@lark-project/cli/lib/utils/self-signed-tls-cert/key-chain.js

飞书项目插件开发工具

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isTrustedCert = exports.removeFromKeyChain = exports.addToKeyChain = void 0;
const child_process_1 = require("child_process");
/**
 * 添加到系统钥匙串并信任证书
 */
function addToKeyChain(certPath) {
    // osx
    if (process.platform === 'darwin') {
        const result = (0, child_process_1.execSync)(`sudo security add-trusted-cert \
        -d -r trustRoot \
        -k /Library/Keychains/System.keychain \
        '${certPath}'`);
        console.log(result);
        return;
    }
    // windows
    if (process.platform === 'win32') {
        const result = (0, child_process_1.execSync)(`certutil -addstore -user root ${certPath}`);
        console.log(result);
        return;
    }
    // linux
    (0, child_process_1.execSync)(`sudo cp ${certPath} /usr/local/share/ca-certificates/devcert.crt`);
    (0, child_process_1.execSync)('sudo update-ca-certificates');
}
exports.addToKeyChain = addToKeyChain;
/**
 * 从钥匙串移除证书
 * @param certName
 * @returns
 */
function removeFromKeyChain(certName) {
    if (process.platform === 'darwin') {
        try {
            const result = (0, child_process_1.execSync)(`sudo security delete-certificate -c "${certName}"`);
            console.log(result);
            return true;
        }
        catch (e) {
            console.warn(e);
            return false;
        }
    }
    if (process.platform === 'win32') {
        try {
            const result = (0, child_process_1.execSync)(`certutil -delstore -user root "${certName}"`);
            console.log(result);
            return true;
        }
        catch (e) {
            console.warn(e);
            return false;
        }
    }
    return false;
}
exports.removeFromKeyChain = removeFromKeyChain;
/**
 * 指定的证书名是否被信任
 * @param certName
 * @returns
 */
function isTrustedCert(certName) {
    if (process.platform === 'darwin') {
        try {
            // 钥匙串里没有时执行下面会抛错
            const sha1Str = (0, child_process_1.execSync)(`security find-certificate -a -c '${certName}' -Z | grep ^SHA-1`, {
                encoding: 'utf-8',
            });
            const sha1List = sha1Str
                .replace(/SHA-1\shash:\s/g, '')
                .split('\n')
                .filter(sha1 => sha1);
            return sha1List.length !== 0;
        }
        catch (e) {
            console.log(e.message);
            return false;
        }
    }
    if (process.platform === 'win32') {
        try {
            // 钥匙串里没有时执行下面会抛错
            const sha1Str = (0, child_process_1.execSync)(`certutil -verifystore -user root "${certName}" | findstr sha1`, {
                encoding: 'utf8',
            });
            const sha1List = sha1Str
                .split('\n')
                .map(item => {
                return item
                    .replace(/.*\(sha1\):\s/, '')
                    .replace(/[\s\r]/g, '')
                    .toUpperCase();
            })
                .filter(Boolean);
            return sha1List.length !== 0;
        }
        catch (e) {
            console.log(e.message);
            return false;
        }
    }
    // 其它系统暂不支持判断证书信任
    return false;
}
exports.isTrustedCert = isTrustedCert;