU,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,IAAW,eAAe,CAAC,WAA+B;QACxD,IAAI,WAAW,EAAE;YACf,8BAAU,CAAC,SAAS,CAAC,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;SAC1D;aAAM,IAAI,8BAAU,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE;YACnD,8BAAU,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;SAC9C;QAED,IAAI,CAAC,gBAAgB,GAAG,WAAW,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,IAAW,OAAO;QAChB,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAClB,IAAI;gBACF,IAAI,CAAC,QAAQ,GAAG,8BAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;aACpD;YAAC,OAAO,GAAG,EAAE;gBACZ,IAAI,CAAC,8BAAU,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE;oBACpC,MAAM,GAAG,CAAC;iBACX;aACF;SACF;QAED,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED,IAAW,OAAO,CAAC,GAAuB;QACxC,IAAI,GAAG,EAAE;YACP,8BAAU,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;SAC1C;aAAM,IAAI,8BAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC3C,8BAAU,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;SACtC;QAED,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC;IACtB,CAAC;CACF;AAtHD,4CAsHC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\r\n// See LICENSE in the project root for license information.\r\n\r\nimport * as path from 'path';\r\nimport { homedir } from 'os';\r\n\r\nimport { FileSystem } from '@rushstack/node-core-library';\r\n\r\n/*\r\n Store to retrieve and save debug certificate data.\r\n * @public\r\n /\r\nexport class CertificateStore {\r\n private readonly _caCertificatePath: string;\r\n private readonly _certificatePath: string;\r\n private readonly _keyPath: string;\r\n\r\n private _caCertificateData: string \| undefined;\r\n private _certificateData: string \| undefined;\r\n private _keyData: string \| undefined;\r\n\r\n public constructor() {\r\n const unresolvedUserFolder: string = homedir();\r\n const userProfilePath: string = path.resolve(unresolvedUserFolder);\r\n if (!FileSystem.exists(userProfilePath)) {\r\n throw new Error(\"Unable to determine the current user's home directory\");\r\n }\r\n\r\n const serveDataPath: string = path.join(userProfilePath, '.rushstack');\r\n FileSystem.ensureFolder(serveDataPath);\r\n\r\n this._caCertificatePath = path.join(serveDataPath, 'rushstack-ca.pem');\r\n this._certificatePath = path.join(serveDataPath, 'rushstack-serve.pem');\r\n this._keyPath = path.join(serveDataPath, 'rushstack-serve.key');\r\n }\r\n\r\n /\r\n Path to the saved debug CA certificate\r\n /\r\n public get caCertificatePath(): string {\r\n return this._caCertificatePath;\r\n }\r\n\r\n /\r\n Path to the saved debug TLS certificate\r\n /\r\n public get certificatePath(): string {\r\n return this._certificatePath;\r\n }\r\n\r\n /\r\n Debug Certificate Authority certificate pem file contents.\r\n /\r\n public get caCertificateData(): string \| undefined {\r\n if (!this._caCertificateData) {\r\n try {\r\n this._caCertificateData = FileSystem.readFile(this._caCertificatePath);\r\n } catch (err) {\r\n if (!FileSystem.isNotExistError(err)) {\r\n throw err;\r\n }\r\n }\r\n }\r\n\r\n return this._caCertificateData;\r\n }\r\n\r\n public set caCertificateData(certificate: string \| undefined) {\r\n if (certificate) {\r\n FileSystem.writeFile(this._caCertificatePath, certificate);\r\n } else if (FileSystem.exists(this._caCertificatePath)) {\r\n FileSystem.deleteFile(this._caCertificatePath);\r\n }\r\n\r\n this._caCertificateData = certificate;\r\n }\r\n\r\n /\r\n Debug TLS Server certificate pem file contents.\r\n /\r\n public get certificateData(): string \| undefined {\r\n if (!this._certificateData) {\r\n try {\r\n this._certificateData = FileSystem.readFile(this._certificatePath);\r\n } catch (err) {\r\n if (!FileSystem.isNotExistError(err)) {\r\n throw err;\r\n }\r\n }\r\n }\r\n\r\n return this._certificateData;\r\n }\r\n\r\n public set certificateData(certificate: string \| undefined) {\r\n if (certificate) {\r\n FileSystem.writeFile(this._certificatePath, certificate);\r\n } else if (FileSystem.exists(this._certificatePath)) {\r\n FileSystem.deleteFile(this._certificatePath);\r\n }\r\n\r\n this._certificateData = certificate;\r\n }\r\n\r\n /\r\n Key used to sign the debug pem certificate.\r\n */\r\n public get keyData(): string \| undefined {\r\n if (!this._keyData) {\r\n try {\r\n this._keyData = FileSystem.readFile(this._keyPath);\r\n } catch (err) {\r\n if (!FileSystem.isNotExistError(err)) {\r\n throw err;\r\n }\r\n }\r\n }\r\n\r\n return this._keyData;\r\n }\r\n\r\n public set keyData(key: string \| undefined) {\r\n if (key) {\r\n FileSystem.writeFile(this._keyPath, key);\r\n } else if (FileSystem.exists(this._keyPath)) {\r\n FileSystem.deleteFile(this._keyPath);\r\n }\r\n\r\n this._keyData = key;\r\n }\r\n}\r\n"]}

