@zetra/citrineos-certificates 1.8.3-fork.1

package/dist/module/installCertificateHelperService.js

@@ -0,0 +1,282 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+import { Certificate, CountryNameEnumType, InstallCertificateAttempt, InstalledCertificate, SignatureAlgorithmEnumType, UploadExistingCertificate, } from '@citrineos/data';
+import { extractCertificateDetails, generateCSR, WebsocketNetworkConnection, } from '@citrineos/util';
+import { OCPP2_0_1 } from '@citrineos/base';
+import { Logger } from 'tslog';
+import fs from 'fs';
+import jsrsasign from 'jsrsasign';
+export var PemType;
+(function (PemType) {
+    PemType["Root"] = "Root";
+    PemType["SubCA"] = "SubCA";
+    PemType["Leaf"] = "Leaf";
+})(PemType || (PemType = {}));
+export class InstallCertificateHelperService {
+    certificateRepository;
+    installedCertificateRepository;
+    installCertificateAttemptRepository;
+    deleteCertificateAttemptRepository;
+    certificateAuthorityService;
+    networkConnection;
+    fileStorage;
+    logger;
+    constructor(certificateRepository, installedCertificateRepository, installCertificateAttemptRepository, deleteCertificateAttemptRepository, certificateAuthorityService, networkConnection, fileStorage, logger) {
+        this.certificateRepository = certificateRepository;
+        this.installedCertificateRepository = installedCertificateRepository;
+        this.installCertificateAttemptRepository = installCertificateAttemptRepository;
+        this.deleteCertificateAttemptRepository = deleteCertificateAttemptRepository;
+        this.certificateAuthorityService = certificateAuthorityService;
+        this.networkConnection = networkConnection;
+        this.fileStorage = fileStorage;
+        this.logger = logger;
+    }
+    async prepareToInstallCertificate(tenantId, stationId, certificate, certificateType) {
+        const hash = this.getCertificateHash(certificate);
+        const existingPendingInstallCertificateAttempt = await this.installCertificateAttemptRepository.readOnlyOneByQuery(tenantId, {
+            where: {
+                stationId: stationId,
+                certificateType: certificateType,
+                status: null,
+            },
+            include: [
+                {
+                    model: Certificate,
+                    where: {
+                        certificateFileHash: hash,
+                    },
+                },
+            ],
+        });
+        if (!existingPendingInstallCertificateAttempt) {
+            const { serialNumber, issuerName, organizationName, commonName, countryName, validBefore, signatureAlgorithm, } = extractCertificateDetails(certificate);
+            let existingCertificate = await this.certificateRepository.readOnlyOneByQuery(tenantId, {
+                where: {
+                    certificateFileHash: hash,
+                },
+            });
+            if (!existingCertificate) {
+                existingCertificate = await this.createNewCertificate(certificate, serialNumber, issuerName, organizationName, commonName, countryName, validBefore, signatureAlgorithm);
+            }
+            const installCertificateAttempt = new InstallCertificateAttempt();
+            installCertificateAttempt.stationId = stationId;
+            installCertificateAttempt.certificateType = certificateType;
+            installCertificateAttempt.certificateId = existingCertificate.id;
+            await installCertificateAttempt.save();
+        }
+    }
+    async finalizeInstalledCertificate(tenantId, stationId, status) {
+        const existingPendingInstallCertificateAttempt = await this.installCertificateAttemptRepository.readOnlyOneByQuery(tenantId, {
+            where: {
+                stationId,
+                status: null,
+            },
+        });
+        // should always be true
+        if (existingPendingInstallCertificateAttempt) {
+            existingPendingInstallCertificateAttempt.status = status;
+            await existingPendingInstallCertificateAttempt.save();
+            if (existingPendingInstallCertificateAttempt.status ===
+                OCPP2_0_1.InstallCertificateStatusEnumType.Accepted) {
+                const existingInstalledCertificate = await this.installedCertificateRepository.readOnlyOneByQuery(tenantId, {
+                    where: {
+                        stationId,
+                        certificateType: existingPendingInstallCertificateAttempt.certificateType,
+                    },
+                });
+                if (existingInstalledCertificate) {
+                    existingInstalledCertificate.certificateId =
+                        existingPendingInstallCertificateAttempt.certificateId;
+                    await existingInstalledCertificate.save();
+                }
+                else {
+                    const certificate = await existingPendingInstallCertificateAttempt.$get('certificate');
+                    if (certificate && certificate.certificateFileId) {
+                        const certificateBuffer = await this.fileStorage.getFile(certificate.certificateFileId);
+                        if (!certificateBuffer) {
+                            this.logger.error('Failed to retrieve certificate file from storage for certificate', certificate);
+                            return;
+                        }
+                        const certificateString = certificateBuffer.toString();
+                        const cert = new jsrsasign.X509();
+                        cert.readCertPEM(certificateString);
