homebridge-config-ui-x 5.10.1-alpha.0 → 5.10.1-beta.1

package/dist/modules/server/server.service.js

@@ -12,11 +12,13 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
 };
 import { Buffer } from 'node:buffer';
 import { exec, spawn } from 'node:child_process';
+import { createPrivateKey, createPublicKey, X509Certificate } from 'node:crypto';
 import { createWriteStream } from 'node:fs';
 import { readdir, unlink } from 'node:fs/promises';
 import { extname, join, resolve } from 'node:path';
 import process from 'node:process';
 import { pipeline } from 'node:stream';
+import { createSecureContext } from 'node:tls';
 import { promisify } from 'node:util';
 import { Categories } from '@homebridge/hap-client/dist/hap-types.js';
 import { BadRequestException, Inject, Injectable, InternalServerErrorException, NotFoundException, ServiceUnavailableException, } from '@nestjs/common';
@@ -27,6 +29,7 @@ import { check as tcpCheck } from 'tcp-port-used';
 import { ConfigService } from '../../core/config/config.service.js';
 import { HomebridgeIpcService } from '../../core/homebridge-ipc/homebridge-ipc.service.js';
 import { Logger } from '../../core/logger/logger.service.js';
+import { SslCertGeneratorService } from '../../core/ssl/ssl-cert-generator.service.js';
 import { AccessoriesService } from '../accessories/accessories.service.js';
 import { ConfigEditorService } from '../config-editor/config-editor.service.js';
 const pump = promisify(pipeline);
@@ -50,25 +53,37 @@ let ServerService = class ServerService {
         this.accessoryId = this.configService.homebridgeConfig.bridge.username.split(':').join('');
         this.accessoryInfoPath = join(this.configService.storagePath, 'persist', `AccessoryInfo.${this.accessoryId}.json`);
     }
-    async deleteSingleDeviceAccessories(id, cachedAccessoriesDir) {
-        const cachedAccessories = join(cachedAccessoriesDir, `cachedAccessories.${id}`);
-        const cachedAccessoriesBackup = join(cachedAccessoriesDir, `.cachedAccessories.${id}.bak`);
-        if (await pathExists(cachedAccessories)) {
-            await unlink(cachedAccessories);
-            this.logger.warn(`Bridge ${id} accessory removal: removed ${cachedAccessories}.`);
+    async deleteSingleDeviceAccessories(id, cachedAccessoriesDir, protocol = 'both') {
+        if (protocol === 'hap' || protocol === 'both') {
+            const cachedAccessories = join(cachedAccessoriesDir, `cachedAccessories.${id}`);
+            const cachedAccessoriesBackup = join(cachedAccessoriesDir, `.cachedAccessories.${id}.bak`);
+            if (await pathExists(cachedAccessories)) {
+                await unlink(cachedAccessories);
+                this.logger.warn(`Bridge ${id} HAP accessory removal: removed ${cachedAccessories}.`);
+            }
+            if (await pathExists(cachedAccessoriesBackup)) {
+                await unlink(cachedAccessoriesBackup);
+                this.logger.warn(`Bridge ${id} HAP accessory removal: removed ${cachedAccessoriesBackup}.`);
+            }
         }
-        if (await pathExists(cachedAccessoriesBackup)) {
-            await unlink(cachedAccessoriesBackup);
-            this.logger.warn(`Bridge ${id} accessory removal: removed ${cachedAccessoriesBackup}.`);
+        if (protocol === 'matter' || protocol === 'both') {
+            const deviceId = id.split(':').join('').toUpperCase();
+            const matterPath = join(this.configService.storagePath, 'matter', deviceId);
+            if (await pathExists(matterPath)) {
+                await remove(matterPath);
+                this.logger.warn(`Bridge ${id} Matter accessory removal: removed Matter bridge storage at ${matterPath}.`);
+            }
         }
     }
     async deleteSingleDevicePairing(id, resetPairingInfo) {
         const persistPath = join(this.configService.storagePath, 'persist');
         const accessoryInfo = join(persistPath, `AccessoryInfo.${id}.json`);
         const identifierCache = join(persistPath, `IdentifierCache.${id}.json`);
+        const deviceId = id.includes(':') ? id.split(':').join('').toUpperCase() : id.toUpperCase();
+        const matterPath = join(this.configService.storagePath, 'matter', deviceId);
         try {
             const configFile = await this.configEditorService.getConfigFile();
-            const username = id.match(/.{1,2}/g).join(':').toUpperCase();
+            const username = id.includes(':') ? id.toUpperCase() : id.match(/.{1,2}/g)?.join(':').toUpperCase() || id.toUpperCase();
             const uiConfig = configFile.platforms.find(x => x.platform === 'config');
