Skip to content

Commit c124897

Browse files
chrisbbreuerchrisbbreuer
committed
chore: use constants
1 parent 0952b1c commit c124897

6 files changed

Lines changed: 117 additions & 43 deletions

File tree

packages/tlsx/src/certificate/generate.ts

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import forge, { pki } from 'node-forge'
22
import type { CAOptions, Certificate, CertificateOptions } from '../types'
33
import { config } from '../config'
4+
import { CERT_CONSTANTS } from '../constants'
45
import { debugLog, getPrimaryDomain } from '../utils'
56
import { calculateValidityDates, generateCertificateExtensions, generateRandomSerial } from './utils'
67

@@ -12,7 +13,7 @@ import { calculateValidityDates, generateCertificateExtensions, generateRandomSe
1213
export async function createRootCA(options: CAOptions = {}): Promise<Certificate> {
1314
debugLog('ca', 'Creating new Root CA Certificate', options.verbose)
1415

15-
const keySize = options.keySize || 2048
16+
const keySize = options.keySize || CERT_CONSTANTS.DEFAULT_KEY_SIZE
1617
debugLog('ca', `Generating ${keySize}-bit RSA key pair`, options.verbose)
1718
const { privateKey, publicKey } = pki.rsa.generateKeyPair(keySize)
1819

@@ -27,7 +28,7 @@ export async function createRootCA(options: CAOptions = {}): Promise<Certificate
2728
]
2829

2930
const { notBefore, notAfter } = calculateValidityDates({
30-
validityYears: options.validityYears || 100,
31+
validityYears: options.validityYears || CERT_CONSTANTS.DEFAULT_CA_VALIDITY_YEARS,
3132
verbose: options.verbose,
3233
})
3334

@@ -72,8 +73,8 @@ export async function createRootCA(options: CAOptions = {}): Promise<Certificate
7273
* @returns Generated certificate
7374
*/
7475
export async function generateCertificate(options: CertificateOptions): Promise<Certificate> {
75-
debugLog('cert', 'Generating new certificate', options.verbose)
76-
debugLog('cert', `Options: ${JSON.stringify(options)}`, options.verbose)
76+
debugLog('ca', 'Generating new certificate', options.verbose)
77+
debugLog('ca', `Options: ${JSON.stringify(options)}`, options.verbose)
7778

7879
// Validate that at least one domain is specified
7980
if (!options.domain && !options.domains?.length) {
@@ -87,8 +88,8 @@ export async function generateCertificate(options: CertificateOptions): Promise<
8788
const caCert = pki.certificateFromPem(options.rootCA.certificate)
8889
const caKey = pki.privateKeyFromPem(options.rootCA.privateKey)
8990

90-
debugLog('cert', 'Generating 2048-bit RSA key pair for host certificate', options.verbose)
91-
const keySize = 2048
91+
debugLog('ca', `Generating ${CERT_CONSTANTS.DEFAULT_KEY_SIZE}-bit RSA key pair for host certificate`, options.verbose)
92+
const keySize = CERT_CONSTANTS.DEFAULT_KEY_SIZE
9293
const { privateKey, publicKey } = pki.rsa.generateKeyPair(keySize)
9394

9495
// Use the primary domain for the CN if no specific commonName is provided
@@ -103,7 +104,7 @@ export async function generateCertificate(options: CertificateOptions): Promise<
103104
]
104105

105106
const { notBefore, notAfter } = calculateValidityDates({
106-
validityDays: options.validityDays,
107+
validityDays: options.validityDays || CERT_CONSTANTS.DEFAULT_VALIDITY_DAYS,
107108
verbose: options.verbose,
108109
})
109110

packages/tlsx/src/certificate/store.ts

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ import fs from 'node:fs'
22
import path from 'node:path'
33
import type { Cert, CertPath, TlsOption } from '../types'
44
import { config } from '../config'
5+
import { LOG_CATEGORIES } from '../constants'
56
import { debugLog } from '../utils'
67

