@zetra/citrineos-util 1.8.3-fork.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authorization/ApiAuthPlugin.d.ts +52 -0
- package/dist/authorization/ApiAuthPlugin.js +122 -0
- package/dist/authorization/ApiAuthPlugin.js.map +1 -0
- package/dist/authorization/OidcTokenProvider.d.ts +15 -0
- package/dist/authorization/OidcTokenProvider.js +47 -0
- package/dist/authorization/OidcTokenProvider.js.map +1 -0
- package/dist/authorization/index.d.ts +4 -0
- package/dist/authorization/index.js +8 -0
- package/dist/authorization/index.js.map +1 -0
- package/dist/authorization/provider/LocalByPassAuthProvider.d.ts +34 -0
- package/dist/authorization/provider/LocalByPassAuthProvider.js +62 -0
- package/dist/authorization/provider/LocalByPassAuthProvider.js.map +1 -0
- package/dist/authorization/provider/OIDCAuthProvider.d.ts +62 -0
- package/dist/authorization/provider/OIDCAuthProvider.js +173 -0
- package/dist/authorization/provider/OIDCAuthProvider.js.map +1 -0
- package/dist/authorization/rbac/RbacRulesLoader.d.ts +32 -0
- package/dist/authorization/rbac/RbacRulesLoader.js +105 -0
- package/dist/authorization/rbac/RbacRulesLoader.js.map +1 -0
- package/dist/authorization/rbac/UrlMatcher.d.ts +14 -0
- package/dist/authorization/rbac/UrlMatcher.js +44 -0
- package/dist/authorization/rbac/UrlMatcher.js.map +1 -0
- package/dist/authorizer/RealTimeAuthorizer.d.ts +28 -0
- package/dist/authorizer/RealTimeAuthorizer.js +152 -0
- package/dist/authorizer/RealTimeAuthorizer.js.map +1 -0
- package/dist/authorizer/index.d.ts +1 -0
- package/dist/authorizer/index.js +5 -0
- package/dist/authorizer/index.js.map +1 -0
- package/dist/cache/memory.d.ts +19 -0
- package/dist/cache/memory.js +147 -0
- package/dist/cache/memory.js.map +1 -0
- package/dist/cache/redis.d.ts +16 -0
- package/dist/cache/redis.js +120 -0
- package/dist/cache/redis.js.map +1 -0
- package/dist/certificate/CertificateAuthority.d.ts +38 -0
- package/dist/certificate/CertificateAuthority.js +233 -0
- package/dist/certificate/CertificateAuthority.js.map +1 -0
- package/dist/certificate/CertificateUtil.d.ts +60 -0
- package/dist/certificate/CertificateUtil.js +317 -0
- package/dist/certificate/CertificateUtil.js.map +1 -0
- package/dist/certificate/client/acme.d.ts +37 -0
- package/dist/certificate/client/acme.js +138 -0
- package/dist/certificate/client/acme.js.map +1 -0
- package/dist/certificate/client/hubject.d.ts +41 -0
- package/dist/certificate/client/hubject.js +221 -0
- package/dist/certificate/client/hubject.js.map +1 -0
- package/dist/certificate/client/interface.d.ts +12 -0
- package/dist/certificate/client/interface.js +5 -0
- package/dist/certificate/client/interface.js.map +1 -0
- package/dist/certificate/index.d.ts +2 -0
- package/dist/certificate/index.js +6 -0
- package/dist/certificate/index.js.map +1 -0
- package/dist/files/ftpServer.d.ts +4 -0
- package/dist/files/ftpServer.js +9 -0
- package/dist/files/ftpServer.js.map +1 -0
- package/dist/files/gcpCloudStorage.d.ts +39 -0
- package/dist/files/gcpCloudStorage.js +130 -0
- package/dist/files/gcpCloudStorage.js.map +1 -0
- package/dist/files/localStorage.d.ts +14 -0
- package/dist/files/localStorage.js +57 -0
- package/dist/files/localStorage.js.map +1 -0
- package/dist/files/s3Storage.d.ts +17 -0
- package/dist/files/s3Storage.js +118 -0
- package/dist/files/s3Storage.js.map +1 -0
- package/dist/index.d.ts +21 -0
- package/dist/index.js +25 -0
- package/dist/index.js.map +1 -0
- package/dist/networkconnection/WebsocketNetworkConnection.d.ts +135 -0
- package/dist/networkconnection/WebsocketNetworkConnection.js +474 -0
- package/dist/networkconnection/WebsocketNetworkConnection.js.map +1 -0
- package/dist/networkconnection/authenticator/Authenticator.d.ts +20 -0
- package/dist/networkconnection/authenticator/Authenticator.js +39 -0
- package/dist/networkconnection/authenticator/Authenticator.js.map +1 -0
- package/dist/networkconnection/authenticator/AuthenticatorFilter.d.ts +11 -0
- package/dist/networkconnection/authenticator/AuthenticatorFilter.js +30 -0
- package/dist/networkconnection/authenticator/AuthenticatorFilter.js.map +1 -0
- package/dist/networkconnection/authenticator/BasicAuthenticationFilter.d.ts +17 -0
- package/dist/networkconnection/authenticator/BasicAuthenticationFilter.js +51 -0
- package/dist/networkconnection/authenticator/BasicAuthenticationFilter.js.map +1 -0
- package/dist/networkconnection/authenticator/ConnectedStationFilter.d.ts +14 -0
- package/dist/networkconnection/authenticator/ConnectedStationFilter.js +25 -0
- package/dist/networkconnection/authenticator/ConnectedStationFilter.js.map +1 -0
- package/dist/networkconnection/authenticator/NetworkProfileFilter.d.ts +16 -0
- package/dist/networkconnection/authenticator/NetworkProfileFilter.js +84 -0
- package/dist/networkconnection/authenticator/NetworkProfileFilter.js.map +1 -0
- package/dist/networkconnection/authenticator/UnknownStationFilter.d.ts +16 -0
- package/dist/networkconnection/authenticator/UnknownStationFilter.js +25 -0
- package/dist/networkconnection/authenticator/UnknownStationFilter.js.map +1 -0
- package/dist/networkconnection/authenticator/errors/AuthenticationError.d.ts +6 -0
- package/dist/networkconnection/authenticator/errors/AuthenticationError.js +25 -0
- package/dist/networkconnection/authenticator/errors/AuthenticationError.js.map +1 -0
- package/dist/networkconnection/authenticator/errors/IUpgradeError.d.ts +9 -0
- package/dist/networkconnection/authenticator/errors/IUpgradeError.js +5 -0
- package/dist/networkconnection/authenticator/errors/IUpgradeError.js.map +1 -0
- package/dist/networkconnection/authenticator/errors/UnknownError.d.ts +6 -0
- package/dist/networkconnection/authenticator/errors/UnknownError.js +24 -0