package/lib/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;AAE3D;;;;;;;;;;;;;;GAcG;AAEH,2DAK8B;AAH5B,wHAAA,kBAAkB,OAAA;AAElB,uIAAA,iCAAiC,OAAA;AAEnC,uDAAsD;AAA7C,oHAAA,gBAAgB,OAAA","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\n/*\n This package is used to manage debug certificates for development servers.\n \n This package provides the following utilities:\n \n - `CertificateStore` to handle retrieving and saving a debug certificate.\n \n - `CertificateManager` is a utility class containing the following public methods:\n \n - `ensureCertificate` will find or optionally create a debug certificate and trust it.\n \n - `untrustCertificate` will untrust a debug certificate.\n \n @packageDocumentation\n */\n\nexport {\n ICertificate,\n CertificateManager,\n ICertificateGenerationOptions,\n DEFAULT_CERTIFICATE_SUBJECT_NAMES\n} from './CertificateManager';\nexport { CertificateStore } from './CertificateStore';\n"]}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;AAE3D;;;;;;;;;;;;;;GAcG;AAEH,2DAK8B;AAH5B,wHAAA,kBAAkB,OAAA;AAElB,uIAAA,iCAAiC,OAAA;AAEnC,uDAAsD;AAA7C,oHAAA,gBAAgB,OAAA","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\r\n// See LICENSE in the project root for license information.\r\n\r\n/*\r\n This package is used to manage debug certificates for development servers.\r\n \r\n This package provides the following utilities:\r\n \r\n - `CertificateStore` to handle retrieving and saving a debug certificate.\r\n \r\n - `CertificateManager` is a utility class containing the following public methods:\r\n \r\n - `ensureCertificate` will find or optionally create a debug certificate and trust it.\r\n \r\n - `untrustCertificate` will untrust a debug certificate.\r\n \r\n @packageDocumentation\r\n */\r\n\r\nexport {\r\n ICertificate,\r\n CertificateManager,\r\n ICertificateGenerationOptions,\r\n DEFAULT_CERTIFICATE_SUBJECT_NAMES\r\n} from './CertificateManager';\r\nexport { CertificateStore } from './CertificateStore';\r\n"]}

package/lib/runCommand.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runCommand.js","sourceRoot":"","sources":["../src/runCommand.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;AAE3D,oEAA0D;AAenD,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,MAAgB;IAClE,MAAM,IAAI,GAA0E,OAAO,CAAC,MAAM,CAAC,CAAC;IACpG,MAAM,MAAM,GAA+B,IAAI,CAAC,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,EAAE;QACpE,aAAa,EAAE,KAAK;QACpB,MAAM,EAAE,uBAAuB;KAChC,CAAC,CAAC;IACH,OAAO,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAPD,oCAOC;AAEM,KAAK,UAAU,QAAQ,CAAC,OAAe,EAAE,MAAgB;IAC9D,MAAM,MAAM,GAA+B,8BAAU,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7E,OAAO,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAHD,4BAGC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAAwC;IACzE,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAqC,EAAE,EAAE;;QACjE,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAA,YAAY,CAAC,MAAM,0CAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAA,YAAY,CAAC,MAAM,0CAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAY,EAAE,EAAE;YACxC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\n// See LICENSE in the project root for license information.