├── .npmignore
├── .gitignore
├── azure-pipelines
    ├── main.yml
    ├── templates
    │   └── windows.yml
    └── publish.yml
├── .editorconfig
├── .vscode
    └── launch.json
├── test.js
├── README.md
├── binding.gyp
├── package.json
├── LICENSE
├── crypt32.cc
└── SECURITY.md


/.npmignore:
--------------------------------------------------------------------------------
1 | .vscode
2 | azure-pipelines
3 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | build
3 | vscode-windows-ca-certs-0.1.0.tgz


--------------------------------------------------------------------------------
/azure-pipelines/main.yml:
--------------------------------------------------------------------------------
 1 | stages:
 2 | - stage: Windows
 3 |   pool:
 4 |     vmImage: windows-latest
 5 |   jobs:
 6 |   - job: win_x64
 7 |     variables:
 8 |       VSCODE_ARCH: x64
 9 |     steps:
10 |       - template: templates/windows.yml
11 | 
12 | trigger:
13 |   branches:
14 |    include:
15 |    - main
16 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | # http://editorconfig.org/
 2 | # https://github.com/mfuentesg/EditorConfigSnippets
 3 | 
 4 | root = true
 5 | 
 6 | [*]
 7 | max_line_length = 100
 8 | end_of_line = lf
 9 | indent_style = space
10 | indent_size = 2
11 | charset = utf-8
12 | trim_trailing_whitespace = true
13 | insert_final_newline = true
14 | 


--------------------------------------------------------------------------------
/azure-pipelines/templates/windows.yml:
--------------------------------------------------------------------------------
 1 | steps:
 2 | - task: NodeTool@0
 3 |   inputs:
 4 |     versionSpec: '20.x'
 5 | 
 6 | - task: UsePythonVersion@0
 7 |   inputs:
 8 |     versionSpec: '3.x'
 9 |     addToPath: true
10 | 
11 | - powershell: |
12 |     $env:npm_config_arch="$(VSCODE_ARCH)"
13 |     npm install
14 |   displayName: Install Dependencies
15 | 
16 | - powershell: |
17 |     npm test
18 |   displayName: Run Tests
19 |   condition: and(succeeded(), eq(variables['VSCODE_ARCH'], 'x64'))
20 | 


--------------------------------------------------------------------------------
/.vscode/launch.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     // Use IntelliSense to learn about possible attributes.
 3 |     // Hover to view descriptions of existing attributes.
 4 |     // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
 5 |     "version": "0.2.0",
 6 |     "configurations": [
 7 | 
 8 |         {
 9 |             "type": "node",
10 |             "request": "launch",
11 |             "stopOnEntry": true,
12 |             "name": "Launch Program",
13 |             "program": "${file}"
14 |         }
15 |     ]
16 | }
17 | 


--------------------------------------------------------------------------------
/test.js:
--------------------------------------------------------------------------------
 1 | var assert = require('assert')
 2 | var forge = require('node-forge')
 3 | 
 4 | var asn1 = forge.asn1
 5 | 
 6 | nApi()
 7 | 
 8 | function assertCrt(blob) {
 9 |   var tree = asn1.fromDer(blob.toString('binary'))
10 |   assert(tree.value.length)
11 | }
12 | 
13 | function nApi() {
14 |   if (!process.versions.napi) {
15 |     console.log('! Skipping N-API bindings test...')
16 |     return
17 |   }
18 | 
19 |   console.log('Starting N-API connection...')
20 |   crypt = require('bindings')('crypt32')
21 |   var a = new crypt.Crypt32()
22 | 
23 |   var N = 0
24 |   console.log('Fetching...')
25 |   for (var blob; blob = a.next(); N++) {
26 |     assertCrt(blob)
27 |     assert(N < 1000)
28 |   }
29 | 
30 |   console.log('Total:', N, '\t// N-API')
31 | 
32 |   console.log('Cleaning N-API...')
33 |   a.done()
34 | }
35 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # @vscode/windows-ca-certs
 2 | 
 3 | [![Build Status](https://dev.azure.com/vscode/vscode-windows-ca-certs/_apis/build/status/microsoft.vscode-windows-ca-certs?branchName=main)](https://dev.azure.com/vscode/vscode-windows-ca-certs/_build/latest?definitionId=39&branchName=main)
 4 | 
 5 | [![Build Status](https://dev.azure.com/monacotools/Monaco/_apis/build/status/npm/vscode-windows-ca-certs?repoName=microsoft%2Fvscode-windows-ca-certs&branchName=main)](https://dev.azure.com/monacotools/Monaco/_build/latest?definitionId=463&repoName=microsoft%2Fvscode-windows-ca-certs&branchName=main)
 6 | 
 7 | [![npm version](https://badge.fury.io/js/@vscode%2Fwindows-ca-certs.svg)](https://badge.fury.io/js/@vscode%2Fwindows-ca-certs)
 8 | 
 9 | Get Windows System Root certificates for Node.js.
10 | 
11 | This is a fork of `win-ca` adapted for VS Code.
12 | 


