Enable CI

.github/workflows/test.yml

@@ -0,0 +1,64 @@
+name: Node.js CI
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: macos-latest
+            target: x86_64-apple-darwin
+            architecture: x64
+          - os: macos-latest
+            target: aarch64-apple-darwin
+            architecture: x64   # Needed because the runner is an Intel Mac
+            skipTests: true     # Needed because the compiled arm64 code won't execute on the Intel Mac runner
+          - os: windows-latest
+            target: x86_64-pc-windows-msvc
+            architecture: x64
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-gnu
+            architecture: x64
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+          architecture: ${{ matrix.architecture }}
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          override: true
+          toolchain: stable
+          target: ${{ matrix.target }}
+      - run: npm install
+      - run: npm run build -- --target ${{ matrix.target }}
+      - run: npm test
+        if: ${{ !matrix.skipTests }}
+      - name: Upload platform-specific binary
+        uses: actions/upload-artifact@v3
+        with:
+          name: bindings-${{ matrix.target }}
+          path: native-certs.*.node
+          if-no-files-found: error
+  publish:
+    runs-on: ubuntu-latest
+    needs: build   # this waits for *all* the matrix build actions to complete
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+      - name: Download all platform-specific binaries
+        uses: actions/download-artifact@v3
+        with:
+          path: artifacts
+      - run: npm install
+      - run: npm run artifacts
+      - name: List packages
+        run: ls -R ./npm
+        shell: bash
+      - run: npm publish --dry-run

.gitignore

@@ -1,4 +1,6 @@
-/binding.node
-/node_modules/
-/package-lock.json
-/target/
+node_modules/
+package-lock.json
+target/
+lib.js
+lib.d.ts
+*.node

.npmignore

@@ -0,0 +1,10 @@
+target
+Cargo.lock
+.cargo
+.github
+npm
+.eslintrc
+.prettierignore
+rustfmt.toml
+yarn.lock
+*.node

README.md

@@ -1,40 +1,55 @@
-node-native-certs
-=================
+# node-native-certs
 
 Load TLS root certificates from the system trust store.
 
 - Windows: loads certificates from the system certificate store.
-
 - macOS: loads certificates from the keychain.
-
 - Linux, BSD: looks for the OpenSSL CA bundle in the usual places.
   Honors the `SSL_CERT_FILE` and `SSL_CERT_DIR` environment variables.
 
-The `SSL_CERT_FILE` environment variable overrides the default trust store
-on all platforms.
+## Setup
+
+```shell
+npm install native-certs
+```
+
+## Usage
 
 ```js
 const https = require("https")
-const nativeCerts = require("native-certs")
-const ca = nativeCerts()
+const { loadNativeCerts } = require("native-certs")
+
+const ca = loadNativeCerts()
 
 const req = https.get({ca, host: "google.com", path: "/"})
 // do something with `req`
 ```
 
+The `SSL_CERT_FILE` environment variable overrides the default trust store
+on all platforms.
+
 Node.js does not support globally overriding the built-in root certificates
 but the list can be extended through the `NODE_EXTRA_CA_CERTS` environment
 variable:
 
-```
-$ node -e 'fs.writeFileSync("cas.pem", require("native-certs")().join("\n"))'
+```shell
+node -e 'fs.writeFileSync("cas.pem", require("native-certs")().join("\n"))'
 