78
/**
@@ -11,34 +12,34 @@ import { debugLog } from '../utils'
1112
* @returns Path to the stored certificate
1213
*/
1314
export function storeCertificate(cert: Cert, options?: TlsOption): CertPath {
14-
debugLog('storage', `Storing certificate and private key with options: ${JSON.stringify(options)}`, options?.verbose)
15+
debugLog(LOG_CATEGORIES.STORAGE, `Storing certificate and private key with options: ${JSON.stringify(options)}`, options?.verbose)
1516
const certPath = path.join(options?.basePath || config.basePath, options?.certPath || config.certPath)
1617
const certKeyPath = path.join(options?.basePath || config.basePath, options?.keyPath || config.keyPath)
1718

18-
debugLog('storage', `Certificate path: ${certPath}`, options?.verbose)
19-
debugLog('storage', `Private key path: ${certKeyPath}`, options?.verbose)
19+
debugLog(LOG_CATEGORIES.STORAGE, `Certificate path: ${certPath}`, options?.verbose)
20+
debugLog(LOG_CATEGORIES.STORAGE, `Private key path: ${certKeyPath}`, options?.verbose)
2021

2122
// Ensure the directory exists before writing the file
2223
const certDir = path.dirname(certPath)
2324
if (!fs.existsSync(certDir)) {
24-
debugLog('storage', `Creating certificate directory: ${certDir}`, options?.verbose)
25+
debugLog(LOG_CATEGORIES.STORAGE, `Creating certificate directory: ${certDir}`, options?.verbose)
2526
fs.mkdirSync(certDir, { recursive: true })
2627
}
2728

28-
debugLog('storage', 'Writing certificate file', options?.verbose)
29+
debugLog(LOG_CATEGORIES.STORAGE, 'Writing certificate file', options?.verbose)
2930
fs.writeFileSync(certPath, cert.certificate)
3031

3132
// Ensure the directory exists before writing the file
3233
const certKeyDir = path.dirname(certKeyPath)
3334
if (!fs.existsSync(certKeyDir)) {
34-
debugLog('storage', `Creating private key directory: ${certKeyDir}`, options?.verbose)
35+
debugLog(LOG_CATEGORIES.STORAGE, `Creating private key directory: ${certKeyDir}`, options?.verbose)
3536
fs.mkdirSync(certKeyDir, { recursive: true })
3637
}
3738

38-
debugLog('storage', 'Writing private key file', options?.verbose)
39+
debugLog(LOG_CATEGORIES.STORAGE, 'Writing private key file', options?.verbose)
3940
fs.writeFileSync(certKeyPath, cert.privateKey)
4041

41-
debugLog('storage', 'Certificate and private key stored successfully', options?.verbose)
42+
debugLog(LOG_CATEGORIES.STORAGE, 'Certificate and private key stored successfully', options?.verbose)
4243
return certPath
4344
}
4445

@@ -49,21 +50,21 @@ export function storeCertificate(cert: Cert, options?: TlsOption): CertPath {
4950
* @returns The path to the CA Certificate
5051
*/
5152
export function storeCACertificate(caCert: string, options?: TlsOption): CertPath {
52-
debugLog('storage', 'Storing CA certificate', options?.verbose)
53+
debugLog(LOG_CATEGORIES.STORAGE, 'Storing CA certificate', options?.verbose)
5354
const caCertPath = path.join(options?.basePath || config.basePath, options?.caCertPath || config.caCertPath)
5455

55-
debugLog('storage', `CA certificate path: ${caCertPath}`, options?.verbose)
56+
debugLog(LOG_CATEGORIES.STORAGE, `CA certificate path: ${caCertPath}`, options?.verbose)
5657

5758
// Ensure the directory exists before writing the file
5859
const caCertDir = path.dirname(caCertPath)
5960
if (!fs.existsSync(caCertDir)) {
60-
debugLog('storage', `Creating CA certificate directory: ${caCertDir}`, options?.verbose)
61+
debugLog(LOG_CATEGORIES.STORAGE, `Creating CA certificate directory: ${caCertDir}`, options?.verbose)
6162
fs.mkdirSync(caCertDir, { recursive: true })
6263
}
6364

64-
debugLog('storage', 'Writing CA certificate file', options?.verbose)
65+
debugLog(LOG_CATEGORIES.STORAGE, 'Writing CA certificate file', options?.verbose)
6566
fs.writeFileSync(caCertPath, caCert)
6667

