node-opcua-common 2.167.0 → 2.168.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/applicationurn.js.map +1 -1
- package/dist/certificate_chain_provider.d.ts +52 -0
- package/dist/certificate_chain_provider.js +59 -0
- package/dist/certificate_chain_provider.js.map +1 -0
- package/dist/index.d.ts +5 -4
- package/dist/index.js +10 -9
- package/dist/index.js.map +1 -1
- package/dist/opcua_secure_object.d.ts +8 -3
- package/dist/opcua_secure_object.js +7 -0
- package/dist/opcua_secure_object.js.map +1 -1
- package/package.json +3 -3
- package/source/applicationurn.ts +1 -2
- package/source/certificate_chain_provider.ts +90 -0
- package/source/index.ts +13 -12
- package/source/opcua_secure_object.ts +16 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"applicationurn.js","sourceRoot":"","sources":["../source/applicationurn.ts"],"names":[],"mappings":";;AAOA,
|
|
1
|
+
{"version":3,"file":"applicationurn.js","sourceRoot":"","sources":["../source/applicationurn.ts"],"names":[],"mappings":";;AAOA,gDAeC;AAtBD;;GAEG;AACH,mCAAoC;AAEpC,yDAA2C;AAE3C,SAAgB,kBAAkB,CAAC,QAAgB,EAAE,MAAc;IAC/D,IAAA,0BAAM,EAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,6BAA6B,CAAC,CAAC;IAC7D,sEAAsE;IACtE,2DAA2D;IAC3D,wEAAwE;IACxE,eAAe;IACf,IAAI,YAAY,GAAG,QAAQ,CAAC;IAC5B,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,GAAG,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QAChD,0DAA0D;QAC1D,kCAAkC;QAClC,YAAY,GAAG,IAAA,mBAAU,EAAC,KAAK,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACrF,CAAC;IACD,MAAM,cAAc,GAAG,MAAM,GAAG,YAAY,GAAG,GAAG,GAAG,MAAM,CAAC;IAC5D,IAAA,0BAAM,EAAC,cAAc,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC;IACpC,OAAO,cAAc,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pluggable certificate chain provider for OPC UA endpoints.
|
|
3
|
+
*
|
|
4
|
+
* Abstracts how an endpoint obtains its certificate chain and private key,
|
|
5
|
+
* allowing both static (in-memory) and dynamic (disk-based) strategies
|
|
6
|
+
* without monkey-patching.
|
|
7
|
+
*
|
|
8
|
+
* @module node-opcua-common
|
|
9
|
+
*/
|
|
10
|
+
import type { Certificate, PrivateKey } from "node-opcua-crypto/web";
|
|
11
|
+
import type { ICertificateKeyPairProvider } from "./opcua_secure_object";
|
|
12
|
+
/**
|
|
13
|
+
* Provides a certificate chain and private key to an OPC UA endpoint.
|
|
14
|
+
*
|
|
15
|
+
* Implementations may read from memory, disk, or any other source.
|
|
16
|
+
* See also {@link SecretHolder} which implements this interface for
|
|
17
|
+
* disk-based access with lazy caching.
|
|
18
|
+
*/
|
|
19
|
+
export interface ICertificateChainProvider extends ICertificateKeyPairProvider {
|
|
20
|
+
/**
|
|
21
|
+
* Invalidate any cached values so the next access re-reads
|
|
22
|
+
* from the underlying source. No-op for static providers.
|
|
23
|
+
*/
|
|
24
|
+
invalidate(): void;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* Holds a certificate chain and private key in memory.
|
|
28
|
+
*
|
|
29
|
+
* Used as the default provider when push certificate management
|
|
30
|
+
* is NOT installed. The chain can be replaced in-place via `update()`.
|
|
31
|
+
*/
|
|
32
|
+
export declare class StaticCertificateChainProvider implements ICertificateChainProvider {
|
|
33
|
+
#private;
|
|
34
|
+
constructor(chain: Certificate[], key: PrivateKey);
|
|
35
|
+
getCertificate(): Certificate;
|
|
36
|
+
getCertificateChain(): Certificate[];
|
|
37
|
+
getPrivateKey(): PrivateKey;
|
|
38
|
+
/**
|
|
39
|
+
* No-op for static provider — the chain is already in memory.
|
|
40
|
+
* Use `update()` to replace the chain explicitly.
|
|
41
|
+
*/
|
|
42
|
+
invalidate(): void;
|
|
43
|
+
/**
|
|
44
|
+
* Replace the certificate chain and optionally the private key.