- package/dist/networkconnection/authenticator/errors/UnknownError.js.map +1 -0
- package/dist/networkconnection/index.d.ts +5 -0
- package/dist/networkconnection/index.js +9 -0
- package/dist/networkconnection/index.js.map +1 -0
- package/dist/queue/index.d.ts +4 -0
- package/dist/queue/index.js +8 -0
- package/dist/queue/index.js.map +1 -0
- package/dist/queue/kafka/receiver.d.ts +35 -0
- package/dist/queue/kafka/receiver.js +179 -0
- package/dist/queue/kafka/receiver.js.map +1 -0
- package/dist/queue/kafka/sender.d.ts +53 -0
- package/dist/queue/kafka/sender.js +189 -0
- package/dist/queue/kafka/sender.js.map +1 -0
- package/dist/queue/rabbit-mq/receiver.d.ts +89 -0
- package/dist/queue/rabbit-mq/receiver.js +472 -0
- package/dist/queue/rabbit-mq/receiver.js.map +1 -0
- package/dist/queue/rabbit-mq/sender.d.ts +90 -0
- package/dist/queue/rabbit-mq/sender.js +251 -0
- package/dist/queue/rabbit-mq/sender.js.map +1 -0
- package/dist/security/SignedMeterValuesUtil.d.ts +44 -0
- package/dist/security/SignedMeterValuesUtil.js +135 -0
- package/dist/security/SignedMeterValuesUtil.js.map +1 -0
- package/dist/security/authentication.d.ts +2 -0
- package/dist/security/authentication.js +26 -0
- package/dist/security/authentication.js.map +1 -0
- package/dist/util/RequestOperations.d.ts +14 -0
- package/dist/util/RequestOperations.js +25 -0
- package/dist/util/RequestOperations.js.map +1 -0
- package/dist/util/StringOperations.d.ts +1 -0
- package/dist/util/StringOperations.js +8 -0
- package/dist/util/StringOperations.js.map +1 -0
- package/dist/util/emaidCheckDigitCalculator.d.ts +15 -0
- package/dist/util/emaidCheckDigitCalculator.js +179 -0
- package/dist/util/emaidCheckDigitCalculator.js.map +1 -0
- package/dist/util/idGenerator.d.ts +7 -0
- package/dist/util/idGenerator.js +10 -0
- package/dist/util/idGenerator.js.map +1 -0
- package/dist/util/parser.d.ts +31 -0
- package/dist/util/parser.js +60 -0
- package/dist/util/parser.js.map +1 -0
- package/dist/util/swagger.d.ts +5 -0
- package/dist/util/swagger.js +154 -0
- package/dist/util/swagger.js.map +1 -0
- package/dist/util/validator.d.ts +110 -0
- package/dist/util/validator.js +534 -0
- package/dist/util/validator.js.map +1 -0
- package/package.json +46 -0
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
// SPDX-FileCopyrightText: 2025 Contributors to the CitrineOS Project
|
|
2
|
+
//
|
|
3
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
4
|
+
import { plainToInstance } from 'class-transformer';
|
|
5
|
+
import { createClient } from 'redis';
|
|
6
|
+
/**
|
|
7
|
+
* Implementation of cache interface with redis storage
|
|
8
|
+
*/
|
|
9
|
+
export class RedisCache {
|
|
10
|
+
_client;
|
|
11
|
+
constructor(clientOptions) {
|
|
12
|
+
this._client = clientOptions ? createClient(clientOptions) : createClient();
|
|
13
|
+
this._client.on('connect', () => console.log('Redis client connected'));
|
|
14
|
+
this._client.on('ready', () => console.log('Redis client ready to use'));
|
|
15
|
+
this._client.on('error', (err) => console.error('Redis error', err));
|
|
16
|
+
this._client.on('end', () => console.log('Redis client disconnected'));
|
|
17
|
+
this._client
|
|
18
|
+
.connect()
|
|
19
|
+
.then()
|
|
20
|
+
.catch((error) => {
|
|
21
|
+
console.log('Error connecting to Redis', error);
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
exists(key, namespace) {
|
|
25
|
+
namespace = namespace || 'default';
|
|
26
|
+
key = `${namespace}:${key}`;
|
|
27
|
+
return this._client.exists(key).then((result) => result === 1);
|
|
28
|
+
}
|
|
29
|
+
remove(key, namespace) {
|
|
30
|
+
namespace = namespace || 'default';
|
|
31
|
+
key = `${namespace}:${key}`;
|
|
32
|
+
return this._client.del(key).then((result) => result === 1);
|
|
33
|
+
}
|
|
34
|
+
onChange(key, waitSeconds, namespace, classConstructor) {
|
|
35
|
+
namespace = namespace || 'default';
|
|
36
|
+
key = `${namespace}:${key}`;
|
|
37
|
+
return new Promise((resolve) => {
|
|
38
|
+
// Create a Redis subscriber to listen for operations affecting the key
|
|
39
|
+
const subscriber = createClient();
|
|
40
|
+
// Channel: Key-space, message: the name of the event, which is the command executed on the key
|
|
41
|
+
subscriber
|
|
42
|
+
.subscribe(`__keyspace@0__:${key}`, (channel, message) => {
|
|
43
|
+
switch (message) {
|
|
44
|
+
case 'set':
|
|
45
|
+
resolve(this.get(key, namespace, classConstructor));
|
|
46
|
+
subscriber
|
|
47
|
+
.quit()
|
|
48
|
+
.then()
|
|
49
|
+
.catch((error) => {
|
|
50
|
+
console.log('Error quitting subscriber', error);
|
|
51
|
+
});
|
|
52
|
+
break;
|
|
53
|
+
case 'del':
|
|
54
|
+
case 'expire':
|
|
55
|
+
resolve(null);
|
|
56
|
+
subscriber
|
|
57
|
+
.quit()
|
|
58
|
+
.then()
|
|
59
|
+
.catch((error) => {
|
|
60
|
+
console.log('Error quitting subscriber', error);
|
|
61
|
+
});
|
|
62
|
+
break;
|
|
63
|
+
default:
|
|
64
|
+
// Do nothing
|
|
65
|
+
break;
|
|
66
|
+
}
|
|
67
|
+
})
|
|
68
|
+
.then()
|
|
69
|
+
.catch((error) => {
|
|
70
|
+
console.log('Error creating Redis subscriber', error);
|
|
71
|
+
});
|
|
72
|
+
setTimeout(() => {
|
|
73
|
+
resolve(this.get(key, namespace, classConstructor));
|
|
74
|
+
subscriber
|
|
75
|
+
.quit()
|
|
76
|
+
.then()
|
|
77
|
+
.catch((error) => {
|
|
78
|
+
console.log('Error closing Redis subscriber', error);
|
|
79
|
+
});
|
|
80
|
+
}, waitSeconds * 1000);
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
get(key, namespace, classConstructor) {
|
|
84
|
+
namespace = namespace || 'default';
|
|
85
|
+
key = `${namespace}:${key}`;
|
|
86
|
+
return this._client.get(key).then((result) => {
|
|
87
|
+
if (result) {
|
|
88
|
+
if (classConstructor) {
