Skip to content

Commit 1d93d76

Browse files
mohameedsherifmohameedsherif
committed
chore: remove all old CA in all browsers
1 parent ff62c0e commit 1d93d76

File tree

1 file changed

+43
-8
lines changed

1 file changed

+43
-8
lines changed

src/keys.ts

Lines changed: 43 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ import os from 'node:os'
44
import path from 'node:path'
55
import type { Readable, Writable } from 'node:stream'
66
import { exec, log, runCommand, runCommands } from '@stacksjs/cli'
7+
import { glob } from '@stacksjs/storage'
78
import forge, { pki, tls } from 'node-forge'
89
import { resolveConfig } from './config'
910
import type { GenerateCertOptions } from './types'
@@ -287,7 +288,6 @@ export async function addCertToSystemTrustStoreAndSaveCerts(
287288
CAcert: string,
288289
options?: AddCertOptions,
289290
) {
290-
// console.log((await runCommand(`certutil -d sql:${os.homedir()}/.pki/nssdb -L -n ${DEFAULT_O}`)).isOk())
291291
const certPath = storeCert(cert, options)
292292
const CAcertPath = storeCACert(CAcert, options)
293293

@@ -306,21 +306,56 @@ export async function addCertToSystemTrustStoreAndSaveCerts(
306306
// Linux (This might vary based on the distro)
307307
// for Ubuntu/Debian based systems
308308

309-
// delete existing cert from system trust store
310-
console.warn = async () => {
311-
// ignore error if no cert exists
312-
await runCommand(`certutil -d sql:${os.homedir()}/.pki/nssdb -D -n ${DEFAULT_O}`)
313-
await runCommand(
314-
`certutil -d sql:${os.homedir()}/snap/firefox/common/.mozilla/firefox/3l148raz.default -D -n ${DEFAULT_O}`,
315-
)
309+
// return all directories that contain cert9.db file using fs.readdirSync
310+
311+
function findFoldersWithFile(rootDir: string, fileName: string): string[] {
312+
const result: string[] = []
313+
314+
function search(dir: string) {
315+
try {
316+
const files = fs.readdirSync(dir)
317+
318+
for (const file of files) {
319+
const filePath = path.join(dir, file)
320+
const stats = fs.lstatSync(filePath) // Use fs.lstatSync instead
321+
322+
if (stats.isDirectory()) {
323+
search(filePath)
324+
} else if (file === fileName) {
325+
result.push(dir)
326+
}
327+
}
328+
} catch (error) {
329+
// Handle any errors (e.g., broken links, permission issues)
330+
}
331+
}
332+
333+
search(rootDir)
334+
return result
316335
}
336+
//
337+
const rootDirectory = `${os.homedir()}`
338+
const targetFileName = 'cert9.db'
339+
const foldersWithFile = findFoldersWithFile(rootDirectory, targetFileName)
340+
341+
foldersWithFile.map(async (folder) => {
342+
// delete existing cert from system trust store
343+
console.warn = async () => {
344+
// ignore error if no cert exists
345+
await runCommand(`certutil -d sql:${folder} -D -n ${DEFAULT_O}`)
346+
}
347+
})
317348

318349
await runCommands([
319350
`sudo cp ${certPath} /usr/local/share/ca-certificates/`,
320351

321352
// add new cert to system trust store
322353
`certutil -d sql:${os.homedir()}/.pki/nssdb -A -t ${args} -n ${DEFAULT_O} -i ${CAcertPath}`,
323354

355+
// add new cert to system trust store for Brave
356+
`certutil -d sql:${os.homedir()}/snap/brave/411/.pki/nssdb -A -t ${args} -n ${DEFAULT_O} -i ${CAcertPath}`,
357+
358+
// add new cert to system trust store for Firefox
324359
`certutil -d sql:${os.homedir()}/snap/firefox/common/.mozilla/firefox/3l148raz.default -A -t ${args} -n ${DEFAULT_O} -i ${CAcertPath}`,
325360

326361
// reload system trust store

0 commit comments

Comments
 (0)