npm - @stacksjs/rpx - Versions diffs - 0.11.7 → 0.11.9 - Mend

@stacksjs/rpx 0.11.7 → 0.11.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/cert-inspect.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Normalize openssl / security fingerprint output to uppercase hex without separators.
+ */
+export declare function normalizeSha256Fingerprint(raw: string): string;
+export declare function readCertSha256Fingerprint(certPath: string): string | null;
+export declare function readCertCommonName(certPath: string): string | null;
+export declare function certIncludesSanHostnames(certPath: string, hostnames: string[]): boolean;
+/**
+ * True when :443 (or `port`) presents a chain trusted by `caPath` for `domain`.
+ */
+export declare function verifyHttpsChain(domain: string, caPath: string, port?: number): boolean;
+/**
+ * Parse `security find-certificate -Z` listing lines into SHA-256 hashes.
+ */
+export declare function parseSha256HashesFromSecurityListing(listing: string): string[];

package/dist/daemon-runner.d.ts CHANGED Viewed

@@ -26,4 +26,7 @@ export declare interface DaemonRunnerOptions {
   rpxDir?: string
   detached?: boolean
   spawnCommand?: string[]
+  startupTimeoutMs?: number
+  spawnEnv?: Record<string, string>
+  persistent?: boolean
 }

package/dist/https.d.ts CHANGED Viewed

@@ -1,9 +1,17 @@
 import { config } from './config';
+import { MACOS_CA_TRUST_FLAGS, MACOS_SYSTEM_KEYCHAIN, getMacosLoginKeychainPath, isRootCaFingerprintInKeychains, isRootCaTrustedForSsl, pruneStaleRootCas, trustRootCaForBrowsers } from './macos-trust';
 import type { ProxyConfigs, ProxyOption, ProxyOptions, SSLConfig, TlsConfig } from './types';
 /**
  * Returns the canonical Root CA cert + key paths inside `basePath`.
  */
 export declare function getRootCAPaths(basePath: string): RootCAPaths;
+/** Paths for the shared multi-host daemon cert under `~/.stacks/ssl`. */
+export declare function getSharedDaemonCertPaths(sslDir: string): {
+  certPath: string
+  keyPath: string
+  caCertPath: string
+  rootCA: RootCAPaths
+};
 /**
  * Resolves SSL paths based on configuration
  */
@@ -26,9 +34,11 @@ export declare function loadSSLConfig(options: ProxyOption): Promise<SSLConfig |
 /**
  * Force trust a certificate - exposing for direct use
  */
-export declare function forceTrustCertificate(certPath: string): Promise<boolean>;
+export declare function forceTrustCertificate(certPath: string, options?: { serverName?: string, verbose?: boolean }): Promise<boolean>;
 export declare function generateCertificate(options: ProxyOptions): Promise<void>;
 export declare function getSSLConfig(): { key: string, cert: string, ca?: string } | null;
+/** Clear in-process TLS cache so the next generate/load picks up new files on disk. */
+export declare function clearSslConfigCache(): void;
 // needs to accept the options
 export declare function checkExistingCertificates(options?: ProxyOptions): Promise<SSLConfig | null>;
 export declare function httpsConfig(options: ProxyOption | ProxyOptions, verbose?: boolean): TlsConfig;
@@ -40,8 +50,28 @@ export declare function cleanupCertificates(domain: string, verbose?: boolean):
  * Checks if a certificate is trusted by the system (macOS only for now)
  * If options.regenerateUntrustedCerts is false, always returns true (skips trust check)
  */
-export declare function isCertTrusted(certPath: string, options?: { verbose?: boolean, regenerateUntrustedCerts?: boolean }): Promise<boolean>;
+export declare function isCertTrusted(certPath: string, options?: { verbose?: boolean, regenerateUntrustedCerts?: boolean, serverName?: string }): Promise<boolean>;
 export declare interface RootCAPaths {
   caCertPath: string
   caKeyPath: string
 }
+export {
+  MACOS_CA_TRUST_FLAGS,
+  MACOS_SYSTEM_KEYCHAIN,
+  RPX_ROOT_CA_COMMON_NAME,
+  getMacosLoginKeychainPath,
+  getMacosTrustKeychains,
+  isRootCaFingerprintInKeychains,
+  isRootCaTrustedForSsl,
+  listCertSha256HashesByCommonName,
+  pruneStaleRootCas,
+  trustRootCaForBrowsers,
+} from './macos-trust';
+export {
+  certIncludesSanHostnames,
+  normalizeSha256Fingerprint,
+  parseSha256HashesFromSecurityListing,
+  readCertCommonName,
+  readCertSha256Fingerprint,
+  verifyHttpsChain,
+} from './cert-inspect';

package/dist/index.d.ts CHANGED Viewed

@@ -20,12 +20,35 @@ export {
 export {
   checkExistingCertificates,
   cleanupCertificates,
+  clearSslConfigCache,
   forceTrustCertificate,
   generateCertificate,
+  getRootCAPaths,
+  getSharedDaemonCertPaths,
   httpsConfig,
   isCertTrusted,
   loadSSLConfig,
 } from './https';
+export {
+  MACOS_CA_TRUST_FLAGS,
+  MACOS_SYSTEM_KEYCHAIN,
+  RPX_ROOT_CA_COMMON_NAME,
+  getMacosLoginKeychainPath,
+  getMacosTrustKeychains,
+  isRootCaFingerprintInKeychains,
+  isRootCaTrustedForSsl,
+  listCertSha256HashesByCommonName,
+  pruneStaleRootCas,
+  trustRootCaForBrowsers,
+} from './macos-trust';
+export {
+  certIncludesSanHostnames,
+  normalizeSha256Fingerprint,
+  parseSha256HashesFromSecurityListing,
+  readCertCommonName,
+  readCertSha256Fingerprint,
+  verifyHttpsChain,
+} from './cert-inspect';
 export { DefaultPortManager, findAvailablePort, isPortInUse, portManager } from './port-manager';
 export {
   gcStaleEntries,