|
|
89
|
+
return plainToInstance(classConstructor(), JSON.parse(result));
|
|
90
|
+
}
|
|
91
|
+
return result;
|
|
92
|
+
}
|
|
93
|
+
return null;
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
set(key, value, namespace, expireSeconds) {
|
|
97
|
+
namespace = namespace || 'default';
|
|
98
|
+
key = `${namespace}:${key}`;
|
|
99
|
+
const setOptions = expireSeconds ? { EX: expireSeconds } : undefined;
|
|
100
|
+
return this._client.set(key, value, setOptions).then((result) => {
|
|
101
|
+
if (result) {
|
|
102
|
+
return result === 'OK';
|
|
103
|
+
}
|
|
104
|
+
return false;
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
setIfNotExist(key, value, namespace, expireSeconds) {
|
|
108
|
+
namespace = namespace || 'default';
|
|
109
|
+
key = `${namespace}:${key}`;
|
|
110
|
+
return this._client
|
|
111
|
+
.set(key, value, expireSeconds ? { EX: expireSeconds, NX: true } : { NX: true })
|
|
112
|
+
.then((result) => {
|
|
113
|
+
if (result) {
|
|
114
|
+
return result === 'OK';
|
|
115
|
+
}
|
|
116
|
+
return false;
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
//# sourceMappingURL=redis.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redis.js","sourceRoot":"","sources":["../../src/cache/redis.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,EAAE;AACF,sCAAsC;AAItC,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAQpD,OAAO,EAAE,YAAY,EAAE,MAAM,OAAO,CAAC;AAErC;;GAEG;AACH,MAAM,OAAO,UAAU;IACb,OAAO,CAA8D;IAE7E,YAAY,aAAkC;QAC5C,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC;QAC5E,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC;QACrE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,OAAO;aACT,OAAO,EAAE;aACT,IAAI,EAAE;aACN,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACf,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACP,CAAC;IAED,MAAM,CAAC,GAAW,EAAE,SAAkB;QACpC,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QACnC,GAAG,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,CAAC,GAAW,EAAE,SAA8B;QAChD,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QACnC,GAAG,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,CACN,GAAW,EACX,WAAmB,EACnB,SAA8B,EAC9B,gBAA0D;QAE1D,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QACnC,GAAG,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;QAE5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,uEAAuE;YACvE,MAAM,UAAU,GAAG,YAAY,EAAE,CAAC;YAClC,+FAA+F;YAC/F,UAAU;iBACP,SAAS,CAAC,kBAAkB,GAAG,EAAE,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE;gBACvD,QAAQ,OAAO,EAAE,CAAC;oBAChB,KAAK,KAAK;wBACR,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC;wBACpD,UAAU;6BACP,IAAI,EAAE;6BACN,IAAI,EAAE;6BACN,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;4BACf,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;wBAClD,CAAC,CAAC,CAAC;wBACL,MAAM;oBACR,KAAK,KAAK,CAAC;oBACX,KAAK,QAAQ;wBACX,OAAO,CAAC,IAAI,CAAC,CAAC;wBACd,UAAU;6BACP,IAAI,EAAE;6BACN,IAAI,EAAE;6BACN,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;4BACf,OAAO,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;wBAClD,CAAC,CAAC,CAAC;wBACL,MAAM;oBACR;wBACE,aAAa;wBACb,MAAM;gBACV,CAAC;YACH,CAAC,CAAC;iBACD,IAAI,EAAE;iBACN,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;gBACf,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;YACxD,CAAC,CAAC,CAAC;YACL,UAAU,CAAC,GAAG,EAAE;gBACd,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC;gBACpD,UAAU;qBACP,IAAI,EAAE;qBACN,IAAI,EAAE;qBACN,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;oBACf,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;gBACvD,CAAC,CAAC,CAAC;YACP,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CACD,GAAW,EACX,SAAkB,EAClB,gBAA4C;QAE5C,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QACnC,GAAG,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAC3C,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,gBAAgB,EAAE,CAAC;oBACrB,OAAO,eAAe,CAAC,gBAAgB,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;gBACjE,CAAC;gBACD,OAAO,MAAW,CAAC;YACrB,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,GAAW,EAAE,KAAa,EAAE,SAAkB,EAAE,aAAsB;QACxE,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QACnC,GAAG,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAC9D,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,KAAK,IAAI,CAAC;YACzB,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAED,aAAa,CACX,GAAW,EACX,KAAa,EACb,SAAkB,EAClB,aAAsB;QAEtB,SAAS,GAAG,SAAS,IAAI,SAAS,CAAC;QACnC,GAAG,GAAG,GAAG,SAAS,IAAI,GAAG,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO;aAChB,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;aAC/E,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YACf,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,MAAM,KAAK,IAAI,CAAC;YACzB,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACP,CAAC;CACF"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import type { ICache, SystemConfig } from '@citrineos/base';
|
|
2
|
+
import { OCPP2_0_1 } from '@citrineos/base';
|
|
3
|
+
import type { IChargingStationCertificateAuthorityClient, IV2GCertificateAuthorityClient } from './client/interface.js';
|
|
4
|
+
import type { ILogObj } from 'tslog';
|
|
5
|
+
import { Logger } from 'tslog';
|
|
6
|
+
export declare class CertificateAuthorityService {
|
|
7
|
+
private readonly _v2gClient;
|
|
8
|
+
private readonly _chargingStationClient;
|
|
9
|
+
private readonly _logger;
|
|
10
|
+
private readonly _cache;
|
|
11
|
+
private readonly _config;
|
|
12
|
+
constructor(config: SystemConfig, cache: ICache, logger?: Logger<ILogObj>, chargingStationClient?: IChargingStationCertificateAuthorityClient, v2gClient?: IV2GCertificateAuthorityClient);
|
|
13
|
+
/**
|
|
14
|
+
* Retrieves the certificate chain for V2G- and Charging Station certificates.
