heroku 9.0.0-dev.0 → 9.1.0-beta.0

package/lib/commands/certs/add.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const domains_1 = require("../../lib/certs/domains");
+const inquirer_1 = require("inquirer");
+const get_cert_and_key_1 = require("../../lib/certs/get_cert_and_key");
+const tsheredoc_1 = require("tsheredoc");
+const certificate_details_1 = require("../../lib/certs/certificate_details");
+async function configureDomains(app, heroku, cert) {
+    const certDomains = cert.ssl_cert.cert_domains;
+    const apiDomains = await (0, domains_1.waitForDomains)(app, heroku);
+    const appDomains = apiDomains === null || apiDomains === void 0 ? void 0 : apiDomains.map((domain) => domain.hostname);
+    const matchedDomains = matchDomains(certDomains, appDomains !== null && appDomains !== void 0 ? appDomains : []);
+    if (matchedDomains.length > 0) {
+        core_1.ux.styledHeader('Almost done! Which of these domains on this application would you like this certificate associated with?');
+        const selections = await (0, inquirer_1.prompt)([{
+                type: 'checkbox',
+                name: 'domains',
+                message: 'Select domains',
+                choices: matchedDomains,
+            }]);
+        await Promise.all(selections === null || selections === void 0 ? void 0 : selections.domains.map(domain => {
+            return heroku.patch(`/apps/${app}/domains/${domain}`, {
+                body: { sni_endpoint: cert.name },
+            });
+        }));
+    }
+}
+class Add extends command_1.Command {
+    async run() {
+        const { flags, args } = await this.parse(Add);
+        const { app } = flags;
+        const files = await (0, get_cert_and_key_1.getCertAndKey)(args);
+        core_1.ux.action.start(`Adding SSL certificate to ${color_1.default.magenta(app)}`);
+        const { body: sniEndpoint } = await this.heroku.post(`/apps/${app}/sni-endpoints`, {
+            body: {
+                certificate_chain: files.crt.toString(),
+                private_key: files.key.toString(),
+            },
+        });
+        core_1.ux.action.stop();
+        (0, certificate_details_1.displayCertificateDetails)(sniEndpoint);
+        await configureDomains(app, this.heroku, sniEndpoint);
+    }
+}
+exports.default = Add;
+Add.topic = 'certs';
+Add.strict = true;
+Add.description = `Add an SSL certificate to an app.
+
+  Note: certificates with PEM encoding are also valid.
+  `;
+Add.examples = [
+    (0, tsheredoc_1.default)(`$ heroku certs:add example.com.crt example.com.key
+    If you require intermediate certificates, refer to this article on merging certificates to get a complete chain:
+    https://help.salesforce.com/s/articleView?id=000333504&type=1`),
+];
+Add.flags = {
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};
+Add.args = {
+    CRT: core_1.Args.string({ required: true }),
+    KEY: core_1.Args.string({ required: true }),
+};
+function splitDomains(domains) {
+    return domains.map(domain => {
+        return [domain.slice(0, 1), domain.slice(1)];
+    });
+}
+function createMatcherFromSplitDomain([firstChar, rest]) {
+    const matcherContents = [];
+    if (firstChar === '*') {
+        matcherContents.push('^[\\w\\-]+');
+    }
+    else {
+        matcherContents.push(firstChar);
+    }
+    const escapedRest = rest.replace(/\./g, '\\.');
+    matcherContents.push(escapedRest);
+    return new RegExp(matcherContents.join(''));
+}
+function matchDomains(certDomains, appDomains) {
+    const splitCertDomains = splitDomains(certDomains);
+    const matchers = splitCertDomains.map(splitDomain => createMatcherFromSplitDomain(splitDomain));
+    if (splitCertDomains.some(domain => (domain[0] === '*'))) {
+        const matchedDomains = [];
+        appDomains.forEach(appDomain => {
+            if (matchers.some(matcher => matcher.test(appDomain))) {
+                matchedDomains.push(appDomain);
+            }
+        });
+        return matchedDomains;
+    }
+    return certDomains.filter(domain => appDomains.includes(domain));
+}

