@lark-project/cli
Version:
飞书项目插件开发工具
94 lines (93 loc) • 4.08 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateCA = exports.readValidCA = exports.checkPermError = void 0;
const cert_parser_1 = require("./cert-parser");
const key_chain_1 = require("./key-chain");
const mkcert_1 = require("mkcert");
const fs_extra_1 = require("fs-extra");
const logger_1 = require("../logger");
const config_1 = require("./config");
function checkPermError(e) {
const error = e;
return {
permError: ['EPERM', 'EACCES', 'EROFS'].includes(error === null || error === void 0 ? void 0 : error.code),
msg: `${(error === null || error === void 0 ? void 0 : error.code) || 'Unknown error'}: permission denied, please check the permission of ${(error === null || error === void 0 ? void 0 : error.path) || config_1.ROOT_CA_DIR}`,
};
}
exports.checkPermError = checkPermError;
function tryAddToKeyChain(certPath) {
try {
(0, key_chain_1.addToKeyChain)(certPath);
logger_1.logger.info(`Root CA ${config_1.ROOT_CA_COMMON_NAME} has been trusted.`);
}
catch (_a) {
logger_1.logger.warn('Root CA add to key chain failed, please add and trust manually.');
}
}
// 加载有效的 CA 证书
async function readValidCA() {
var _a, _b, _c;
// 检查证书文件是否存在
if (!(0, fs_extra_1.existsSync)(config_1.ROOT_CA_CERT_PATH) || !(0, fs_extra_1.existsSync)(config_1.ROOT_CA_KEY_PATH)) {
logger_1.logger.warn('Root CA files not found, will generate new ones.');
return null;
}
try {
const keyStr = (0, fs_extra_1.readFileSync)(config_1.ROOT_CA_KEY_PATH).toString();
const certStr = (0, fs_extra_1.readFileSync)(config_1.ROOT_CA_CERT_PATH).toString();
const cert = (0, cert_parser_1.readCertFromCertStr)(certStr);
if (!(0, cert_parser_1.isValidCert)(cert)) {
// 证书已过期,需要重新生成
logger_1.logger.warn(`Root CA ${config_1.ROOT_CA_COMMON_NAME} has expired, will regenerate it.`);
return null;
}
let isTrusted = false;
try {
const sha1 = (_c = (_b = (_a = cert.fingerprint) === null || _a === void 0 ? void 0 : _a.replace(/:/g, '')) === null || _b === void 0 ? void 0 : _b.toUpperCase) === null || _c === void 0 ? void 0 : _c.call(_b);
// 检查是否已信任
isTrusted = await (0, key_chain_1.isTrustedCert)({
certPath: config_1.ROOT_CA_CERT_PATH,
sha1,
});
}
catch (_d) {
// 指纹获取失败,默认为未信任
logger_1.logger.warn('Failed to get certificate fingerprint, will try to trust it again.');
}
if (isTrusted) {
// 证书未过期且已被信任
logger_1.logger.info(`Root CA ${config_1.ROOT_CA_COMMON_NAME} is valid and trusted.`);
return {
key: keyStr,
cert: certStr,
};
}
// 证书未过期但未被信任,重新信任
logger_1.logger.warn(`Root CA ${config_1.ROOT_CA_COMMON_NAME} is valid but not trusted, will try to trust it again.`);
tryAddToKeyChain(config_1.ROOT_CA_CERT_PATH);
return {
key: keyStr,
cert: certStr,
};
}
catch (e) {
const { permError, msg } = checkPermError(e);
logger_1.logger.warn(permError ? msg : e.message);
return null;
}
}
exports.readValidCA = readValidCA;
async function generateCA() {
// 本地自签证书
const CA = await (0, mkcert_1.createCA)(config_1.ROOT_CA_OPTIONS);
if (!(0, fs_extra_1.existsSync)(config_1.ROOT_CA_DIR)) {
(0, fs_extra_1.mkdirSync)(config_1.ROOT_CA_DIR);
}
// 写入文件
(0, fs_extra_1.writeFileSync)(config_1.ROOT_CA_KEY_PATH, CA.key);
(0, fs_extra_1.writeFileSync)(config_1.ROOT_CA_CERT_PATH, CA.cert);
console.log(`Root CA generated into ${config_1.ROOT_CA_DIR}`);
tryAddToKeyChain(config_1.ROOT_CA_CERT_PATH);
return CA;
}
exports.generateCA = generateCA;