|
|
45
|
+
*
|
|
46
|
+
* This immediately affects all consumers that call
|
|
47
|
+
* `getCertificateChain()` on this provider (including
|
|
48
|
+
* endpoint descriptions with dynamic `serverCertificate` getters).
|
|
49
|
+
*/
|
|
50
|
+
update(chain: Certificate[], key?: PrivateKey): void;
|
|
51
|
+
toJSON(): Record<string, string>;
|
|
52
|
+
}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.StaticCertificateChainProvider = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Holds a certificate chain and private key in memory.
|
|
6
|
+
*
|
|
7
|
+
* Used as the default provider when push certificate management
|
|
8
|
+
* is NOT installed. The chain can be replaced in-place via `update()`.
|
|
9
|
+
*/
|
|
10
|
+
class StaticCertificateChainProvider {
|
|
11
|
+
#chain;
|
|
12
|
+
#key;
|
|
13
|
+
constructor(chain, key) {
|
|
14
|
+
this.#chain = chain;
|
|
15
|
+
this.#key = key;
|
|
16
|
+
}
|
|
17
|
+
getCertificate() {
|
|
18
|
+
return this.#chain[0];
|
|
19
|
+
}
|
|
20
|
+
getCertificateChain() {
|
|
21
|
+
return this.#chain;
|
|
22
|
+
}
|
|
23
|
+
getPrivateKey() {
|
|
24
|
+
return this.#key;
|
|
25
|
+
}
|
|
26
|
+
/**
|
|
27
|
+
* No-op for static provider — the chain is already in memory.
|
|
28
|
+
* Use `update()` to replace the chain explicitly.
|
|
29
|
+
*/
|
|
30
|
+
invalidate() {
|
|
31
|
+
// nothing to invalidate for a static provider
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Replace the certificate chain and optionally the private key.
|
|
35
|
+
*
|
|
36
|
+
* This immediately affects all consumers that call
|
|
37
|
+
* `getCertificateChain()` on this provider (including
|
|
38
|
+
* endpoint descriptions with dynamic `serverCertificate` getters).
|
|
39
|
+
*/
|
|
40
|
+
update(chain, key) {
|
|
41
|
+
if (chain.length === 0) {
|
|
42
|
+
throw new Error("StaticCertificateChainProvider.update: chain must not be empty");
|
|
43
|
+
}
|
|
44
|
+
this.#chain = chain;
|
|
45
|
+
if (key !== undefined) {
|
|
46
|
+
this.#key = key;
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
// Prevent secrets from leaking through JSON serialization
|
|
50
|
+
toJSON() {
|
|
51
|
+
return { provider: "StaticCertificateChainProvider" };
|
|
52
|
+
}
|
|
53
|
+
// Prevent secrets from leaking through console.log / util.inspect
|
|
54
|
+
[Symbol.for("nodejs.util.inspect.custom")]() {
|
|
55
|
+
return "StaticCertificateChainProvider { <in-memory> }";
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
exports.StaticCertificateChainProvider = StaticCertificateChainProvider;
|
|
59
|
+
//# sourceMappingURL=certificate_chain_provider.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"certificate_chain_provider.js","sourceRoot":"","sources":["../source/certificate_chain_provider.ts"],"names":[],"mappings":";;;AA4BA;;;;;GAKG;AACH,MAAa,8BAA8B;IACvC,MAAM,CAAgB;IACtB,IAAI,CAAa;IAEjB,YAAY,KAAoB,EAAE,GAAe;QAC7C,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IACpB,CAAC;IAEM,cAAc;QACjB,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IAEM,mBAAmB;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;IAEM,aAAa;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC;IACrB,CAAC;IAED;;;OAGG;IACI,UAAU;QACb,8CAA8C;IAClD,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,KAAoB,EAAE,GAAgB;QAChD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QACpB,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;QACpB,CAAC;IACL,CAAC;IAED,0DAA0D;IACnD,MAAM;QACT,OAAO,EAAE,QAAQ,EAAE,gCAAgC,EAAE,CAAC;IAC1D,CAAC;IAED,kEAAkE;IAC3D,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC7C,OAAO,gDAAgD,CAAC;IAC5D,CAAC;CACJ;AAvDD,wEAuDC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -23,12 +23,13 @@
