From e6f628e19abee9088c28962e0cff30834e6e6cb1 Mon Sep 17 00:00:00 2001 From: biewang <1806620741@qq.com> Date: Tue, 2 Jan 2024 23:02:45 +0800 Subject: [PATCH] reset client --- client/client.go | 138 +++---- client/func.go | 14 +- client/i18n.go | 676 ----------------------------------- client/truststore_darwin.go | 25 +- client/truststore_java.go | 14 +- client/truststore_linux.go | 21 +- client/truststore_nss.go | 26 +- client/truststore_windows.go | 50 ++- 8 files changed, 99 insertions(+), 865 deletions(-) delete mode 100755 client/i18n.go diff --git a/client/client.go b/client/client.go index 34c4743c..03027f1a 100644 --- a/client/client.go +++ b/client/client.go @@ -16,13 +16,13 @@ import ( const rootName = "rootCA.pem" type mkcert struct { - CAROOT string - caCert *x509.Certificate + CAROOT string + caCert *x509.Certificate // The system cert pool is only loaded once. After installing the root, checks // will keep failing until the next execution. TODO: maybe execve? // https://github.com/golang/go/issues/24540 (thanks, myself) - ignoreCheckFailure bool + ignoreCheckFailure bool } func (m *mkcert) checkPlatform() bool { @@ -37,68 +37,41 @@ func (m *mkcert) checkPlatform() bool { func (m *mkcert) install() { if storeEnabled("system") { if m.checkPlatform() { - log.Print(i18nText. - scan95, - ) + log.Print("The local CA is already installed in the system trust store! ๐Ÿ‘") } else { if m.installPlatform() { - log.Print(i18nText. - scan95, - ) + log.Print("The local CA is now installed in the system trust store! โšก๏ธ") } - m.ignoreCheckFailure = true // TODO: replace with a check for a successful install + m.ignoreCheckFailure = true // TODO: replace with a check for a successful install } } if storeEnabled("nss") && hasNSS { if m.checkNSS() { - log.Printf(i18nText. - scan95, - - NSSBrowsers) + log.Printf("The local CA is already installed in the %s trust store! ๐Ÿ‘", NSSBrowsers) } else { if hasCertutil && m.installNSS() { - log.Printf(i18nText. - scan95, - - NSSBrowsers) + log.Printf("The local CA is now installed in the %s trust store (requires browser restart)! ๐ŸฆŠ", NSSBrowsers) } else if CertutilInstallHelp == "" { - log.Printf(i18nText. - scan65, - - NSSBrowsers) + log.Printf(`Note: %s support is not available on your platform. โ„น๏ธ`, NSSBrowsers) } else if !hasCertutil { - log.Printf(i18nText. - scan66, - - NSSBrowsers) - log.Printf(i18nText. - scan67, - - CertutilInstallHelp) + log.Printf(`Warning: "certutil" is not available, so the CA can't be automatically installed in %s! โš ๏ธ`, NSSBrowsers) + log.Printf(`Install "certutil" with "%s" and re-run "mkcert -install" ๐Ÿ‘ˆ`, CertutilInstallHelp) } } } if storeEnabled("java") && hasJava { if m.checkJava() { - log.Println(i18nText. - scan95, - ) + log.Println("The local CA is already installed in Java's trust store! ๐Ÿ‘") } else { if hasKeytool { m.installJava() - log.Println(i18nText. - scan95, - ) + log.Println("The local CA is now installed in Java's trust store! โ˜•๏ธ") } else { - log.Println(i18nText. - scan70, - ) + log.Println(`Warning: "keytool" is not available, so the CA can't be automatically installed in Java's trust store! โš ๏ธ`) } } } - log.Print(i18nText. - scan95, - ) + log.Print("") } func (m *mkcert) uninstall() { @@ -106,58 +79,33 @@ func (m *mkcert) uninstall() { if hasCertutil { m.uninstallNSS() } else if CertutilInstallHelp != "" { - log.Print(i18nText. - scan95, - ) - log.Printf(i18nText. - scan72, - - NSSBrowsers) - log.Printf(i18nText. - scan73, - - CertutilInstallHelp) - log.Print(i18nText. - scan95, - ) + log.Print("") + log.Printf(`Warning: "certutil" is not available, so the CA can't be automatically uninstalled from %s (if it was ever installed)! โš ๏ธ`, NSSBrowsers) + log.Printf(`You can install "certutil" with "%s" and re-run "mkcert -uninstall" ๐Ÿ‘ˆ`, CertutilInstallHelp) + log.Print("") } } if storeEnabled("java") && hasJava { if hasKeytool { m.uninstallJava() } else { - log.Print(i18nText. - scan95, - ) - log.Println(i18nText. - scan74, - ) - log.Print(i18nText. - scan95, - ) + log.Print("") + log.Println(`Warning: "keytool" is not available, so the CA can't be automatically uninstalled from Java's trust store (if it was ever installed)! โš ๏ธ`) + log.Print("") } } if storeEnabled("system") && m.uninstallPlatform() { - log.Print(i18nText. - scan95, - ) - log.Print(i18nText. - scan95, - ) + log.Print("The local CA is now uninstalled from the system trust store(s)! ๐Ÿ‘‹") + log.Print("") } else if storeEnabled("nss") && hasCertutil { - log.Printf(i18nText. - scan95, - - NSSBrowsers) - log.Print(i18nText. - scan95, - ) + log.Printf("The local CA is now uninstalled from the %s trust store(s)! ๐Ÿ‘‹", NSSBrowsers) + log.Print("") } } type item struct { - Name string - Description string + Name string + Description string } func (m *mkcert) caUniqueName() string { @@ -179,10 +127,10 @@ func main() { } templates := &promptui.SelectTemplates{ - Label: "{{ . }}?", - Active: "\U0001F336 {{ .Name | cyan }}", - Inactive: " {{ .Name | cyan }}", - Selected: "\U0001F336 {{ .Name | red | cyan }}", + Label: "{{ . }}?", + Active: "\U0001F336 {{ .Name | cyan }}", + Inactive: " {{ .Name | cyan }}", + Selected: "\U0001F336 {{ .Name | red | cyan }}", Details: ` --------- ่ฏฆๆƒ… ---------- {{ "ๅๅญ—:" | faint }} {{ .Name }} @@ -198,33 +146,27 @@ func main() { } prompt := promptui.Select{ - Label: "ๅฝ“ๅ‰ๆ˜ฏๆŽˆไฟกๅฎขๆˆท็ซฏ,ไฝ ่ฆๅšไป€ไนˆ", - Items: items, - Templates: templates, - Size: 4, - Searcher: searcher, + Label: "ๅฝ“ๅ‰ๆ˜ฏๆŽˆไฟกๅฎขๆˆท็ซฏ,ไฝ ่ฆๅšไป€ไนˆ", + Items: items, + Templates: templates, + Size: 4, + Searcher: searcher, } i, _, err := prompt.Run() if err != nil { fmt.Printf("Prompt failed %v\n", err) - log.Fatalln(i18nText. - scan95, - ) + log.Fatalln("้€‰ๆ‹ฉ้”™่ฏฏ") } else { m := &mkcert{} m.CAROOT = "./" certDERBlock, _ := pem.Decode(cert) if certDERBlock == nil || certDERBlock.Type != "CERTIFICATE" { - log.Fatalln(i18nText. - scan95, - ) + log.Fatalln("ERROR: failed to read the CA certificate: unexpected content") } m.caCert, err = x509.ParseCertificate(certDERBlock.Bytes) - fatalIfErr(err, i18nText. - scan95, - ) + fatalIfErr(err, "failed to parse the CA certificate") if i == 0 { m.install() } else if i == 1 { diff --git a/client/func.go b/client/func.go index 85212d47..0a68f886 100644 --- a/client/func.go +++ b/client/func.go @@ -17,9 +17,7 @@ func commandWithSudo(cmd ...string) *exec.Cmd { } if !binaryExists("sudo") { sudoWarningOnce.Do(func() { - log.Println(i18nText. - scan79, - ) + log.Println(`Warning: "sudo" is not available, and mkcert is not running as root. The (un)install operation might fail. โš ๏ธ`) }) return exec.Command(cmd[0], cmd[1:]...) } @@ -28,10 +26,7 @@ func commandWithSudo(cmd ...string) *exec.Cmd { func fatalIfCmdErr(err error, cmd string, out []byte) { if err != nil { - log.Fatalf(i18nText. - scan95, - - cmd, err, out) + log.Fatalf("ERROR: failed to execute \"%s\": %s\n\n%s\n", cmd, err, out) } } @@ -60,9 +55,6 @@ func storeEnabled(name string) bool { func fatalIfErr(err error, msg string) { if err != nil { - log.Fatalf(i18nText. - scan95, - - msg, err) + log.Fatalf("ERROR: %s: %s", msg, err) } } diff --git a/client/i18n.go b/client/i18n.go deleted file mode 100755 index d90d2aa9..00000000 --- a/client/i18n.go +++ /dev/null @@ -1,676 +0,0 @@ -package main - -import ( - "embed" - - "github.com/BurntSushi/toml" - "github.com/cloudfoundry/jibber_jabber" - "github.com/nicksnyder/go-i18n/v2/i18n" - "golang.org/x/text/language" -) - -type I18nText struct { - scan10,scan11,scan12,scan13,scan14,scan15,scan16,scan17,scan18,scan19,scan20,scan21,scan22,scan23,scan24,scan25,scan26,scan27,scan28,scan29,scan30,scan31,scan32,scan33,scan34,scan35,scan36,scan37,scan38,scan39,scan40,scan41,scan42,scan43,scan44,scan45,scan46,scan47,scan48,scan49,scan50,scan51,scan52,scan53,scan54,scan55,scan56,scan57,scan58,scan59,scan60,scan61,scan62,scan63,scan64,scan65,scan66,scan67,scan68,scan69,scan7,scan70,scan72,scan73,scan74,scan75,scan76,scan77,scan78,scan79,scan8,scan80,scan81,scan82,scan83,scan84,scan85,scan86,scan87,scan88,scan89,scan9,scan90,scan91,scan92,scan93,scan94,scan95 string -} - -var localizer *i18n.Localizer - -//go:embed active.