             let blacklistChanged = false;
             let bridgesChanged = false;
@@ -134,6 +149,10 @@ let ServerService = class ServerService {
             await unlink(identifierCache);
             this.logger.warn(`Bridge ${id} reset: removed ${identifierCache}.`);
         }
+        if (await pathExists(matterPath)) {
+            await remove(matterPath);
+            this.logger.warn(`Bridge ${id} reset: removed Matter bridge storage at ${matterPath}.`);
+        }
         await this.deleteDeviceAccessories(id);
     }
     async restartServer() {
@@ -177,6 +196,12 @@ let ServerService = class ServerService {
         await this.configEditorService.updateConfigFile(configFile);
         await remove(resolve(this.configService.storagePath, 'accessories'));
         await remove(resolve(this.configService.storagePath, 'persist'));
+        const deviceId = oldUsername.split(':').join('').toUpperCase();
+        const matterPath = join(this.configService.storagePath, 'matter', deviceId);
+        if (await pathExists(matterPath)) {
+            await remove(matterPath);
+            this.logger.warn(`Bridge ${oldUsername} reset: removed Matter bridge storage at ${matterPath}.`);
+        }
         this.logger.log('Homebridge bridge reset: accessories and persist directories were removed.');
     }
     async getDevicePairings() {
@@ -184,9 +209,68 @@ let ServerService = class ServerService {
         const devices = (await readdir(persistPath))
             .filter(x => x.match(/AccessoryInfo\.([A-Fa-f0-9]+)\.json$/));
         const configFile = await this.configEditorService.getConfigFile();
-        return Promise.all(devices.map(async (x) => {
+        const hapDevices = await Promise.all(devices.map(async (x) => {
             return await this.getDevicePairingById(x.split('.')[1], configFile);
         }));
+        const matterExternalDevices = await this.getMatterExternalAccessories(hapDevices);
+        return [...hapDevices, ...matterExternalDevices].sort((a, b) => a.name.localeCompare(b.name));
+    }
+    async getMatterExternalAccessories(hapDevices) {
+        const matterPath = join(this.configService.storagePath, 'matter');
+        if (!await pathExists(matterPath)) {
+            return [];
+        }
+        const matterDirs = (await readdir(matterPath))
+            .filter(x => x.match(/^[A-F0-9]{12}$/));
+        const matterExternalDevices = [];
+        for (const deviceId of matterDirs) {
+            try {
+                const hasHapAccessoryInfo = hapDevices.some(d => d._id === deviceId);
+                if (hasHapAccessoryInfo) {
+                    continue;
+                }
+                const mainBridgeId = this.configService.homebridgeConfig.bridge.username.split(':').join('').toUpperCase();
+                if (deviceId.toUpperCase() === mainBridgeId) {
+                    continue;
+                }
+                const accessoriesPath = join(matterPath, deviceId, 'accessories.json');
+                if (!await pathExists(accessoriesPath)) {
+                    continue;
+                }
+                const accessories = await readJson(accessoriesPath);
+                if (!Array.isArray(accessories) || accessories.length === 0) {
+                    continue;
+                }
+                const accessory = accessories[0];
+                const commissioningPath = join(matterPath, deviceId, 'commissioning.json');
+                let commissioned = false;
+                if (await pathExists(commissioningPath)) {
+                    const commissioningInfo = await readJson(commissioningPath);
+                    commissioned = commissioningInfo.commissioned || false;
+                }
+                const device = {
+                    _id: deviceId,
+                    _username: deviceId.match(/.{1,2}/g)?.join(':').toUpperCase() || deviceId,
+                    _main: false,
+                    _category: 'other',
+                    _matter: true,
+                    _matterOnly: true,
+                    _isPaired: commissioned,
+                    _plugin: accessory.plugin,
+                    name: accessory.displayName || 'Matter External Accessory',
+                    displayName: accessory.displayName || 'Matter External Accessory',
+                    manufacturer: accessory.manufacturer || 'Unknown',
+                    model: accessory.model || 'Unknown',
+                    serialNumber: accessory.serialNumber || deviceId,