|
|
|
23
23
|
/**
|
|
24
24
|
* @module node-opcua-common
|
|
25
25
|
*/
|
|
26
|
-
export {
|
|
26
|
+
export { BuildInfo, DataTypeDefinition, EnumValueType, ModelChangeStructureDataType, // ModelChangeStructure
|
|
27
27
|
RedundantServerDataType, // RedundantServer
|
|
28
|
-
ModelChangeStructureDataType, // ModelChangeStructure
|
|
29
|
-
SubscriptionDiagnosticsDataType, // SubscriptionDiagnostics
|
|
30
28
|
SamplingIntervalDiagnosticsDataType, // SamplingIntervalDiagnostics
|
|
31
29
|
SemanticChangeStructureDataType, // SemanticChangeStructure
|
|
32
|
-
ServerDiagnosticsSummaryDataType,
|
|
30
|
+
ServerDiagnosticsSummaryDataType, ServerState, ServerStatusDataType, // ServerStatus
|
|
31
|
+
ServiceCounterDataType, SessionDiagnosticsDataType, SessionSecurityDiagnosticsDataType, SubscriptionDiagnosticsDataType, // SubscriptionDiagnostics
|
|
32
|
+
TimeZoneDataType } from "node-opcua-types";
|
|
33
33
|
export * from "./applicationurn";
|
|
34
|
+
export * from "./certificate_chain_provider";
|
|
34
35
|
export * from "./opcua_secure_object";
|
package/dist/index.js
CHANGED
|
@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
exports.TimeZoneDataType = exports.
|
|
17
|
+
exports.TimeZoneDataType = exports.SubscriptionDiagnosticsDataType = exports.SessionSecurityDiagnosticsDataType = exports.SessionDiagnosticsDataType = exports.ServiceCounterDataType = exports.ServerStatusDataType = exports.ServerState = exports.ServerDiagnosticsSummaryDataType = exports.SemanticChangeStructureDataType = exports.SamplingIntervalDiagnosticsDataType = exports.RedundantServerDataType = exports.ModelChangeStructureDataType = exports.EnumValueType = exports.DataTypeDefinition = exports.BuildInfo = void 0;
|
|
18
18
|
/*!
|
|
19
19
|
* The MIT License (MIT)
|
|
20
20
|
* Copyright (c) 2022-2025 Sterfive SAS - 833264583 RCS ORLEANS - France (https://www.sterfive.com)
|
|
@@ -41,21 +41,22 @@ exports.TimeZoneDataType = exports.EnumValueType = exports.DataTypeDefinition =
|
|
|
41
41
|
* @module node-opcua-common
|
|
42
42
|
*/
|
|
43
43
|
var node_opcua_types_1 = require("node-opcua-types");
|
|
44
|
-
Object.defineProperty(exports, "
|
|
45
|
-
Object.defineProperty(exports, "
|
|
46
|
-
Object.defineProperty(exports, "
|
|
44
|
+
Object.defineProperty(exports, "BuildInfo", { enumerable: true, get: function () { return node_opcua_types_1.BuildInfo; } });
|
|
45
|
+
Object.defineProperty(exports, "DataTypeDefinition", { enumerable: true, get: function () { return node_opcua_types_1.DataTypeDefinition; } });
|
|
46
|
+
Object.defineProperty(exports, "EnumValueType", { enumerable: true, get: function () { return node_opcua_types_1.EnumValueType; } });
|
|
47
47
|
Object.defineProperty(exports, "ModelChangeStructureDataType", { enumerable: true, get: function () { return node_opcua_types_1.ModelChangeStructureDataType; } });
|
|
48
|
-
Object.defineProperty(exports, "
|
|
48
|
+
Object.defineProperty(exports, "RedundantServerDataType", { enumerable: true, get: function () { return node_opcua_types_1.RedundantServerDataType; } });
|
|
49
49
|
Object.defineProperty(exports, "SamplingIntervalDiagnosticsDataType", { enumerable: true, get: function () { return node_opcua_types_1.SamplingIntervalDiagnosticsDataType; } });
|
|
50
50
|
Object.defineProperty(exports, "SemanticChangeStructureDataType", { enumerable: true, get: function () { return node_opcua_types_1.SemanticChangeStructureDataType; } });
|
|
51
51
|
Object.defineProperty(exports, "ServerDiagnosticsSummaryDataType", { enumerable: true, get: function () { return node_opcua_types_1.ServerDiagnosticsSummaryDataType; } });
