typescript source code of certs

Project: harness-cli (GitHub Link)

harness-cli-master
- .github
  - workflows
    - node.js.yml
- .eslintignore
- src
  - providers
    - github.ts
    - storage
      - git-storage.ts
      - harness-api-storage.ts
      - local-storage.ts
      - storage-provider.ts
    - templates
      - variables.ts
      - template.ts
      - steps
        push-to-destination.ts
        run-harness-cli-command.ts
        dump-workspace.ts
        create-application.ts
      - steps.ts
    - kubernetes.ts
    - harness
      - applications.ts
      - groups.ts
      - harness-api-client.ts
      - users.ts
      - types
        scopes.ts
      - cloud-providers.ts
      - environments.ts
      - connectors
        connectors.ts
        docker.ts
        git.ts
      - secrets.ts
      - config-as-code.ts
      - secret-managers.ts
  - index.ts
  - commands
    - groups
      - create.ts
      - delete.ts
      - list.ts
      - get.ts
    - config-as-code
      - upsert.ts
      - delete.ts
      - get.ts
      - list-files.ts
    - cloud-provider
      - delete.ts
      - get.ts
      - create-k8s.ts
    - application
      - update.ts
      - create.ts
      - delete.ts
      - list.ts
      - get.ts
    - github
      - create-repo.ts
      - create-webhook.ts
      - delete-repo.ts
    - users
      - create.ts
      - delete.ts
      - list.ts
      - get.ts
    - k8s
      - create-service-account.ts
      - get-service-account.ts
      - create-role.ts
      - create-namespace.ts
      - cluster-info.ts
    - template
      - exec.ts
    - git
      - clone.ts
    - connectors
      - create-git.ts
      - create-docker.ts
      - delete.ts
    - secrets
      - update.ts
      - create.ts
      - delete.ts
      - get.ts
  - util
    - certs.ts
    - config.ts
    - objects.ts
    - filesystem.ts
    - git.ts
    - graphql-client.ts
  - base-command.ts
- .drone.yml
- LICENSE
- test
  - template-manifests
    - run-cli-command.yaml
    - template.yaml
    - cv-demo.yaml
    - git-files.yaml
  - allCommands.sh
  - cv-demo.sh
  - commands
    - groups
      - delete.test.ts
    - config-as-code
      - delete.test.ts
      - list-files.test.ts
      - get.test.ts
      - upsert.test.ts
    - cloud-provider
      - delete.test.ts
      - get.test.ts
    - application
      - delete.test.ts
      - create.test.ts
      - update.test.ts
    - github
      - delete-repo.test.ts
    - users
      - list.test.ts
      - delete.test.ts
    - k8s
      - create-namespace.test.ts
      - create-namespaced-cloudprovider.test.ts
      - get-service-account.test.ts
      - cluster-info.test.ts
      - create-role.test.ts
      - create-service-account.test.ts
    - template
      - exec.test.ts
    - git
      - clone.test.ts
    - connectors
      - delete.test.ts
      - create-docker.test.ts
    - secrets
      - delete.test.ts
      - create.test.ts
      - get.test.ts
      - update.test.ts
- .eslintrc
- .editorconfig
- CHANGELOG.md
- README.md
- package.json
- bin
  - run
  - run.cmd
- Dockerfile
- tsconfig.json
- .gitignore
- docs
  - brainstorming.md
  - UseCases.md
  - Templates.md
- .dockerignore
- .vscode
  - launch.json

import https from 'https'
import { TLSSocket, DetailedPeerCertificate } from 'tls'

async function getCerts(host: string) {
    process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
    const options = {
        host: host,
        port: 443,
        method: 'GET',
    }
    return new Promise<string[]>(resolve => {
        const request = https.request(options, res => {
            let cert = (res.connection as TLSSocket).getPeerCertificate(true)
            const list = new Set<DetailedPeerCertificate>()
            do {
                list.add(cert)
                cert = cert.issuerCertificate
            } while (cert && typeof cert === 'object' && !list.has(cert))

            const certs = [...list].map(c => {
                const prefix = '-----BEGIN CERTIFICATE-----\n'
                const postfix = '-----END CERTIFICATE-----'
                const pemText = prefix + c.raw.toString('base64').match(/.{0,64}/g)?.join('\n') + postfix
                return pemText
            })
            process.env.NODE_TLS_REJECT_UNAUTHORIZED = ''            
            resolve(certs)
        })

        request.end()
    })
}

async function getRoot(host: string) {
    const certs = await getCerts(host)
    return certs.length > 0 ? certs[certs.length - 1] : undefined
}

async function getCert(host: string) {
    const certs = await getCerts(host)
    return certs.length > 0 ? certs[0] : undefined
}

async function getChain(host: string) {
    const certs = await getCerts(host)
    return certs.join('\n')
}

// Add cert to OS trust store
// Debian
// cp ./cacert.pem /usr/share/ca-certificates/cacert.crt
// echo cacert.crt >> /etc/ca-certificates.conf
// dpkg-reconfigure ca-certificates

const Certificates = { getRoot, getCert, getChain }
export default Certificates