+                        const installedCertificate = new InstalledCertificate();
+                        installedCertificate.stationId = stationId;
+                        installedCertificate.certificateId =
+                            existingPendingInstallCertificateAttempt.certificateId;
+                        installedCertificate.certificateType =
+                            existingPendingInstallCertificateAttempt.certificateType;
+                        await installedCertificate.save();
+                    }
+                }
+            }
+        }
+    }
+    async createNewCertificate(certificate, serialNumber, issuerName, organizationName, commonName, countryName, validBefore, signatureAlgorithm) {
+        const certificateHash = this.getCertificateHash(certificate);
+        const newCertificate = new Certificate();
+        newCertificate.serialNumber = serialNumber;
+        newCertificate.issuerName = issuerName;
+        newCertificate.organizationName = organizationName;
+        newCertificate.commonName = commonName;
+        newCertificate.countryName = countryName;
+        newCertificate.validBefore = validBefore?.toISOString();
+        newCertificate.signatureAlgorithm = signatureAlgorithm;
+        newCertificate.certificateFileId = await this.fileStorage.saveFile(`Existing_Cert_${serialNumber}.pem`, Buffer.from(certificate));
+        newCertificate.certificateFileHash = certificateHash;
+        return await newCertificate.save();
+    }
+    async handleUploadExistingCertificate(tenantId, identifier, uploadExistingCertificate, filePath) {
+        this.logger.info(`Uploading existing ${uploadExistingCertificate.certificateType} certificate for charger ${identifier}`);
+        const certificate = uploadExistingCertificate.certificate;
+        const { serialNumber, issuerName, organizationName, commonName, countryName, validBefore, signatureAlgorithm, } = extractCertificateDetails(certificate);
+        let existingInstalledCertificate = await this.installedCertificateRepository.readOnlyOneByQuery(tenantId, {
+            where: {
+                stationId: identifier,
+                certificateType: uploadExistingCertificate.certificateType,
+            },
+        });
+        if (existingInstalledCertificate) {
+            let existingCertificate = await existingInstalledCertificate.$get('certificate');
+            if (existingCertificate && existingCertificate.certificateFileId) {
+                throw new Error('Cannot upload exiting certificate because it already exists');
+            }
+            else if (existingCertificate && !existingCertificate.certificateFileId) {
+                // set file where previously undefined
+                existingCertificate.certificateFileId = await this.fileStorage.saveFile(`Existing_Key_${serialNumber}.pem`, Buffer.from(certificate), filePath);
+                await existingCertificate.save();
+            }
+            else {
+                // check if certificate record exists but not tied to installed certificate
+                existingCertificate = await this.certificateRepository.readOnlyOneByQuery(tenantId, {
+                    where: {
+                        certificateFileHash: this.getCertificateHash(certificate),
+                    },
+                });
+                if (!existingCertificate) {
+                    // create new certificate record
+                    existingCertificate = await this.createNewCertificate(certificate, serialNumber, issuerName, organizationName, commonName, countryName, validBefore, signatureAlgorithm);
+                }
+                existingInstalledCertificate.certificateId = existingCertificate.id;
+                existingInstalledCertificate = await existingInstalledCertificate.save();
+            }
+        }
+        else {
+            // check if certificate record exists
+            let existingCertificate = await this.certificateRepository.readOnlyOneByQuery(tenantId, {
+                where: {
+                    certificateFileHash: this.getCertificateHash(certificate),
+                },
+            });
+            // create new certificate record
+            if (!existingCertificate) {
+                existingCertificate = await this.createNewCertificate(certificate, serialNumber, issuerName, organizationName, commonName, countryName, validBefore, signatureAlgorithm);
+            }
+            existingInstalledCertificate = new InstalledCertificate();
+            existingInstalledCertificate.stationId = identifier;
+            existingInstalledCertificate.certificateId = existingCertificate.id;
+            existingInstalledCertificate.certificateType = uploadExistingCertificate.certificateType;
+            existingInstalledCertificate = await existingInstalledCertificate.save();
+        }
+        return existingInstalledCertificate;
+    }
+    /**
+     * Generates a sub CA certificate signed by a CA server.
+     *
+     * @param {Certificate} certificate - The certificate information used for generating the root certificate.
+     * @return {Promise<[string, string]>} An array containing the signed certificate and the private key.
+     */
+    async generateSubCACertificateSignedByCAServer(certificate) {
+        const [csrPem, privateKeyPem] = generateCSR(certificate);
+        const signedCertificate = await this.certificateAuthorityService.signedSubCaCertificateByExternalCA(csrPem);
+        return [signedCertificate, privateKeyPem];
+    }
+    /**
+     * Store certificate in file storage and db.