|
|
52
|
-
Object.defineProperty(exports, "
|
|
52
|
+
Object.defineProperty(exports, "ServerState", { enumerable: true, get: function () { return node_opcua_types_1.ServerState; } });
|
|
53
|
+
Object.defineProperty(exports, "ServerStatusDataType", { enumerable: true, get: function () { return node_opcua_types_1.ServerStatusDataType; } });
|
|
53
54
|
Object.defineProperty(exports, "ServiceCounterDataType", { enumerable: true, get: function () { return node_opcua_types_1.ServiceCounterDataType; } });
|
|
54
55
|
Object.defineProperty(exports, "SessionDiagnosticsDataType", { enumerable: true, get: function () { return node_opcua_types_1.SessionDiagnosticsDataType; } });
|
|
55
|
-
Object.defineProperty(exports, "
|
|
56
|
-
Object.defineProperty(exports, "
|
|
57
|
-
Object.defineProperty(exports, "EnumValueType", { enumerable: true, get: function () { return node_opcua_types_1.EnumValueType; } });
|
|
56
|
+
Object.defineProperty(exports, "SessionSecurityDiagnosticsDataType", { enumerable: true, get: function () { return node_opcua_types_1.SessionSecurityDiagnosticsDataType; } });
|
|
57
|
+
Object.defineProperty(exports, "SubscriptionDiagnosticsDataType", { enumerable: true, get: function () { return node_opcua_types_1.SubscriptionDiagnosticsDataType; } });
|
|
58
58
|
Object.defineProperty(exports, "TimeZoneDataType", { enumerable: true, get: function () { return node_opcua_types_1.TimeZoneDataType; } });
|
|
59
59
|
__exportStar(require("./applicationurn"), exports);
|
|
60
|
+
__exportStar(require("./certificate_chain_provider"), exports);
|
|
60
61
|
__exportStar(require("./opcua_secure_object"), exports);
|
|
61
62
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../source/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH;;GAEG;AACH,qDAgB0B;AAftB
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../source/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH;;GAEG;AACH,qDAgB0B;AAftB,6GAAA,SAAS,OAAA;AACT,sHAAA,kBAAkB,OAAA;AAClB,iHAAA,aAAa,OAAA;AACb,gIAAA,4BAA4B,OAAA;AAC5B,2HAAA,uBAAuB,OAAA;AACvB,uIAAA,mCAAmC,OAAA;AACnC,mIAAA,+BAA+B,OAAA;AAC/B,oIAAA,gCAAgC,OAAA;AAChC,+GAAA,WAAW,OAAA;AACX,wHAAA,oBAAoB,OAAA;AACpB,0HAAA,sBAAsB,OAAA;AACtB,8HAAA,0BAA0B,OAAA;AAC1B,sIAAA,kCAAkC,OAAA;AAClC,mIAAA,+BAA+B,OAAA;AAC/B,oHAAA,gBAAgB,OAAA;AAGpB,mDAAiC;AACjC,+DAA6C;AAC7C,wDAAsC"}
|
|
@@ -3,12 +3,13 @@
|
|
|
3
3
|
*/
|
|
4
4
|
import { EventEmitter } from "node:events";
|
|
5
5
|
import { type Certificate, type PrivateKey } from "node-opcua-crypto/web";
|
|
6
|
+
import type { ICertificateChainProvider } from "./certificate_chain_provider";
|
|
6
7
|
export interface ICertificateKeyPairProvider {
|
|
7
8
|
getCertificate(): Certificate;
|
|
8
9
|
getCertificateChain(): Certificate[];
|
|
9
10
|
getPrivateKey(): PrivateKey;
|
|
10
11
|
}
|
|
11
|
-
interface IHasCertificateFile {
|
|
12
|
+
export interface IHasCertificateFile {
|
|
12
13
|
readonly certificateFile: string;
|
|
13
14
|
readonly privateKeyFile: string;
|
|
14
15
|
}
|
|
@@ -18,7 +19,7 @@ interface IHasCertificateFile {
|
|
|
18
19
|
* access and kept in truly private `#`-fields so they never appear in
|
|
19
20
|
* `JSON.stringify`, `console.log`, `Object.keys`, or `util.inspect`.
|
|
20
21
|
*/
|
|
21
|
-
export declare class SecretHolder {
|
|
22
|
+
export declare class SecretHolder implements ICertificateChainProvider {
|
|
22
23
|
#private;
|
|
23
24
|
constructor(obj: IHasCertificateFile);
|
|
24
25
|
getCertificate(): Certificate;
|
|
@@ -29,6 +30,11 @@ export declare class SecretHolder {
|
|
|
29
30
|
* After calling dispose the holder will re-read from disk on next access.