|
|
15
|
+
*
|
|
16
|
+
* @param {string} csrString - The Certificate Signing Request string.
|
|
17
|
+
* @param {string} stationId - The station identifier.
|
|
18
|
+
* @param {CertificateSigningUseEnumType} [certificateType] - The type of certificate to retrieve.
|
|
19
|
+
* @return {Promise<string>} The certificate chain without the root certificate.
|
|
20
|
+
*/
|
|
21
|
+
getCertificateChain(csrString: string, stationId: string, certificateType?: OCPP2_0_1.CertificateSigningUseEnumType | null): Promise<string>;
|
|
22
|
+
signedSubCaCertificateByExternalCA(csrString: string): Promise<string>;
|
|
23
|
+
getSignedContractData(iso15118SchemaVersion: string, exiRequest: string): Promise<string>;
|
|
24
|
+
getRootCACertificateFromExternalCA(certificateType: OCPP2_0_1.InstallCertificateUseEnumType): Promise<string>;
|
|
25
|
+
updateSecurityCertChainKeyMap(serverId: string, certificateChain: string, privateKey: string): void;
|
|
26
|
+
validateCertificateChainPem(certificateChainPem: string): Promise<OCPP2_0_1.AuthorizeCertificateStatusEnumType>;
|
|
27
|
+
validateCertificateHashData(ocspRequestData: OCPP2_0_1.OCSPRequestDataType[]): Promise<OCPP2_0_1.AuthorizeCertificateStatusEnumType>;
|
|
28
|
+
/**
|
|
29
|
+
* Create a certificate chain including leaf and sub CA certificates except for the root certificate.
|
|
30
|
+
*
|
|
31
|
+
* @param {string} signedCert - The leaf certificate.
|
|
32
|
+
* @param {string} caCerts - CA certificates.
|
|
33
|
+
* @return {string} The certificate chain pem.
|
|
34
|
+
*/
|
|
35
|
+
private _createCertificateChainWithoutRootCA;
|
|
36
|
+
private _instantiateV2GClient;
|
|
37
|
+
private _instantiateChargingStationClient;
|
|
38
|
+
}
|
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
import { OCPP2_0_1 } from '@citrineos/base';
|
|
2
|
+
import { Hubject } from './client/hubject.js';
|
|
3
|
+
import { Acme } from './client/acme.js';
|
|
4
|
+
import { Logger } from 'tslog';
|
|
5
|
+
import * as pkijs from 'pkijs';
|
|
6
|
+
import { Certificate } from 'pkijs';
|
|
7
|
+
import jsrsasign, { KJUR, X509 } from 'jsrsasign';
|
|
8
|
+
import moment from 'moment';
|
|
9
|
+
import { createPemBlock, dateTimeFormat, extractCertificateArrayFromEncodedString, extractEncodedContentFromCSR, parseCertificateChainPem, sendOCSPRequest, } from './CertificateUtil.js';
|
|
10
|
+
import { Crypto } from '@peculiar/webcrypto';
|
|
11
|
+
var OCSPRequest = jsrsasign.KJUR.asn1.ocsp.OCSPRequest;
|
|
12
|
+
var Request = jsrsasign.KJUR.asn1.ocsp.Request;
|
|
13
|
+
const cryptoEngine = new pkijs.CryptoEngine({
|
|
14
|
+
crypto: new Crypto(),
|
|
15
|
+
});
|
|
16
|
+
pkijs.setEngine('crypto', cryptoEngine);
|
|
17
|
+
export class CertificateAuthorityService {
|
|
18
|
+
_v2gClient;
|
|
19
|
+
_chargingStationClient;
|
|
20
|
+
_logger;
|
|
21
|
+
_cache;
|
|
22
|
+
_config;
|
|
23
|
+
constructor(config, cache, logger, chargingStationClient, v2gClient) {
|
|
24
|
+
this._config = config;
|
|
25
|
+
this._cache = cache;
|
|
26
|
+
this._logger = logger
|
|
27
|
+
? logger.getSubLogger({ name: this.constructor.name })
|
|
28
|
+
: new Logger({ name: this.constructor.name });
|
|
29
|
+
this._chargingStationClient = chargingStationClient || this._instantiateChargingStationClient();
|
|
30
|
+
this._v2gClient = v2gClient || this._instantiateV2GClient();
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Retrieves the certificate chain for V2G- and Charging Station certificates.
|
|
34
|
+
*
|
|
35
|
+
* @param {string} csrString - The Certificate Signing Request string.
|
|
36
|
+
* @param {string} stationId - The station identifier.
|
|
37
|
+
* @param {CertificateSigningUseEnumType} [certificateType] - The type of certificate to retrieve.
|
|
38
|
+
* @return {Promise<string>} The certificate chain without the root certificate.