package/lib/commands/certs/auto/disable.d.ts

@@ -0,0 +1,11 @@
+import { Command } from '@heroku-cli/command';
+export default class Disable extends Command {
+    static topic: string;
+    static description: string;
+    static flags: {
+        confirm: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/auto/disable.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const confirmCommand_1 = require("../../../lib/confirmCommand");
+const tsheredoc_1 = require("tsheredoc");
+class Disable extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Disable);
+        const { app, confirm } = flags;
+        const warning = (0, tsheredoc_1.default)(`
+      This command will disable Automatic Certificate Management from ${color_1.default.app(app)}.
+      This will cause the certificate to be removed from ${color_1.default.app(app)} causing SSL
+      validation errors.  In order to avoid downtime, the recommended steps
+      are preferred which will also disable Automatic Certificate Management.
+
+      1) Request a new SSL certificate for your domains names from your certificate provider
+      2) heroku certs:update CRT KEY
+    `);
+        await (0, confirmCommand_1.default)(app, confirm, warning);
+        core_1.ux.action.start('Disabling Automatic Certificate Management');
+        await this.heroku.delete(`/apps/${app}/acm`);
+        core_1.ux.action.stop();
+    }
+}
+exports.default = Disable;
+Disable.topic = 'certs';
+Disable.description = 'disable ACM for an app';
+Disable.flags = {
+    confirm: command_1.flags.string({ char: 'c', hidden: true }),
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};

package/lib/commands/certs/auto/enable.d.ts

@@ -0,0 +1,11 @@
+import { Command } from '@heroku-cli/command';
+export default class Enable extends Command {
+    static topic: string;
+    static description: string;
+    static flags: {
+        wait: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/auto/enable.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const domains_1 = require("../../../lib/domains/domains");
+const notify_1 = require("../../../lib/notify");
+class Enable extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Enable);
+        const { app, wait } = flags;
+        core_1.ux.action.start('Enabling Automatic Certificate Management');
+        const domainsBeforeEnable = await (0, domains_1.getDomains)(this.heroku, app);
+        await this.heroku.post(`/apps/${app}/acm`, { body: {} });
+        if (wait) {
+            core_1.ux.action.stop(`${color_1.default.yellow('starting')}.`);
+            try {
+                await (0, domains_1.waitForCertIssuedOnDomains)(this.heroku, app);
+                (0, notify_1.default)('heroku certs:auto:enable', 'Certificate issued to all domains');
+            }
+            catch (error) {
+                (0, notify_1.default)('heroku certs:auto:enable', 'An error occurred', false);
+                core_1.ux.styledHeader(`${color_1.default.red('Error')}: The certificate could not be issued to all domains. See status with ${color_1.default.cmd('heroku certs:auto')}.`);
+                throw error;
+            }
+        }
+        else {
+            core_1.ux.action.stop(`${color_1.default.yellow('starting')}. See status with ${color_1.default.cmd('heroku certs:auto')} or wait until active with ${color_1.default.cmd('heroku certs:auto --wait')}`);
+        }
+        const domains = await (0, domains_1.waitForDomains)(this.heroku, app);
+        const changedCnames = domains.filter(function (domain) {
+            const domainBeforeEnable = domainsBeforeEnable.find(domainBefore => domain.hostname === domainBefore.hostname);
+            return domainBeforeEnable && domain.cname !== domainBeforeEnable.cname;
+        });
+        const message = `Your certificate will now be managed by Heroku. Check the status by running ${color_1.default.cmd('heroku certs:auto')}.`;
+        if (domains.length === 0 || changedCnames.length > 0) {
+            (0, domains_1.printDomains)(changedCnames, message);
+        }
+        else {
+            core_1.ux.styledHeader(message);
+        }
+    }
+}
+exports.default = Enable;
+Enable.topic = 'certs';
+Enable.description = 'enable ACM status for an app';
+Enable.flags = {
+    wait: command_1.flags.boolean({ description: 'watch ACM status and exit when complete' }),
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};

