From 39bf75a6fd7ac71d22a4b7ee01e05b033bdeb2e9 Mon Sep 17 00:00:00 2001 From: apostolisms Date: Fri, 20 Sep 2024 15:04:53 -0700 Subject: [PATCH 1/5] Option to skip trusting and untrusting a certificate --- .../src/CertificateManager.ts | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/libraries/debug-certificate-manager/src/CertificateManager.ts b/libraries/debug-certificate-manager/src/CertificateManager.ts index ed279a6e38d..21f187fcff1 100644 --- a/libraries/debug-certificate-manager/src/CertificateManager.ts +++ b/libraries/debug-certificate-manager/src/CertificateManager.ts @@ -110,6 +110,10 @@ export interface ICertificateGenerationOptions { * How many days the certificate should be valid for. */ validityInDays?: number; + /* + * Skip trusting a certificate. Defaults to false. + */ + skipCertificateTrust?: boolean; } const MAX_CERTIFICATE_VALIDITY_DAYS: 365 = 365; @@ -135,10 +139,9 @@ export class CertificateManager { public async ensureCertificateAsync( canGenerateNewCertificate: boolean, terminal: ITerminal, - generationOptions?: ICertificateGenerationOptions + options?: ICertificateGenerationOptions ): Promise { - const optionsWithDefaults: Required = - applyDefaultOptions(generationOptions); + const optionsWithDefaults: Required = applyDefaultOptions(options); const { certificateData: existingCert, keyData: existingKey } = this._certificateStore; @@ -226,7 +229,9 @@ export class CertificateManager { if (canGenerateNewCertificate) { messages.push('Attempting to untrust the certificate and generate a new one.'); terminal.writeWarningLine(messages.join(' ')); - await this.untrustCertificateAsync(terminal); + if (!options?.skipCertificateTrust) { + await this.untrustCertificateAsync(terminal); + } return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal); } else { messages.push( @@ -732,10 +737,9 @@ export class CertificateManager { }); } - const trustCertificateResult: boolean = await this._tryTrustCertificateAsync( - tempCertificatePath, - terminal - ); + const trustCertificateResult: boolean = options.skipCertificateTrust + ? true + : await this._tryTrustCertificateAsync(tempCertificatePath, terminal); let subjectAltNames: readonly string[] | undefined; if (trustCertificateResult) { @@ -787,6 +791,7 @@ function applyDefaultOptions( ): Required { const subjectNames: ReadonlyArray | undefined = options?.subjectAltNames; const subjectIpAddresses: ReadonlyArray | undefined = options?.subjectIPAddresses; + const skipCertificateTrust: boolean | undefined = options?.skipCertificateTrust || false; return { subjectAltNames: subjectNames?.length ? subjectNames : DEFAULT_CERTIFICATE_SUBJECT_NAMES, subjectIPAddresses: subjectIpAddresses?.length @@ -795,7 +800,8 @@ function applyDefaultOptions( validityInDays: Math.min( MAX_CERTIFICATE_VALIDITY_DAYS, options?.validityInDays ?? MAX_CERTIFICATE_VALIDITY_DAYS - ) + ), + skipCertificateTrust: skipCertificateTrust }; } From 41b546a79c0b46b45996e859fbe5aa9cc962d1c8 Mon Sep 17 00:00:00 2001 From: apostolisms Date: Fri, 20 Sep 2024 15:23:04 -0700 Subject: [PATCH 2/5] rush change --- .../user-apc-skipcerttrust_2024-09-20-22-22.json | 10 ++++++++++ common/reviews/api/debug-certificate-manager.api.md | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json diff --git a/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json b/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json new file mode 100644 index 00000000000..c647e2f51e4 --- /dev/null +++ b/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@rushstack/debug-certificate-manager", + "comment": "Option to skip automatically trusting and untrusting a certificate", + "type": "minor" + } + ], + "packageName": "@rushstack/debug-certificate-manager" +} \ No newline at end of file diff --git a/common/reviews/api/debug-certificate-manager.api.md