first commit

node_modules/office-addin-dev-certs/scripts/install.ps1

@@ -0,0 +1,27 @@
+if($args.Count -ne 2){
+    throw "Usage: install.ps1 <LocalMachine | CurrentUser> <CA-certificate-path>"
+}
+
+# Without this, the script always succeeds (exit code = 0)
+$ErrorActionPreference = 'Stop'
+
+$machine = $args[0]
+$caCertificatePath=$args[1]
+if(Get-Command -name Import-Certificate -ErrorAction SilentlyContinue){
+    if ($PSVersionTable.PSVersion.Major -le 5) {
+        # The following line is required in case pwsh is one of the parent callers
+        # because the changes it makes to PSModulePath are not backward compatible with Windows powershell.
+        $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')
+    }
+    Import-Certificate -CertStoreLocation cert:\\$machine\\Root ${caCertificatePath}
+}
+else{
+    # Legacy system support
+    $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
+    $pfx.import($caCertificatePath)
+
+    $store = new-object System.Security.Cryptography.X509Certificates.X509Store("Root", $machine)
+    $store.open("MaxAllowed")
+    $store.add($pfx)
+    $store.close()
+}

node_modules/office-addin-dev-certs/scripts/install_linux.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ -f "/usr/sbin/update-ca-certificates" ]; then
+     sudo mkdir -p /usr/local/share/ca-certificates/office-addin-dev-certs && sudo cp $1 /usr/local/share/ca-certificates/office-addin-dev-certs && sudo /usr/sbin/update-ca-certificates
+elif [ -f "/usr/sbin/update-ca-trust" ]; then
+    sudo cp $1 /etc/ca-certificates/trust-source/anchors/office-addin-dev-certs-ca.crt && sudo /usr/sbin/update-ca-trust
+fi

node_modules/office-addin-dev-certs/scripts/uninstall.ps1

@@ -0,0 +1,27 @@
+if($args.Count -ne 2){
+    throw "Usage: uninstall.ps1 <LocalMachine | CurrentUser> <CA-certficate-name>"
+}
+
+# Without this, the script always succeeds (exit code = 0)
+$ErrorActionPreference = 'Stop'
+
+$machine = $args[0]
+$caCertificateName=$args[1]
+if(Get-Command -name Import-Certificate -ErrorAction SilentlyContinue){
+    if ($PSVersionTable.PSVersion.Major -le 5) {
+        # The following line is required in case pwsh is one of the parent callers
+        # because the changes it makes to PSModulePath are not backward compatible with Windows powershell.
+        $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')
+    }
+    Get-ChildItem  cert:\\$machine\\Root | Where-Object { $_.IssuerName.Name -like "*CN=$caCertificateName*" } |  Remove-Item
+}
+else{
+    # Legacy system support
+    $store = New-Object System.Security.Cryptography.X509Certificates.X509Store("root", $machine)
+    $store.Open("MaxAllowed")
+    $certs = $store.Certificates.Find("FindBySubjectName", $caCertificateName, $false)
+    foreach ($cert in $certs){
+        $store.Remove($cert)
+    }
+    $store.close()
+}

node_modules/office-addin-dev-certs/scripts/uninstall.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+hashes=$(security find-certificate -c "$1" -a -Z | grep SHA-1 | awk '{ print $NF }')
+for hash in $hashes; do
+    security delete-certificate -Z $hash
+done

node_modules/office-addin-dev-certs/scripts/uninstall_linux.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ -f "/usr/sbin/update-ca-certificates" ]; then
+    sudo rm -r /usr/local/share/ca-certificates/office-addin-dev-certs/$1 && sudo /usr/sbin/update-ca-certificates --fresh
+elif [ -f "/usr/sbin/update-ca-trust" ]; then
+    sudo rm -r /etc/ca-certificates/trust-source/anchors/office-addin-dev-certs-ca.crt && sudo /usr/sbin/update-ca-trust
+fi

