node-opcua-crypto 2.2.0 → 3.0.0-beta.0

package/dist/source/x509/_build_public_key.js

@@ -0,0 +1,36 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildPublicKey = void 0;
+const x509_1 = require("@peculiar/x509");
+// https://stackoverflow.com/questions/56807959/generate-public-key-from-private-key-using-webcrypto-api
+function buildPublicKey(privateKey) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const crypto = x509_1.cryptoProvider.get();
+        // export private key to JWK
+        const jwk = yield crypto.subtle.exportKey("jwk", privateKey);
+        // remove private data from JWK
+        delete jwk.d;
+        delete jwk.dp;
+        delete jwk.dq;
+        delete jwk.q;
+        delete jwk.qi;
+        jwk.key_ops = ["encrypt", "wrapKey"];
+        // import public key
+        const publicKey = yield crypto.subtle.importKey("jwk", jwk, { name: "RSA-OAEP", hash: "SHA-512" }, true, [
+            "encrypt",
+            "wrapKey",
+        ]);
+        return publicKey;
+    });
+}
+exports.buildPublicKey = buildPublicKey;
+//# sourceMappingURL=_build_public_key.js.map

package/dist/source/x509/_build_public_key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_build_public_key.js","sourceRoot":"","sources":["../../../source/x509/_build_public_key.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAAgD;AAEhD,wGAAwG;AACxG,SAAsB,cAAc,CAAC,UAAqB;;QACtD,MAAM,MAAM,GAAG,qBAAc,CAAC,GAAG,EAAE,CAAC;QAEpC,4BAA4B;QAC5B,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;QAE7D,+BAA+B;QAC/B,OAAO,GAAG,CAAC,CAAC,CAAC;QACb,OAAO,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,CAAC,CAAC;QACb,OAAO,GAAG,CAAC,EAAE,CAAC;QACd,GAAG,CAAC,OAAO,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAErC,oBAAoB;QACpB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE;YACrG,SAAS;YACT,SAAS;SACZ,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACrB,CAAC;CAAA;AArBD,wCAqBC"}

package/dist/source/x509/_crypto.d.ts

@@ -0,0 +1,3 @@
+import { Crypto } from "@peculiar/webcrypto";
+export declare const crypto: Crypto;
+export * as x509 from "@peculiar/x509";

package/dist/source/x509/_crypto.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.x509 = exports.crypto = void 0;
+const x509 = require("@peculiar/x509");
+const webcrypto_1 = require("@peculiar/webcrypto");
+exports.crypto = new webcrypto_1.Crypto();
+x509.cryptoProvider.set(exports.crypto);
+exports.x509 = require("@peculiar/x509");
+//# sourceMappingURL=_crypto.js.map

package/dist/source/x509/_crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_crypto.js","sourceRoot":"","sources":["../../../source/x509/_crypto.ts"],"names":[],"mappings":";;;AAAA,uCAAuC;AACvC,mDAA6C;AAChC,QAAA,MAAM,GAAG,IAAI,kBAAM,EAAE,CAAC;AACnC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,cAAM,CAAC,CAAC;AAChC,yCAAuC"}

package/dist/source/x509/_fix.d.ts

@@ -0,0 +1,2 @@
+import { Pkcs10CertificateRequest, Pkcs10CertificateRequestCreateParams } from "@peculiar/x509";
+export declare function x509_Pkcs10CertificateRequestGenerator_create_fixed(params: Pkcs10CertificateRequestCreateParams): Promise<Pkcs10CertificateRequest>;