*.toml -var LocaleFS embed.FS - -var i18nText I18nText - -func init() { - userLanguage, _ := jibber_jabber.DetectLanguage() - userTag := language.MustParse(userLanguage) - bundle := i18n.NewBundle(language.English) - bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal) - bundle.LoadMessageFileFS(LocaleFS, "active.zh.toml") - tag, _, _ := language.NewMatcher([]language.Tag{ - language.English, - language.Chinese, - }).Match(userTag) - localizer = i18n.NewLocalizer(bundle, tag.String()) - //ๅˆๅง‹ๅŒ–่‡ชๅŠจๆ”ถ้›†็š„ๅพ…็ฟป่ฏ‘ๆ–‡ๆœฌ - - i18nText.scan75 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan75", - Other: `The local CA is now uninstalled from the system trust store(s)! ๐Ÿ‘‹`, - }, - }) - - i18nText.scan16 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan16", - Other: ` -The certificate and key are at "%s" โœ… - -`, - }, - }) - - i18nText.scan26 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan26", - Other: `failed to read the CSR`, - }, - }) - - i18nText.scan72 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan72", - Other: `Warning: "certutil" is not available, so the CA can't be automatically uninstalled from %s (if it was ever installed)! โš ๏ธ`, - }, - }) - - i18nText.scan89 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan89", - Other: `ERROR: no %s security databases found`, - }, - }) - - i18nText.scan66 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan66", - Other: `Warning: "certutil" is not available, so the CA can't be automatically installed in %s! โš ๏ธ`, - }, - }) - - i18nText.scan48 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan48", - Other: `The local CA is already installed in the system trust store! ๐Ÿ‘`, - }, - }) - - i18nText.scan60 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan60", - Other: `ERROR: %q is not a valid hostname, IP, URL or email: %s`, - }, - }) - - i18nText.scan43 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan43", - Other: `failed to save CA key`, - }, - }) - - i18nText.scan94 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan94", - Other: `add cert`, - }, - }) - - i18nText.scan15 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan15", - Other: `failed to save PKCS#12`, - }, - }) - - i18nText.scan50 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan50", - Other: `ERROR: you can't set -[un]install and -CAROOT at the same time`, - }, - }) - - i18nText.scan19 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan19", - Other: ` -The legacy PKCS#12 encryption password is the often hardcoded default "changeit" โ„น๏ธ - -`, - }, - }) - - i18nText.scan32 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan32", - Other: `failed to read the CA certificate`, - }, - }) - - i18nText.scan84 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan84", - Other: `failed to serialize trust settings`, - }, - }) - - i18nText.scan82 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan82", - Other: `failed to parse trust settings`, - }, - }) - - i18nText.scan24 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan24", - Other: ` -Reminder: X.509 wildcards only go one level deep, so this won't match a.b.%s โ„น๏ธ`, - }, - }) - - i18nText.scan45 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan45", - Other: `Created a new local CA ๐Ÿ’ฅ -`, - }, - }) - - i18nText.scan13 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan13", - Other: `failed to save certificate key`, - }, - }) - - i18nText.scan41 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan41", - Other: `failed to generate CA certificate`, - }, - }) - - i18nText.scan79 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan79", - Other: `Warning: "sudo" is not available, and mkcert is not running as root. The (un)install operation might fail. โš ๏ธ`, - }, - }) - - i18nText.scan55 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan55", - Other: `failed to create the CAROOT`, - }, - }) - - i18nText.scan58 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan58", - Other: `Note: the local CA is not installed in the Java trust store.