-$ NODE_EXTRA_CA_CERTS=cas.pem node app.js
+NODE_EXTRA_CA_CERTS=cas.pem node app.js
 ```
 
 Performance consideration: loading certificates can be slow. Cache 'em.
 
-license
-=======
+## License
 
 ISC, see the LICENSE file.
+
+## Development
+
+```shell
+npm install
+npm run build
+npm test
+```
+
+If you need to run `napi-rs` scaffolder commands you may also need to `npm install -g @napi-rs/cli`.

__test__/index.mjs

@@ -0,0 +1,83 @@
+import { notEqual, ok, strictEqual } from 'assert';
+import { get } from 'https';
+import { Buffer } from 'node:buffer';
+import { loadNativeCerts, certFormat } from '../index.js';
+
+// Promise-ify https.get
+async function pget(params) {
+    return new Promise((resolve, reject) => {
+        const request = get(params, (response) => {
+            if (response.statusCode < 200 || response.statusCode > 399) {
+                reject(new Error('Failed to load page, status code: ' + response.statusCode));
+            }
+            const body = [];
+            response.on('data', (chunk) => body.push(chunk));
+            response.on('end', () => resolve(body.join('')));
+        });
+        request.on('error', (err) => reject(err))
+    })
+}
+
+// HTTPS request should use native certs
+{
+    const ca = loadNativeCerts()
+    notEqual(ca.length, 0)
+
+    await pget({ca, host: "www.npmjs.com", path: "/"})
+
+    ok('request was ok')
+}
+
+// cert_format should format a certificate
+{
+    const input = `-----BEGIN CERTIFICATE-----
+MIIE5jCCAs4CCQD5/huzlZjclTANBgkqhkiG9w0BAQsFADA1MQswCQYDVQQGEwJV
+UzEQMA4GA1UECgwHRXhhbXBsZTEUMBIGA1UEAwwLZXhhbXBsZS5jb20wHhcNMjIw
+NjA3MTAwNjQ3WhcNMjMwNjA3MTAwNjQ3WjA1MQswCQYDVQQGEwJVUzEQMA4GA1UE
+CgwHRXhhbXBsZTEUMBIGA1UEAwwLZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDSDfhg07OTS82Gb+V0jI6hVVQzH1Ncysb4qp3LZSYh
+kHCzZuYbPSFX7UZbYlgn2I2imW1zVsK53wKYgL2Lj/1UMG2pmdkD7DF52aRLlBBV
+P918Xe7M6Tj3c2vy79xiOI50e5KE+IIn5nYIncrndKLeOQBMdv3zb6zO012czQih
+hg7sFEDkRNPnEXzVlsXjptx0l0v4ThHKWHXN4QEWn+jjiivNYgyNDPoSEMxpcKFY
+xnocJQePvftZhauX+sJTtcV/GtHCd+d4p5EIbRqMXDYUfwAQmWm4MG37XQnHOFF6
+51JrnvD/V3IbFcX7VX9Jo6rBuBLTNx9XbN1jYsMHFU06Ns0HGJB36x0nHtK8KB/V
+gqPBT7F/FJrej2DZDDQMHQh5no3zARFQkhV2id45Ha95OesaIkOBvhQ56dpwATdD
+0ExcK/uLz5mVPcESLIdxrlj0V0YWXqjdXV8rwdW3F14EreGNcAD2lzUm1u/3A2Oo
+5Xi3hM6sjuEsGO/JrtQdk6F2+PGMzKw4mZFpSf89G4uGYzmb0eAjdkwqBIt+Bi5O
+wo/lH7476eHQQzwmgqjxpgMqhBj+Uy+weX/g8ecH+ViKsIvTts0C7tL51zg9/w9T
+8JaygKSWnM/Y9YkVDRTwwYGQ55f++40bRxa8npLTw6YpgC4hFJ2FdQSEEhyl4roi
+KwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQDBfFdVKDIGftiK0QPDgUTx03uViu+9
+7lr9OGWxGATgKebKEUvhWZyLdt2F/wxMAwBLHV/KDQNBmkMgUHPbqmQ0B3x49JZv
+paJ6YWG6W9PiiZYmUE6olNLBIA1qXD5dHtpzrJnAW/xAL0tLCzW+zXjmLtUYhJ+y
+sB/CgpwDp0EbRk0zTa6Yd4emb0Ly41SPL4dQoYugbZqAjU5LRlHxjHsh9etMImrX
+LCAhlbcK0PGe7S+UDmMvkL5hM5AjnssQg+06Hmii6Xbns6gfk2wtxim4Q8mVymst
+XLqgrOvQ46HTPydi2uYahzwnkTp9KR20SEnP++S1793oGSI+FR43rL5a/lioNcl8
+aY172JsHtNknRSkOQEGPvqqfutXOki27ArVfJdjzWyQvFTKghxb+5kK+NJ77D7px
+YzVM8olT/mKMqvyO26+kjfpjSUs+KiwGaw14TAPizUes3dx47VBicT+XDr/mMYAy
+gJBH3AFtO0wBlU8d+P3iDslu3FHUnLCQK+5An7N8iZDOjhGLI50XZ+2Wi4My6N5D
+Mi5qSX4AxL8NnIUg20rkAF582W6/jD1xDAefWZKtHWRuYx0iKiisaWZ9ZCFqt/OK
+RgJ6aGUHlpoSEYnBkMNJ/fL5WTu8HJ+l4RmDgpkiR+JfX05/tm5DkJjWVafsjs9e
+0VP1X/7wvBPhEg==
+-----END CERTIFICATE-----`
+
+    const inputWithoutAsciiArmor = input
+        .replace("-----BEGIN CERTIFICATE-----\n", "")
+        .replace("-----END CERTIFICATE-----\n", "")
+    const certBuffer = Buffer.from(inputWithoutAsciiArmor, 'base64')
+    const output = certFormat(certBuffer)
+
+    strictEqual(input.trim(), output.trim())
+}
+
+// cert_format should format an empty certificate
+{
+    const input = Buffer.from([], 'base64')
+
+    const actual = certFormat(input)
+
+    var expected = ""
+    expected += "-----BEGIN CERTIFICATE-----\n"
+    expected += "-----END CERTIFICATE-----\n"
+
+    strictEqual(actual.trim(), expected.trim())
+}

index.d.ts

@@ -0,0 +1,5 @@
+/* tslint:disable */
+/* eslint-disable */
+
+export function loadNativeCerts(): Array<String>
+export function certFormat(buf: Buffer): String