package/dist/source/x509/_fix.js

@@ -0,0 +1,74 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.x509_Pkcs10CertificateRequestGenerator_create_fixed = void 0;
+const asn1Schema = require("@peculiar/asn1-schema");
+const asn1Csr = require("@peculiar/asn1-csr");
+const asn1X509 = require("@peculiar/asn1-x509");
+const asnPkcs9 = require("@peculiar/asn1-pkcs9");
+const tsyringe = require("tsyringe");
+const x509_1 = require("@peculiar/x509");
+function x509_Pkcs10CertificateRequestGenerator_create_fixed(params) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const crypto = x509_1.cryptoProvider.get();
+        if (!params.keys.privateKey) {
+            throw new Error("Bad field 'keys' in 'params' argument. 'privateKey' is empty");
+        }
+        if (!params.keys.publicKey) {
+            throw new Error("Bad field 'keys' in 'params' argument. 'publicKey' is empty");
+        }
+        const spki = yield crypto.subtle.exportKey("spki", params.keys.publicKey);
+        const asnReq = new asn1Csr.CertificationRequest({
+            certificationRequestInfo: new asn1Csr.CertificationRequestInfo({
+                subjectPKInfo: asn1Schema.AsnConvert.parse(spki, asn1X509.SubjectPublicKeyInfo),
+            }),
+        });
+        if (params.name) {
+            const name = params.name instanceof x509_1.Name ? params.name : new x509_1.Name(params.name);
+            asnReq.certificationRequestInfo.subject = asn1Schema.AsnConvert.parse(name.toArrayBuffer(), asn1X509.Name);
+        }
+        if (params.attributes) {
+            for (const o of params.attributes) {
+                asnReq.certificationRequestInfo.attributes.push(asn1Schema.AsnConvert.parse(o.rawData, asn1X509.Attribute));
+            }
+        }
+        if (params.extensions && params.extensions.length) {
+            const attr = new asn1X509.Attribute({ type: asnPkcs9.id_pkcs9_at_extensionRequest });
+            const extensions = new asn1X509.Extensions();
+            for (const o of params.extensions) {
+                extensions.push(asn1Schema.AsnConvert.parse(o.rawData, asn1X509.Extension));
+            }
+            attr.values.push(asn1Schema.AsnConvert.serialize(extensions));
+            asnReq.certificationRequestInfo.attributes.push(attr);
+        }
+        // const signingAlgorithm = { ...params.signingAlgorithm, ...params.keys.privateKey.algorithm };
+        const signingAlgorithm = Object.assign({}, params.keys.privateKey.algorithm);
+        const algProv = tsyringe.container.resolve(x509_1.diAlgorithmProvider);
+        asnReq.signatureAlgorithm = algProv.toAsnAlgorithm(signingAlgorithm);
+        const tbs = asn1Schema.AsnConvert.serialize(asnReq.certificationRequestInfo);
+        const signature = yield crypto.subtle.sign(signingAlgorithm, params.keys.privateKey, tbs);
+        const signatureFormatters = tsyringe.container.resolveAll(x509_1.diAsnSignatureFormatter).reverse();
+        let asnSignature = null;
+        for (const signatureFormatter of signatureFormatters) {
+            asnSignature = signatureFormatter.toAsnSignature(signingAlgorithm, signature);
+            if (asnSignature) {
+                break;
+            }
+        }
+        if (!asnSignature) {
+            throw Error("Cannot convert WebCrypto signature value to ASN.1 format");
+        }
+        asnReq.signature = asnSignature;
+        return new x509_1.Pkcs10CertificateRequest(asn1Schema.AsnConvert.serialize(asnReq));
+    });
+}
+exports.x509_Pkcs10CertificateRequestGenerator_create_fixed = x509_Pkcs10CertificateRequestGenerator_create_fixed;
+//# sourceMappingURL=_fix.js.map

package/dist/source/x509/_fix.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_fix.js","sourceRoot":"","sources":["../../../source/x509/_fix.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,oDAAoD;AACpD,8CAA8C;AAC9C,gDAAgD;AAChD,iDAAiD;AACjD,qCAAqC;AAErC,yCAOwB;AAExB,SAAsB,mDAAmD,CACrE,MAA4C;;QAG5C,MAAM,MAAM,GAAG,qBAAc,CAAC,GAAG,EAAE,CAAC;QAEpC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE;YACzB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;SACnF;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAClF;QACD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1E,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,oBAAoB,CAAC;YAC5C,wBAAwB,EAAE,IAAI,OAAO,CAAC,wBAAwB,CAAC;gBAC3D,aAAa,EAAE,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,oBAAoB,CAAC;aAClF,CAAC;SACL,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,EAAE;YACb,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,YAAY,WAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,WAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC/E,MAAM,CAAC,wBAAwB,CAAC,OAAO,GAAG,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;SAC9G;QACD,IAAI,MAAM,CAAC,UAAU,EAAE;YACnB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;gBAC/B,MAAM,CAAC,wBAAwB,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;aAC/G;SACJ;QACD,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE;YAC/C,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,4BAA4B,EAAE,CAAC,CAAC;YACrF,MAAM,UAAU,GAAG,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YAC7C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;gBAC/B,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;aAC/E;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;YAC9D,MAAM,CAAC,wBAAwB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;SACzD;QAED,gGAAgG;QAE7F,MAAM,gBAAgB,qBAAQ,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAE,CAAC;QAEpE,MAAM,OAAO,GAAQ,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,0BAAmB,CAAC,CAAC;QACrE,MAAM,CAAC,kBAAkB,GAAG,OAAO,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC;QAGrE,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC;QAE7E,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAE1F,MAAM,mBAAmB,GAAU,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,8BAAuB,CAAC,CAAC,OAAO,EAAE,CAAC;QAEpG,IAAI,YAAY,GAAG,IAAI,CAAC;QACxB,KAAK,MAAM,kBAAkB,IAAI,mBAAmB,EAAE;YAClD,YAAY,GAAG,kBAAkB,CAAC,cAAc,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;YAC9E,IAAI,YAAY,EAAE;gBACd,MAAM;aACT;SACJ;QACD,IAAI,CAAC,YAAY,EAAE;YACf,MAAM,KAAK,CAAC,0DAA0D,CAAC,CAAC;SAC3E;QACD,MAAM,CAAC,SAAS,GAAG,YAAY,CAAC;QAChC,OAAO,IAAI,+BAAwB,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACjF,CAAC;CAAA;AA/DD,kHA+DC"}