`, - }, - }) - - i18nText.scan42 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan42", - Other: `failed to encode CA key`, - }, - }) - - i18nText.scan81 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan81", - Other: `failed to read trust settings`, - }, - }) - - i18nText.scan54 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan54", - Other: `ERROR: failed to find the default CA location, set one as the CAROOT env var`, - }, - }) - - i18nText.scan46 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan46", - Other: `Exported to the current directory`, - }, - }) - - i18nText.scan18 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan18", - Other: ` -The PKCS#12 bundle is at "%s" โœ… -`, - }, - }) - - i18nText.scan21 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan21", - Other: ` -Created a new certificate valid for the following names ๐Ÿ“œ`, - }, - }) - - i18nText.scan88 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan88", - Other: `failed to read root certificate`, - }, - }) - - i18nText.scan9 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan9", - Other: `failed to generate certificate`, - }, - }) - - i18nText.scan38 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan38", - Other: `failed to generate the CA key`, - }, - }) - - i18nText.scan61 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan61", - Other: `ERROR: %q is not a valid hostname, IP, URL or email`, - }, - }) - - i18nText.scan62 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan62", - Other: `The local CA is now installed in the system trust store! โšก๏ธ`, - }, - }) - - i18nText.scan73 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan73", - Other: `You can install "certutil" with "%s" and re-run "mkcert -uninstall" ๐Ÿ‘ˆ`, - }, - }) - - i18nText.scan7 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan7", - Other: `ERROR: can't create new certificates because the CA key (rootCA-key.pem) is missing`, - }, - }) - - i18nText.scan85 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan85", - Other: `failed to write trust settings`, - }, - }) - - i18nText.scan93 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan93", - Other: `open root store`, - }, - }) - - i18nText.scan29 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan29", - Other: `invalid CSR signature`, - }, - }) - - i18nText.scan35 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan35", - Other: `failed to read the CA key`, - }, - }) - - i18nText.scan49 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan49", - Other: `Root certificate client generated automkcert-root ๐Ÿ’ฅ -`, - }, - }) - - i18nText.scan44 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan44", - Other: `failed to save CA certificate`, - }, - }) - - i18nText.scan76 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan76", - Other: `The local CA is now uninstalled from the %s trust store(s)! ๐Ÿ‘‹`, - }, - }) - - i18nText.scan11 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan11", - Other: `failed to save certificate and key`, - }, - }) - - i18nText.scan39 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan39", - Other: `failed to encode public key`, - }, - }) - - i18nText.scan40 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan40", - Other: `failed to decode public key`, - }, - }) - - i18nText.scan68 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan68", - Other: `The local CA is already installed in Java's trust store! ๐Ÿ‘`, - }, - }) - - i18nText.scan90 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan90", - Other: `Installing in %s failed. Please report the issue with details about your environment at https://github.com/FiloSottile/mkcert/issues/new ๐Ÿ‘Ž`, - }, - }) - - i18nText.scan69 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan69", - Other: `The local CA is now installed in Java's trust store! โ˜•๏ธ`, - }, - }) - - i18nText.scan63 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan63", - Other: `The local CA is already installed in the %s trust store! ๐Ÿ‘`, - }, - }) - - i18nText.scan87 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan87", - Other: `You can also manually install the root certificate at %q.