|
|
39
|
+
*/
|
|
40
|
+
async getCertificateChain(csrString, stationId, certificateType) {
|
|
41
|
+
this._logger.info(`Getting certificate chain for certificateType: ${certificateType} and stationId: ${stationId}`);
|
|
42
|
+
switch (certificateType) {
|
|
43
|
+
case OCPP2_0_1.CertificateSigningUseEnumType.V2GCertificate: {
|
|
44
|
+
const signedCert = await this._v2gClient.getSignedCertificate(extractEncodedContentFromCSR(csrString));
|
|
45
|
+
const caCerts = await this._v2gClient.getCACertificates();
|
|
46
|
+
return this._createCertificateChainWithoutRootCA(signedCert, caCerts);
|
|
47
|
+
}
|
|
48
|
+
case OCPP2_0_1.CertificateSigningUseEnumType.ChargingStationCertificate: {
|
|
49
|
+
return await this._chargingStationClient.getCertificateChain(csrString);
|
|
50
|
+
}
|
|
51
|
+
default: {
|
|
52
|
+
throw new Error(`Unsupported certificate type: ${certificateType}`);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
async signedSubCaCertificateByExternalCA(csrString) {
|
|
57
|
+
return await this._chargingStationClient.signCertificateByExternalCA(csrString);
|
|
58
|
+
}
|
|
59
|
+
async getSignedContractData(iso15118SchemaVersion, exiRequest) {
|
|
60
|
+
return await this._v2gClient.getSignedContractData(iso15118SchemaVersion, exiRequest);
|
|
61
|
+
}
|
|
62
|
+
async getRootCACertificateFromExternalCA(certificateType) {
|
|
63
|
+
switch (certificateType) {
|
|
64
|
+
case OCPP2_0_1.InstallCertificateUseEnumType.V2GRootCertificate: {
|
|
65
|
+
const caCerts = await this._v2gClient.getCACertificates();
|
|
66
|
+
const rootCACert = extractCertificateArrayFromEncodedString(caCerts).pop();
|
|
67
|
+
if (rootCACert) {
|
|
68
|
+
return createPemBlock(Buffer.from(rootCACert.toSchema().toBER(false)).toString('base64'));
|
|
69
|
+
}
|
|
70
|
+
else {
|
|
71
|
+
throw new Error(`V2GRootCertificate not found from ${caCerts}`);
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
case OCPP2_0_1.InstallCertificateUseEnumType.CSMSRootCertificate:
|
|
75
|
+
return await this._chargingStationClient.getRootCACertificate();
|
|
76
|
+
default:
|
|
77
|
+
throw new Error(`Certificate type: ${certificateType} not implemented.`);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
updateSecurityCertChainKeyMap(serverId, certificateChain, privateKey) {
|
|
81
|
+
this._chargingStationClient.updateCertificateChainKeyMap(serverId, certificateChain, privateKey);
|
|
82
|
+
}
|
|
83
|
+
/*
|
|
84
|
+
* Validate the certificate chain using real time OCSP check.
|
|
85
|
+
*
|
|
86
|
+
* @param certificateChainPem - certificate chain pem
|
|
87
|
+
* @return AuthorizeCertificateStatusEnumType
|
|
88
|
+
*/
|
|
89
|
+
async validateCertificateChainPem(certificateChainPem) {
|
|
90
|
+
const certificatePems = parseCertificateChainPem(certificateChainPem);
|
|
91
|
+
this._logger.debug(`Found ${certificatePems.length} certificates in chain.`);
|
|
92
|
+
if (certificatePems.length < 1) {
|
|
93
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.NoCertificateAvailable;
|
|
94
|
+
}
|
|
95
|
+
try {
|
|
96
|
+
// Find the root certificate of the certificate chain
|
|
97
|
+
const rootCerts = await this._v2gClient.getRootCertificates();
|
|
98
|
+
const lastCertInChain = new X509();
|
|
99
|
+
lastCertInChain.readCertPEM(certificatePems[certificatePems.length - 1]);
|
|
100
|
+
let rootCertPem;
|
|
101
|
+
for (const rootCert of rootCerts) {
|
|
102
|
+
const root = new X509();
|
|
103
|
+
root.readCertPEM(rootCert);
|
|
104
|
+
if (root.getSubjectString() === lastCertInChain.getIssuerString() &&
|
|
105
|
+
root.getExtSubjectKeyIdentifier().kid.hex ===
|
|
106
|
+
lastCertInChain.getExtAuthorityKeyIdentifier().kid.hex) {
|
|
107
|
+
rootCertPem = rootCert;
|
|
108
|
+
break;
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
if (!rootCertPem) {
|
|
112
|
+
this._logger.error(`Cannot find root certificate for certificate ${lastCertInChain}`);
|
|
113
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.NoCertificateAvailable;
|
|
114
|
+
}
|
|
115
|
+
else {
|
|
116
|
+
certificatePems.push(rootCertPem);
|
|
117
|
+
}
|
|
118
|
+
// OCSP validation for each certificate
|
|
119
|
+
for (let i = 0; i < certificatePems.length - 1; i++) {
|
|
120
|
+
const subjectCert = new X509();
|
|
121
|
+
subjectCert.readCertPEM(certificatePems[i]);
|
|
122
|
+
this._logger.debug(`Subject Certificate: ${subjectCert.getInfo()}`);
|
|
123
|
+
const notAfter = moment(subjectCert.getNotAfter(), dateTimeFormat);
|
|
124
|
+
if (notAfter.isBefore(moment())) {
|
|
125
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.CertificateExpired;
|
|
126
|
+
}
|
|
127
|
+
const ocspUrls = subjectCert.getExtAIAInfo()?.ocsp;
|
|
128
|
+
if (ocspUrls && ocspUrls.length > 0) {
|
|
129
|
+
const ocspRequest = new OCSPRequest({
|
|
130
|
+
reqList: [
|
|
131
|
+
{
|
|
132
|
+
issuerCert: certificatePems[i + 1],
|
|
133
|
+
subjectCert: certificatePems[i],
|
|
134
|
+
},
|
|
135
|
+
],
|
|
136
|
+
});
|
|
137
|
+
this._logger.debug(`OCSP response URL: ${ocspUrls[0]}`);
|
|
138
|
+
const ocspResponse = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo(await sendOCSPRequest(ocspRequest, ocspUrls[0]));
|
|
139
|
+
const certStatus = ocspResponse.certStatus;
|
|
140
|
+
if (certStatus === 'revoked') {