|
|
30
31
|
*/
|
|
31
32
|
dispose(): void;
|
|
33
|
+
/**
|
|
34
|
+
* Alias for {@link dispose}.
|
|
35
|
+
* Implements `ICertificateChainProvider.invalidate()`.
|
|
36
|
+
*/
|
|
37
|
+
invalidate(): void;
|
|
32
38
|
toJSON(): Record<string, string>;
|
|
33
39
|
}
|
|
34
40
|
/**
|
|
@@ -68,4 +74,3 @@ export declare class OPCUASecureObject<T extends Record<string | symbol, any> =
|
|
|
68
74
|
getCertificateChain(): Certificate[];
|
|
69
75
|
getPrivateKey(): PrivateKey;
|
|
70
76
|
}
|
|
71
|
-
export {};
|
|
@@ -68,6 +68,13 @@ class SecretHolder {
|
|
|
68
68
|
this.#certificateChain = null;
|
|
69
69
|
this.#privateKey = null;
|
|
70
70
|
}
|
|
71
|
+
/**
|
|
72
|
+
* Alias for {@link dispose}.
|
|
73
|
+
* Implements `ICertificateChainProvider.invalidate()`.
|
|
74
|
+
*/
|
|
75
|
+
invalidate() {
|
|
76
|
+
this.dispose();
|
|
77
|
+
}
|
|
71
78
|
// Prevent secrets from leaking through JSON serialization
|
|
72
79
|
toJSON() {
|
|
73
80
|
return { certificateFile: this.#obj.certificateFile, privateKeyFile: this.#obj.privateKeyFile };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"opcua_secure_object.js","sourceRoot":"","sources":["../source/opcua_secure_object.ts"],"names":[],"mappings":";;;;;;
|
|
1
|
+
{"version":3,"file":"opcua_secure_object.js","sourceRoot":"","sources":["../source/opcua_secure_object.ts"],"names":[],"mappings":";;;;;;AA8HA,0DAKC;AAYD,gEA0BC;AAzKD;;GAEG;AACH,6CAA2C;AAC3C,sDAAyB;AACzB,yDAA2C;AAC3C,yDAAyE;AACzE,+CAAqF;AAerF;;;;;GAKG;AACH,MAAa,YAAY;IACrB,iBAAiB,GAAyB,IAAI,CAAC;IAC/C,WAAW,GAAsB,IAAI,CAAC;IACtC,IAAI,CAAsB;IAE1B,YAAY,GAAwB;QAChC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC;IACpB,CAAC;IAEM,cAAc;QACjB,kDAAkD;QAClD,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAEM,mBAAmB;QACtB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC;YACvC,IAAI,CAAC,iBAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC;YAC5D,CAAC;YACD,MAAM,KAAK,GAAG,IAAA,wCAAoB,EAAC,IAAI,CAAC,CAAC;YACzC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC/B,MAAM,IAAI,KAAK,CAAC,wCAAwC,IAAI,EAAE,CAAC,CAAC;YACpE,CAAC;YACD,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;QACnC,CAAC;QACD,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAClC,CAAC;IAEM,aAAa;QAChB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC;YACtC,IAAI,CAAC,iBAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,EAAE,CAAC,CAAC;YAC5D,CAAC;YACD,MAAM,GAAG,GAAG,IAAA,kCAAc,EAAC,IAAI,CAAC,CAAC;YACjC,IAAI,GAAG,YAAY,MAAM,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,0BAA0B,CAAC,CAAC;YAC3E,CAAC;YACD,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACI,OAAO;QACV,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACI,UAAU;QACb,IAAI,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;IAED,0DAA0D;IACnD,MAAM;QACT,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;IACpG,CAAC;IAED,kEAAkE;IAC3D,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC7C,OAAO,oCAAoC,IAAI,CAAC,IAAI,CAAC,eAAe,uBAAuB,IAAI,CAAC,IAAI,CAAC,cAAc,KAAK,CAAC;IAC7H,CAAC;CACJ;AAvED,oCAuEC;AAED;;;;;GAKG;AACH,MAAM,aAAa,GAAG,IAAI,OAAO,EAAwB,CAAC;AAE1D,SAAS,eAAe,CAAC,GAAsD;IAC3E,IAAI,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,MAAM,GAAG,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC;QAC/B,aAAa,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,uBAAuB,CAAC,GAAgC;IACpE,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,MAAM,EAAE,CAAC;QACT,MAAM,CAAC,OAAO,EAAE,CAAC;IACrB,CAAC;AACL,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,0BAA0B,CAAC,gBAAqD,EAAE,OAAgB;IAC9G,IACI,CAAC,gBAAgB;QACjB,CAAC,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,CAAC;QAClE,CAAC,gBAAgB,YAAY,MAAM,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,CAAC,EACvE,CAAC;QACC,OAAO,EAAE,CAAC;IACd,CAAC;IACD,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAA,eAAS,EAAC,gBAAgB,CAAC,CAAC;IACtG,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,YAAY,CAAC;IACxB,CAAC;IACD,qCAAqC;IACrC,MAAM,aAAa,GAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,IAAI,eAAe,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC7C,oDAAoD;IACpD,IAAI,eAAe,GAAG,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,oEAAoE,OAAO,MAAM,eAAe,EAAE,CAAC,CAAC;IACxH,CAAC;IACD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,KAAK,GAAG,YAAY,CAAC,MAAM,IAAI,eAAe,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,OAAO,EAAE,CAAC;QAC5F,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QACxC,eAAe,IAAI,YAAY,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QAC9C,KAAK,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,aAAa,CAAC;AACzB,CAAC;AAOD;;;;GAIG;AAEH,mEAAmE;AACnE,MAAa,iBACT,SAAQ,0BAAe;IAGP,eAAe,CAAS;IACxB,cAAc,CAAS;IAEvC,YAAY,OAAkC;QAC1C,KAAK,EAAE,CAAC;QACR,IAAA,0BAAM,EAAC,OAAO,OAAO,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC;QACpD,IAAA,0BAAM,EAAC,OAAO,OAAO,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,0BAA0B,CAAC;QAC7E,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,0BAA0B,CAAC;IAC/E,CAAC;IAEM,cAAc;QACjB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;IAClD,CAAC;IAEM,mBAAmB;QACtB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,mBAAmB,EAAE,CAAC;IACvD,CAAC;IAEM,aAAa;QAChB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC,aAAa,EAAE,CAAC;IACjD,CAAC;CACJ;AA1BD,8CA0BC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node-opcua-common",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.168.0",
|
|
4
4
|
"description": "pure nodejs OPCUA SDK - module common",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"test": "mocha",
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
"dependencies": {
|
|
15
15
|
"node-opcua-assert": "2.164.0",
|
|
16
16
|
"node-opcua-crypto": "5.3.3",
|
|
17
|
-
"node-opcua-types": "2.
|
|
17
|
+
"node-opcua-types": "2.168.0"
|
|
18
18
|
},
|
|
19
19
|
"author": "Etienne Rossignon",
|
|
20
20
|
"license": "MIT",
|
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
"internet of things"
|
|
32
32
|
],
|
|
33
33
|
"homepage": "http://node-opcua.github.io/",
|
|
34
|
-
"gitHead": "
|
|
34
|
+
"gitHead": "653b6d6df801ca17298308089dee32e5b12102b6",
|
|
35
35
|
"files": [
|
|
36
36
|
"dist",
|
|
37
37
|
"source"
|
package/source/applicationurn.ts
CHANGED
|
@@ -1,12 +1,11 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* @module node-opcua-common
|
|
3
3
|
*/
|
|
4
|
-
import {createHash} from "crypto";
|
|
4
|
+
import { createHash } from "crypto";
|
|
5
5
|
|
|
6
6
|
import { assert } from "node-opcua-assert";
|
|
7
7
|
|
|
8
8
|
export function makeApplicationUrn(hostname: string, suffix: string): string {
|
|
9
|
-
|
|
10
9
|
assert(!suffix.match(/urn:/), "already a application URN ?");
|
|
11
10
|
// beware : Openssl doesn't support urn with length greater than 64 !!
|
|
12
11
|
// sometimes hostname length could be too long ...