package/dist/source/x509/_get_attributes.d.ts

@@ -0,0 +1,8 @@
+import { CertificatePurpose } from "../common";
+import { x509 } from "./_crypto";
+export declare function getAttributes(purpose: CertificatePurpose): {
+    nsComment: string;
+    basicConstraints: x509.BasicConstraintsExtension;
+    keyUsageExtension: x509.ExtendedKeyUsage[];
+    usages: x509.KeyUsageFlags;
+};

package/dist/source/x509/_get_attributes.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAttributes = void 0;
+const common_1 = require("../common");
+const _crypto_1 = require("./_crypto");
+// key usage of OPCUA Server or OPCUA Client
+const keyUsageApplication = _crypto_1.x509.KeyUsageFlags.keyEncipherment | _crypto_1.x509.KeyUsageFlags.dataEncipherment | _crypto_1.x509.KeyUsageFlags.digitalSignature;
+// key usage for CA certificate
+const keyUsageCA = _crypto_1.x509.KeyUsageFlags.keyCertSign | _crypto_1.x509.KeyUsageFlags.cRLSign;
+function getAttributes(purpose) {
+    let basicConstraints;
+    let keyUsageExtension = [];
+    let usages;
+    let nsComment;
+    let extension;
+    switch (purpose) {
+        case common_1.CertificatePurpose.ForCertificateAuthority:
+            extension = "v3_ca";
+            /**
+                [ v3_ca ]
+                subjectKeyIdentifier        = hash
+                authorityKeyIdentifier      = keyid:always,issuer:always
+                *  basicConstraints            = CA:TRUE
+                * keyUsage                    = critical, cRLSign, keyCertSign
+                * nsComment                   = "Self-signed Certificate for CA generated by Node-OPCUA Certificate utility"
+                subjectAltName              = $ENV::ALTNAME
+             */
+            basicConstraints = new _crypto_1.x509.BasicConstraintsExtension(true, undefined, false);
+            usages = keyUsageCA;
+            keyUsageExtension = [];
+            nsComment = "Self-signed certificate for CA generated by Node-OPCUA Certificate utility V2";
+            break;
+        case common_1.CertificatePurpose.ForApplication:
+        case common_1.CertificatePurpose.ForUserAuthentication:
+        default:
+            /**
+               [ v3_selfsigned]
+               subjectKeyIdentifier       = hash
+                authorityKeyIdentifier    = keyid,issuer
+                * basicConstraints          = critical, CA:FALSE
+                * keyUsage                  = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyCertSign
+                * extendedKeyUsage          = clientAuth,serverAuth
+                * nsComment                 = "Self-signed certificate generated by Node-OPCUA Certificate utility"
+                subjectAltName            = $ENV::ALTNAME
+             */
+            extension = "v3_selfsigned";
+            basicConstraints = new _crypto_1.x509.BasicConstraintsExtension(false, undefined, true);
+            usages = keyUsageApplication;
+            keyUsageExtension = [_crypto_1.x509.ExtendedKeyUsage.serverAuth, _crypto_1.x509.ExtendedKeyUsage.clientAuth];
+            nsComment = "Self-signed certificate generated by Node-OPCUA Certificate utility V2";
+            break;
+    }
+    return { nsComment, basicConstraints, keyUsageExtension, usages };
+}
+exports.getAttributes = getAttributes;
+//# sourceMappingURL=_get_attributes.js.map