|
|
141
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.CertificateRevoked;
|
|
142
|
+
}
|
|
143
|
+
else if (certStatus !== 'good') {
|
|
144
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.NoCertificateAvailable;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
else {
|
|
148
|
+
this._logger.error(`Certificate ${certificatePems[i]} has no OCSP URL.`);
|
|
149
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.CertChainError;
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
catch (error) {
|
|
154
|
+
this._logger.error(`Failed to validate certificate chain: ${error}`);
|
|
155
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.NoCertificateAvailable;
|
|
156
|
+
}
|
|
157
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.Accepted;
|
|
158
|
+
}
|
|
159
|
+
async validateCertificateHashData(ocspRequestData) {
|
|
160
|
+
for (const reqData of ocspRequestData) {
|
|
161
|
+
const ocspRequest = new Request({
|
|
162
|
+
alg: reqData.hashAlgorithm,
|
|
163
|
+
keyhash: reqData.issuerKeyHash,
|
|
164
|
+
namehash: reqData.issuerNameHash,
|
|
165
|
+
serial: reqData.serialNumber,
|
|
166
|
+
});
|
|
167
|
+
this._logger.debug(`OCSP request: ${JSON.stringify(ocspRequest)}`);
|
|
168
|
+
try {
|
|
169
|
+
const ocspResponse = KJUR.asn1.ocsp.OCSPUtil.getOCSPResponseInfo(await sendOCSPRequest(ocspRequest, reqData.responderURL));
|
|
170
|
+
// Cert statuses: good, revoked, unknown
|
|
171
|
+
// source: https://kjur.github.io/jsrsasign/api/symbols/KJUR.asn1.ocsp.OCSPUtil.html#.getOCSPResponseInfo
|
|
172
|
+
const certStatus = ocspResponse.certStatus;
|
|
173
|
+
if (certStatus === 'revoked') {
|
|
174
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.CertificateRevoked;
|
|
175
|
+
}
|
|
176
|
+
else if (certStatus !== 'good') {
|
|
177
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.NoCertificateAvailable;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
catch (error) {
|
|
181
|
+
this._logger.error(`Failed to fetch OCSP response: ${error}`);
|
|
182
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.NoCertificateAvailable;
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
return OCPP2_0_1.AuthorizeCertificateStatusEnumType.Accepted;
|
|
186
|
+
}
|
|
187
|
+
/**
|
|
188
|
+
* Create a certificate chain including leaf and sub CA certificates except for the root certificate.
|
|
189
|
+
*
|
|
190
|
+
* @param {string} signedCert - The leaf certificate.
|
|
191
|
+
* @param {string} caCerts - CA certificates.
|
|
192
|
+
* @return {string} The certificate chain pem.
|
|
193
|
+
*/
|
|
194
|
+
_createCertificateChainWithoutRootCA(signedCert, caCerts) {
|
|
195
|
+
let certificateChain = '';
|
|
196
|
+
// Add Cert
|
|
197
|
+
const leafRaw = extractCertificateArrayFromEncodedString(signedCert)[0];
|
|
198
|
+
if (leafRaw) {
|
|
199
|
+
certificateChain += createPemBlock(Buffer.from(leafRaw.toSchema().toBER(false)).toString('base64'));
|
|
200
|
+
}
|
|
201
|
+
else {
|
|
202
|
+
throw new Error(`Cannot extract leaf certificate from the pem: ${signedCert}`);
|
|
203
|
+
}
|
|
204
|
+
// Add Chain without Root CA Certificate
|
|
205
|
+
const chainWithoutRoot = extractCertificateArrayFromEncodedString(caCerts).slice(0, -1);
|
|
206
|
+
chainWithoutRoot.forEach((certItem) => {
|
|
207
|
+
const cert = certItem;
|
|
208
|
+
certificateChain += createPemBlock(Buffer.from(cert.toSchema().toBER(false)).toString('base64'));
|
|
209
|
+
});
|
|
210
|
+
return certificateChain;
|
|
211
|
+
}
|
|
212
|
+
_instantiateV2GClient() {
|
|
213
|
+
switch (this._config.util.certificateAuthority.v2gCA.name) {
|
|
214
|
+
case 'hubject': {
|
|
215
|
+
return new Hubject(this._config, this._cache, this._logger);
|
|
216
|
+
}
|
|
217
|
+
default: {
|
|
218
|
+
throw new Error(`Unsupported V2G CA: ${this._config.util.certificateAuthority.v2gCA.name}`);
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
_instantiateChargingStationClient() {
|
|
223
|
+
switch (this._config.util.certificateAuthority.chargingStationCA.name) {
|
|
224
|
+
case 'acme': {
|
|
225
|
+
return new Acme(this._config, this._logger);
|
|
226
|
+
}
|
|
227
|
+
default: {
|
|
228
|
+
throw new Error(`Unsupported Charging Station CA: ${this._config.util.certificateAuthority.chargingStationCA.name}`);
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
//# sourceMappingURL=CertificateAuthority.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CertificateAuthority.js","sourceRoot":"","sources":["../../src/certificate/CertificateAuthority.