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pluggable certificate chain provider for OPC UA endpoints.
|
|
3
|
+
*
|
|
4
|
+
* Abstracts how an endpoint obtains its certificate chain and private key,
|
|
5
|
+
* allowing both static (in-memory) and dynamic (disk-based) strategies
|
|
6
|
+
* without monkey-patching.
|
|
7
|
+
*
|
|
8
|
+
* @module node-opcua-common
|
|
9
|
+
*/
|
|
10
|
+
import type { Certificate, PrivateKey } from "node-opcua-crypto/web";
|
|
11
|
+
|
|
12
|
+
import type { ICertificateKeyPairProvider } from "./opcua_secure_object";
|
|
13
|
+
|
|
14
|
+
/**
|
|
15
|
+
* Provides a certificate chain and private key to an OPC UA endpoint.
|
|
16
|
+
*
|
|
17
|
+
* Implementations may read from memory, disk, or any other source.
|
|
18
|
+
* See also {@link SecretHolder} which implements this interface for
|
|
19
|
+
* disk-based access with lazy caching.
|
|
20
|
+
*/
|
|
21
|
+
export interface ICertificateChainProvider extends ICertificateKeyPairProvider {
|
|
22
|
+
/**
|
|
23
|
+
* Invalidate any cached values so the next access re-reads
|
|
24
|
+
* from the underlying source. No-op for static providers.
|
|
25
|
+
*/
|
|
26
|
+
invalidate(): void;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
/**
|
|
30
|
+
* Holds a certificate chain and private key in memory.
|
|
31
|
+
*
|
|
32
|
+
* Used as the default provider when push certificate management
|
|
33
|
+
* is NOT installed. The chain can be replaced in-place via `update()`.
|
|
34
|
+
*/
|
|
35
|
+
export class StaticCertificateChainProvider implements ICertificateChainProvider {
|
|
36
|
+
#chain: Certificate[];
|
|
37
|
+
#key: PrivateKey;
|
|
38
|
+
|
|
39
|
+
constructor(chain: Certificate[], key: PrivateKey) {
|
|
40
|
+
this.#chain = chain;
|
|
41
|
+
this.#key = key;
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
public getCertificate(): Certificate {
|
|
45
|
+
return this.#chain[0];
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
public getCertificateChain(): Certificate[] {
|
|
49
|
+
return this.#chain;
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
public getPrivateKey(): PrivateKey {
|
|
53
|
+
return this.#key;
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
/**
|
|
57
|
+
* No-op for static provider — the chain is already in memory.
|
|
58
|
+
* Use `update()` to replace the chain explicitly.
|
|
59
|
+
*/
|
|
60
|
+
public invalidate(): void {
|
|
61
|
+
// nothing to invalidate for a static provider
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
/**
|
|
65
|
+
* Replace the certificate chain and optionally the private key.
|
|
66
|
+
*
|
|
67
|
+
* This immediately affects all consumers that call
|
|
68
|
+
* `getCertificateChain()` on this provider (including
|
|
69
|
+
* endpoint descriptions with dynamic `serverCertificate` getters).
|
|
70
|
+
*/
|
|
71
|
+
public update(chain: Certificate[], key?: PrivateKey): void {
|
|
72
|
+
if (chain.length === 0) {
|
|
73
|
+
throw new Error("StaticCertificateChainProvider.update: chain must not be empty");
|
|
74
|
+
}
|
|
75
|
+
this.#chain = chain;
|
|
76
|
+
if (key !== undefined) {
|
|
77
|
+
this.#key = key;
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
// Prevent secrets from leaking through JSON serialization
|
|
82
|
+
public toJSON(): Record<string, string> {
|
|
83
|
+
return { provider: "StaticCertificateChainProvider" };
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
// Prevent secrets from leaking through console.log / util.inspect
|
|
87
|
+
public [Symbol.for("nodejs.util.inspect.custom")](): string {
|
|
88
|
+
return "StaticCertificateChainProvider { <in-memory> }";
|
|
89
|
+
}
|
|
90
|
+
}
|
package/source/index.ts
CHANGED
|
@@ -9,10 +9,10 @@
|
|
|
9
9
|
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
10
10
|
* the Software, and to permit persons to whom the Software is furnished to do so,
|
|
11
11
|
* subject to the following conditions:
|
|
12
|
-
*
|
|
12
|
+
*
|
|
13
13
|
* The above copyright notice and this permission notice shall be included in all
|
|
14
14
|
* copies or substantial portions of the Software.