package/dist/source/x509/_get_attributes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_get_attributes.js","sourceRoot":"","sources":["../../../source/x509/_get_attributes.ts"],"names":[],"mappings":";;;AAAA,sCAA+C;AAC/C,uCAA+B;AAE/B,4CAA4C;AAC5C,MAAM,mBAAmB,GACrB,cAAI,CAAC,aAAa,CAAC,eAAe,GAAG,cAAI,CAAC,aAAa,CAAC,gBAAgB,GAAG,cAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;AAEnH,+BAA+B;AAC/B,MAAM,UAAU,GAAG,cAAI,CAAC,aAAa,CAAC,WAAW,GAAG,cAAI,CAAC,aAAa,CAAC,OAAO,CAAC;AAE/E,SAAgB,aAAa,CAAC,OAA2B;IAMrD,IAAI,gBAAgD,CAAC;IACrD,IAAI,iBAAiB,GAA4B,EAAE,CAAC;IACpD,IAAI,MAA0B,CAAC;IAC/B,IAAI,SAAiB,CAAC;IACtB,IAAI,SAAiB,CAAC;IACtB,QAAQ,OAAO,EAAE;QACb,KAAK,2BAAkB,CAAC,uBAAuB;YAC3C,SAAS,GAAG,OAAO,CAAC;YACpB;;;;;;;;eAQG;YACH,gBAAgB,GAAG,IAAI,cAAI,CAAC,yBAAyB,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;YAC9E,MAAM,GAAG,UAAU,CAAC;YACpB,iBAAiB,GAAG,EAAE,CAAC;YACvB,SAAS,GAAG,+EAA+E,CAAC;YAC5F,MAAM;QACV,KAAK,2BAAkB,CAAC,cAAc,CAAC;QACvC,KAAK,2BAAkB,CAAC,qBAAqB,CAAC;QAC9C;YACI;;;;;;;;;eASG;YACH,SAAS,GAAG,eAAe,CAAC;YAC5B,gBAAgB,GAAG,IAAI,cAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;YAC9E,MAAM,GAAG,mBAAmB,CAAC;YAC7B,iBAAiB,GAAG,CAAC,cAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,cAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;YACzF,SAAS,GAAG,wEAAwE,CAAC;YACrF,MAAM;KACb;IACD,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC;AACtE,CAAC;AAjDD,sCAiDC"}

package/dist/source/x509/_internals.js

@@ -0,0 +1,2 @@
+"use strict";
+//# sourceMappingURL=_internals.js.map

package/dist/source/x509/_internals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_internals.js","sourceRoot":"","sources":["../../../source/x509/_internals.ts"],"names":[],"mappings":""}

package/dist/source/x509/create_certificate_signing_request.d.ts

@@ -0,0 +1,18 @@
+import { CertificatePurpose } from "../common";
+import { x509 } from "./_crypto";
+interface CreateCertificateSigningRequestOptions {
+    privateKey: CryptoKey;
+    notBefore?: Date;
+    notAfter?: Date;
+    validity?: number;
+    subject?: string;
+    dns?: string[];
+    ip?: string[];
+    applicationUri?: string;
+    purpose: CertificatePurpose;
+}
+export declare function createCertificateSigningRequest({ privateKey, subject, dns, ip, applicationUri, purpose, }: CreateCertificateSigningRequestOptions): Promise<{
+    csr: string;
+    der: x509.Pkcs10CertificateRequest;
+}>;
+export {};

package/dist/source/x509/create_certificate_signing_request.js

@@ -0,0 +1,53 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCertificateSigningRequest = void 0;
+const subject_1 = require("../subject");
+const _get_attributes_1 = require("./_get_attributes");
+const _crypto_1 = require("./_crypto");
+const _build_public_key_1 = require("./_build_public_key");
+function createCertificateSigningRequest({ privateKey, subject, dns, ip, applicationUri, purpose, }) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const modulusLength = 2048;
+        const alg = {
+            name: "RSASSA-PKCS1-v1_5",
+            hash: { name: "SHA-256" },
+            publicExponent: new Uint8Array([1, 0, 1]),
+            modulusLength,
+        };
+        const publicKey = yield (0, _build_public_key_1.buildPublicKey)(privateKey);
+        const keys = {
+            privateKey,
+            publicKey,
+        };
+        const alternativeNameExtensions = [];
+        dns && dns.forEach((d) => alternativeNameExtensions.push({ type: "dns", value: d }));
+        ip && ip.forEach((d) => alternativeNameExtensions.push({ type: "ip", value: d }));
+        applicationUri && alternativeNameExtensions.push({ type: "url", value: applicationUri });
+        const { basicConstraints, usages } = (0, _get_attributes_1.getAttributes)(purpose);
+        const s = new subject_1.Subject(subject || "");
+        const s1 = s.toStringInternal(", ");
+        const name = s1;
+        const csr = yield _crypto_1.x509.Pkcs10CertificateRequestGenerator.create({
+            name,
+            keys,
+            signingAlgorithm: alg,
+            extensions: [
+                basicConstraints,
+                new _crypto_1.x509.KeyUsagesExtension(usages, true),
+                new _crypto_1.x509.SubjectAlternativeNameExtension(alternativeNameExtensions),
+            ],
+        });
+        return { csr: csr.toString("pem"), der: csr };
+    });
+}
+exports.createCertificateSigningRequest = createCertificateSigningRequest;
+//# sourceMappingURL=create_certificate_signing_request.js.map

