@backstage/backend-defaults/dist/entrypoints/rootHttpRouter/http/getGeneratedCertificate.cjs.js

Backend defaults used by Backstage backend apps

'use strict';

var fs = require('fs-extra');
var platformPath = require('path');
var forge = require('node-forge');

function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }

var fs__default = /*#__PURE__*/_interopDefaultCompat(fs);
var forge__default = /*#__PURE__*/_interopDefaultCompat(forge);

const FIVE_DAYS_IN_MS = 5 * 24 * 60 * 60 * 1e3;
const IP_HOSTNAME_REGEX = /:|^\d+\.\d+\.\d+\.\d+$/;
async function getGeneratedCertificate(hostname, logger) {
  const hasModules = await fs__default.default.pathExists("node_modules");
  let certPath;
  if (hasModules) {
    certPath = platformPath.resolve(
      "node_modules/.cache/backstage-backend/dev-cert.pem"
    );
    await fs__default.default.ensureDir(platformPath.dirname(certPath));
  } else {
    certPath = platformPath.resolve(".dev-cert.pem");
  }
  if (await fs__default.default.pathExists(certPath)) {
    try {
      const cert = await fs__default.default.readFile(certPath);
      const crt = forge__default.default.pki.certificateFromPem(cert.toString());
      const remainingMs = crt.validity.notAfter.getTime() - Date.now();
      if (remainingMs > FIVE_DAYS_IN_MS) {
        logger.info("Using existing self-signed certificate");
        return {
          key: cert,
          cert
        };
      }
    } catch (error) {
      logger.warn(`Unable to use existing self-signed certificate, ${error}`);
    }
  }
  logger.info("Generating new self-signed certificate");
  const newCert = await generateCertificate(hostname);
  await fs__default.default.writeFile(certPath, newCert.cert + newCert.key, "utf8");
  return newCert;
}
async function generateCertificate(hostname) {
  const attributes = [
    {
      name: "commonName",
      value: "dev-cert"
    }
  ];
  const sans = [
    {
      type: 2,
      // DNS
      value: "localhost"
    },
    {
      type: 2,
      value: "localhost.localdomain"
    },
    {
      type: 2,
      value: "[::1]"
    },
    {
      type: 7,
      // IP
      ip: "127.0.0.1"
    },
    {
      type: 7,
      ip: "fe80::1"
    }
  ];
  if (!sans.find(({ value, ip }) => value === hostname || ip === hostname)) {
    sans.push(
      IP_HOSTNAME_REGEX.test(hostname) ? {
        type: 7,
        ip: hostname
      } : {
        type: 2,
        value: hostname
      }
    );
  }
  const params = {
    algorithm: "sha256",
    keySize: 2048,
    days: 30,
    extensions: [
      {
        name: "keyUsage",
        keyCertSign: true,
        digitalSignature: true,
        nonRepudiation: true,
        keyEncipherment: true,
        dataEncipherment: true
      },
      {
        name: "extKeyUsage",
        serverAuth: true,
        clientAuth: true,
        codeSigning: true,
        timeStamping: true
      },
      {
        name: "subjectAltName",
        altNames: sans
      }
    ]
  };
  return new Promise(
    (resolve, reject) => require("selfsigned").generate(
      attributes,
      params,
      (err, bundle) => {
        if (err) {
          reject(err);
        } else {
          resolve({ key: bundle.private, cert: bundle.cert });
        }
      }
    )
  );
}

exports.getGeneratedCertificate = getGeneratedCertificate;
//# sourceMappingURL=getGeneratedCertificate.cjs.js.map