node_modules/office-addin-dev-certs/scripts/verify.ps1

@@ -0,0 +1,73 @@
+Param (
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string]
+    $CaCertificateName,
+
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string]
+    $CaCertificatePath,
+
+    [Parameter(Mandatory=$true)]
+    [ValidateNotNullOrEmpty()]
+    [string]
+    $LocalhostCertificatePath,
+
+    [Parameter(Mandatory = $false)]
+    [ValidateNotNullOrEmpty()]
+    [string]
+    $OutputMarker,
+
+    [switch]
+    $ReturnInvalidCertificate
+)
+
+# An optional output marker that can be used to find the beginning of this script's output
+if ($OutputMarker) {
+    Write-Output $OutputMarker
+}
+
+# Without this, the script always succeeds (exit code = 0)
+$ErrorActionPreference = 'Stop'
+
+if ($PSVersionTable.PSVersion.Major -le 5) {
+    # The following line is required in case pwsh is one of the parent callers
+    # because the changes it makes to PSModulePath are not backward compatible with Windows powershell.
+    $env:PSModulePath = [Environment]::GetEnvironmentVariable('PSModulePath', 'Machine')
+}
+
+if(Get-Command -name Import-Certificate -ErrorAction SilentlyContinue){
+    $result = Get-ChildItem cert:\\CurrentUser\\Root | Where-Object Issuer -like "*CN=$CaCertificateName*"
+    if (!$ReturnInvalidCertificate) {
+        $result = $result | Where-Object { $_.NotAfter -gt (Get-Date).AddDays(1) }
+        if ($result -and ($result.Length -eq 1) -and (Test-Path $CaCertificatePath) -and (Test-Path $LocalhostCertificatePath)) {
+            # Check that CA certificate in store is the same as ca.crt
+            $caCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($CaCertificatePath)
+            $caThumbprint = $caCert.Thumbprint
+
+            $result = $result | Where-Object Thumbprint -eq $caThumbprint
+
+            if ($result) {
+                # Check that it matches the issuer of localhost.crt
+                $localhostCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($LocalhostCertificatePath)
+
+                $localhostChain = [System.Security.Cryptography.X509Certificates.X509Chain]::new()
+                $localhostChain.Build($localhostCert) | Out-Null
+                $localhostTrustedIssuer = $localhostChain.ChainElements.Certificate | Where-Object { $_.Subject -eq $localhostCert.Issuer -and $_.Thumbprint -eq $caThumbprint }
+                if (!$localhostTrustedIssuer) {
+                    $result = $null
+                }
+            }
+        }
+        else {
+            $result = $null
+        }
+    }
+
+    $result | Format-List
+}
+else{
+    # Legacy system support
+    Get-ChildItem cert:\\CurrentUser\\Root | Where-Object { $_.Subject -like "*CN=$CaCertificateName*"} | Where-Object { $_.NotAfter -gt (Get-Date).AddDays(1) } | Format-List
+}

node_modules/office-addin-dev-certs/scripts/verify.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+certs=$(security find-certificate -a -c "$1" -p)
+while read line; do
+    if [[ "$line" == *"--BEGIN"* ]]; then
+        cert=$line
+    else
+        cert="$cert"$'\n'"$line"
+        if [[ "$line" == *"--END"* ]]; then
+            if [ 0 -lt $(echo "$cert" | openssl x509 -checkend 86400 | grep -c "will not expire") ]; then
+                echo "$cert"
+            fi
+        fi
+    fi
+done <<< "$certs"

node_modules/office-addin-dev-certs/scripts/verify_linux.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ -f "/usr/sbin/update-ca-certificates" ]; then
+    echo [ -f /usr/local/share/ca-certificates/office-addin-dev-certs/$1 ] && openssl x509 -in /usr/local/share/ca-certificates/office-addin-dev-certs/$1 -checkend 86400 -noout
+elif [ -f "/usr/sbin/update-ca-trust" ]; then
+    echo [ -f /etc/ca-certificates/trust-source/anchors/office-addin-dev-certs-ca.crt ] && openssl x509 -in /etc/ca-certificates/trust-source/anchors/office-addin-dev-certs-ca.crt -checkend 86400 -noout
+fi