From cce66c1d59370ba35db879f4d7a3620d22175ab0 Mon Sep 17 00:00:00 2001 From: Mike Summerfeldt <20338451+IT-MikeS@users.noreply.github.com> Date: Tue, 21 Feb 2023 11:47:13 -0500 Subject: [PATCH] feat(cli): add ssl pinning copy logic (#6312) Co-authored-by: Chace Daniels --- cli/src/tasks/copy.ts | 64 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/cli/src/tasks/copy.ts b/cli/src/tasks/copy.ts index 7dd9e5152f..735dea0d13 100644 --- a/cli/src/tasks/copy.ts +++ b/cli/src/tasks/copy.ts @@ -94,6 +94,14 @@ export async function copy( usesLiveUpdates = true; } + let usesSSLPinning = false; + if ( + allPlugins.filter(plugin => plugin.id === '@ionic-enterprise/ssl-pinning') + .length > 0 + ) { + usesSSLPinning = true; + } + if (platformName === config.ios.name) { if (usesCapacitorPortals) { await copyFederatedWebDirs(config, await config.ios.webDirAbs); @@ -118,6 +126,13 @@ export async function copy( config.ios.nativeTargetDirAbs, ); } + if (usesSSLPinning && config.app.extConfig?.plugins?.SSLPinning?.certs) { + await copySSLCert( + config.app.extConfig.plugins.SSLPinning?.certs as unknown as string[], + config.app.rootDir, + await config.ios.webDirAbs, + ); + } await copyCapacitorConfig(config, config.ios.nativeTargetDirAbs); const cordovaPlugins = await getCordovaPlugins(config, platformName); await handleCordovaPluginsJS(cordovaPlugins, config, platformName); @@ -145,6 +160,13 @@ export async function copy( config.android.assetsDirAbs, ); } + if (usesSSLPinning && config.app.extConfig?.plugins?.SSLPinning?.certs) { + await copySSLCert( + config.app.extConfig.plugins.SSLPinning?.certs as unknown as string[], + config.app.rootDir, + config.android.assetsDirAbs, + ); + } await copyCapacitorConfig(config, config.android.assetsDirAbs); const cordovaPlugins = await getCordovaPlugins(config, platformName); await handleCordovaPluginsJS(cordovaPlugins, config, platformName); @@ -281,3 +303,45 @@ async function copySecureLiveUpdatesKey( }, ); } + +async function copySSLCert( + sslCertPaths: string[], + rootDir: string, + targetDir: string, +) { + const validCertPaths: string[] = []; + for (const sslCertPath of sslCertPaths) { + const certAbsFromPath = join(rootDir, sslCertPath); + if (!/^.+\.(cer)$/.test(certAbsFromPath)) { + logger.warn( + `Cannot copy file from ${c.strong(certAbsFromPath)}\n` + + `The file is not a .cer SSL Certificate file.`, + ); + + return; + } + if (!(await pathExists(certAbsFromPath))) { + logger.warn( + `Cannot copy SSL Certificate file from ${c.strong(certAbsFromPath)}\n` + + `SSL Certificate does not exist at specified path.`, + ); + + return; + } + validCertPaths.push(certAbsFromPath); + } + const certsDirAbsToPath = join(targetDir, 'certs'); + const certsDirRelToDir = relative(rootDir, targetDir); + await runTask( + `Copying SSL Certificates from to ${certsDirRelToDir}`, + async () => { + const promises: Promise[] = []; + for (const certPath of validCertPaths) { + promises.push( + fsCopy(certPath, join(certsDirAbsToPath, basename(certPath))), + ); + } + return Promise.all(promises); + }, + ); +}