+     * @param certificateEntity certificate to be stored in db
+     * @param certPem certificate pem to be stored in file storage
+     * @param keyPem private key pem to be stored in file storage
+     * @param filePrefix prefix for file name to be stored in file storage
+     * @param filePath file path in file storage
+     * @return certificate stored in db
+     */
+    async storeCertificateAndKey(tenantId, certificateEntity, certPem, keyPem, filePrefix, filePath) {
+        const certificateHash = this.getCertificateHash(certPem);
+        // Store certificate and private key in file storage
+        certificateEntity.privateKeyFileId = await this.fileStorage.saveFile(`${filePrefix}_Key_${certificateEntity.serialNumber}.pem`, Buffer.from(keyPem), filePath);
+        certificateEntity.certificateFileId = await this.fileStorage.saveFile(`${filePrefix}_Certificate_${certificateEntity.serialNumber}.pem`, Buffer.from(certPem), filePath);
+        certificateEntity.certificateFileHash = certificateHash;
+        // Store certificate in db
+        const certObj = new jsrsasign.X509();
+        certObj.readCertPEM(certPem);
+        certificateEntity.issuerName = certObj.getIssuerString();
+        certificateEntity.tenantId = tenantId;
+        return await this.certificateRepository.createOrUpdateCertificate(tenantId, certificateEntity);
+    }
+    updateCertificates(serverConfig, serverId, tlsKey, tlsCertificateChain, subCAKey, rootCA) {
+        let rollbackFiles = [];
+        if (serverConfig.tlsKeyFilePath && serverConfig.tlsCertificateChainFilePath) {
+            try {
+                rollbackFiles = this.replaceFile(serverConfig.tlsKeyFilePath, tlsKey, rollbackFiles);
+                rollbackFiles = this.replaceFile(serverConfig.tlsCertificateChainFilePath, tlsCertificateChain, rollbackFiles);
+                if (serverConfig.mtlsCertificateAuthorityKeyFilePath && subCAKey) {
+                    rollbackFiles = this.replaceFile(serverConfig.mtlsCertificateAuthorityKeyFilePath, subCAKey, rollbackFiles);
+                }
+                if (serverConfig.rootCACertificateFilePath && rootCA) {
+                    rollbackFiles = this.replaceFile(serverConfig.rootCACertificateFilePath, rootCA, rollbackFiles);
+                }
+                // Update the security context of the server without restarting it
+                this.networkConnection.updateTlsCertificates(serverId, tlsKey, tlsCertificateChain, rootCA);
+                // Update the map which stores sub CA certs and keys for websocket server securityProfile 3.
+                // This map is used when signing charging station certificates for use case A02 in OCPP 2.0.1 Part 2.
+                if (serverConfig.securityProfile === 3 && subCAKey) {
+                    this.certificateAuthorityService.updateSecurityCertChainKeyMap(serverId, tlsCertificateChain, subCAKey);
+                }
+                this.logger.info(`Updated TLS certificate for server ${serverId} successfully.`);
+            }
+            catch (error) {
+                this.logger.error(`Failed to update certificate for server ${serverId}: `, error);
+                this.logger.info('Performing rollback...');
+                for (const { oldFilePath, newFilePath } of rollbackFiles) {
+                    fs.renameSync(newFilePath, oldFilePath);
+                    this.logger.info(`Rolled back ${newFilePath} to ${oldFilePath}`);
+                }
+                throw error;
+            }
+        }
+    }
+    replaceFile(targetFilePath, newContent, rollbackFiles) {
+        // Back up old file
+        fs.renameSync(targetFilePath, targetFilePath.concat('.backup'));
+        rollbackFiles.push({
+            oldFilePath: targetFilePath,
+            newFilePath: targetFilePath.concat('.backup'),
+        });
+        // Write new content using target path
+        fs.writeFileSync(targetFilePath, newContent);
+        this.logger.debug(`Backed up and overwrote file ${targetFilePath}`);
+        return rollbackFiles;
+    }
+    /**
+     * Generate a hash (fingerprint) from a certificate PEM string.
+     * @param pemString The certificate PEM string.
+     * @returns A SHA-256 hash of the certificate's DER encoding.