package/lib/commands/certs/auto/index.d.ts

@@ -0,0 +1,12 @@
+import { Command } from '@heroku-cli/command';
+export default class Index extends Command {
+    static topic: string;
+    static command: 'auto';
+    static description: string;
+    static flags: {
+        wait: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/auto/index.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const certificate_details_1 = require("../../../lib/certs/certificate_details");
+const domains_1 = require("../../../lib/domains/domains");
+const date_fns_1 = require("date-fns");
+const tsheredoc_1 = require("tsheredoc");
+function humanize(value) {
+    if (!value) {
+        return color_1.default.yellow('Waiting');
+    }
+    if (value === 'ok') {
+        return color_1.default.green('OK');
+    }
+    if (value === 'failed') {
+        return color_1.default.red('Failed');
+    }
+    if (value === 'verified') {
+        return color_1.default.yellow('In Progress');
+    }
+    if (value === 'dns-verified') {
+        return color_1.default.yellow('DNS Verified');
+    }
+    return value.split('-')
+        .map(word => word.replace(/(^[a-z])/, text => text.toUpperCase()))
+        .join(' ');
+}
+class Index extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Index);
+        const [{ body: app }, { body: sniEndpoints }] = await Promise.all([
+            this.heroku.get(`/apps/${flags.app}`),
+            this.heroku.get(`/apps/${flags.app}/sni-endpoints`),
+        ]);
+        if (!app.acm) {
+            core_1.ux.styledHeader(`Automatic Certificate Management is ${color_1.default.yellow('disabled')} on ${flags.app}`);
+            return;
+        }
+        core_1.ux.styledHeader(`Automatic Certificate Management is ${color_1.default.green('enabled')} on ${flags.app}`);
+        if (sniEndpoints.length === 1 && sniEndpoints[0].ssl_cert.acm) {
+            (0, certificate_details_1.displayCertificateDetails)(sniEndpoints[0]);
+            core_1.ux.log('');
+        }
+        if (flags.wait) {
+            await (0, domains_1.waitForCertIssuedOnDomains)(this.heroku, flags.app).catch(() => { });
+        }
+        let { body: domains } = await this.heroku.get(`/apps/${flags.app}/domains`);
+        domains = domains.filter(domain => domain.kind === 'custom');
+        let message;
+        if (domains.length === 0) {
+            message = `Add a custom domain to your app by running: ${color_1.default.cmd('heroku domains:add <yourdomain.com>')}`;
+        }
+        else if (domains.some(domain => domain.acm_status === 'failed')) {
+            message = (0, tsheredoc_1.default) `
+        Some domains failed validation after multiple attempts, retry by running: ${color_1.default.cmd('heroku certs:auto:refresh')}
+            See our documentation at https://devcenter.heroku.com/articles/automated-certificate-management#failure-reasons`;
+        }
+        else if (domains.some(domain => domain.acm_status === 'failing')) {
+            message = (0, tsheredoc_1.default) `
+        Some domains are failing validation, please verify that your DNS matches: ${color_1.default.cmd('heroku domains')}
+            See our documentation at https://devcenter.heroku.com/articles/automated-certificate-management#failure-reasons`;
+        }
+        if (domains.length > 0) {
+            core_1.ux.table(domains, Object.assign(Object.assign({ Domain: {
+                    get: (domain) => domain.hostname,
+                }, Status: {
+                    get: (domain) => humanize(domain.acm_status),
+                } }, (domains.some(d => d.acm_status_reason) ? {
+                Reason: {
+                    get: (domain) => domain.acm_status_reason ? domain.acm_status_reason : '',
+                },
+            } : {})), { lastUpdated: {
+                    header: 'Last Updated',
+                    get: (domain) => (0, date_fns_1.formatDistanceToNow)(new Date(domain.updated_at)),
+                } }));
+            if (message) {
+                core_1.ux.log('');
+            }
+        }
+        if (message) {
+            core_1.ux.styledHeader(message);
+        }
+    }
+}
+exports.default = Index;
+Index.topic = 'certs';
+Index.description = 'show ACM status for an app';
+Index.flags = {
+    wait: command_1.flags.boolean({ description: 'watch ACM status and display the status when complete' }),
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};