package/dist/source/x509/create_certificate_signing_request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create_certificate_signing_request.js","sourceRoot":"","sources":["../../../source/x509/create_certificate_signing_request.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAqC;AAErC,uDAAkD;AAClD,uCAAiC;AACjC,2DAAqD;AAarD,SAAsB,+BAA+B,CAAC,EAClD,UAAU,EACV,OAAO,EACP,GAAG,EACH,EAAE,EACF,cAAc,EACd,OAAO,GAC8B;;QACrC,MAAM,aAAa,GAAG,IAAI,CAAC;QAE3B,MAAM,GAAG,GAAG;YACR,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YACzB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YACzC,aAAa;SAChB,CAAC;QAEF,MAAM,SAAS,GAAI,MAAM,IAAA,kCAAc,EAAC,UAAU,CAAC,CAAC;QAEpD,MAAM,IAAI,GAAG;YACT,UAAU;YACV,SAAS;SACZ,CAAC;QAEF,MAAM,yBAAyB,GAA2B,EAAE,CAAC;QAC7D,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACrF,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAClF,cAAc,IAAI,yBAAyB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEzF,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAA,+BAAa,EAAC,OAAO,CAAC,CAAC;QAE5D,MAAM,CAAC,GAAG,IAAI,iBAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,EAAE,CAAC;QAEhB,MAAM,GAAG,GAAG,MAAM,cAAI,CAAC,iCAAiC,CAAC,MAAM,CAAC;YAC5D,IAAI;YACJ,IAAI;YACJ,gBAAgB,EAAE,GAAG;YACrB,UAAU,EAAE;gBACR,gBAAgB;gBAChB,IAAI,cAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;gBACzC,IAAI,cAAI,CAAC,+BAA+B,CAAC,yBAAyB,CAAC;aACtE;SACJ,CAAC,CAAC;QACH,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IAClD,CAAC;CAAA;AA9CD,0EA8CC"}

package/dist/source/x509/create_key_pair.d.ts

@@ -0,0 +1,28 @@
+interface KeyAlgorithm {
+    name: string;
+}
+type KeyType = "private" | "public" | "secret";
+type KeyUsage = "decrypt" | "deriveBits" | "deriveKey" | "encrypt" | "sign" | "unwrapKey" | "verify" | "wrapKey";
+/**
+ * The CryptoKey dictionary of the Web Crypto API represents a cryptographic key.
+ * Available only in secure contexts.
+ */
+interface CryptoKey {
+    readonly algorithm: KeyAlgorithm;
+    readonly extractable: boolean;
+    readonly type: KeyType;
+    readonly usages: KeyUsage[];
+}
+interface CryptoKeyPair {
+    privateKey: CryptoKey;
+    publicKey: CryptoKey;
+}
+export declare function generateKeyPair(modulusLength?: 1024 | 2048 | 3072 | 4096): Promise<CryptoKeyPair>;
+export declare function generatePrivateKey(modulusLength?: 1024 | 2048 | 3072 | 4096): Promise<CryptoKey>;
+export declare function privateKeyToPEM(privateKey: CryptoKey): Promise<{
+    privPem: string;
+    privDer: ArrayBuffer;
+}>;
+export declare function derToPrivateKey(privDer: ArrayBuffer): Promise<CryptoKey>;
+export declare function pemToPrivateKey(pem: string): Promise<CryptoKey>;
+export {};

package/dist/source/x509/create_key_pair.js

@@ -0,0 +1,62 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.pemToPrivateKey = exports.derToPrivateKey = exports.privateKeyToPEM = exports.generatePrivateKey = exports.generateKeyPair = void 0;
+const x509 = require("@peculiar/x509");
+const webcrypto_1 = require("@peculiar/webcrypto");
+const crypto = new webcrypto_1.Crypto();
+x509.cryptoProvider.set(crypto);
+// ---------------------------------------------------------
+function generateKeyPair(modulusLength = 2048) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const alg = {
+            name: "RSASSA-PKCS1-v1_5",
+            hash: { name: "SHA-256" },
+            publicExponent: new Uint8Array([1, 0, 1]),
+            modulusLength,
+        };
+        const keys = yield crypto.subtle.generateKey(alg, true, ["sign", "verify"]);
+        return keys;
+    });
+}
+exports.generateKeyPair = generateKeyPair;
+function generatePrivateKey(modulusLength = 2048) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (yield generateKeyPair(modulusLength)).privateKey;
+    });
+}
+exports.generatePrivateKey = generatePrivateKey;
+function privateKeyToPEM(privateKey) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const privDer = yield crypto.subtle.exportKey("pkcs8", privateKey);
+        const privPem = x509.PemConverter.encode(privDer, "PRIVATE KEY");
+        return { privPem, privDer };
+    });
+}
+exports.privateKeyToPEM = privateKeyToPEM;
+function derToPrivateKey(privDer) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return yield crypto.subtle.importKey("pkcs8", privDer, {
+            name: "RSASSA-PKCS1-v1_5",
+            hash: { name: "SHA-256" },
+        }, true, ["sign", "encrypt", "decrypt", "verify", "wrapKey", "unwrapKey", "deriveKey", "deriveBits"]);
+    });
+}
+exports.derToPrivateKey = derToPrivateKey;
+function pemToPrivateKey(pem) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/importKey
+        const privDer = x509.PemConverter.decode(pem);
+        return derToPrivateKey(privDer[0]);
+    });
+}
+exports.pemToPrivateKey = pemToPrivateKey;
+//# sourceMappingURL=create_key_pair.js.map

