node-opcua-crypto 5.3.0 → 5.3.2

package/dist/source_nodejs/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/source_nodejs/index.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,u4CAAC","file":"/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/source_nodejs/index.cjs"}
+{"version":3,"sources":["/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/source_nodejs/index.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,q+DAAC","file":"/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/source_nodejs/index.cjs"}

package/dist/source_nodejs/index.d.cts

@@ -11,13 +11,40 @@ declare function generatePrivateKeyFile(privateKeyFilename: string, modulusLengt
 declare function generatePrivateKeyFileAlternate(privateKeyFilename: string, modulusLength: 2048 | 3072 | 4096): Promise<void>;
 
 /**
- * read a DER or PEM certificate from file
+ * Read a DER or PEM certificate from file.
+ *
+ * **Note:** If the PEM file contains multiple certificate blocks
+ * (e.g. a leaf cert + CA chain), only the **first** certificate
+ * is returned. Use {@link readCertificateChain} to read all
+ * certificates individually.
+ *
+ * @deprecated Use {@link readCertificateChain} instead, which
+ * returns each certificate as a separate DER buffer.
  */
 declare function readCertificate(filename: string): Certificate;
+/**
+ * Read a PEM or DER certificate file that may contain multiple
+ * certificates (e.g. a leaf cert + CA issuer chain) and return
+ * each certificate as a separate DER `Buffer`.
+ *
+ * - For a DER file, returns a single-element array.
+ * - For a PEM file with N certificate blocks, returns N elements
+ *   in the same order they appear in the file (leaf first).
+ */
+declare function readCertificateChain(filename: string): Certificate[];
+/**
+ * Async version of {@link readCertificateChain}.
+ */
+declare function readCertificateChainAsync(filename: string): Promise<Certificate[]>;
 /**
  * Async version of {@link readCertificate}.
  * Uses `fs.promises.readFile` so the event loop is not blocked
  * during I/O.
+ *
+ * **Note:** If the PEM file contains multiple certificate blocks,
+ * only the first is returned. Use {@link readCertificateChainAsync}.
+ *
+ * @deprecated Use {@link readCertificateChainAsync} instead.
  */
 declare function readCertificateAsync(filename: string): Promise<Certificate>;
 /**
@@ -70,4 +97,42 @@ declare function readCertificateRevocationList(filename: string): Promise<Certif
 type CertificateSigningRequest = Buffer;
 declare function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest>;
 
-export { type CertificateSigningRequest, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, readCertificate, readCertificateAsync, readCertificatePEM, readCertificatePEMAsync, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyAsync, readPrivateKeyPEM, readPrivateKeyPEMAsync, readPrivateRsaKey, readPublicKey, readPublicKeyAsync, readPublicKeyPEM, readPublicKeyPEMAsync, readPublicRsaKey, setCertificateStore };
+/**
+ * Convert one or more DER certificates to a PEM string.
+ *
+ * Accepts a single `Certificate` (DER buffer) or an array.
+ * Returns a multi-block PEM string with each certificate
+ * separated by a newline.
+ */
+declare function certificatesToPem(certificates: Certificate | Certificate[]): string;
+/**
+ * Write one or more DER certificates to a PEM file.
+ *
+ * Each certificate is written as a separate PEM block in the
+ * order provided (typically leaf first, then issuer chain).
+ */
+declare function writeCertificateChain(filename: string, certificates: Certificate | Certificate[]): void;
+/**
+ * Async version of {@link writeCertificateChain}.
+ */
+declare function writeCertificateChainAsync(filename: string, certificates: Certificate | Certificate[]): Promise<void>;
+/**
+ * Convert one or more DER certificates to a single concatenated
+ * DER buffer (OPC UA certificate chain format).
+ *
+ * Accepts a single `Certificate` (DER buffer) or an array.
+ */
+declare function certificatesToDer(certificates: Certificate | Certificate[]): Certificate;
+/**
+ * Write one or more DER certificates to a `.der` file as a
+ * concatenated DER chain (OPC UA binary chain format).
+ *
+ * Order should be leaf first, then issuer chain.
+ */
+declare function writeCertificateChainDer(filename: string, certificates: Certificate | Certificate[]): void;
+/**
+ * Async version of {@link writeCertificateChainDer}.
+ */
+declare function writeCertificateChainDerAsync(filename: string, certificates: Certificate | Certificate[]): Promise<void>;
+
+export { type CertificateSigningRequest, certificatesToDer, certificatesToPem, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, readCertificate, readCertificateAsync, readCertificateChain, readCertificateChainAsync, readCertificatePEM, readCertificatePEMAsync, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyAsync, readPrivateKeyPEM, readPrivateKeyPEMAsync, readPrivateRsaKey, readPublicKey, readPublicKeyAsync, readPublicKeyPEM, readPublicKeyPEMAsync, readPublicRsaKey, setCertificateStore, writeCertificateChain, writeCertificateChainAsync, writeCertificateChainDer, writeCertificateChainDerAsync };

package/dist/source_nodejs/index.d.ts

@@ -11,13 +11,40 @@ declare function generatePrivateKeyFile(privateKeyFilename: string, modulusLengt
 declare function generatePrivateKeyFileAlternate(privateKeyFilename: string, modulusLength: 2048 | 3072 | 4096): Promise<void>;
 