package/lib/commands/certs/auto/refresh.d.ts

@@ -0,0 +1,10 @@
+import { Command } from '@heroku-cli/command';
+export default class Refresh extends Command {
+    static topic: string;
+    static description: string;
+    static flags: {
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/auto/refresh.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+class Refresh extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Refresh);
+        core_1.ux.action.start('Refreshing Automatic Certificate Management');
+        await this.heroku.patch(`/apps/${flags.app}/acm`, { body: { acm_refresh: true } });
+        core_1.ux.action.stop();
+    }
+}
+exports.default = Refresh;
+Refresh.topic = 'certs';
+Refresh.description = 'refresh ACM for an app';
+Refresh.flags = {
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};

package/lib/commands/certs/generate.d.ts

@@ -0,0 +1,26 @@
+import { Command } from '@heroku-cli/command';
+export default class Generate extends Command {
+    static topic: string;
+    static description: string;
+    static help: string;
+    static flags: {
+        selfsigned: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        keysize: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        owner: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        country: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        area: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        city: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        subject: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        now: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    static args: {
+        domain: import("@oclif/core/lib/interfaces/parser").Arg<string, Record<string, unknown>>;
+    };
+    private parsed;
+    run(): Promise<void>;
+    protected requiresPrompt(flags: Awaited<typeof this.parsed>['flags']): boolean | undefined;
+    protected getSubject(args: Awaited<typeof this.parsed>['args'], flags: Awaited<typeof this.parsed>['flags']): string;
+    protected spawnOpenSSL(args: ReadonlyArray<string>): Promise<unknown>;
+}