b/common/reviews/api/debug-certificate-manager.api.md index 8f7ac612912..26506b73004 100644 --- a/common/reviews/api/debug-certificate-manager.api.md +++ b/common/reviews/api/debug-certificate-manager.api.md @@ -9,7 +9,7 @@ import type { ITerminal } from '@rushstack/terminal'; // @public export class CertificateManager { constructor(); - ensureCertificateAsync(canGenerateNewCertificate: boolean, terminal: ITerminal, generationOptions?: ICertificateGenerationOptions): Promise; + ensureCertificateAsync(canGenerateNewCertificate: boolean, terminal: ITerminal, options?: ICertificateGenerationOptions): Promise; untrustCertificateAsync(terminal: ITerminal): Promise; } @@ -39,6 +39,8 @@ export interface ICertificate { // @public export interface ICertificateGenerationOptions { + // (undocumented) + skipCertificateTrust?: boolean; subjectAltNames?: ReadonlyArray; subjectIPAddresses?: ReadonlyArray; validityInDays?: number; From 9386577f8555aabe008ed33c1e5edd6af8c052e5 Mon Sep 17 00:00:00 2001 From: Apostolis Haitalis <50881283+apostolisms@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:49:18 -0700 Subject: [PATCH 3/5] Update common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json Co-authored-by: Ian Clanton-Thuon --- .../user-apc-skipcerttrust_2024-09-20-22-22.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json b/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json index c647e2f51e4..09e053947fc 100644 --- a/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json +++ b/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json @@ -2,7 +2,7 @@ "changes": [ { "packageName": "@rushstack/debug-certificate-manager", - "comment": "Option to skip automatically trusting and untrusting a certificate", + "comment": "Add a `skipCertificateTrust` option to `CertificateManager.ensureCertificateAsync` that skips automatically trusting the generated certificate and untrusting an existing certificate with issues.", "type": "minor" } ], From 6375e4edfcebc7326d7599afd8804ba9c5360132 Mon Sep 17 00:00:00 2001 From: Apostolis Haitalis <50881283+apostolisms@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:56:17 -0700 Subject: [PATCH 4/5] Update libraries/debug-certificate-manager/src/CertificateManager.ts Co-authored-by: Ian Clanton-Thuon --- libraries/debug-certificate-manager/src/CertificateManager.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/debug-certificate-manager/src/CertificateManager.ts b/libraries/debug-certificate-manager/src/CertificateManager.ts index 21f187fcff1..ece1808321d 100644 --- a/libraries/debug-certificate-manager/src/CertificateManager.ts +++ b/libraries/debug-certificate-manager/src/CertificateManager.ts @@ -110,7 +110,7 @@ export interface ICertificateGenerationOptions { * How many days the certificate should be valid for. */ validityInDays?: number; - /* + /** * Skip trusting a certificate. Defaults to false. */ skipCertificateTrust?: boolean; From 49a26b6d26bf795454aaec06f6224b751827631c Mon Sep 17 00:00:00 2001 From: Apostolis Haitalis <50881283+apostolisms@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:56:29 -0700 Subject: [PATCH 5/5] Update common/reviews/api/debug-certificate-manager.api.md Co-authored-by: Ian Clanton-Thuon --- common/reviews/api/debug-certificate-manager.api.md | 1 - 1 file changed, 1 deletion(-) diff --git a/common/reviews/api/debug-certificate-manager.api.md b/common/reviews/api/debug-certificate-manager.api.md index 26506b73004..863a0d77872 100644 --- a/common/reviews/api/debug-certificate-manager.api.md +++ b/common/reviews/api/debug-certificate-manager.api.md @@ -39,7 +39,6 @@ export interface ICertificate { // @public export interface ICertificateGenerationOptions { - // (undocumented) skipCertificateTrust?: boolean; subjectAltNames?: ReadonlyArray; subjectIPAddresses?: ReadonlyArray;