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAK5C,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAExC,OAAO,EAAE,MAAM,EAAE,MAAM,OAAO,CAAC;AAC/B,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AACpC,OAAO,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EACL,cAAc,EACd,cAAc,EACd,wCAAwC,EACxC,4BAA4B,EAC5B,wBAAwB,EACxB,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,IAAO,WAAW,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;AAC1D,IAAO,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;AAElD,MAAM,YAAY,GAAG,IAAI,KAAK,CAAC,YAAY,CAAC;IAC1C,MAAM,EAAE,IAAI,MAAM,EAAE;CACrB,CAAC,CAAC;AACH,KAAK,CAAC,SAAS,CAAC,QAAQ,EAAE,YAAmC,CAAC,CAAC;AAE/D,MAAM,OAAO,2BAA2B;IACrB,UAAU,CAAiC;IAC3C,sBAAsB,CAA6C;IACnE,OAAO,CAAkB;IACzB,MAAM,CAAS;IACf,OAAO,CAAe;IAEvC,YACE,MAAoB,EACpB,KAAa,EACb,MAAwB,EACxB,qBAAkE,EAClE,SAA0C;QAE1C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,OAAO,GAAG,MAAM;YACnB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;YACtD,CAAC,CAAC,IAAI,MAAM,CAAU,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QAEzD,IAAI,CAAC,sBAAsB,GAAG,qBAAqB,IAAI,IAAI,CAAC,iCAAiC,EAAE,CAAC;QAChG,IAAI,CAAC,UAAU,GAAG,SAAS,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;IAC9D,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,mBAAmB,CACvB,SAAiB,EACjB,SAAiB,EACjB,eAAgE;QAEhE,IAAI,CAAC,OAAO,CAAC,IAAI,CACf,kDAAkD,eAAe,mBAAmB,SAAS,EAAE,CAChG,CAAC;QAEF,QAAQ,eAAe,EAAE,CAAC;YACxB,KAAK,SAAS,CAAC,6BAA6B,CAAC,cAAc,CAAC,CAAC,CAAC;gBAC5D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAC3D,4BAA4B,CAAC,SAAS,CAAC,CACxC,CAAC;gBACF,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;gBAC1D,OAAO,IAAI,CAAC,oCAAoC,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACxE,CAAC;YACD,KAAK,SAAS,CAAC,6BAA6B,CAAC,0BAA0B,CAAC,CAAC,CAAC;gBACxE,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAI,KAAK,CAAC,iCAAiC,eAAe,EAAE,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,kCAAkC,CAAC,SAAiB;QACxD,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC,2BAA2B,CAAC,SAAS,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,qBAA6B,EAAE,UAAkB;QAC3E,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,qBAAqB,EAAE,UAAU,CAAC,CAAC;IACxF,CAAC;IAED,KAAK,CAAC,kCAAkC,CACtC,eAAwD;QAExD,QAAQ,eAAe,EAAE,CAAC;YACxB,KAAK,SAAS,CAAC,6BAA6B,CAAC,kBAAkB,CAAC,CAAC,CAAC;gBAChE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC;gBAC1D,MAAM,UAAU,GAAG,wCAAwC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC;gBAC3E,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC5F,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,OAAO,EAAE,CAAC,CAAC;gBAClE,CAAC;YACH,CAAC;YACD,KAAK,SAAS,CAAC,6BAA6B,CAAC,mBAAmB;gBAC9D,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC,oBAAoB,EAAE,CAAC;YAClE;gBACE,MAAM,IAAI,KAAK,CAAC,qBAAqB,eAAe,mBAAmB,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,6BAA6B,CAAC,QAAgB,EAAE,gBAAwB,EAAE,UAAkB;QAC1F,IAAI,CAAC,sBAAsB,CAAC,4BAA4B,CACtD,QAAQ,EACR,gBAAgB,EAChB,UAAU,CACX,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,2BAA2B,CACtC,mBAA2B;QAE3B,MAAM,eAAe,GAAa,wBAAwB,CAAC,mBAAmB,CAAC,CAAC;QAChF,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,eAAe,CAAC,MAAM,yBAAyB,CAAC,CAAC;QAC7E,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,OAAO,SAAS,CAAC,kCAAkC,CAAC,sBAAsB,CAAC;QAC7E,CAAC;QAED,IAAI,CAAC;YACH,qDAAqD;YACrD,MAAM,SAAS,GAAa,MAAM,IAAI,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC;YACxE,MAAM,eAAe,GAAG,IAAI,IAAI,EAAE,CAAC;YACnC,eAAe,CAAC,WAAW,CAAC,eAAe,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;YACzE,IAAI,WAAW,CAAC;YAChB,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;gBAC3B,IACE,IAAI,CAAC,gBAAgB,EAAE,KAAK,eAAe,CAAC,eAAe,EAAE;oBAC7D,IAAI,CAAC,0BAA0B,EAAE,CAAC,GAAG,CAAC,GAAG;wBACvC,eAAe,CAAC,4BAA4B,EAAE,CAAC,GAAG,CAAC,GAAG,EACxD,CAAC;oBACD,WAAW,GAAG,QAAQ,CAAC;oBACvB,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,gDAAgD,eAAe,EAAE,CAAC,CAAC;gBACtF,OAAO,SAAS,CAAC,kCAAkC,CAAC,sBAAsB,CAAC;YAC7E,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACpC,CAAC;YAED,uCAAuC;YACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpD,MAAM,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;gBAC/B,WAAW,CAAC,WAAW,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5C,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,wBAAwB,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAEpE,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,cAAc,CAAC,CAAC;gBACnE,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;oBAChC,OAAO,SAAS,CAAC,kCAAkC,CAAC,kBAAkB,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,WAAW,CAAC,aAAa,EAAE,EAAE,IAAI,CAAC;gBACnD,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpC,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC;wBAClC,OAAO,EAAE;4BACP;gCACE,UAAU,EAAE,eAAe,CAAC,CAAC,GAAG,CAAC,CAAC;gCAClC,WAAW,EAAE,eAAe,CAAC,CAAC,CAAC;6BAChC;yBACF;qBACF,CAAC,CAAC;oBAEH,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,sBAAsB,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACxD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAC9D,MAAM,eAAe,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAChD,CAAC;oBACF,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC;oBAC3C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;wBAC7B,OAAO,SAAS,CAAC,kCAAkC,CAAC,kBAAkB,CAAC;oBACzE,CAAC;yBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;wBACjC,OAAO,SAAS,CAAC,kCAAkC,CAAC,sBAAsB,CAAC;oBAC7E,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,eAAe,eAAe,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;oBACzE,OAAO,SAAS,CAAC,kCAAkC,CAAC,cAAc,CAAC;gBACrE,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,yCAAyC,KAAK,EAAE,CAAC,CAAC;YACrE,OAAO,SAAS,CAAC,kCAAkC,CAAC,sBAAsB,CAAC;QAC7E,CAAC;QAED,OAAO,SAAS,CAAC,kCAAkC,CAAC,QAAQ,CAAC;IAC/D,CAAC;IAEM,KAAK,CAAC,2BAA2B,CACtC,eAAgD;QAEhD,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC;gBAC9B,GAAG,EAAE,OAAO,CAAC,aAAa;gBAC1B,OAAO,EAAE,OAAO,CAAC,aAAa;gBAC9B,QAAQ,EAAE,OAAO,CAAC,cAAc;gBAChC,MAAM,EAAE,OAAO,CAAC,YAAY;aAC7B,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAEnE,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAC9D,MAAM,eAAe,CAAC,WAAW,EAAE,OAAO,CAAC,YAAY,CAAC,CACzD,CAAC;gBACF,wCAAwC;gBACxC,yGAAyG;gBACzG,MAAM,UAAU,GAAG,YAAY,CAAC,UAAU,CAAC;gBAC3C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC7B,OAAO,SAAS,CAAC,kCAAkC,CAAC,kBAAkB,CAAC;gBACzE,CAAC;qBAAM,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBACjC,OAAO,SAAS,CAAC,kCAAkC,CAAC,sBAAsB,CAAC;gBAC7E,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,kCAAkC,KAAK,EAAE,CAAC,CAAC;gBAC9D,OAAO,SAAS,CAAC,kCAAkC,CAAC,sBAAsB,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC,kCAAkC,CAAC,QAAQ,CAAC;IAC/D,CAAC;IAED;;;;;;OAMG;IACK,oCAAoC,CAAC,UAAkB,EAAE,OAAe;QAC9E,IAAI,gBAAgB,GAAG,EAAE,CAAC;QAC1B,WAAW;QACX,MAAM,OAAO,GAAG,wCAAwC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,IAAI,OAAO,EAAE,CAAC;YACZ,gBAAgB,IAAI,cAAc,CAChC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAChE,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,iDAAiD,UAAU,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,wCAAwC,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACxF,gBAAgB,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;YACpC,MAAM,IAAI,GAAG,QAAuB,CAAC;YACrC,gBAAgB,IAAI,cAAc,CAChC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAC7D,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAEO,qBAAqB;QAC3B,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAC1D,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC;IACH,CAAC;IAEO,iCAAiC;QACvC,QAAQ,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;YACtE,KAAK,MAAM,CAAC,CAAC,CAAC;gBACZ,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACR,MAAM,IAAI,KAAK,CACb,oCAAoC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,IAAI,EAAE,CACpG,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
import * as pkijs from 'pkijs';
|
|
2
|
+
import { CertificationRequest } from 'pkijs';
|
|
3
|
+
import { Certificate, CountryNameEnumType, SignatureAlgorithmEnumType } from '@citrineos/data';
|
|
4
|
+
import jsrsasign from 'jsrsasign';
|
|
5
|
+
import moment from 'moment';
|
|
6
|
+
import type { ILogObj } from 'tslog';
|
|
7
|
+
import { Logger } from 'tslog';
|
|
8
|
+
import KJUR = jsrsasign.KJUR;
|
|
9
|
+
import OCSPRequest = jsrsasign.KJUR.asn1.ocsp.OCSPRequest;
|
|
10
|
+
import Request = jsrsasign.KJUR.asn1.ocsp.Request;
|
|
11
|
+
export declare const dateTimeFormat = "YYMMDDHHmmssZ";
|
|
12
|
+
export declare function getValidityTimeString(time: moment.Moment): string;
|
|
13
|
+
export declare function createPemBlock(content: string): string;
|
|
14
|
+
export declare function parseCertificateChainPem(pem: string): string[];
|
|
15
|
+
/**
|
|
16
|
+
* Decode the pem and extract certificates
|
|
17
|
+
* @param pem - base64 encoded certificate chain string without header and footer
|
|
18
|
+
* @return array of pkijs.CertificateSetItem
|
|
19
|
+
*/
|
|
20
|
+
export declare function extractCertificateArrayFromEncodedString(pem: string): pkijs.CertificateSetItem[];
|
|
21
|
+
/**
|
|
22
|
+
* extracts the base64-encoded content from a pem encoded csr
|
|
23
|
+
* @param csrPem
|
|
24
|
+
* @private
|
|
25
|
+
* @return {string} The parsed CSR or the original CSR if it cannot be parsed
|
|
26
|
+
*/
|
|
27
|
+
export declare function extractEncodedContentFromCSR(csrPem: string): string;
|
|
28
|
+
/**
|
|
29
|
+
* Generate certificate and its private key
|
|
30
|
+
*
|
|
31
|
+
* @param certificateEntity - the certificate
|
|
32
|
+
* @param logger - the logger
|
|
33
|
+
* @param issuerKeyPem - the issuer private key
|
|
34
|
+
* @param issuerCertPem - the issuer certificate
|
|
35
|
+
*
|
|
36
|
+
* @return generated certificate pem and its private key pem
|
|
37
|
+
*/
|
|
38
|
+
export declare function generateCertificate(certificateEntity: Certificate, logger: Logger<ILogObj>, issuerKeyPem?: string, issuerCertPem?: string): [string, string];
|
|
39
|
+
/**
|
|
40
|
+
* Create a signed certificate for the provided CSR using the issuer certificate, and its private key.
|
|
41
|
+
*
|
|
42
|
+
* @param csrPem - The CSR that need to be signed.
|
|
43
|
+
* @param issuerCertPem - The issuer certificate.
|
|
44
|
+
* @param issuerPrivateKeyPem - The issuer private key.
|
|
45
|
+
* @return {KJUR.asn1.x509.Certificate} The signed certificate.
|
|
46
|
+
*/
|
|
47
|
+
export declare function createSignedCertificateFromCSR(csrPem: string, issuerCertPem: string, issuerPrivateKeyPem: string): KJUR.asn1.x509.Certificate;
|
|
48
|
+
export declare function sendOCSPRequest(ocspRequest: OCSPRequest | Request, responderURL: string): Promise<string>;
|
|
49
|
+
export declare function parseCSRForVerification(csrPem: string): CertificationRequest;
|
|
50
|
+
export declare function generateCSR(certificate: Certificate): [string, string];
|
|
51
|
+
export declare const parseX509Date: (date: string) => Date | null;
|
|
52
|
+
export declare const extractCertificateDetails: (pemString: string) => {
|
|
53
|
+
serialNumber: number | null;
|
|
54
|
+
issuerName: string | null;
|
|
55
|
+
organizationName: string | null;
|
|
56
|
+
commonName: string | null;
|
|
57
|
+
countryName: CountryNameEnumType | null;
|
|
58
|
+
validBefore: Date | null;
|
|
59
|
+
signatureAlgorithm: SignatureAlgorithmEnumType | null;
|
|
60
|
+
};
|