package/lib/commands/certs/generate.js

@@ -0,0 +1,111 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const node_child_process_1 = require("node:child_process");
+const inquirer = require("inquirer");
+function getCommand(certs, domain) {
+    const shouldUpdate = certs
+        .map(cert => { var _a; return (_a = cert === null || cert === void 0 ? void 0 : cert.ssl_cert) === null || _a === void 0 ? void 0 : _a.cert_domains; })
+        .filter(certDomains => certDomains === null || certDomains === void 0 ? void 0 : certDomains.length)
+        .flat()
+        .includes(domain);
+    return shouldUpdate ? 'update' : 'add';
+}
+class Generate extends command_1.Command {
+    constructor() {
+        super(...arguments);
+        this.parsed = this.parse(Generate);
+    }
+    async run() {
+        const { flags, args } = await this.parsed;
+        const { app, selfsigned } = flags;
+        if (this.requiresPrompt(flags)) {
+            const { owner, country, area, city } = await inquirer.prompt([
+                { type: 'input', message: 'Owner of this certificate', name: 'owner' },
+                { type: 'input', message: 'Country of owner (two-letter ISO code)', name: 'country' },
+                { type: 'input', message: 'State/province/etc. of owner', name: 'area' },
+                { type: 'input', message: 'City of owner', name: 'city' },
+            ]);
+            Object.assign(flags, { owner, country, area, city });
+        }
+        const subject = this.getSubject(args, flags);
+        const domain = args.domain;
+        const keysize = flags.keysize || 2048;
+        const keyfile = `${domain}.key`;
+        const { body: certs } = await this.heroku.get(`/apps/${app}/sni-endpoints`);
+        const command = getCommand(certs, domain);
+        if (selfsigned) {
+            const crtfile = `${domain}.crt`;
+            await this.spawnOpenSSL(['req', '-new', '-newkey', `rsa:${keysize}`, '-nodes', '-keyout', keyfile, '-out', crtfile, '-subj', subject, '-x509']);
+            console.error('Your key and self-signed certificate have been generated.');
+            console.error('Next, run:');
+            console.error(`$ heroku certs:${command} ${crtfile} ${keyfile}`);
+        }
+        else {
+            const csrfile = `${domain}.csr`;
+            await this.spawnOpenSSL(['req', '-new', '-newkey', `rsa:${keysize}`, '-nodes', '-keyout', keyfile, '-out', csrfile, '-subj', subject]);
+            console.error('Your key and certificate signing request have been generated.');
+            console.error(`Submit the CSR in '${csrfile}' to your preferred certificate authority.`);
+            console.error('When you\'ve received your certificate, run:');
+            console.error(`$ heroku certs:${command} CERTFILE ${keyfile}`);
+        }
+    }
+    requiresPrompt(flags) {
+        if (flags.subject) {
+            return false;
+        }
+        const args = [flags.owner, flags.country, flags.area, flags.city];
+        if (!flags.now && args.every((arg) => !arg)) {
+            return true;
+        }
+    }
+    getSubject(args, flags) {
+        const { domain } = args;
+        const { owner, country, area, city, subject } = flags;
+        if (subject) {
+            return subject;
+        }
+        let constructedSubject = '';
+        if (country) {
+            constructedSubject += `/C=${country}`;
+        }
+        if (area) {
+            constructedSubject += `/ST=${area}`;
+        }
+        if (city) {
+            constructedSubject += `/L=${city}`;
+        }
+        if (owner) {
+            constructedSubject += `/O=${owner}`;
+        }
+        constructedSubject += `/CN=${domain}`;
+        return constructedSubject;
+    }
+    async spawnOpenSSL(args) {
+        return new Promise((resolve, reject) => {
+            const process = (0, node_child_process_1.spawn)('openssl', args, { stdio: 'inherit' });
+            process.once('error', reject);
+            process.once('close', (code) => code ? reject(new Error(`Non zero openssl error ${code}`)) : resolve(code));
+        });
+    }
+}
+exports.default = Generate;
+Generate.topic = 'certs';
+Generate.description = 'generate a key and a CSR or self-signed certificate';
+Generate.help = 'Generate a key and certificate signing request (or self-signed certificate)\nfor an app. Prompts for information to put in the certificate unless --now\nis used, or at least one of the --subject, --owner, --country, --area, or\n--city options is specified.';
+Generate.flags = {
+    selfsigned: command_1.flags.boolean({ required: false, description: 'generate a self-signed certificate instead of a CSR' }),
+    keysize: command_1.flags.string({ optional: true, description: 'RSA key size in bits (default: 2048)' }),
+    owner: command_1.flags.string({ optional: true, description: 'name of organization certificate belongs to' }),
+    country: command_1.flags.string({ optional: true, description: 'country of owner, as a two-letter ISO country code' }),
+    area: command_1.flags.string({ optional: true, description: 'sub-country area (state, province, etc.) of owner' }),
+    city: command_1.flags.string({ optional: true, description: 'city of owner' }),
+    subject: command_1.flags.string({ optional: true, description: 'specify entire certificate subject' }),
+    now: command_1.flags.boolean({ required: false, description: 'do not prompt for any owner information' }),
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};
+Generate.args = {
+    domain: core_1.Args.string({ required: true }),
+};

package/lib/commands/certs/index.d.ts

@@ -0,0 +1,10 @@
+import { Command } from '@heroku-cli/command';
+export default class Index extends Command {
+    static topic: string;
+    static description: string;
+    static flags: {
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/index.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const display_table_1 = require("../../lib/certs/display_table");
+class Index extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Index);
+        const { body: certs } = await this.heroku.get(`/apps/${flags.app}/sni-endpoints`);
+        if (certs.length === 0) {
+            core_1.ux.log(`${color_1.default.magenta(flags.app)} has no SSL certificates.\nUse ${color_1.default.cmd('heroku certs:add CRT KEY')} to add one.`);
+        }
+        else {
+            const sortedCerts = certs.sort((a, b) => a.name > b.name ? 1 : (b.name > a.name ? -1 : 0));
+            (0, display_table_1.default)(sortedCerts);
+        }
+    }
+}
+exports.default = Index;
+Index.topic = 'certs';
+Index.description = 'list SSL certificates for an app';
+Index.flags = {
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};