\n\nimport { Executable } from '@rushstack/node-core-library';\nimport type * as child_process from 'child_process';\n\nexport interface IRunResult {\n stdout: string[];\n stderr: string[];\n code: number;\n}\n\nexport interface ISudoOptions {\n cachePassword?: boolean;\n prompt?: string;\n spawnOptions?: object;\n}\n\nexport async function runSudoAsync(command: string, params: string[]): Promise<IRunResult> {\n const sudo: (args: string[], options: ISudoOptions) => child_process.ChildProcess = require('sudo');\n const result: child_process.ChildProcess = sudo([command, ...params], {\n cachePassword: false,\n prompt: 'Enter your password: '\n });\n return await _handleChildProcess(result);\n}\n\nexport async function runAsync(command: string, params: string[]): Promise<IRunResult> {\n const result: child_process.ChildProcess = Executable.spawn(command, params);\n return await _handleChildProcess(result);\n}\n\nasync function _handleChildProcess(childProcess: child_process.ChildProcess): Promise<IRunResult> {\n return await new Promise((resolve: (result: IRunResult) => void) => {\n const stderr: string[] = [];\n childProcess.stderr?.on('data', (data: Buffer) => {\n stderr.push(data.toString());\n });\n\n const stdout: string[] = [];\n childProcess.stdout?.on('data', (data: Buffer) => {\n stdout.push(data.toString());\n });\n\n childProcess.on('close', (code: number) => {\n resolve({ code, stdout, stderr });\n });\n });\n}\n"]}
1	+ {"version":3,"file":"runCommand.js","sourceRoot":"","sources":["../src/runCommand.ts"],"names":[],"mappings":";AAAA,4FAA4F;AAC5F,2DAA2D;;;AAE3D,oEAA0D;AAenD,KAAK,UAAU,YAAY,CAAC,OAAe,EAAE,MAAgB;IAClE,MAAM,IAAI,GAA0E,OAAO,CAAC,MAAM,CAAC,CAAC;IACpG,MAAM,MAAM,GAA+B,IAAI,CAAC,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,EAAE;QACpE,aAAa,EAAE,KAAK;QACpB,MAAM,EAAE,uBAAuB;KAChC,CAAC,CAAC;IACH,OAAO,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAPD,oCAOC;AAEM,KAAK,UAAU,QAAQ,CAAC,OAAe,EAAE,MAAgB;IAC9D,MAAM,MAAM,GAA+B,8BAAU,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7E,OAAO,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAHD,4BAGC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAAwC;IACzE,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAqC,EAAE,EAAE;;QACjE,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAA,YAAY,CAAC,MAAM,0CAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,MAAA,YAAY,CAAC,MAAM,0CAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAY,EAAE,EAAE;YACxC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation. All rights reserved. Licensed under the MIT license.\r\n// See LICENSE in the project root for license information.\r\n\r\nimport { Executable } from '@rushstack/node-core-library';\r\nimport type * as child_process from 'child_process';\r\n\r\nexport interface IRunResult {\r\n stdout: string[];\r\n stderr: string[];\r\n code: number;\r\n}\r\n\r\nexport interface ISudoOptions {\r\n cachePassword?: boolean;\r\n prompt?: string;\r\n spawnOptions?: object;\r\n}\r\n\r\nexport async function runSudoAsync(command: string, params: string[]): Promise<IRunResult> {\r\n const sudo: (args: string[], options: ISudoOptions) => child_process.ChildProcess = require('sudo');\r\n const result: child_process.ChildProcess = sudo([command, ...params], {\r\n cachePassword: false,\r\n prompt: 'Enter your password: '\r\n });\r\n return await _handleChildProcess(result);\r\n}\r\n\r\nexport async function runAsync(command: string, params: string[]): Promise<IRunResult> {\r\n const result: child_process.ChildProcess = Executable.spawn(command, params);\r\n return await _handleChildProcess(result);\r\n}\r\n\r\nasync function _handleChildProcess(childProcess: child_process.ChildProcess): Promise<IRunResult> {\r\n return await new Promise((resolve: (result: IRunResult) => void) => {\r\n const stderr: string[] = [];\r\n childProcess.stderr?.on('data', (data: Buffer) => {\r\n stderr.push(data.toString());\r\n });\r\n\r\n const stdout: string[] = [];\r\n childProcess.stdout?.on('data', (data: Buffer) => {\r\n stdout.push(data.toString());\r\n });\r\n\r\n childProcess.on('close', (code: number) => {\r\n resolve({ code, stdout, stderr });\r\n });\r\n });\r\n}\r\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rushstack/debug-certificate-manager",
-  "version": "1.3.8",
+  "version": "1.3.10",
   "description": "Cross-platform functionality to create debug ssl certificates.",
   "main": "lib/index.js",
   "typings": "dist/debug-certificate-manager.d.ts",
@@ -17,8 +17,8 @@
   },
   "devDependencies": {
     "@types/node-forge": "1.0.4",
-    "@rushstack/heft": "0.62.2",
-    "local-node-rig": "1.0.0"
+    "local-node-rig": "1.0.0",
+    "@rushstack/heft": "0.63.0"
   },
   "scripts": {
     "build": "heft build --clean",