UNPKG

@adobe/ccweb-add-on-devcert

Version:

Generate trusted local SSL/TLS certificates for local SSL development

github.com/adobe/ccweb-add-on-devcert

130 lines (111 loc) 4.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import createDebug from 'debug'; import crypto from 'crypto'; import { existsSync as exists, writeFileSync as write, readFileSync as read } from 'fs'; import { sync as rimraf } from 'rimraf'; import { Options } from '../index'; import { assertNotTouchingFiles, openCertificateInFirefox } from './shared'; import { Platform } from '.'; import { run, sudo } from '../utils'; import UI from '../user-interface'; const debug = createDebug('devcert:platforms:windows'); let encryptionKey: string; export default class WindowsPlatform implements Platform { private HOST_FILE_PATH = 'C:\\Windows\\System32\\Drivers\\etc\\hosts'; /** * Windows is at least simple. Like macOS, most applications will delegate to * the system trust store, which is updated with the confusingly named * `certutil` exe (not the same as the NSS/Mozilla certutil). Firefox does it's * own thing as usual, and getting a copy of NSS certutil onto the Windows * machine to try updating the Firefox store is basically a nightmare, so we * don't even try it - we just bail out to the GUI. */ async addToTrustStores(certificatePath: string, options: Options = {}): Promise<void> { // IE, Chrome, system utils debug('adding devcert root to Windows OS trust store') try { run('certutil', ['-addstore', '-user', 'root', certificatePath]); } catch (e) { e.output.map((buffer: Buffer) => { if (buffer) { console.log(buffer.toString()); } }); } debug('adding devcert root to Firefox trust store') // Firefox (don't even try NSS certutil, no easy install for Windows) try { await openCertificateInFirefox('start firefox', certificatePath); } catch { debug('Error opening Firefox, most likely Firefox is not installed'); } } removeFromTrustStores(certificatePath: string) { debug('removing devcert root from Windows OS trust store'); try { console.warn('Removing old certificates from trust stores. You may be prompted to grant permission for this. It\'s safe to delete old devcert certificates.'); run('certutil', ['-delstore', '-user', 'root', 'devcert']); } catch (e) { debug(`failed to remove ${ certificatePath } from Windows OS trust store, continuing. ${ e.toString() }`) } } async addDomainToHostFileIfMissing(domain: string) { if (!exists(this.HOST_FILE_PATH)) { console.warn('Could not locate the host file in your system.'); console.warn('Please ensure to have:'); console.log(`127.0.0.1 ${domain}`); console.warn("entry in your system's host file."); return; } let hostsFileContents = read(this.HOST_FILE_PATH, 'utf8'); if (!hostsFileContents.includes(domain)) { await sudo(`echo 127.0.0.1 ${ domain } >> ${ this.HOST_FILE_PATH }`); } } deleteProtectedFiles(filepath: string) { assertNotTouchingFiles(filepath, 'delete'); rimraf(filepath); } async readProtectedFile(filepath: string): Promise<string> { assertNotTouchingFiles(filepath, 'read'); if (!encryptionKey) { encryptionKey = await UI.getWindowsEncryptionPassword(); } // Try to decrypt the file try { return this.decrypt(read(filepath, 'utf8'), encryptionKey); } catch (e) { // If it's a bad password, clear the cached copy and retry if (e.message.indexOf('bad decrypt') >= -1) { encryptionKey = null; return await this.readProtectedFile(filepath); } throw e; } } async writeProtectedFile(filepath: string, contents: string) { assertNotTouchingFiles(filepath, 'write'); if (!encryptionKey) { encryptionKey = await UI.getWindowsEncryptionPassword(); } let encryptedContents = this.encrypt(contents, encryptionKey); write(filepath, encryptedContents); } private encrypt(text: string, key: string): string { const algorithm = 'aes-256-cbc'; const iv = crypto.randomBytes(16); const keyBuffer = crypto.createHash('sha256').update(key).digest(); const cipher = crypto.createCipheriv(algorithm, keyBuffer, iv); const encrypted = Buffer.concat([cipher.update(text, 'utf8'), cipher.final()]); return iv.toString('hex') + ':' + encrypted.toString('hex'); } private decrypt(encryptedText: string, key: string): string { const algorithm = 'aes-256-cbc'; const keyBuffer = crypto.createHash('sha256').update(key).digest(); const [ivHex, encryptedHex] = encryptedText.split(':'); const iv = Buffer.from(ivHex, 'hex'); const encryptedBuffer = Buffer.from(encryptedHex, 'hex'); const decipher = crypto.createDecipheriv(algorithm, keyBuffer, iv); const decrypted = Buffer.concat([decipher.update(encryptedBuffer), decipher.final()]); return decrypted.toString('utf8'); } }