package/lib/commands/certs/info.d.ts

@@ -0,0 +1,13 @@
+import { Command } from '@heroku-cli/command';
+export default class Info extends Command {
+    static topic: string;
+    static description: string;
+    static flags: {
+        name: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        endpoint: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        'show-domains': import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/info.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const flags_1 = require("../../lib/certs/flags");
+const certificate_details_1 = require("../../lib/certs/certificate_details");
+class Info extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Info);
+        const { app } = flags;
+        const endpoint = await (0, flags_1.default)(flags, this.heroku);
+        core_1.ux.action.start(`Fetching SSL certificate ${endpoint.name} info for ${color_1.default.app(app)}`);
+        // This is silly, we just fetched all SNI Endpoints and filtered to get the one we want just
+        // to use the name on the start action message, but then we re-fetch the exact same SNI Endpoint we
+        // already have.
+        const { body: cert } = await this.heroku.get(`/apps/${app}/sni-endpoints/${endpoint.name}`);
+        core_1.ux.action.stop();
+        if (flags['show-domains']) {
+            core_1.ux.action.start(`Fetching domains for ${endpoint.name}`);
+            const domains = await Promise.all(endpoint.domains.map(async (domain) => {
+                const { body: response } = await this.heroku.get(`/apps/${app}/domains/${domain}`);
+                return response.hostname;
+            }));
+            core_1.ux.action.stop();
+            cert.domains = domains;
+        }
+        else {
+            cert.domains = [];
+        }
+        (0, certificate_details_1.displayCertificateDetails)(cert);
+    }
+}
+exports.default = Info;
+Info.topic = 'certs';
+Info.description = 'show certificate information for an SSL certificate';
+Info.flags = {
+    name: command_1.flags.string({ description: 'name to check info on' }),
+    endpoint: command_1.flags.string({ description: 'endpoint to check info on' }),
+    'show-domains': command_1.flags.boolean({ description: 'show associated domains' }),
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};

package/lib/commands/certs/remove.d.ts

@@ -0,0 +1,13 @@
+import { Command } from '@heroku-cli/command';
+export default class Remove extends Command {
+    static topic: string;
+    static description: string;
+    static flags: {
+        confirm: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        name: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        endpoint: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        app: import("@oclif/core/lib/interfaces").OptionFlag<string, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+        remote: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces/parser").CustomOptions>;
+    };
+    run(): Promise<void>;
+}

package/lib/commands/certs/remove.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const color_1 = require("@heroku-cli/color");
+const command_1 = require("@heroku-cli/command");
+const core_1 = require("@oclif/core");
+const flags_1 = require("../../lib/certs/flags");
+const confirmCommand_1 = require("../../lib/confirmCommand");
+const tsheredoc_1 = require("tsheredoc");
+class Remove extends command_1.Command {
+    async run() {
+        const { flags } = await this.parse(Remove);
+        const { app, confirm } = flags;
+        const sniEndpoint = await (0, flags_1.default)(flags, this.heroku);
+        await (0, confirmCommand_1.default)(app, confirm, (0, tsheredoc_1.default) `
+          WARNING: Destructive Action - you cannot rollback this change
+          This command will remove the endpoint ${sniEndpoint.name} from ${color_1.default.magenta(app)}.
+        `);
+        core_1.ux.action.start(`Removing SSL certificate ${sniEndpoint.name} from ${color_1.default.magenta(app)}`);
+        await this.heroku.request(`/apps/${app}/sni-endpoints/${sniEndpoint.name}`, { method: 'DELETE' });
+        core_1.ux.action.stop();
+    }
+}
+exports.default = Remove;
+Remove.topic = 'certs';
+Remove.description = 'remove an SSL certificate from an app';
+Remove.flags = {
+    confirm: command_1.flags.string({ hidden: true }),
+    name: command_1.flags.string({ description: 'name to remove' }),
+    endpoint: command_1.flags.string({ description: 'endpoint to remove' }),
+    app: command_1.flags.app({ required: true }),
+    remote: command_1.flags.remote(),
+};