+                    category: 1,
+                };
+                matterExternalDevices.push(device);
+            }
+            catch (e) {
+                this.logger.error(`Failed to read Matter external accessory ${deviceId}: ${e.message}`);
+            }
+        }
+        return matterExternalDevices;
     }
     async getDevicePairingById(deviceId, configFile = null) {
         const persistPath = join(this.configService.storagePath, 'persist');
@@ -219,6 +303,10 @@ let ServerService = class ServerService {
         device._isPaired = device.pairedClients && Object.keys(device.pairedClients).length > 0;
         device._setupCode = this.generateSetupCode(device);
         device._couldBeStale = !device._main && device._category === 'bridge' && !pluginBlock;
+        device._matter = !!(pluginBlock?._bridge?.matter);
+        if (device._matter && pluginBlock && 'accessory' in pluginBlock) {
+            this.logger.warn(`Device ${deviceId} has Matter configuration on an accessory-based plugin. Matter is only supported for platform-based plugins.`);
+        }
         delete device.signSk;
         delete device.signPk;
         delete device.configHash;
@@ -232,6 +320,44 @@ let ServerService = class ServerService {
         await this.deleteSingleDevicePairing(id, resetPairingInfo);
         return { ok: true };
     }
+    async deleteDeviceMatterConfig(id) {
+        try {
+            const configFile = await this.configEditorService.getConfigFile();
+            const username = id.includes(':') ? id.toUpperCase() : id.match(/.{1,2}/g)?.join(':').toUpperCase() || id.toUpperCase();
+            const pluginBlocks = [
+                ...(configFile.accessories || []),
+                ...(configFile.platforms || []),
+            ]
+                .filter((block) => block._bridge?.username?.toUpperCase() === username.toUpperCase());
+            const pluginBlock = pluginBlocks.find((block) => block._bridge?.matter);
+            if (!pluginBlock) {
+                this.logger.error(`Failed to find Matter configuration for child bridge ${id}.`);
+                throw new NotFoundException(`Matter configuration not found for bridge ${id}`);
+            }
+            if ('accessory' in pluginBlock) {
+                this.logger.warn(`Removing Matter configuration from accessory-based plugin block for bridge ${id}. Matter is only supported for platform-based plugins.`);
+            }
+            delete pluginBlock._bridge.matter;
+            this.logger.warn(`Bridge ${id} Matter configuration removed from config.json.`);
+            await this.configEditorService.updateConfigFile(configFile);
+        }
+        catch (e) {
+            if (e instanceof NotFoundException) {
+                throw e;
+            }
+            this.logger.error(`Failed to remove Matter configuration for child bridge ${id} as ${e.message}.`);
+            throw new InternalServerErrorException(`Failed to remove Matter configuration: ${e.message}`);
+        }
+        this.logger.warn(`Shutting down Homebridge before removing Matter storage for bridge ${id}...`);
+        await this.homebridgeIpcService.restartAndWaitForClose();
+        const deviceId = id.includes(':') ? id.split(':').join('').toUpperCase() : id.toUpperCase();
+        const matterPath = join(this.configService.storagePath, 'matter', deviceId);
+        if (await pathExists(matterPath)) {
+            await remove(matterPath);
+            this.logger.warn(`Bridge ${id} Matter storage removed at ${matterPath}.`);
+        }
+        return { ok: true };
+    }
     async deleteDevicesPairing(bridges) {
         this.logger.warn(`Shutting down Homebridge before resetting paired bridges ${bridges.map(x => x.id).join(', ')}...`);
         await this.homebridgeIpcService.restartAndWaitForClose();
@@ -255,9 +381,9 @@ let ServerService = class ServerService {
         this.logger.warn(`Shutting down Homebridge before removing accessories for paired bridges ${bridges.map(x => x.id).join(', ')}...`);
         await this.homebridgeIpcService.restartAndWaitForClose();
         const cachedAccessoriesDir = join(this.configService.storagePath, 'accessories');
-        for (const { id } of bridges) {
+        for (const { id, protocol } of bridges) {
             try {
-                await this.deleteSingleDeviceAccessories(id, cachedAccessoriesDir);
+                await this.deleteSingleDeviceAccessories(id, cachedAccessoriesDir, protocol || 'both');
             }
             catch (e) {