package/dist/source/x509/create_key_pair.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create_key_pair.js","sourceRoot":"","sources":["../../../source/x509/create_key_pair.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,uCAAuC;AACvC,mDAA6C;AAC7C,MAAM,MAAM,GAAG,IAAI,kBAAM,EAAE,CAAC;AAC5B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AAyBhC,4DAA4D;AAE5D,SAAsB,eAAe,CAAC,gBAA2C,IAAI;;QACjF,MAAM,GAAG,GAA0B;YAC/B,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;YACzB,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YACzC,aAAa;SAChB,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QAE5E,OAAO,IAAI,CAAC;IAChB,CAAC;CAAA;AAVD,0CAUC;AAED,SAAsB,kBAAkB,CAAC,gBAA2C,IAAI;;QACpF,OAAO,CAAC,MAAM,eAAe,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC;IAC7D,CAAC;CAAA;AAFD,gDAEC;AAED,SAAsB,eAAe,CAAC,UAAqB;;QACvD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QACjE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAChC,CAAC;CAAA;AAJD,0CAIC;AAED,SAAsB,eAAe,CAAC,OAAoB;;QACtD,OAAO,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAChC,OAAO,EACP,OAAO,EACP;YACI,IAAI,EAAE,mBAAmB;YACzB,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;SAC5B,EACD,IAAI,EACJ,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC,CAC9F,CAAC;IACN,CAAC;CAAA;AAXD,0CAWC;AAED,SAAsB,eAAe,CAAC,GAAW;;QAC7C,0EAA0E;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9C,OAAO,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;CAAA;AAJD,0CAIC"}

package/dist/source/x509/create_self_signed_certificate.d.ts

@@ -0,0 +1,17 @@
+import { CertificatePurpose } from "../common";
+import { x509 } from "./_crypto";
+export interface CreateSelfSignCertificateOptions {
+    privateKey: CryptoKey;
+    notBefore?: Date;
+    notAfter?: Date;
+    validity?: number;
+    subject?: string;
+    dns?: string[];
+    ip?: string[];
+    applicationUri?: string;
+    purpose: CertificatePurpose;
+}
+export declare function createSelfSignedCertificate({ privateKey, notAfter, notBefore, validity, subject, dns, ip, applicationUri, purpose, }: CreateSelfSignCertificateOptions): Promise<{
+    cert: string;
+    der: x509.X509Certificate;
+}>;

package/dist/source/x509/create_self_signed_certificate.js

@@ -0,0 +1,71 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSelfSignedCertificate = void 0;
+const subject_1 = require("../subject");
+const _crypto_1 = require("./_crypto");
+const _get_attributes_1 = require("./_get_attributes");
+const _build_public_key_1 = require("./_build_public_key");
+function createSelfSignedCertificate({ privateKey, notAfter, notBefore, validity, subject, dns, ip, applicationUri, purpose, }) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const publicKey = yield (0, _build_public_key_1.buildPublicKey)(privateKey);
+        const keys = {
+            privateKey,
+            publicKey,
+        };
+        const { nsComment, basicConstraints, keyUsageExtension, usages } = (0, _get_attributes_1.getAttributes)(purpose);
+        notBefore = notBefore || new Date();
+        validity = validity || 0;
+        if (!notAfter) {
+            validity = validity || 365;
+        }
+        notAfter = notAfter || new Date(notBefore.getTime() + validity * 24 * 60 * 60 * 1000);
+        const alternativeNameExtensions = [];
+        dns && dns.forEach((d) => alternativeNameExtensions.push({ type: "dns", value: d }));
+        ip && ip.forEach((d) => alternativeNameExtensions.push({ type: "ip", value: d }));
+        applicationUri && alternativeNameExtensions.push({ type: "url", value: applicationUri });
+        // https://opensource.apple.com/source/OpenSSH/OpenSSH-186/osslshim/heimdal-asn1/rfc2459.asn1.auto.html
+        const ID_NETSCAPE_COMMENT = "2.16.840.1.113730.1.13";
+        const s = new subject_1.Subject(subject || "");
+        const s1 = s.toStringInternal(", ");
+        const name = s1;
+        // const issuer = s1;
+        /**
+         *  name: "CN=Test, O=Дом",
+         *  subject: "CN=Test, O=Дом",
+         *  issuer: "CN=Test, O=Дом",
+    
+         */
+        //  const gg = new x509.GeneralNames(gga);
+        const cert = yield _crypto_1.x509.X509CertificateGenerator.createSelfSigned({
+            serialNumber: "01",
+            name,
+            // subject: s1,
+            // issuer,
+            notBefore,
+            notAfter,
+            signingAlgorithm: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } },
+            keys,
+            extensions: [
+                new _crypto_1.x509.Extension(ID_NETSCAPE_COMMENT, false, Buffer.from(nsComment, "ascii")),
+                // new x509.BasicConstraintsExtension(true, 2, true),
+                basicConstraints,
+                new _crypto_1.x509.ExtendedKeyUsageExtension(keyUsageExtension, true),
+                new _crypto_1.x509.KeyUsagesExtension(usages, true),
+                yield _crypto_1.x509.SubjectKeyIdentifierExtension.create(keys.publicKey),
+                new _crypto_1.x509.SubjectAlternativeNameExtension(alternativeNameExtensions),
+            ],
+        });
+        return { cert: cert.toString("pem"), der: cert };
+    });
+}
+exports.createSelfSignedCertificate = createSelfSignedCertificate;
+//# sourceMappingURL=create_self_signed_certificate.js.map