+     */
+    getCertificateHash(pemString) {
+        try {
+            const cert = new jsrsasign.X509();
+            cert.readCertPEM(pemString);
+            // Get the raw DER encoding of the certificate
+            const derHex = cert.hex;
+            // Compute SHA-256 hash
+            const hash = jsrsasign.KJUR.crypto.Util.sha256(derHex);
+            return hash;
+        }
+        catch (error) {
+            console.error('Error generating certificate hash:', error);
+            throw new Error('Invalid PEM format or unsupported certificate');
+        }
+    }
+}
+//# sourceMappingURL=installCertificateHelperService.js.map

package/dist/module/installCertificateHelperService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"installCertificateHelperService.js","sourceRoot":"","sources":["../../src/module/installCertificateHelperService.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AACtC,OAAO,EACL,WAAW,EACX,mBAAmB,EAKnB,yBAAyB,EACzB,oBAAoB,EACpB,0BAA0B,EAC1B,yBAAyB,GAC1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAEL,yBAAyB,EACzB,WAAW,EACX,0BAA0B,GAC3B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAqB,SAAS,EAA8B,MAAM,iBAAiB,CAAC;AAC3F,OAAO,EAAgB,MAAM,EAAE,MAAM,OAAO,CAAC;AAC7C,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,SAAS,MAAM,WAAW,CAAC;AAElC,MAAM,CAAN,IAAkB,OAIjB;AAJD,WAAkB,OAAO;IACvB,wBAAa,CAAA;IACb,0BAAe,CAAA;IACf,wBAAa,CAAA;AACf,CAAC,EAJiB,OAAO,KAAP,OAAO,QAIxB;AAOD,MAAM,OAAO,+BAA+B;IAChC,qBAAqB,CAAyB;IAC9C,8BAA8B,CAAkC;IAChE,mCAAmC,CAAuC;IAC1E,kCAAkC,CAAsC;IACxE,2BAA2B,CAA8B;IACzD,iBAAiB,CAA6B;IAC9C,WAAW,CAAe;IAC1B,MAAM,CAAkB;IAElC,YACE,qBAA6C,EAC7C,8BAA+D,EAC/D,mCAAyE,EACzE,kCAAuE,EACvE,2BAAwD,EACxD,iBAA6C,EAC7C,WAAyB,EACzB,MAAuB;QAEvB,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAC;QACnD,IAAI,CAAC,8BAA8B,GAAG,8BAA8B,CAAC;QACrE,IAAI,CAAC,mCAAmC,GAAG,mCAAmC,CAAC;QAC/E,IAAI,CAAC,kCAAkC,GAAG,kCAAkC,CAAC;QAC7E,IAAI,CAAC,2BAA2B,GAAG,2BAA2B,CAAC;QAC/D,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,2BAA2B,CAC/B,QAAgB,EAChB,SAAiB,EACjB,WAAmB,EACnB,eAAwD;QAExD,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAClD,MAAM,wCAAwC,GAC5C,MAAM,IAAI,CAAC,mCAAmC,CAAC,kBAAkB,CAAC,QAAQ,EAAE;YAC1E,KAAK,EAAE;gBACL,SAAS,EAAE,SAAS;gBACpB,eAAe,EAAE,eAAe;gBAChC,MAAM,EAAE,IAAI;aACb;YACD,OAAO,EAAE;gBACP;oBACE,KAAK,EAAE,WAAW;oBAClB,KAAK,EAAE;wBACL,mBAAmB,EAAE,IAAI;qBAC1B;iBACF;aACF;SACF,CAAC,CAAC;QACL,IAAI,CAAC,wCAAwC,EAAE,CAAC;YAC9C,MAAM,EACJ,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,UAAU,EACV,WAAW,EACX,WAAW,EACX,kBAAkB,GACnB,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,mBAAmB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,QAAQ,EAAE;gBACtF,KAAK,EAAE;oBACL,mBAAmB,EAAE,IAAI;iBAC1B;aACF,CAAC,CAAC;YACH,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,mBAAmB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACnD,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,UAAU,EACV,WAAW,EACX,WAAW,EACX,kBAAkB,CACnB,CAAC;YACJ,CAAC;YACD,MAAM,yBAAyB,GAAG,IAAI,yBAAyB,EAAE,CAAC;YAClE,yBAAyB,CAAC,SAAS,GAAG,SAAS,CAAC;YAChD,yBAAyB,CAAC,eAAe,GAAG,eAAe,CAAC;YAC5D,yBAAyB,CAAC,aAAa,GAAG,mBAAoB,CAAC,EAAE,CAAC;YAClE,MAAM,yBAAyB,CAAC,IAAI,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,4BAA4B,CAChC,QAAgB,EAChB,SAAiB,EACjB,MAAkD;QAElD,MAAM,wCAAwC,GAC5C,MAAM,IAAI,CAAC,mCAAmC,CAAC,kBAAkB,CAAC,QAAQ,EAAE;YAC1E,KAAK,EAAE;gBACL,SAAS;gBACT,MAAM,EAAE,IAAI;aACb;SACF,CAAC,CAAC;QACL,wBAAwB;QACxB,IAAI,wCAAwC,EAAE,CAAC;YAC7C,wCAAwC,CAAC,MAAM,GAAG,MAAM,CAAC;YACzD,MAAM,wCAAwC,CAAC,IAAI,EAAE,CAAC;YACtD,IACE,wCAAwC,CAAC,MAAM;gBAC/C,SAAS,CAAC,gCAAgC,CAAC,QAAQ,EACnD,CAAC;gBACD,MAAM,4BAA4B,GAChC,MAAM,IAAI,CAAC,8BAA8B,CAAC,kBAAkB,CAAC,QAAQ,EAAE;oBACrE,KAAK,EAAE;wBACL,SAAS;wBACT,eAAe,EAAE,wCAAwC,CAAC,eAAe;qBAC1E;iBACF,CAAC,CAAC;gBACL,IAAI,4BAA4