|
|
15
|
-
*
|
|
15
|
+
*
|
|
16
16
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
17
17
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
18
18
|
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
@@ -24,22 +24,23 @@
|
|
|
24
24
|
* @module node-opcua-common
|
|
25
25
|
*/
|
|
26
26
|
export {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
ModelChangeStructureDataType,
|
|
31
|
-
|
|
27
|
+
BuildInfo,
|
|
28
|
+
DataTypeDefinition,
|
|
29
|
+
EnumValueType,
|
|
30
|
+
ModelChangeStructureDataType, // ModelChangeStructure
|
|
31
|
+
RedundantServerDataType, // RedundantServer
|
|
32
32
|
SamplingIntervalDiagnosticsDataType, // SamplingIntervalDiagnostics
|
|
33
33
|
SemanticChangeStructureDataType, // SemanticChangeStructure
|
|
34
34
|
ServerDiagnosticsSummaryDataType,
|
|
35
|
-
|
|
35
|
+
ServerState,
|
|
36
|
+
ServerStatusDataType, // ServerStatus
|
|
36
37
|
ServiceCounterDataType,
|
|
37
38
|
SessionDiagnosticsDataType,
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
TimeZoneDataType,
|
|
39
|
+
SessionSecurityDiagnosticsDataType,
|
|
40
|
+
SubscriptionDiagnosticsDataType, // SubscriptionDiagnostics
|
|
41
|
+
TimeZoneDataType
|
|
42
42
|
} from "node-opcua-types";
|
|
43
43
|
|
|
44
44
|
export * from "./applicationurn";
|
|
45
|
+
export * from "./certificate_chain_provider";
|
|
45
46
|
export * from "./opcua_secure_object";
|
|
@@ -7,13 +7,15 @@ import { assert } from "node-opcua-assert";
|
|
|
7
7
|
import { readCertificateChain, readPrivateKey } from "node-opcua-crypto";
|
|
8
8
|
import { type Certificate, type PrivateKey, split_der } from "node-opcua-crypto/web";
|
|
9
9
|
|
|
10
|
+
import type { ICertificateChainProvider } from "./certificate_chain_provider";
|
|
11
|
+
|
|
10
12
|
export interface ICertificateKeyPairProvider {
|
|
11
13
|
getCertificate(): Certificate;
|
|
12
14
|
getCertificateChain(): Certificate[];
|
|
13
15
|
getPrivateKey(): PrivateKey;
|
|
14
16
|
}
|
|
15
17
|
|
|
16
|
-
interface IHasCertificateFile {
|
|
18
|
+
export interface IHasCertificateFile {
|
|
17
19
|
readonly certificateFile: string;
|
|
18
20
|
readonly privateKeyFile: string;
|
|
19
21
|
}
|
|
@@ -24,7 +26,7 @@ interface IHasCertificateFile {
|
|
|
24
26
|
* access and kept in truly private `#`-fields so they never appear in
|
|
25
27
|
* `JSON.stringify`, `console.log`, `Object.keys`, or `util.inspect`.
|
|
26
28
|
*/
|
|
27
|
-
export class SecretHolder {
|
|
29
|
+
export class SecretHolder implements ICertificateChainProvider {
|
|
28
30
|
#certificateChain: Certificate[] | null = null;
|
|
29
31
|
#privateKey: PrivateKey | null = null;
|
|
30
32
|
#obj: IHasCertificateFile;
|
|
@@ -78,6 +80,14 @@ export class SecretHolder {
|
|
|
78
80
|
this.#privateKey = null;
|
|
79
81
|
}
|
|
80
82
|
|
|
83
|
+
/**
|
|
84
|
+
* Alias for {@link dispose}.
|
|
85
|
+
* Implements `ICertificateChainProvider.invalidate()`.
|
|
86
|
+
*/
|
|
87
|
+
public invalidate(): void {
|
|
88
|
+
this.dispose();
|
|
89
|
+
}
|
|
90
|
+
|
|
81
91
|
// Prevent secrets from leaking through JSON serialization
|
|
82
92
|
public toJSON(): Record<string, string> {
|
|
83
93
|
return { certificateFile: this.#obj.certificateFile, privateKeyFile: this.#obj.privateKeyFile };
|
|
@@ -171,7 +181,10 @@ export interface IOPCUASecureObjectOptions {
|
|
|
171
181
|
*/
|
|
172
182
|
|
|
173
183
|
// biome-ignore lint/suspicious/noExplicitAny: EventEmitter use any
|
|
174
|
-
export class OPCUASecureObject<T extends Record<string | symbol, any> = any>
|
|
184
|
+
export class OPCUASecureObject<T extends Record<string | symbol, any> = any>
|
|
185
|
+
extends EventEmitter<T>
|
|
186
|
+
implements ICertificateKeyPairProvider, IHasCertificateFile
|
|
187
|
+
{
|
|
175
188
|
public readonly certificateFile: string;
|
|
176
189
|
public readonly privateKeyFile: string;
|
|
177
190
|
|