package/dist/source/x509/create_self_signed_certificate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create_self_signed_certificate.js","sourceRoot":"","sources":["../../../source/x509/create_self_signed_certificate.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,wCAAqC;AAErC,uCAAiC;AACjC,uDAAkD;AAClD,2DAAqD;AAcrD,SAAsB,2BAA2B,CAAC,EAC9C,UAAU,EACV,QAAQ,EACR,SAAS,EACT,QAAQ,EACR,OAAO,EACP,GAAG,EACH,EAAE,EACF,cAAc,EACd,OAAO,GACwB;;QAE9B,MAAM,SAAS,GAAG,MAAM,IAAA,kCAAc,EAAC,UAAU,CAAC,CAAC;QAEpD,MAAM,IAAI,GAAG;YACT,UAAU;YACV,SAAS;SACZ,CAAC;QAEF,MAAM,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,EAAE,GAAG,IAAA,+BAAa,EAAC,OAAO,CAAC,CAAC;QAE1F,SAAS,GAAG,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC;QACpC,QAAQ,GAAG,QAAQ,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,QAAQ,EAAE;YACX,QAAQ,GAAG,QAAQ,IAAI,GAAG,CAAC;SAC9B;QACD,QAAQ,GAAG,QAAQ,IAAI,IAAI,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,QAAQ,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAEtF,MAAM,yBAAyB,GAA2B,EAAE,CAAC;QAC7D,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACrF,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAClF,cAAc,IAAI,yBAAyB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEzF,uGAAuG;QACvG,MAAM,mBAAmB,GAAG,wBAAwB,CAAC;QAErD,MAAM,CAAC,GAAG,IAAI,iBAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,EAAE,CAAC;QAChB,qBAAqB;QACrB;;;;;WAKG;QAEH,0CAA0C;QAC1C,MAAM,IAAI,GAAG,MAAM,cAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;YAC9D,YAAY,EAAE,IAAI;YAClB,IAAI;YACJ,eAAe;YACf,UAAU;YACV,SAAS;YACT,QAAQ;YAER,gBAAgB,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE;YAE1E,IAAI;YAEJ,UAAU,EAAE;gBACR,IAAI,cAAI,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC/E,qDAAqD;gBACrD,gBAAgB;gBAChB,IAAI,cAAI,CAAC,yBAAyB,CAAC,iBAAiB,EAAE,IAAI,CAAC;gBAC3D,IAAI,cAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,IAAI,CAAC;gBACzC,MAAM,cAAI,CAAC,6BAA6B,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;gBAC/D,IAAI,cAAI,CAAC,+BAA+B,CAAC,yBAAyB,CAAC;aACtE;SACJ,CAAC,CAAC;QAEH,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACrD,CAAC;CAAA;AAxED,kEAwEC"}

package/dist/source_nodejs/generate_private_key_filename.d.ts

@@ -0,0 +1 @@
+export declare function generatePrivateKeyFile(privateKeyFilename: string, modulusLength: 1024 | 2048 | 3072 | 4096): Promise<void>;

package/dist/source_nodejs/generate_private_key_filename.js

@@ -0,0 +1,25 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generatePrivateKeyFile = void 0;
+const fs = require("fs");
+const source_1 = require("../source");
+function generatePrivateKeyFile(privateKeyFilename, modulusLength) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const keys = yield (0, source_1.generateKeyPair)(modulusLength);
+        const privateKeyPem = yield (0, source_1.privateKeyToPEM)(keys.privateKey);
+        yield fs.promises.writeFile(privateKeyFilename, privateKeyPem.privPem);
+        privateKeyPem.privPem = "";
+        privateKeyPem.privDer = new Uint8Array(0);
+    });
+}
+exports.generatePrivateKeyFile = generatePrivateKeyFile;
+//# sourceMappingURL=generate_private_key_filename.js.map