`, - }, - }) - - i18nText.scan74 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan74", - Other: `Warning: "keytool" is not available, so the CA can't be automatically uninstalled from Java's trust store (if it was ever installed)! โš ๏ธ`, - }, - }) - - i18nText.scan33 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan33", - Other: `ERROR: failed to read the CA certificate: unexpected content`, - }, - }) - - i18nText.scan34 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan34", - Other: `failed to parse the CA certificate`, - }, - }) - - i18nText.scan95 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan95", - Other: "delete cert", - }, - }) - - i18nText.scan52 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan52", - Other: `ERROR: can only combine -csr with -install and -cert-file`, - }, - }) - - i18nText.scan59 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan59", - Other: `Run "mkcert -install" for certificates to be trusted automatically โš ๏ธ`, - }, - }) - - i18nText.scan78 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan78", - Other: `ERROR: failed to execute "%s": %s - -%s -`, - }, - }) - - i18nText.scan80 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan80", - Other: `failed to create temp file`, - }, - }) - - i18nText.scan17 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan17", - Other: ` -The certificate is at "%s" and the key at "%s" โœ… - -`, - }, - }) - - i18nText.scan20 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan20", - Other: `It will expire on %s ๐Ÿ—“ - -`, - }, - }) - - i18nText.scan31 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan31", - Other: ` -The certificate is at "%s" โœ… - -`, - }, - }) - - i18nText.scan86 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan86", - Other: `Installing to the system store is not yet supported on this Linux ๐Ÿ˜ฃ but %s will still work.`, - }, - }) - - i18nText.scan12 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan12", - Other: `failed to save certificate`, - }, - }) - - i18nText.scan36 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan36", - Other: `ERROR: failed to read the CA key: unexpected content`, - }, - }) - - i18nText.scan8 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan8", - Other: `failed to generate certificate key`, - }, - }) - - i18nText.scan25 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan25", - Other: `failed to generate serial number`, - }, - }) - - i18nText.scan30 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan30", - Other: `failed to parse generated certificate`, - }, - }) - - i18nText.scan37 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan37", - Other: `failed to parse the CA key`, - }, - }) - - i18nText.scan56 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan56", - Other: `Note: the local CA is not installed in the system trust store.`, - }, - }) - - i18nText.scan51 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan51", - Other: `ERROR: you can't set -install and -uninstall at the same time`, - }, - }) - - i18nText.scan28 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan28", - Other: `failed to parse the CSR`, - }, - }) - - i18nText.scan10 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan10", - Other: `failed to encode certificate key`, - }, - }) - - i18nText.scan65 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan65", - Other: `Note: %s support is not available on your platform. โ„น๏ธ`, - }, - }) - - i18nText.scan53 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan53", - Other: `ERROR: can't specify extra arguments when using -csr`, - }, - }) - - i18nText.scan83 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan83", - Other: `ERROR: unsupported trust settings version:`, - }, - }) - - i18nText.scan27 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan27", - Other: `ERROR: failed to read the CSR: unexpected content`, - }, - }) - - i18nText.scan57 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan57", - Other: `Note: the local CA is not installed in the %s trust store.