                 this.logger.error(`Failed to remove accessories for bridge ${id} as ${e.message}.`);
@@ -338,13 +464,19 @@ let ServerService = class ServerService {
         await this.homebridgeIpcService.restartAndWaitForClose();
         this.logger.warn('Shutting down Homebridge before removing cached accessories');
         try {
-            this.logger.log('Clearing all cached accessories...');
+            this.logger.log('Clearing all HAP cached accessories...');
             for (const thisCachedAccessoriesPath of cachedAccessoryPaths) {
                 if (await pathExists(thisCachedAccessoriesPath)) {
                     await unlink(thisCachedAccessoriesPath);
                     this.logger.warn(`Removed ${thisCachedAccessoriesPath}.`);
                 }
             }
+            const matterDir = join(this.configService.storagePath, 'matter');
+            if (await pathExists(matterDir)) {
+                this.logger.log('Clearing all Matter cached accessories...');
+                await remove(matterDir);
+                this.logger.warn(`Removed Matter storage directory at ${matterDir}.`);
+            }
         }
         catch (e) {
             this.logger.error(`Failed to clear all cached accessories at ${cachedAccessoriesPath} as ${e.message}.`);
@@ -353,6 +485,96 @@ let ServerService = class ServerService {
         }
         return { ok: true };
     }
+    async getMatterAccessories() {
+        const matterDir = join(this.configService.storagePath, 'matter');
+        if (!await pathExists(matterDir)) {
+            return [];
+        }
+        const matterBridges = (await readdir(matterDir))
+            .filter(x => x.match(/^[A-F0-9]+$/));
+        const matterAccessories = [];
+        await Promise.all(matterBridges.map(async (deviceId) => {
+            try {
+                const accessoriesPath = join(matterDir, deviceId, 'accessories.json');
+                if (await pathExists(accessoriesPath)) {
+                    const accessories = await readJson(accessoriesPath);
+                    if (Array.isArray(accessories)) {
+                        for (const accessory of accessories) {
+                            accessory.$deviceId = deviceId;
+                            accessory.$protocol = 'matter';
+                            matterAccessories.push(accessory);
+                        }
+                    }
+                }
+            }
+            catch (e) {
+                this.logger.error(`Failed to read Matter accessories for bridge ${deviceId}: ${e.message}`);
+            }
+        }));
+        return matterAccessories;
+    }
+    async deleteMatterAccessory(deviceId, uuid) {
+        const matterAccessoriesPath = join(this.configService.storagePath, 'matter', deviceId, 'accessories.json');
+        if (!await pathExists(matterAccessoriesPath)) {
+            this.logger.error(`Matter accessories file not found for bridge ${deviceId}`);
+            throw new NotFoundException();
+        }
+        this.logger.warn(`Shutting down Homebridge before removing Matter accessory ${uuid} from bridge ${deviceId}...`);
+        await this.homebridgeIpcService.restartAndWaitForClose();
+        const matterAccessories = await readJson(matterAccessoriesPath);
+        const accessoryIndex = matterAccessories.findIndex(x => x.uuid === uuid);
+        if (accessoryIndex > -1) {
+            matterAccessories.splice(accessoryIndex, 1);
+            await writeJson(matterAccessoriesPath, matterAccessories, { spaces: 2 });
+            this.logger.warn(`Removed Matter accessory with UUID ${uuid} from bridge ${deviceId}.`);
+        }
+        else {
+            this.logger.error(`Cannot find Matter accessory with UUID ${uuid} in bridge ${deviceId}.`);
+            throw new NotFoundException();
+        }
+        return { ok: true };
+    }
+    async deleteMatterAccessories(accessories) {
+        this.logger.warn(`Shutting down Homebridge before removing Matter accessories ${accessories.map(x => x.uuid).join(', ')}.`);
+        await this.homebridgeIpcService.restartAndWaitForClose();
+        const accessoriesByBridge = new Map();
+        for (const { deviceId, uuid } of accessories) {
+            if (!accessoriesByBridge.has(deviceId)) {
+                accessoriesByBridge.set(deviceId, []);
+            }
+            accessoriesByBridge.get(deviceId).push({ uuid });
+        }
+        for (const [deviceId, bridgeAccessories] of accessoriesByBridge.entries()) {
+            const matterAccessoriesPath = join(this.configService.storagePath, 'matter', deviceId, 'accessories.json');