67-
debugLog('storage', 'CA certificate stored successfully', options?.verbose)
68+
debugLog(LOG_CATEGORIES.STORAGE, 'CA certificate stored successfully', options?.verbose)
6869
return caCertPath
6970
}

packages/tlsx/src/certificate/trust.ts

Lines changed: 17 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ import os from 'node:os'
22
import { consola as log } from 'consola'
33
import type { Cert, CertPath, TlsOption } from '../types'
44
import { config } from '../config'
5+
import { CERT_CONSTANTS, LOG_CATEGORIES } from '../constants'
56
import { debugLog, findFoldersWithFile, runCommand } from '../utils'
67
import { storeCACertificate, storeCertificate } from './store'
78

@@ -15,7 +16,7 @@ interface TrustStoreHandler {
1516
const macOSTrustStoreHandler: TrustStoreHandler = {
1617
platform: 'darwin',
1718
async addCertificate(caCertPath: string, options?: TlsOption): Promise<void> {
18-
debugLog('trust', 'Adding certificate to macOS keychain', options?.verbose)
19+
debugLog(LOG_CATEGORIES.TRUST, 'Adding certificate to macOS keychain', options?.verbose)
1920
await runCommand(
2021
`sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ${caCertPath}`,
2122
)
@@ -26,7 +27,7 @@ const macOSTrustStoreHandler: TrustStoreHandler = {
2627
const windowsTrustStoreHandler: TrustStoreHandler = {
2728
platform: 'win32',
2829
async addCertificate(caCertPath: string, options?: TlsOption): Promise<void> {
29-
debugLog('trust', 'Adding certificate to Windows certificate store', options?.verbose)
30+
debugLog(LOG_CATEGORIES.TRUST, 'Adding certificate to Windows certificate store', options?.verbose)
3031
await runCommand(`certutil -f -v -addstore -enterprise Root ${caCertPath}`)
3132
},
3233
}
@@ -35,12 +36,12 @@ const windowsTrustStoreHandler: TrustStoreHandler = {
3536
const linuxTrustStoreHandler: TrustStoreHandler = {
3637
platform: 'linux',
3738
async addCertificate(caCertPath: string, options?: TlsOption): Promise<void> {
38-
debugLog('trust', 'Adding certificate to Linux certificate store', options?.verbose)
39+
debugLog(LOG_CATEGORIES.TRUST, 'Adding certificate to Linux certificate store', options?.verbose)
3940
const rootDirectory = os.homedir()
40-
const targetFileName = 'cert9.db'
41-
const args = 'TC, C, C'
41+
const targetFileName = CERT_CONSTANTS.LINUX_CERT_DB_FILENAME
42+
const args = CERT_CONSTANTS.LINUX_TRUST_ARGS
4243

43-
debugLog('trust', `Searching for certificate databases in ${rootDirectory}`, options?.verbose)
44+
debugLog(LOG_CATEGORIES.TRUST, `Searching for certificate databases in ${rootDirectory}`, options?.verbose)
4445
const foldersWithFile = findFoldersWithFile(rootDirectory, targetFileName)
4546

4647
if (foldersWithFile.length === 0) {
@@ -49,17 +50,17 @@ const linuxTrustStoreHandler: TrustStoreHandler = {
4950
}
5051

5152
for (const folder of foldersWithFile) {
52-
debugLog('trust', `Processing certificate database in ${folder}`, options?.verbose)
53+
debugLog(LOG_CATEGORIES.TRUST, `Processing certificate database in ${folder}`, options?.verbose)
5354
try {
54-
debugLog('trust', `Attempting to delete existing cert for ${config.commonName}`, options?.verbose)
55+
debugLog(LOG_CATEGORIES.TRUST, `Attempting to delete existing cert for ${config.commonName}`, options?.verbose)
5556
await runCommand(`certutil -d sql:${folder} -D -n ${config.commonName}`)
5657
}
5758
catch (error) {
58-
debugLog('trust', `Warning: Error deleting existing cert: ${error}`, options?.verbose)
59+
debugLog(LOG_CATEGORIES.TRUST, `Warning: Error deleting existing cert: ${error}`, options?.verbose)
5960
console.warn(`Error deleting existing cert: ${error}`)
6061
}
6162