`, - }, - }) - - i18nText.scan64 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan64", - Other: `The local CA is now installed in the %s trust store (requires browser restart)! ๐ŸฆŠ`, - }, - }) - - i18nText.scan23 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan23", - Other: ` Warning: many browsers don't support second-level wildcards like %q โš ๏ธ`, - }, - }) - - i18nText.scan47 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan47", - Other: `The credit client has been generated and is currently in the dist directory. Please deploy it on your server.`, - }, - }) - - i18nText.scan22 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan22", - Other: ` - %q`, - }, - }) - - i18nText.scan70 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan70", - Other: `Warning: "keytool" is not available, so the CA can't be automatically installed in Java's trust store! โš ๏ธ`, - }, - }) - - i18nText.scan67 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan67", - Other: `Install "certutil" with "%s" and re-run "mkcert -install" ๐Ÿ‘ˆ`, - }, - }) - - i18nText.scan14 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan14", - Other: `failed to generate PKCS#12`, - }, - }) - - i18nText.scan91 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan91", - Other: `Note that if you never started %s, you need to do that at least once.`, - }, - }) - - i18nText.scan92 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan92", - Other: `decode pem`, - }, - }) - - i18nText.scan77 = localizer.MustLocalize(&i18n.LocalizeConfig{ - DefaultMessage: &i18n.Message{ - ID: "scan77", - Other: `ERROR: %s: %s`, - }, - }) - -} - \ No newline at end of file diff --git a/client/truststore_darwin.go b/client/truststore_darwin.go index 9ff5157d..83b8fac7 100644 --- a/client/truststore_darwin.go +++ b/client/truststore_darwin.go @@ -16,9 +16,9 @@ import ( ) var ( - FirefoxProfiles = []string{os.Getenv("HOME") + "/Library/Application Support/Firefox/Profiles/*"} - CertutilInstallHelp = "brew install nss" - NSSBrowsers = "Firefox" + FirefoxProfiles = []string{os.Getenv("HOME") + "/Library/Application Support/Firefox/Profiles/*"} + CertutilInstallHelp = "brew install nss" + NSSBrowsers = "Firefox" ) // https://github.com/golang/go/issues/24652#issuecomment-399826583 @@ -58,8 +58,7 @@ func (m *mkcert) installPlatform() bool { // https://github.com/golang/go/issues/24652 plistFile, err := ioutil.TempFile("", "trust-settings") - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to create temp file") defer os.Remove(plistFile.Name()) cmd = commandWithSudo("security", "trust-settings-export", "-d", plistFile.Name()) @@ -67,19 +66,15 @@ func (m *mkcert) installPlatform() bool { fatalIfCmdErr(err, "security trust-settings-export", out) plistData, err := ioutil.ReadFile(plistFile.Name()) - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to read trust settings") var plistRoot map[string]interface{} _, err = plist.Unmarshal(plistData, &plistRoot) - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to parse trust settings") rootSubjectASN1, _ := asn1.Marshal(m.caCert.Subject.ToRDNSequence()) if plistRoot["trustVersion"].(uint64) != 1 { - log.Fatalln(i18nText.scan95, - - plistRoot["trustVersion"]) + log.Fatalln("ERROR: unsupported trust settings version:", plistRoot["trustVersion"]) } trustList := plistRoot["trustList"].