+            try {
+                if (!await pathExists(matterAccessoriesPath)) {
+                    this.logger.error(`Matter accessories file not found for bridge ${deviceId}`);
+                    continue;
+                }
+                const matterAccessories = await readJson(matterAccessoriesPath);
+                for (const { uuid } of bridgeAccessories) {
+                    try {
+                        const accessoryIndex = matterAccessories.findIndex(x => x.uuid === uuid);
+                        if (accessoryIndex > -1) {
+                            matterAccessories.splice(accessoryIndex, 1);
+                            this.logger.warn(`Removed Matter accessory with UUID ${uuid} from bridge ${deviceId}.`);
+                        }
+                        else {
+                            this.logger.error(`Cannot find Matter accessory with UUID ${uuid} in bridge ${deviceId}.`);
+                        }
+                    }
+                    catch (e) {
+                        this.logger.error(`Failed to remove Matter accessory with UUID ${uuid} from bridge ${deviceId} as ${e.message}.`);
+                    }
+                }
+                await writeJson(matterAccessoriesPath, matterAccessories, { spaces: 2 });
+            }
+            catch (e) {
+                this.logger.error(`Failed to process Matter accessories for bridge ${deviceId} as ${e.message}.`);
+            }
+        }
+        return { ok: true };
+    }
     async getSetupCode() {
         if (this.setupCode) {
             return this.setupCode;
@@ -457,6 +679,30 @@ let ServerService = class ServerService {
         }
         return { port };
     }
+    async lookupUnusedMatterPort() {
+        const min = 5530;
+        const max = 5541;
+        const config = await this.configEditorService.getConfigFile();
+        const usedMatterPorts = new Set();
+        if (config.bridge?.matter?.port) {
+            usedMatterPorts.add(config.bridge.matter.port);
+        }
+        for (const block of [...(config.accessories || []), ...(config.platforms || [])]) {
+            if (block._bridge?.matter?.port) {
+                if ('accessory' in block) {
+                    this.logger.warn(`Found Matter configuration on accessory-based plugin block, skipping port ${block._bridge.matter.port}`);
+                    continue;
+                }
+                usedMatterPorts.add(block._bridge.matter.port);
+            }
+        }
+        for (let port = min; port <= max; port += 1) {
+            if (!usedMatterPorts.has(port) && !await tcpCheck(port)) {
+                return { port };
+            }
+        }
+        throw new InternalServerErrorException('No available ports in the Matter port range (5530-5541)');
+    }
     async getHomebridgePort() {
         const config = await this.configEditorService.getConfigFile();
         return { port: config.bridge.port };
@@ -589,6 +835,248 @@ let ServerService = class ServerService {
             });
         });
     }
+    async uploadSslKeyCert(req) {
+        const parts = req.parts ? req.parts() : null;
+        const files = [];
+        if (parts) {
+            for await (const part of parts) {
+                if (part.file) {
+                    files.push(part);
+                }
+            }
+        }
+        else {
+            const single = await req.file();
+            if (single?.file) {
+                files.push(single);
+            }
+        }
+        if (!files.length) {
+            throw new BadRequestException('No files uploaded. Please upload both the private key and certificate files.');
+        }
+        const readStreamToBuffer = async (stream) => {
+            const chunks = [];
+            await new Promise((resolvePromise, rejectPromise) => {
+                stream.on('data', (d) => chunks.push(Buffer.isBuffer(d) ? d : Buffer.from(d)));
+                stream.on('end', () => resolvePromise());
+                stream.on('error', rejectPromise);
+            });
+            return Buffer.concat(chunks);
+        };
+        let keyPem = null;
+        let certPem = null;
+        for (const f of files) {
+            if (f.file?.truncated) {
+                throw new InternalServerErrorException(`Upload exceeds maximum size ${globalThis.backup.maxBackupSizeText}.`);
+            }
+            const buf = await readStreamToBuffer(f.file);
+            const text = buf.toString('utf8');