62-
debugLog('trust', `Adding new certificate to ${folder}`, options?.verbose)
63+
debugLog(LOG_CATEGORIES.TRUST, `Adding new certificate to ${folder}`, options?.verbose)
6364
await runCommand(`certutil -d sql:${folder} -A -t ${args} -n ${config.commonName} -i ${caCertPath}`)
6465

6566
log.info(`Cert added to ${folder}`)
@@ -82,25 +83,25 @@ const trustStoreHandlers: Record<string, TrustStoreHandler> = {
8283
* @returns The path to the stored certificate
8384
*/
8485
export async function addCertToSystemTrustStoreAndSaveCert(cert: Cert, caCert: string, options?: TlsOption): Promise<CertPath> {
85-
debugLog('trust', `Adding certificate to system trust store with options: ${JSON.stringify(options)}`, options?.verbose)
86-
debugLog('trust', 'Storing certificate and private key', options?.verbose)
86+
debugLog(LOG_CATEGORIES.TRUST, `Adding certificate to system trust store with options: ${JSON.stringify(options)}`, options?.verbose)
87+
debugLog(LOG_CATEGORIES.TRUST, 'Storing certificate and private key', options?.verbose)
8788
const certPath = storeCertificate(cert, options)
8889

89-
debugLog('trust', 'Storing CA certificate', options?.verbose)
90+
debugLog(LOG_CATEGORIES.TRUST, 'Storing CA certificate', options?.verbose)
9091
const caCertPath = storeCACertificate(caCert, options)
9192

9293
const platform = os.platform()
93-
debugLog('trust', `Detected platform: ${platform}`, options?.verbose)
94+
debugLog(LOG_CATEGORIES.TRUST, `Detected platform: ${platform}`, options?.verbose)
9495

9596
const handler = trustStoreHandlers[platform]
9697
if (!handler) {
9798
const errorMsg = `Unsupported platform: ${platform}`
98-
debugLog('trust', `Error: ${errorMsg}`, options?.verbose)
99+
debugLog(LOG_CATEGORIES.TRUST, `Error: ${errorMsg}`, options?.verbose)
99100
throw new Error(errorMsg)
100101
}
101102

102103
await handler.addCertificate(caCertPath, options)
103104

104-
debugLog('trust', 'Certificate successfully added to system trust store', options?.verbose)
105+
debugLog(LOG_CATEGORIES.TRUST, 'Certificate successfully added to system trust store', options?.verbose)
105106
return certPath
106107
}

packages/tlsx/src/certificate/utils.ts

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
import forge from 'node-forge'
22
import type { CertificateExtension, CertificateOptions, RandomSerialNumber, SubjectAltName } from '../types'
3+
import { CERT_CONSTANTS, LOG_CATEGORIES } from '../constants'
34
import { debugLog, getPrimaryDomain, makeNumberPositive } from '../utils'
45

56
/**
@@ -47,7 +48,7 @@ export function generateSubjectAltNames(options: CertificateOptions): SubjectAlt
4748
altNames.push(...options.subjectAltNames)
4849
}
4950

50-
debugLog('cert', `Generated ${altNames.length} Subject Alternative Names`, options.verbose)
51+
debugLog(LOG_CATEGORIES.CERT, `Generated ${altNames.length} Subject Alternative Names`, options.verbose)
5152
return altNames
5253
}
5354

@@ -56,9 +57,9 @@ export function generateSubjectAltNames(options: CertificateOptions): SubjectAlt
5657
* @returns The serial number for the Certificate
5758
*/
5859
export function generateRandomSerial(verbose?: boolean): RandomSerialNumber {
59-
debugLog('cert', 'Generating random serial number', verbose)
60+
debugLog(LOG_CATEGORIES.CERT, 'Generating random serial number', verbose)
6061
const serialNumber = makeNumberPositive(forge.util.bytesToHex(forge.random.getBytesSync(20)))
61-
debugLog('cert', `Generated serial number: ${serialNumber}`, verbose)
62+
debugLog(LOG_CATEGORIES.CERT, `Generated serial number: ${serialNumber}`, verbose)
6263
return serialNumber
6364
}
6465