package/dist/source_nodejs/generate_private_key_filename.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate_private_key_filename.js","sourceRoot":"","sources":["../../source_nodejs/generate_private_key_filename.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yBAAyB;AACzB,sCAA6D;AAE7D,SAAsB,sBAAsB,CAAC,kBAA0B,EAAE,aAAqC;;QAC1G,MAAM,IAAI,GAAG,MAAM,IAAA,wBAAe,EAAC,aAAa,CAAC,CAAC;QAClD,MAAM,aAAa,GAAG,MAAM,IAAA,wBAAe,EAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7D,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,kBAAkB,EAAE,aAAa,CAAC,OAAO,CAAC,CAAC;QACvE,aAAa,CAAC,OAAO,GAAG,EAAE,CAAC;QAC3B,aAAa,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9C,CAAC;CAAA;AAND,wDAMC"}

package/dist/source_nodejs/index.d.ts

@@ -1,3 +1,4 @@
 export * from "./read";
 export * from "./read_certificate_revocation_list";
 export * from "./read_certificate_signing_request";
+export * from "./generate_private_key_filename";

package/dist/source_nodejs/index.js

@@ -17,4 +17,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./read"), exports);
 __exportStar(require("./read_certificate_revocation_list"), exports);
 __exportStar(require("./read_certificate_signing_request"), exports);
+__exportStar(require("./generate_private_key_filename"), exports);
 //# sourceMappingURL=index.js.map

package/dist/source_nodejs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../source_nodejs/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,qEAAmD;AACnD,qEAAmD"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../source_nodejs/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,qEAAmD;AACnD,qEAAmD;AACnD,kEAAgD"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-opcua-crypto",
-  "version": "2.2.0",
+  "version": "3.0.0-beta.0",
   "description": "Crypto tools for Node-OPCUA",
   "main": "./index.js",
   "types": "./index.d.ts",
@@ -27,11 +27,14 @@
   ],
   "author": "Etienne Rossignon",
   "license": "MIT",
+  "engine": {
+    "node": ">15.0"
+  },
   "devDependencies": {
     "@types/mocha": "^10.0.1",
-    "@types/node": "^20.1.0",
-    "@typescript-eslint/eslint-plugin": "^5.59.2",
-    "@typescript-eslint/parser": "^5.59.2",
+    "@types/node": "^20.1.4",
+    "@typescript-eslint/eslint-plugin": "^5.59.5",
+    "@typescript-eslint/parser": "^5.59.5",
     "eslint": "^8.40.0",
     "eslint-config-prettier": "^8.8.0",
     "eslint-plugin-prettier": "^4.2.1",
@@ -45,6 +48,9 @@
     "typescript": "^5.0.4"
   },
   "dependencies": {
+    "@peculiar/webcrypto": "^1.4.3",
+    "@peculiar/x509": "^1.9.3",
+    "@types/jsrsasign": "^10.5.8",
     "better-assert": "^1.0.2",
     "chalk": "^4.1.2",
     "hexy": "0.3.4",

package/source/asn1.ts

@@ -192,7 +192,7 @@ function parseOID(buffer: Buffer, start: number, end: number): string {
 
 export function _readObjectIdentifier(buffer: Buffer, block: BlockInfo): { oid: string; name: string } {
     assert(block.tag === TagType.OBJECT_IDENTIFIER);
-    const b = buffer.slice(block.position, block.position + block.length);
+    const b = buffer.subarray(block.position, block.position + block.length);
     const oid = parseOID(b, 0, block.length);
     return {
         oid,

package/source/common.ts

@@ -13,3 +13,10 @@ export type PublicKeyPEM = PEM;
 
 export type Signature = Buffer;
 export type CertificateRevocationList = Buffer;
+
+export enum CertificatePurpose {
+    NotSpecified = 0,
+    ForCertificateAuthority = 1,
+    ForApplication = 2,
+    ForUserAuthentication = 3, // X509
+}

package/source/explore_private_key.ts

@@ -35,8 +35,7 @@ const doDebug = !!process.env.DEBUG;
 }
  */
 export function explorePrivateKey(privateKey1: PrivateKey): PrivateKeyInternals {
-    const privateKey = privateKey1.export({ format: "der", type: "pkcs1" }) as Buffer;
-    assert(privateKey instanceof Buffer);
+    const privateKey = privateKey1.export({ format: "der", type: "pkcs1" });
     const block_info = readTag(privateKey, 0);
     const blocks = _readStruct(privateKey, block_info);