+            if (/-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/.test(text)) {
+                keyPem = buf;
+            }
+            else if (/-----BEGIN CERTIFICATE-----/.test(text)) {
+                certPem = buf;
+            }
+            else if (f.fieldname === 'key') {
+                keyPem = buf;
+            }
+            else if (f.fieldname === 'cert') {
+                certPem = buf;
+            }
+        }
+        if (!keyPem || !certPem) {
+            throw new BadRequestException('Both a PEM private key and certificate must be provided.');
+        }
+        try {
+            const x509 = new X509Certificate(certPem);
+            const certPub = x509.publicKey.export({ type: 'spki', format: 'der' });
+            const priv = createPrivateKey({ key: keyPem });
+            const pubFromPriv = createPublicKey(priv).export({ type: 'spki', format: 'der' });
+            if (!certPub.equals(pubFromPriv)) {
+                throw new BadRequestException('The private key does not match the certificate public key.');
+            }
+            createSecureContext({ key: keyPem, cert: certPem });
+        }
+        catch (e) {
+            if (e instanceof BadRequestException) {
+                throw e;
+            }
+            throw new BadRequestException(`Invalid key/certificate: ${e?.message || e}`);
+        }
+        const sslDir = join(this.configService.storagePath, 'ssl-certs');
+        const keyPath = join(sslDir, 'ui-ssl.key');
+        const certPath = join(sslDir, 'ui-ssl.crt');
+        const { ensureDir, writeFile } = await import('fs-extra');
+        await ensureDir(sslDir);
+        await writeFile(keyPath, keyPem);
+        await writeFile(certPath, certPem);
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        if (!uiConfigBlock) {
+            throw new InternalServerErrorException('Config platform block not found.');
+        }
+        if (!uiConfigBlock.ssl) {
+            uiConfigBlock.ssl = {};
+        }
+        uiConfigBlock.ssl.key = keyPath;
+        uiConfigBlock.ssl.cert = certPath;
+        delete uiConfigBlock.ssl.pfx;
+        delete uiConfigBlock.ssl.passphrase;
+        uiConfigBlock.ssl.selfSigned = false;
+        await this.configEditorService.updateConfigFile(configFile);
+        return {
+            ok: true,
+            type: 'keycert',
+            keyPath,
+            certPath,
+            details: 'Certificate and key validated and saved.',
+        };
+    }
+    async uploadSslPfx(req) {
+        let passphrase;
+        let filePart;
+        if (req.parts) {
+            for await (const part of req.parts()) {
+                if (part.type === 'file' || part.file) {
+                    filePart = part;
+                }
+                else if (part.type === 'field' || part.value) {
+                    if (part.fieldname === 'passphrase') {
+                        passphrase = part.value;
+                    }
+                }
+            }
+        }
+        else {
+            filePart = await req.file();
+            passphrase = req.body?.passphrase;
+        }
+        if (!filePart) {
+            throw new BadRequestException('No PFX file uploaded.');
+        }
+        if (filePart.file?.truncated) {
+            throw new InternalServerErrorException(`Upload exceeds maximum size ${globalThis.backup.maxBackupSizeText}.`);
+        }
+        const readStreamToBuffer = async (stream) => {
+            const chunks = [];
+            await new Promise((resolvePromise, rejectPromise) => {
+                stream.on('data', (d) => chunks.push(Buffer.isBuffer(d) ? d : Buffer.from(d)));
+                stream.on('end', () => resolvePromise());
+                stream.on('error', rejectPromise);
+            });
+            return Buffer.concat(chunks);
+        };
+        const pfxBuffer = await readStreamToBuffer(filePart.file);
+        try {
+            createSecureContext({ pfx: pfxBuffer, passphrase });
+        }
+        catch (e) {
+            throw new BadRequestException(`Invalid PFX or passphrase: ${e?.message || e}`);
+        }
+        const sslDir = join(this.configService.storagePath, 'ssl-certs');
+        const pfxPath = join(sslDir, 'ui-ssl.pfx');
+        const { ensureDir, writeFile } = await import('fs-extra');
+        await ensureDir(sslDir);
+        await writeFile(pfxPath, pfxBuffer);
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        if (!uiConfigBlock) {
+            throw new InternalServerErrorException('Config platform block not found.');