@@ -71,10 +72,10 @@ export function calculateValidityDates(options: {
7172
notBeforeDays?: number
7273
verbose?: boolean
7374
}): { notBefore: Date, notAfter: Date } {
74-
const notBeforeDays = options.notBeforeDays ?? 2
75-
const validityDays = options.validityDays ?? (options.validityYears ? options.validityYears * 365 : 180)
75+
const notBeforeDays = options.notBeforeDays ?? CERT_CONSTANTS.DEFAULT_NOT_BEFORE_DAYS
76+
const validityDays = options.validityDays ?? (options.validityYears ? options.validityYears * 365 : CERT_CONSTANTS.DEFAULT_VALIDITY_DAYS)
7677

77-
debugLog('cert', 'Calculating certificate validity dates', options.verbose)
78+
debugLog(LOG_CATEGORIES.CERT, 'Calculating certificate validity dates', options.verbose)
7879

7980
const notBefore = new Date(Date.now() - 60 * 60 * 24 * notBeforeDays * 1000)
8081
const notAfter = new Date(notBefore.getTime() + validityDays * 24 * 60 * 60 * 1000)
@@ -83,7 +84,7 @@ export function calculateValidityDates(options: {
8384
notBefore.setUTCHours(0, 0, 0, 0)
8485
notAfter.setUTCHours(23, 59, 59, 999)
8586

86-
debugLog('cert', `Validity period: ${notBefore.toISOString()} to ${notAfter.toISOString()}`, options.verbose)
87+
debugLog(LOG_CATEGORIES.CERT, `Validity period: ${notBefore.toISOString()} to ${notAfter.toISOString()}`, options.verbose)
8788

8889
return { notBefore, notAfter }
8990
}

packages/tlsx/src/constants.ts

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
/**
2+
* Certificate-related constants
3+
*/
4+
export const CERT_CONSTANTS = {
5+
/**
6+
* Default key size for RSA keys (in bits)
7+
*/
8+
DEFAULT_KEY_SIZE: 2048,
9+
10+
/**
11+
* Default validity period for certificates (in days)
12+
*/
13+
DEFAULT_VALIDITY_DAYS: 825, // 2 years + 90 days
14+
15+
/**
16+
* Default validity period for CA certificates (in years)
17+
*/
18+
DEFAULT_CA_VALIDITY_YEARS: 100,
19+
20+
/**
21+
* Default days to subtract from the current date for the "not before" date
22+
*/
23+
DEFAULT_NOT_BEFORE_DAYS: 2,
24+
25+
/**
26+
* Default trust arguments for Linux certificates
27+
*/
28+
LINUX_TRUST_ARGS: 'TC, C, C',
29+
30+
/**
31+
* Default certificate database file name for Linux
32+
*/
33+
LINUX_CERT_DB_FILENAME: 'cert9.db',
34+
}
35+
36+
/**
37+
* File path constants
38+
*/
39+
export const PATH_CONSTANTS = {
40+
/**
41+
* Default directory name for storing certificates
42+
*/
43+
DEFAULT_CERT_DIR: '.stacks/ssl',
44+
45+
/**
46+
* Default file extension for certificates
47+
*/
48+
CERT_EXTENSION: '.crt',
49+
50+
/**
51+
* Default file extension for private keys
52+
*/
53+
KEY_EXTENSION: '.crt.key',
54+
55+
/**
56+
* Default file extension for CA certificates
57+
*/
58+
CA_CERT_EXTENSION: '.ca.crt',
59+
}
60+
61+
/**
62+
* Debug log categories
63+
*/
64+
export const LOG_CATEGORIES = {
65+
CERT: 'cert',
66+
CA: 'ca',
67+
STORAGE: 'storage',
68+
TRUST: 'trust',
69+
}

packages/tlsx/src/index.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
export * from './certificate'
22
export { config, defaultConfig } from './config'
3+
export * from './constants'
34
export * from './types'
45
export * from './utils'

0 commit comments

Comments
 (0)