B,EAAE,CAAC;oBACjC,4BAA4B,CAAC,aAAa;wBACxC,wCAAwC,CAAC,aAAa,CAAC;oBACzD,MAAM,4BAA4B,CAAC,IAAI,EAAE,CAAC;gBAC5C,CAAC;qBAAM,CAAC;oBACN,MAAM,WAAW,GAAG,MAAM,wCAAwC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBACvF,IAAI,WAAW,IAAI,WAAW,CAAC,iBAAiB,EAAE,CAAC;wBACjD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;wBACxF,IAAI,CAAC,iBAAiB,EAAE,CAAC;4BACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,kEAAkE,EAClE,WAAW,CACZ,CAAC;4BACF,OAAO;wBACT,CAAC;wBACD,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,QAAQ,EAAE,CAAC;wBACvD,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;wBAClC,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;wBACpC,MAAM,oBAAoB,GAAG,IAAI,oBAAoB,EAAE,CAAC;wBACxD,oBAAoB,CAAC,SAAS,GAAG,SAAS,CAAC;wBAC3C,oBAAoB,CAAC,aAAa;4BAChC,wCAAwC,CAAC,aAAa,CAAC;wBACzD,oBAAoB,CAAC,eAAe;4BAClC,wCAAwC,CAAC,eAAe,CAAC;wBAC3D,MAAM,oBAAoB,CAAC,IAAI,EAAE,CAAC;oBACpC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,WAAmB,EACnB,YAA2B,EAC3B,UAAyB,EACzB,gBAA+B,EAC/B,UAAyB,EACzB,WAAuC,EACvC,WAAwB,EACxB,kBAAqD;QAErD,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;QAC7D,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC;QACzC,cAAc,CAAC,YAAY,GAAG,YAAa,CAAC;QAC5C,cAAc,CAAC,UAAU,GAAG,UAAW,CAAC;QACxC,cAAc,CAAC,gBAAgB,GAAG,gBAAiB,CAAC;QACpD,cAAc,CAAC,UAAU,GAAG,UAAW,CAAC;QACxC,cAAc,CAAC,WAAW,GAAG,WAAY,CAAC;QAC1C,cAAc,CAAC,WAAW,GAAG,WAAW,EAAE,WAAW,EAAE,CAAC;QACxD,cAAc,CAAC,kBAAkB,GAAG,kBAAmB,CAAC;QACxD,cAAc,CAAC,iBAAiB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAChE,iBAAiB,YAAY,MAAM,EACnC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CACzB,CAAC;QACF,cAAc,CAAC,mBAAmB,GAAG,eAAe,CAAC;QACrD,OAAO,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,+BAA+B,CACnC,QAAgB,EAChB,UAAkB,EAClB,yBAAoD,EACpD,QAAiB;QAEjB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sBAAsB,yBAAyB,CAAC,eAAe,4BAA4B,UAAU,EAAE,CACxG,CAAC;QACF,MAAM,WAAW,GAAG,yBAAyB,CAAC,WAAW,CAAC;QAC1D,MAAM,EACJ,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,UAAU,EACV,WAAW,EACX,WAAW,EACX,kBAAkB,GACnB,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;QAE3C,IAAI,4BAA4B,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAAC,kBAAkB,CAC7F,QAAQ,EACR;YACE,KAAK,EAAE;gBACL,SAAS,EAAE,UAAU;gBACrB,eAAe,EAAE,yBAAyB,CAAC,eAAe;aAC3D;SACF,CACF,CAAC;QAEF,IAAI,4BAA4B,EAAE,CAAC;YACjC,IAAI,mBAAmB,GACrB,MAAM,4BAA4B,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACzD,IAAI,mBAAmB,IAAI,mBAAmB,CAAC,iBAAiB,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;YACjF,CAAC;iBAAM,IAAI,mBAAmB,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC;gBACzE,sCAAsC;gBACtC,mBAAmB,CAAC,iBAAiB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CACrE,gBAAgB,YAAY,MAAM,EAClC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EACxB,QAAQ,CACT,CAAC;gBACF,MAAM,mBAAmB,CAAC,IAAI,EAAE,CAAC;YACnC,CAAC;iBAAM,CAAC;gBACN,2EAA2E;gBAC3E,mBAAmB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,QAAQ,EAAE;oBAClF,KAAK,EAAE;wBACL,mBAAmB,EAAE,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC;qBAC1D;iBACF,CAAC,CAAC;gBACH,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBACzB,gCAAgC;oBAChC,mBAAmB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACnD,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,UAAU,EACV,WAAW,EACX,WAAW,EACX,kBAAkB,CACnB,CAAC;gBACJ,CAAC;gBACD,4BAA4B,CAAC,aAAa,GAAG,mBAAmB,CAAC,EAAE,CAAC;gBACpE,4BAA4B,GAAG,MAAM,4BAA4B,CAAC,IAAI,EAAE,CAAC;YAC3E,CAAC;QACH,CAAC;aAAM,CAAC;YACN,qCAAqC;YACrC,IAAI,mBAAmB,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,QAAQ,EAAE;gBACtF,KAAK,EAAE;oBACL,mBAAmB,EAAE,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC;iBAC1D;aACF,CAAC,CAAC;YACH,gCAAgC;YAChC,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,mBAAmB,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACnD,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,UAAU,EACV,WAAW,EACX,WAAW,EACX,kBAAkB,CACnB,CAAC;YACJ,CAAC;YACD,4BAA4B,GAAG,IAAI,oBAAoB,EAAE,CAAC;YAC1D,4BAA4B,CAAC,SAAS,GAAG,UAAU,CAAC;YACpD,4BAA4B,CAAC,aAAa,GAAG,mBAAmB,CAAC,EAAE,CAAC;YACpE,4BAA4B,CAAC,eAAe,GAAG,yBAAyB,CAAC,eAAe,CAAC;YACzF,4BAA4B,GAAG,MAAM,4BAA4B,CAAC,IAAI,EAAE,CAAC;QAC3E,CAAC;QACD,OAAO,4BAA4B,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,wCAAwC,CAC5C,WAAwB;QAExB,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACzD,MAAM,iBAAiB,GACrB,MAAM,IAAI,CAAC,2BAA2B,CAAC,kCAAkC,CAAC,MAAM,CAAC,CAAC;QACpF,OAAO,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,sBAAsB,CAC1B,QAAgB,EAChB,iBAA8B,EAC9B,OAAe,EACf,MAAc,EACd,UAAmB,EACnB,QAAiB;QAEjB,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACzD,oDAAoD;QACpD,iBAAiB,CAAC,gBAAgB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAClE,GAAG,UAAU,QAAQ,iBAAiB,CAAC,YAAY,MAAM,EACzD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EACnB,QAAQ,CACT,CAAC;QACF,iBAAiB,CAAC,iBAAiB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CACnE,GAAG,UAAU,gBAAgB,iBAAiB,CAAC,YAAY,MAAM,EACjE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EACpB,QAAQ,CACT,CAAC;QACF,iBAAiB,CAAC,mBAAmB,GAAG,eAAe,CAAC;QACxD,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC7B,iBAAiB,CAAC,UAAU,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;QACzD,iBAAiB,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACtC,OAAO,MAAM,IAAI,CAAC,qBAAqB,CAAC,yBAAyB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACjG,CAAC;IAED,kBAAkB,CAChB,YAAmC,EACnC,QAAgB,EAChB,MAAc,EACd,mBAA2B,EAC3B,QAAiB,EACjB,MAAe;QAEf,IAAI,aAAa,GAAmB,EAAE,CAAC;QAEvC,IAAI,YAAY,CAAC,cAAc,IAAI,YAAY,CAAC,2BAA2B,EAAE,CAAC;YAC5E,IAAI,CAAC;gBACH,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,cAAc,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;gBACrF,aAAa,GAAG,IAAI,CAAC,WAAW,CAC9B,YAAY,CAAC,2BAA2B,EACxC,mBAAmB,EACnB,aAAa,CACd,CAAC;gBACF,IAAI,YAAY,CAAC,mCAAmC,IAAI,QAAQ,EAAE,CAAC;oBACjE,aAAa,GAAG,IAAI,CAAC,WAAW,CAC9B,YAAY,CAAC,mCAAmC,EAChD,QAAQ,EACR,aAAa,CACd,CAAC;gBACJ,CAAC;gBACD,IAAI,YAAY,CAAC,yBAAyB,IAAI,MAAM,EAAE,CAAC;oBACrD,aAAa,GAAG,IAAI,CAAC,WAAW,CAC9B,YAAY,CAAC,yBAAyB,EACtC,MAAM,EACN,aAAa,CACd,CAAC;gBACJ,CAAC;gBAED,kEAAkE;gBAClE,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,mBAAmB,EAAE,MAAM,CAAC,CAAC;gBAE5F,4FAA4F;gBAC5F,qGAAqG;gBACrG,IAAI,YAAY,CAAC,eAAe,KAAK,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACnD,IAAI,CAAC,2BAA2B,CAAC,6BAA6B,CAC5D,QAAQ,EACR,mBAAmB,EACnB,QAAQ,CACT,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,QAAQ,gBAAgB,CAAC,CAAC;YACnF,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,QAAQ,IAAI,EAAE,KAAK,CAAC,CAAC;gBAElF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;gBAC3C,KAAK,MAAM,EAAE,WAAW,EAAE,WAAW,EAAE,IAAI,aAAa,EAAE,CAAC;oBACzD,EAAE,CAAC,UAAU,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;oBACxC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,WAAW,OAAO,WAAW,EAAE,CAAC,CAAC;gBACnE,CAAC;gBAED,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CACjB,cAAsB,EACtB,UAAkB,EAClB,aAA6B;QAE7B,mBAAmB;QACnB,EAAE,CAAC,UAAU,CAAC,cAAc,EAAE,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAChE,aAAa,CAAC,IAAI,CAAC;YACjB,WAAW,EAAE,cAAc;YAC3B,WAAW,EAAE,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC;SAC9C,CAAC,CAAC;QACH,sCAAsC;QACtC,EAAE,CAAC,aAAa,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,cAAc,EAAE,CAAC,CAAC;QACpE,OAAO,aAAa,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,kBAAkB,CAAC,SAAiB;QAClC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YAE5B,8CAA8C;YAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC;YAExB,uBAAuB;YACvB,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAEvD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;CACF"}