+        }
+        if (!uiConfigBlock.ssl) {
+            uiConfigBlock.ssl = {};
+        }
+        uiConfigBlock.ssl.pfx = pfxPath;
+        uiConfigBlock.ssl.passphrase = passphrase || '';
+        delete uiConfigBlock.ssl.key;
+        delete uiConfigBlock.ssl.cert;
+        uiConfigBlock.ssl.selfSigned = false;
+        await this.configEditorService.updateConfigFile(configFile);
+        return {
+            ok: true,
+            type: 'pfx',
+            pfxPath,
+            details: 'PFX validated and saved.',
+        };
+    }
+    async validateCurrentSslConfig() {
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        const ssl = uiConfigBlock?.ssl || {};
+        if (!ssl || (!ssl.selfSigned && !ssl.key && !ssl.cert && !ssl.pfx)) {
+            return { ok: true, valid: true, type: 'off', details: 'HTTPS is disabled.' };
+        }
+        if (ssl.selfSigned) {
+            return { ok: true, valid: true, type: 'selfsigned', details: 'Self-signed mode enabled.' };
+        }
+        try {
+            if (ssl.key && ssl.cert) {
+                const { readFile } = await import('fs-extra');
+                const keyPem = await readFile(ssl.key);
+                const certPem = await readFile(ssl.cert);
+                const x509 = new X509Certificate(certPem);
+                const certPub = x509.publicKey.export({ type: 'spki', format: 'der' });
+                const priv = createPrivateKey({ key: keyPem });
+                const pubFromPriv = createPublicKey(priv).export({ type: 'spki', format: 'der' });
+                if (!certPub.equals(pubFromPriv)) {
+                    return { ok: true, valid: false, type: 'keycert', details: 'Private key does not match certificate.' };
+                }
+                createSecureContext({ key: keyPem, cert: certPem });
+                return { ok: true, valid: true, type: 'keycert', details: 'Key and certificate are valid and match.' };
+            }
+            if (ssl.pfx) {
+                const { readFile } = await import('fs-extra');
+                const pfx = await readFile(ssl.pfx);
+                createSecureContext({ pfx, passphrase: ssl.passphrase });
+                return { ok: true, valid: true, type: 'pfx', details: 'PFX file and passphrase are valid.' };
+            }
+        }
+        catch (e) {
+            return { ok: true, valid: false, type: ssl.pfx ? 'pfx' : 'keycert', details: e?.message || String(e) };
+        }
+        return { ok: true, valid: false, type: 'off', details: 'No SSL configuration found.' };
+    }
+    async generateSelfSignedCertificate(options = {}) {
+        const hostnames = Array.isArray(options.hostnames) && options.hostnames.length
+            ? options.hostnames.map(h => String(h).trim()).filter(Boolean)
+            : ['localhost', '127.0.0.1'];
+        const mode = options.mode || 'keycert';
+        const generator = new SslCertGeneratorService();
+        await generator.generateCertificate(hostnames);
+        const sslDir = join(this.configService.storagePath, 'ssl-certs');
+        const keyPath = join(sslDir, 'private-key.pem');
+        const certPath = join(sslDir, 'certificate.pem');
+        const configFile = await this.configEditorService.getConfigFile();
+        const uiConfigBlock = configFile.platforms.find((x) => x.platform === 'config');
+        if (!uiConfigBlock.ssl) {
+            uiConfigBlock.ssl = {};
+        }
+        if (mode === 'keycert') {
+            uiConfigBlock.ssl.key = keyPath;
+            uiConfigBlock.ssl.cert = certPath;
+            delete uiConfigBlock.ssl.pfx;
+            delete uiConfigBlock.ssl.passphrase;
+            uiConfigBlock.ssl.selfSigned = false;
+            uiConfigBlock.ssl.selfSignedHostnames = hostnames;
+        }
+        else {
+            delete uiConfigBlock.ssl.key;
+            delete uiConfigBlock.ssl.cert;
+            delete uiConfigBlock.ssl.pfx;
+            delete uiConfigBlock.ssl.passphrase;
+            uiConfigBlock.ssl.selfSigned = true;
+            uiConfigBlock.ssl.selfSignedHostnames = hostnames;
+        }
+        await this.configEditorService.updateConfigFile(configFile);
+        return {
+            ok: true,
+            type: 'generated',
+            mode,
+            keyPath: mode === 'keycert' ? keyPath : undefined,
+            certPath: mode === 'keycert' ? certPath : undefined,
+            details: `Self-signed certificate generated for ${hostnames.join(', ')}`,
+        };
+    }
 };
 ServerService = __decorate([
     Injectable(),