Skip to content

[debug-certificate-manager] Option to skip automatically trusting and untrusting a certificate #4933

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Sep 20, 2024
Merged

[debug-certificate-manager] Option to skip automatically trusting and untrusting a certificate #4933

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
39bf75a
Option to skip trusting and untrusting a certificate
apostolisms Sep 20, 2024
41b546a
rush change
apostolisms Sep 20, 2024
f5b9fd2
Merge branch 'main' into user/apc/skipcerttrust
apostolisms Sep 20, 2024
9386577
Update common/changes/@rushstack/debug-certificate-manager/user-apc-s…
apostolisms Sep 20, 2024
6375e4e
Update libraries/debug-certificate-manager/src/CertificateManager.ts
apostolisms Sep 20, 2024
49a26b6
Update common/reviews/api/debug-certificate-manager.api.md
apostolisms Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions ...changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"changes": [
{
"packageName": "@rushstack/debug-certificate-manager",
"comment": "Add a `skipCertificateTrust` option to `CertificateManager.ensureCertificateAsync` that skips automatically trusting the generated certificate and untrusting an existing certificate with issues.",
"type": "minor"
}
],
"packageName": "@rushstack/debug-certificate-manager"
}
3 changes: 2 additions & 1 deletion common/reviews/api/debug-certificate-manager.api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import type { ITerminal } from '@rushstack/terminal';
// @public
export class CertificateManager {
constructor();
ensureCertificateAsync(canGenerateNewCertificate: boolean, terminal: ITerminal, generationOptions?: ICertificateGenerationOptions): Promise<ICertificate>;
ensureCertificateAsync(canGenerateNewCertificate: boolean, terminal: ITerminal, options?: ICertificateGenerationOptions): Promise<ICertificate>;
untrustCertificateAsync(terminal: ITerminal): Promise<boolean>;
}

Expand Down Expand Up @@ -39,6 +39,7 @@ export interface ICertificate {

// @public
export interface ICertificateGenerationOptions {
skipCertificateTrust?: boolean;
subjectAltNames?: ReadonlyArray<string>;
subjectIPAddresses?: ReadonlyArray<string>;
validityInDays?: number;
Expand Down
24 changes: 15 additions & 9 deletions libraries/debug-certificate-manager/src/CertificateManager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ export interface ICertificateGenerationOptions {
* How many days the certificate should be valid for.
*/
validityInDays?: number;
/**
* Skip trusting a certificate. Defaults to false.
*/
skipCertificateTrust?: boolean;
}

const MAX_CERTIFICATE_VALIDITY_DAYS: 365 = 365;
Expand All @@ -135,10 +139,9 @@ export class CertificateManager {
public async ensureCertificateAsync(
canGenerateNewCertificate: boolean,
terminal: ITerminal,
generationOptions?: ICertificateGenerationOptions
options?: ICertificateGenerationOptions
): Promise<ICertificate> {
const optionsWithDefaults: Required<ICertificateGenerationOptions> =
applyDefaultOptions(generationOptions);
const optionsWithDefaults: Required<ICertificateGenerationOptions> = applyDefaultOptions(options);

const { certificateData: existingCert, keyData: existingKey } = this._certificateStore;

Expand Down Expand Up @@ -226,7 +229,9 @@ export class CertificateManager {
if (canGenerateNewCertificate) {
messages.push('Attempting to untrust the certificate and generate a new one.');
terminal.writeWarningLine(messages.join(' '));
await this.untrustCertificateAsync(terminal);
if (!options?.skipCertificateTrust) {
await this.untrustCertificateAsync(terminal);
}
return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal);
} else {
messages.push(
Expand Down Expand Up @@ -732,10 +737,9 @@ export class CertificateManager {
});
}

const trustCertificateResult: boolean = await this._tryTrustCertificateAsync(
tempCertificatePath,
terminal
);
const trustCertificateResult: boolean = options.skipCertificateTrust
? true
: await this._tryTrustCertificateAsync(tempCertificatePath, terminal);

let subjectAltNames: readonly string[] | undefined;
if (trustCertificateResult) {
Expand Down Expand Up @@ -787,6 +791,7 @@ function applyDefaultOptions(
): Required<ICertificateGenerationOptions> {
const subjectNames: ReadonlyArray<string> | undefined = options?.subjectAltNames;
const subjectIpAddresses: ReadonlyArray<string> | undefined = options?.subjectIPAddresses;
const skipCertificateTrust: boolean | undefined = options?.skipCertificateTrust || false;
return {
subjectAltNames: subjectNames?.length ? subjectNames : DEFAULT_CERTIFICATE_SUBJECT_NAMES,
subjectIPAddresses: subjectIpAddresses?.length
Expand All @@ -795,7 +800,8 @@ function applyDefaultOptions(
validityInDays: Math.min(
MAX_CERTIFICATE_VALIDITY_DAYS,
options?.validityInDays ?? MAX_CERTIFICATE_VALIDITY_DAYS
)
),
skipCertificateTrust: skipCertificateTrust
};
}

Expand Down
Loading