package/dist/module/interface.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Interface for the authorization module.
+ */
+export interface ICertificatesModuleApi {
+}

package/dist/module/interface.js

@@ -0,0 +1,5 @@
+// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
+//
+// SPDX-License-Identifier: Apache-2.0
+export {};
+//# sourceMappingURL=interface.js.map

package/dist/module/interface.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"interface.js","sourceRoot":"","sources":["../../src/module/interface.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC"}

package/dist/module/module.d.ts

@@ -0,0 +1,93 @@
+import { AbstractModule, type BootstrapConfig, type CallAction, type HandlerProperties, type ICache, type IFileStorage, type IMessage, type IMessageHandler, type IMessageSender, OCPP2_0_1, OCPPValidator, type SystemConfig } from '@citrineos/base';
+import type { ICertificateRepository, IDeleteCertificateAttemptRepository, IDeviceModelRepository, IInstallCertificateAttemptRepository, IInstalledCertificateRepository, IOCPPMessageRepository } from '@citrineos/data';
+import { CertificateAuthorityService, WebsocketNetworkConnection } from '@citrineos/util';
+import { InstallCertificateHelperService } from './installCertificateHelperService.js';
+import type { ILogObj } from 'tslog';
+import { Logger } from 'tslog';
+/**
+ * Component that handles provisioning related messages.
+ */
+export declare class CertificatesModule extends AbstractModule {
+    /**
+     * Fields
+     */
+    _requests: CallAction[];
+    _responses: CallAction[];
+    protected _deviceModelRepository: IDeviceModelRepository;
+    protected _certificateRepository: ICertificateRepository;
+    protected _installedCertificateRepository: IInstalledCertificateRepository;
+    protected _installCertificateAttemptRepository: IInstallCertificateAttemptRepository;
+    protected _deleteCertificateAttemptRepository: IDeleteCertificateAttemptRepository;
+    protected _ocppMessageRepository: IOCPPMessageRepository;
+    protected _certificateAuthorityService: CertificateAuthorityService;
+    protected _fileStorage: IFileStorage;
+    protected _installCertificateHelperService: InstallCertificateHelperService;
+    /**
+     * Constructor
+     */
+    /**
+     * This is the constructor function that initializes the {@link CertificatesModule}.
+     *
+     * @param {BootstrapConfig & SystemConfig} config - The `config` contains configuration settings for the module.
+     *
+     * @param {ICache} [cache] - The cache instance which is shared among the modules & Central System to pass information such as blacklisted actions or boot status.
+     *
+     * @param {IMessageSender} [sender] - The `sender` parameter is an optional parameter that represents an instance of the {@link IMessageSender} interface.
+     * It is used to send messages from the central system to external systems or devices. If no `sender` is provided, a default {@link RabbitMqSender} instance is created and used.
+     *
+     * @param {IMessageHandler} [handler] - The `handler` parameter is an optional parameter that represents an instance of the {@link IMessageHandler} interface.
+     * It is used to handle incoming messages and dispatch them to the appropriate methods or functions. If no `handler` is provided, a default {@link RabbitMqReceiver} instance is created and used.
+     *
+     * @param {IFileStorage} [fileStorage]  - file storage for persisting certs
+     *
+     * @param {WebsocketNetworkConnection} [networkConnection] - network connection
+     *
+     * @param {Logger<ILogObj>} [logger] - The `logger` parameter is an optional parameter that represents an instance of {@link Logger<ILogObj>}.