--------------------------------------------------------------------------------
/binding.gyp:
--------------------------------------------------------------------------------
 1 | {
 2 |   "targets": [
 3 |     {
 4 |       "target_name": "crypt32",
 5 |       "sources": [
 6 |         "crypt32.cc"
 7 |       ],
 8 |       "dependencies": [
 9 |         "<!(node -p \"require('node-addon-api').targets\"):node_addon_api_except"
10 |       ],
11 |       "include_dirs": [
12 |         "<!@(node -p \"require('node-addon-api').include\")"
13 |       ],
14 |       "defines": [
15 |         "NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS"
16 |       ],
17 |       "link_settings": {
18 |         "libraries": ["-lcrypt32"]
19 |       },
20 |       "msvs_configuration_attributes": {
21 |         "SpectreMitigation": "Spectre"
22 |       },
23 |       "msvs_settings": {
24 |         "VCCLCompilerTool": {
25 |           "AdditionalOptions": [
26 |             "/guard:cf",
27 |             "/we4244",
28 |             "/we4267",
29 |             "/ZH:SHA_256"
30 |           ]
31 |         },
32 |         "VCLinkerTool": {
33 |           "AdditionalOptions": [
34 |             "/guard:cf"
35 |           ]
36 |         }
37 |       }
38 |     }
39 |   ]
40 | }
41 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "@vscode/windows-ca-certs",
 3 |   "version": "0.3.3",
 4 |   "description": "Get Windows System Root certificates",
 5 |   "os": [
 6 |     "win32"
 7 |   ],
 8 |   "gypfile": true,
 9 |   "main": "build/Release/crypt32",
10 |   "files": [
11 |     "binding.gyp",
12 |     "crypt32.cc"
13 |   ],
14 |   "scripts": {
15 |     "test": "node test"
16 |   },
17 |   "repository": {
18 |     "type": "git",
19 |     "url": "git+https://github.com/microsoft/vscode-windows-ca-certs.git"
20 |   },
21 |   "keywords": [
22 |     "ssl",
23 |     "tls",
24 |     "ca",
25 |     "root",
26 |     "windows"
27 |   ],
28 |   "contributors": [
29 |     {
30 |       "name": "Stas Ukolov",
31 |       "email": "ukoloff@gmail.com"
32 |     },
33 |     {
34 |       "name": "Microsoft Corporation"
35 |     }
36 |   ],
37 |   "license": "BSD",
38 |   "bugs": {
39 |     "url": "https://github.com/microsoft/vscode-windows-ca-certs/issues"
40 |   },
41 |   "homepage": "https://github.com/microsoft/vscode-windows-ca-certs",
42 |   "dependencies": {
43 |     "node-addon-api": "^8.2.0"
44 |   },
45 |   "devDependencies": {
46 |     "bindings": "1.5.0",
47 |     "node-forge": "^1.3.0"
48 |   }
49 | }


--------------------------------------------------------------------------------
/azure-pipelines/publish.yml:
--------------------------------------------------------------------------------
 1 | name: $(Date:yyyyMMdd)$(Rev:.r)
 2 | 
 3 | trigger:
 4 |   branches:
 5 |     include:
 6 |       - main
 7 | pr: none
 8 | 
 9 | resources:
10 |   repositories:
11 |     - repository: templates
12 |       type: github
13 |       name: microsoft/vscode-engineering
14 |       ref: main
15 |       endpoint: Monaco
16 | 
17 | parameters:
18 |   - name: publishPackage
19 |     displayName: 🚀 Publish vscode-windows-ca-certs
20 |     type: boolean
21 |     default: false
22 | 
23 | extends:
24 |   template: azure-pipelines/npm-package/pipeline.yml@templates
25 |   parameters:
26 |     npmPackages:
27 |       - name: vscode-windows-ca-certs
28 | 
29 |         buildSteps:
30 |           - script: npm ci
31 |             displayName: Install dependencies
32 | 
33 |         testPlatforms:
34 |           - name: Windows
35 |             nodeVersions:
36 |               - 20.x
37 | 
38 |         testSteps:
39 |           - script: npm ci
40 |             displayName: Install dependencies
41 | 
42 |           - script: npm run test
43 |             displayName: Compile & test npm package
44 | 
45 |         apiScanSoftwareName: 'vscode-windows-ca-certs'
46 |         apiScanSoftwareVersion: '0.3'
47 | 
48 |         publishPackage: ${{ parameters.publishPackage }}
49 |         packagePlatform: Windows
50 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2016, Stas Ukolov
 4 | Copyright (c) Microsoft Corporation
 5 | 
 6 | All rights reserved.
 7 | 
 8 | Redistribution and use in source and binary forms, with or without
 9 | modification, are permitted provided that the following conditions are met:
10 | 
11 | * Redistributions of source code must retain the above copyright notice, this
12 |   list of conditions and the following disclaimer.
13 | 
14 | * Redistributions in binary form must reproduce the above copyright notice,
15 |   this list of conditions and the following disclaimer in the documentation
16 |   and/or other materials provided with the distribution.
17 | 
18 | * Neither the name of the copyright holder nor the names of its
19 |   contributors may be used to endorse or promote products derived from
20 |   this software without specific prior written permission.
21 | 
22 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
26 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
28 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
29 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 | 


