From 23ed83a75bf9f186eeb2565172d3288fca4d9fce Mon Sep 17 00:00:00 2001 From: Apostolis Haitalis <50881283+apostolisms@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:15:08 -0700 Subject: [PATCH] [debug-certificate-manager] Option to skip automatically trusting and untrusting a certificate (#4933) * Option to skip trusting and untrusting a certificate * rush change * Update common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json Co-authored-by: Ian Clanton-Thuon * Update libraries/debug-certificate-manager/src/CertificateManager.ts Co-authored-by: Ian Clanton-Thuon * Update common/reviews/api/debug-certificate-manager.api.md Co-authored-by: Ian Clanton-Thuon --------- Co-authored-by: apostolisms Co-authored-by: Ian Clanton-Thuon --- ...er-apc-skipcerttrust_2024-09-20-22-22.json | 10 ++++++++ .../api/debug-certificate-manager.api.md | 3 ++- .../src/CertificateManager.ts | 24 ++++++++++++------- 3 files changed, 27 insertions(+), 10 deletions(-) create mode 100644 common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json diff --git a/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json b/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json new file mode 100644 index 00000000000..09e053947fc --- /dev/null +++ b/common/changes/@rushstack/debug-certificate-manager/user-apc-skipcerttrust_2024-09-20-22-22.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@rushstack/debug-certificate-manager", + "comment": "Add a `skipCertificateTrust` option to `CertificateManager.ensureCertificateAsync` that skips automatically trusting the generated certificate and untrusting an existing certificate with issues.", + "type": "minor" + } + ], + "packageName": "@rushstack/debug-certificate-manager" +} \ No newline at end of file diff --git a/common/reviews/api/debug-certificate-manager.api.md b/common/reviews/api/debug-certificate-manager.api.md index 8f7ac612912..863a0d77872 100644 --- a/common/reviews/api/debug-certificate-manager.api.md +++ b/common/reviews/api/debug-certificate-manager.api.md @@ -9,7 +9,7 @@ import type { ITerminal } from '@rushstack/terminal'; // @public export class CertificateManager { constructor(); - ensureCertificateAsync(canGenerateNewCertificate: boolean, terminal: ITerminal, generationOptions?: ICertificateGenerationOptions): Promise; + ensureCertificateAsync(canGenerateNewCertificate: boolean, terminal: ITerminal, options?: ICertificateGenerationOptions): Promise; untrustCertificateAsync(terminal: ITerminal): Promise; } @@ -39,6 +39,7 @@ export interface ICertificate { // @public export interface ICertificateGenerationOptions { + skipCertificateTrust?: boolean; subjectAltNames?: ReadonlyArray; subjectIPAddresses?: ReadonlyArray; validityInDays?: number; diff --git a/libraries/debug-certificate-manager/src/CertificateManager.ts b/libraries/debug-certificate-manager/src/CertificateManager.ts index ed279a6e38d..ece1808321d 100644 --- a/libraries/debug-certificate-manager/src/CertificateManager.ts +++ b/libraries/debug-certificate-manager/src/CertificateManager.ts @@ -110,6 +110,10 @@ export interface ICertificateGenerationOptions { * How many days the certificate should be valid for. */ validityInDays?: number; + /** + * Skip trusting a certificate. Defaults to false. + */ + skipCertificateTrust?: boolean; } const MAX_CERTIFICATE_VALIDITY_DAYS: 365 = 365; @@ -135,10 +139,9 @@ export class CertificateManager { public async ensureCertificateAsync( canGenerateNewCertificate: boolean, terminal: ITerminal, - generationOptions?: ICertificateGenerationOptions + options?: ICertificateGenerationOptions ): Promise { - const optionsWithDefaults: Required = - applyDefaultOptions(generationOptions); + const optionsWithDefaults: Required = applyDefaultOptions(options); const { certificateData: existingCert, keyData: existingKey } = this._certificateStore; @@ -226,7 +229,9 @@ export class CertificateManager { if (canGenerateNewCertificate) { messages.push('Attempting to untrust the certificate and generate a new one.'); terminal.writeWarningLine(messages.join(' ')); - await this.untrustCertificateAsync(terminal); + if (!options?.skipCertificateTrust) { + await this.untrustCertificateAsync(terminal); + } return await this._ensureCertificateInternalAsync(optionsWithDefaults, terminal); } else { messages.push( @@ -732,10 +737,9 @@ export class CertificateManager { }); } - const trustCertificateResult: boolean = await this._tryTrustCertificateAsync( - tempCertificatePath, - terminal - ); + const trustCertificateResult: boolean = options.skipCertificateTrust + ? true + : await this._tryTrustCertificateAsync(tempCertificatePath, terminal); let subjectAltNames: readonly string[] | undefined; if (trustCertificateResult) { @@ -787,6 +791,7 @@ function applyDefaultOptions( ): Required { const subjectNames: ReadonlyArray | undefined = options?.subjectAltNames; const subjectIpAddresses: ReadonlyArray | undefined = options?.subjectIPAddresses; + const skipCertificateTrust: boolean | undefined = options?.skipCertificateTrust || false; return { subjectAltNames: subjectNames?.length ? subjectNames : DEFAULT_CERTIFICATE_SUBJECT_NAMES, subjectIPAddresses: subjectIpAddresses?.length @@ -795,7 +800,8 @@ function applyDefaultOptions( validityInDays: Math.min( MAX_CERTIFICATE_VALIDITY_DAYS, options?.validityInDays ?? MAX_CERTIFICATE_VALIDITY_DAYS - ) + ), + skipCertificateTrust: skipCertificateTrust }; }