+     * It is used to propagate system wide logger settings and will serve as the parent logger for any sub-component logging. If no `logger` is provided, a default {@link Logger<ILogObj>} instance is created and used.
+     *
+     * @param {IDeviceModelRepository} [deviceModelRepository] - An optional parameter of type {@link IDeviceModelRepository} which represents a repository for accessing and manipulating variable data.
+     * If no `deviceModelRepository` is provided, a default {@link sequelize.deviceModelRepository} instance is created and used.
+     *
+     * @param {ICertificateRepository} [certificateRepository] - An optional parameter of type {@link ICertificateRepository} which
+     * represents a repository for accessing and manipulating variable data.
+     * If no `deviceModelRepository` is provided, a default {@link sequelize.certificateRepository} instance is created and used.
+     *
+     * @param {IInstalledCertificateRepository} [installedCertificateRepository] - An optional parameter of type {@link IInstalledCertificateRepository} which
+     * represents a repository for accessing and manipulating installed certificate data.
+     * If no `installedCertificateRepository` is provided, a default {@link sequelize.InstalledCertificateRepository} instance is created and used.
+     *
+     * @param {IInstallCertificateAttemptRepository} [installCertificateAttemptRepository] - An optional parameter of type {@link IInstallCertificateAttemptRepository} which
+     * represents a repository for accessing and manipulating installed certificate attempt data.
+     * If no `installCertificateAttemptRepository` is provided, a default {@link sequelize.InstallCertificateAttemptRepository} instance is created and used.
+     *
+     * @param {IDeleteCertificateAttemptRepository} [deleteCertificateAttemptRepository] - An optional parameter of type {@link IDeleteCertificateAttemptRepository} which
+     * represents a repository for accessing and manipulating deleted certificate attempt data.
+     * If no `deleteCertificateAttemptRepository` is provided, a default {@link sequelize.DeleteCertificateAttemptRepository} instance is created and used.
+     *
+     * @param {IOCPPMessageRepository} [ocppMessageRepository] - repository to check ocpp messages
+     *
+     * @param {CertificateAuthorityService} [certificateAuthorityService] - An optional parameter of type {@link CertificateAuthorityService} which handles certificate authority operations.
+     *
+     * @param {InstallCertificateHelperService} [installCertificateHelperService] - helper service for installing certificates
+     */
+    constructor(config: BootstrapConfig & SystemConfig, cache: ICache, sender: IMessageSender, handler: IMessageHandler, fileStorage: IFileStorage, networkConnection: WebsocketNetworkConnection, logger?: Logger<ILogObj>, ocppValidator?: OCPPValidator, deviceModelRepository?: IDeviceModelRepository, certificateRepository?: ICertificateRepository, installedCertificateRepository?: IInstalledCertificateRepository, installCertificateAttemptRepository?: IInstallCertificateAttemptRepository, deleteCertificateAttemptRepository?: IDeleteCertificateAttemptRepository, ocppMessageRepository?: IOCPPMessageRepository, certificateAuthorityService?: CertificateAuthorityService, installCertificateHelperService?: InstallCertificateHelperService);
+    get certificateAuthorityService(): CertificateAuthorityService;
+    get certificateRepository(): ICertificateRepository;
+    get installedCertificateRepository(): IInstalledCertificateRepository;
+    get deleteCertificateAttemptRepository(): IDeleteCertificateAttemptRepository;
+    get installCertificateHelperService(): InstallCertificateHelperService;
+    /**
+     * Handle requests
+     */
+    protected _handleGet15118EVCertificate(message: IMessage<OCPP2_0_1.Get15118EVCertificateRequest>, props?: HandlerProperties): Promise<void>;
+    protected _handleGetCertificateStatus(message: IMessage<OCPP2_0_1.GetCertificateStatusRequest>, props?: HandlerProperties): Promise<void>;
+    protected _handleSignCertificate(message: IMessage<OCPP2_0_1.SignCertificateRequest>, props?: HandlerProperties): Promise<void>;
+    /**
+     * Handle responses
+     */
+    protected _handleCertificateSigned(message: IMessage<OCPP2_0_1.CertificateSignedResponse>, props?: HandlerProperties): Promise<void>;
+    protected _handleDeleteCertificate(message: IMessage<OCPP2_0_1.DeleteCertificateResponse>, props?: HandlerProperties): Promise<void>;
+    protected _handleGetInstalledCertificateIds(message: IMessage<OCPP2_0_1.GetInstalledCertificateIdsResponse>, props?: HandlerProperties): Promise<void>;
+    protected _handleInstallCertificate(message: IMessage<OCPP2_0_1.InstallCertificateResponse>, props?: HandlerProperties): Promise<void>;
+    private _verifySignCertRequest;
+}