--------------------------------------------------------------------------------
/crypt32.cc:
--------------------------------------------------------------------------------
 1 | #include <Windows.h>
 2 | #include <Wincrypt.h>
 3 | #include <napi.h>
 4 | 
 5 | class Crypt32 : public Napi::ObjectWrap<Crypt32> {
 6 |  public:
 7 |   static Napi::Object Init(Napi::Env, Napi::Object);
 8 |   Crypt32(const Napi::CallbackInfo& info);
 9 | 
10 |  private:
11 |   HCERTSTORE hStore;
12 |   PCCERT_CONTEXT pCtx = nullptr;
13 | 
14 |   static HCERTSTORE openStore(const Napi::CallbackInfo&);
15 | 
16 |   Napi::Value next(const Napi::CallbackInfo&);
17 |   Napi::Value done(const Napi::CallbackInfo&);
18 |   Napi::Value none(const Napi::CallbackInfo&);
19 | 
20 |   const uint8_t* begin() const { return pCtx->pbCertEncoded; }
21 |   const uint8_t* end() const { return begin() + pCtx->cbCertEncoded; }
22 | };
23 | 
24 | // Implementation
25 | 
26 | Crypt32::Crypt32(const Napi::CallbackInfo& info)
27 |     : Napi::ObjectWrap<Crypt32>(info), hStore(openStore(info)) {}
28 | 
29 | HCERTSTORE Crypt32::openStore(const Napi::CallbackInfo& info) {
30 |   return CertOpenSystemStoreA(
31 |       0, info.Length() > 0 && info[0].IsString()
32 |              ? info[0].As<Napi::String>().Utf8Value().c_str()
33 |              : "ROOT");
34 | }
35 | 
36 | Napi::Value Crypt32::next(const Napi::CallbackInfo& info) {
37 |   if (!hStore) return done(info);
38 |   return (pCtx = CertEnumCertificatesInStore(hStore, pCtx))
39 |              ? Napi::Buffer<uint8_t>::Copy(info.Env(), begin(),
40 |                                            pCtx->cbCertEncoded)
41 |              : done(info);
42 | }
43 | 
44 | Napi::Value Crypt32::done(const Napi::CallbackInfo& info) {
45 |   if (hStore) CertCloseStore(hStore, 0);
46 |   hStore = 0;
47 |   return info.Env().Undefined();
48 | }
49 | 
50 | Napi::Value Crypt32::none(const Napi::CallbackInfo& info) {
51 |   return Napi::Boolean::New(info.Env(), !hStore);
52 | }
53 | 
54 | Napi::Object Crypt32::Init(Napi::Env env, Napi::Object exports) {
55 |   Napi::Function func = DefineClass(
56 |       env, "Crypt32",
57 |       {
58 |           InstanceMethod<&Crypt32::done>("done"),
59 |           InstanceMethod<&Crypt32::next>("next"),
60 |           InstanceMethod<&Crypt32::none>("none"),
61 |       });
62 | 
63 |   Napi::FunctionReference* constructor = new Napi::FunctionReference();
64 |   *constructor = Napi::Persistent(func);
65 |   exports.Set("Crypt32", func);
66 |   env.SetInstanceData<Napi::FunctionReference>(constructor);
67 | 
68 |   return exports;
69 | }
70 | 
71 | // Initialize native add-on
72 | Napi::Object Init(Napi::Env env, Napi::Object exports) {
73 |   Crypt32::Init(env, exports);
74 |   return exports;
75 | }
76 | 
77 | NODE_API_MODULE(NODE_GYP_MODULE_NAME, Init)
78 | 


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | <!-- BEGIN MICROSOFT SECURITY.MD V0.0.8 BLOCK -->
 2 | 
 3 | ## Security
 4 | 
 5 | Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
 6 | 
 7 | If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
 8 | 
 9 | ## Reporting Security Issues
10 | 
11 | **Please do not report security vulnerabilities through public GitHub issues.**
12 | 
13 | Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
14 | 
15 | If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
16 | 
17 | You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
18 | 
19 | Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
20 | 
21 |   * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
22 |   * Full paths of source file(s) related to the manifestation of the issue
23 |   * The location of the affected source code (tag/branch/commit or direct URL)
24 |   * Any special configuration required to reproduce the issue
25 |   * Step-by-step instructions to reproduce the issue
26 |   * Proof-of-concept or exploit code (if possible)
27 |   * Impact of the issue, including how an attacker might exploit the issue
28 | 
29 | This information will help us triage your report more quickly.
30 | 
31 | If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
32 | 
33 | ## Preferred Languages
34 | 
35 | We prefer all communications to be in English.
36 | 
37 | ## Policy
38 | 
39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
40 | 
41 | <!-- END MICROSOFT SECURITY.MD BLOCK -->
42 | 


--------------------------------------------------------------------------------