(map[string]interface{}) for key := range trustList { @@ -96,11 +91,9 @@ func (m *mkcert) installPlatform() bool { } plistData, err = plist.MarshalIndent(plistRoot, plist.XMLFormat, "\t") - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to serialize trust settings") err = ioutil.WriteFile(plistFile.Name(), plistData, 0600) - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to write trust settings") cmd = commandWithSudo("security", "trust-settings-import", "-d", plistFile.Name()) out, err = cmd.CombinedOutput() diff --git a/client/truststore_java.go b/client/truststore_java.go index d0074e83..8ad84bba 100644 --- a/client/truststore_java.go +++ b/client/truststore_java.go @@ -19,13 +19,13 @@ import ( ) var ( - hasJava bool - hasKeytool bool + hasJava bool + hasKeytool bool - javaHome string - cacertsPath string - keytoolPath string - storePass string = "changeit" + javaHome string + cacertsPath string + keytoolPath string + storePass string = "changeit" ) func init() { @@ -100,7 +100,7 @@ func (m *mkcert) uninstallJava() { } out, err := execKeytool(exec.Command(keytoolPath, args...)) if bytes.Contains(out, []byte("does not exist")) { - return // cert didn't exist + return // cert didn't exist } fatalIfCmdErr(err, "keytool -delete", out) } diff --git a/client/truststore_linux.go b/client/truststore_linux.go index bab4bda9..2c4e5a37 100644 --- a/client/truststore_linux.go +++ b/client/truststore_linux.go @@ -15,13 +15,13 @@ import ( ) var ( - FirefoxProfiles = []string{os.Getenv("HOME") + "/.mozilla/firefox/*", + FirefoxProfiles = []string{os.Getenv("HOME") + "/.mozilla/firefox/*", os.Getenv("HOME") + "/snap/firefox/common/.mozilla/firefox/*"} - NSSBrowsers = "Firefox and/or Chrome/Chromium" + NSSBrowsers = "Firefox and/or Chrome/Chromium" - SystemTrustFilename string - SystemTrustCommand []string - CertutilInstallHelp string + SystemTrustFilename string + SystemTrustCommand []string + CertutilInstallHelp string ) func init() { @@ -54,18 +54,13 @@ func (m *mkcert) systemTrustFilename() string { func (m *mkcert) installPlatform() bool { if SystemTrustCommand == nil { - log.Printf(i18nText.scan95, - - NSSBrowsers) - log.Printf(i18nText.scan95, - - filepath.Join(m.CAROOT, rootName)) + log.Printf("Installing to the system store is not yet supported on this Linux ๐Ÿ˜ฃ but %s will still work.", NSSBrowsers) + log.Printf("You can also manually install the root certificate at %q.", filepath.Join(m.CAROOT, rootName)) return false } cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName)) - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to read root certificate") cmd := commandWithSudo("tee", m.systemTrustFilename()) cmd.Stdin = bytes.NewReader(cert) diff --git a/client/truststore_nss.go b/client/truststore_nss.go index eeda4dcf..ad8d6624 100644 --- a/client/truststore_nss.go +++ b/client/truststore_nss.go @@ -15,15 +15,15 @@ import ( ) var ( - hasNSS bool - hasCertutil bool - certutilPath string - nssDBs = []string{ + hasNSS bool + hasCertutil bool + certutilPath string + nssDBs = []string{ filepath.Join(os.Getenv("HOME"), ".pki/nssdb"), - filepath.Join(os.Getenv("HOME"), "snap/chromium/current/.pki/nssdb"), // Snapcraft - "/etc/pki/nssdb", // CentOS 7 + filepath.Join(os.Getenv("HOME"), "snap/chromium/current/.pki/nssdb"), // Snapcraft + "/etc/pki/nssdb", // CentOS 7 } - firefoxPaths = []string{ + firefoxPaths = []string{ "/usr/bin/firefox", "/usr/bin/firefox-nightly", "/usr/bin/firefox-developer-edition", @@ -92,18 +92,12 @@ func (m *mkcert) installNSS() bool { out, err := execCertutil(cmd) fatalIfCmdErr(err, "certutil -A -d "+profile, out) }) == 0 { - log.Printf(i18nText.scan95, - - NSSBrowsers) + log.Printf("ERROR: no %s security databases found", NSSBrowsers) return false } if !m.checkNSS() { - log.Printf(i18nText.scan95, - - NSSBrowsers) - log.Printf(i18nText.scan95, - - NSSBrowsers) + log.Printf("Installing in %s failed. Please report the issue with details about your environment at https://github.com/FiloSottile/mkcert/issues/new ๐Ÿ‘Ž", NSSBrowsers) + log.Printf("Note that if you never started %s, you need to do that at least once.", NSSBrowsers) return false } return true diff --git a/client/truststore_windows.go b/client/truststore_windows.go index 5c9806b0..a4c9fcb4 100644 --- a/client/truststore_windows.go +++ b/client/truststore_windows.go @@ -17,41 +17,37 @@ import ( ) var ( - FirefoxProfiles = []string{os.Getenv("USERPROFILE") + "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"} - CertutilInstallHelp = "" // certutil unsupported on Windows - NSSBrowsers = "Firefox" + FirefoxProfiles = []string{os.Getenv("USERPROFILE") + "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles"} + CertutilInstallHelp = "" // certutil unsupported on Windows + NSSBrowsers = "Firefox" ) var ( - modcrypt32 = syscall.NewLazyDLL("crypt32.dll") - procCertAddEncodedCertificateToStore = modcrypt32.NewProc("CertAddEncodedCertificateToStore") - procCertCloseStore = modcrypt32.NewProc("CertCloseStore") - procCertDeleteCertificateFromStore = modcrypt32.NewProc("CertDeleteCertificateFromStore") - procCertDuplicateCertificateContext = modcrypt32.NewProc("CertDuplicateCertificateContext") - procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore") - procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW") + modcrypt32 = syscall.NewLazyDLL("crypt32.dll") + procCertAddEncodedCertificateToStore = modcrypt32.NewProc("CertAddEncodedCertificateToStore") + procCertCloseStore = modcrypt32.NewProc("CertCloseStore") + procCertDeleteCertificateFromStore = modcrypt32.NewProc("CertDeleteCertificateFromStore") + procCertDuplicateCertificateContext = modcrypt32.NewProc("CertDuplicateCertificateContext") + procCertEnumCertificatesInStore = modcrypt32.NewProc("CertEnumCertificatesInStore") + procCertOpenSystemStoreW = modcrypt32.NewProc("CertOpenSystemStoreW") ) func (m *mkcert) installPlatform() bool { // Load cert cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName)) - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "failed to read root certificate") // Decode PEM if certBlock, _ := pem.Decode(cert); certBlock == nil || certBlock.Type != "CERTIFICATE" { - fatalIfErr(fmt.Errorf("invalid PEM data"), i18nText.scan95, - ) + fatalIfErr(fmt.Errorf("invalid PEM data"), "decode pem") } else { cert = certBlock.Bytes } // Open root store store, err := openWindowsRootStore() - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "open root store") defer store.close() // Add cert - fatalIfErr(store.addCert(cert), i18nText.scan95, - ) + fatalIfErr(store.addCert(cert), "add cert") return true } @@ -59,16 +55,14 @@ func (m *mkcert) uninstallPlatform() bool { // We'll just remove all certs with the same serial number // Open root store store, err := openWindowsRootStore() - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "open root store") defer store.close() // Do the deletion deletedAny, err := store.deleteCertsWithSerial(m.caCert.SerialNumber) if err == nil && !deletedAny { err = fmt.Errorf("no certs found") } - fatalIfErr(err, i18nText.scan95, - ) + fatalIfErr(err, "delete cert") return true } @@ -97,12 +91,12 @@ func (w windowsRootStore) close() error { func (w windowsRootStore) addCert(cert []byte) error { // TODO: ok to always overwrite? ret, _, err := procCertAddEncodedCertificateToStore.Call( - uintptr(w), // HCERTSTORE hCertStore - uintptr(syscall.X509_ASN_ENCODING|syscall.PKCS_7_ASN_ENCODING), // DWORD dwCertEncodingType - uintptr(unsafe.Pointer(&cert[0])), // const BYTE *pbCertEncoded - uintptr(len(cert)), // DWORD cbCertEncoded - 3, // DWORD dwAddDisposition (CERT_STORE_ADD_REPLACE_EXISTING is 3) - 0, // PCCERT_CONTEXT *ppCertContext + uintptr(w), // HCERTSTORE hCertStore + uintptr(syscall.X509_ASN_ENCODING|syscall.PKCS_7_ASN_ENCODING), // DWORD dwCertEncodingType + uintptr(unsafe.Pointer(&cert[0])), // const BYTE *pbCertEncoded + uintptr(len(cert)), // DWORD cbCertEncoded + 3, // DWORD dwAddDisposition (CERT_STORE_ADD_REPLACE_EXISTING is 3) + 0, // PCCERT_CONTEXT *ppCertContext ) if ret != 0 { return nil