 /**
- * read a DER or PEM certificate from file
+ * Read a DER or PEM certificate from file.
+ *
+ * **Note:** If the PEM file contains multiple certificate blocks
+ * (e.g. a leaf cert + CA chain), only the **first** certificate
+ * is returned. Use {@link readCertificateChain} to read all
+ * certificates individually.
+ *
+ * @deprecated Use {@link readCertificateChain} instead, which
+ * returns each certificate as a separate DER buffer.
  */
 declare function readCertificate(filename: string): Certificate;
+/**
+ * Read a PEM or DER certificate file that may contain multiple
+ * certificates (e.g. a leaf cert + CA issuer chain) and return
+ * each certificate as a separate DER `Buffer`.
+ *
+ * - For a DER file, returns a single-element array.
+ * - For a PEM file with N certificate blocks, returns N elements
+ *   in the same order they appear in the file (leaf first).
+ */
+declare function readCertificateChain(filename: string): Certificate[];
+/**
+ * Async version of {@link readCertificateChain}.
+ */
+declare function readCertificateChainAsync(filename: string): Promise<Certificate[]>;
 /**
  * Async version of {@link readCertificate}.
  * Uses `fs.promises.readFile` so the event loop is not blocked
  * during I/O.
+ *
+ * **Note:** If the PEM file contains multiple certificate blocks,
+ * only the first is returned. Use {@link readCertificateChainAsync}.
+ *
+ * @deprecated Use {@link readCertificateChainAsync} instead.
  */
 declare function readCertificateAsync(filename: string): Promise<Certificate>;
 /**
@@ -70,4 +97,42 @@ declare function readCertificateRevocationList(filename: string): Promise<Certif
 type CertificateSigningRequest = Buffer;
 declare function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest>;
 
-export { type CertificateSigningRequest, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, readCertificate, readCertificateAsync, readCertificatePEM, readCertificatePEMAsync, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyAsync, readPrivateKeyPEM, readPrivateKeyPEMAsync, readPrivateRsaKey, readPublicKey, readPublicKeyAsync, readPublicKeyPEM, readPublicKeyPEMAsync, readPublicRsaKey, setCertificateStore };
+/**
+ * Convert one or more DER certificates to a PEM string.
+ *
+ * Accepts a single `Certificate` (DER buffer) or an array.
+ * Returns a multi-block PEM string with each certificate
+ * separated by a newline.
+ */
+declare function certificatesToPem(certificates: Certificate | Certificate[]): string;
+/**
+ * Write one or more DER certificates to a PEM file.
+ *
+ * Each certificate is written as a separate PEM block in the
+ * order provided (typically leaf first, then issuer chain).
+ */
+declare function writeCertificateChain(filename: string, certificates: Certificate | Certificate[]): void;
+/**
+ * Async version of {@link writeCertificateChain}.
+ */
+declare function writeCertificateChainAsync(filename: string, certificates: Certificate | Certificate[]): Promise<void>;
+/**
+ * Convert one or more DER certificates to a single concatenated
+ * DER buffer (OPC UA certificate chain format).
+ *
+ * Accepts a single `Certificate` (DER buffer) or an array.
+ */
+declare function certificatesToDer(certificates: Certificate | Certificate[]): Certificate;
+/**
+ * Write one or more DER certificates to a `.der` file as a
+ * concatenated DER chain (OPC UA binary chain format).
+ *
+ * Order should be leaf first, then issuer chain.
+ */
+declare function writeCertificateChainDer(filename: string, certificates: Certificate | Certificate[]): void;
+/**
+ * Async version of {@link writeCertificateChainDer}.
+ */
+declare function writeCertificateChainDerAsync(filename: string, certificates: Certificate | Certificate[]): Promise<void>;
+
+export { type CertificateSigningRequest, certificatesToDer, certificatesToPem, generatePrivateKeyFile, generatePrivateKeyFileAlternate, getCertificateStore, readCertificate, readCertificateAsync, readCertificateChain, readCertificateChainAsync, readCertificatePEM, readCertificatePEMAsync, readCertificateRevocationList, readCertificateSigningRequest, readPrivateKey, readPrivateKeyAsync, readPrivateKeyPEM, readPrivateKeyPEMAsync, readPrivateRsaKey, readPublicKey, readPublicKeyAsync, readPublicKeyPEM, readPublicKeyPEMAsync, readPublicRsaKey, setCertificateStore, writeCertificateChain, writeCertificateChainAsync, writeCertificateChainDer, writeCertificateChainDerAsync };

package/dist/source_nodejs/index.js

@@ -1,9 +1,13 @@
 import {
+  certificatesToDer,
+  certificatesToPem,
   generatePrivateKeyFile,
   generatePrivateKeyFileAlternate,
   getCertificateStore,
   readCertificate,
   readCertificateAsync,
+  readCertificateChain,
+  readCertificateChainAsync,
   readCertificatePEM,
   readCertificatePEMAsync,
   readCertificateRevocationList,
@@ -18,15 +22,23 @@ import {
   readPublicKeyPEM,
   readPublicKeyPEMAsync,
   readPublicRsaKey,
-  setCertificateStore
-} from "../chunk-QGNXSXUU.js";
-import "../chunk-KCVNMSLI.js";
+  setCertificateStore,
+  writeCertificateChain,
+  writeCertificateChainAsync,
+  writeCertificateChainDer,
+  writeCertificateChainDerAsync
+} from "../chunk-UEEZA3YS.js";
+import "../chunk-ODR4HUB7.js";
 export {
+  certificatesToDer,
+  certificatesToPem,
   generatePrivateKeyFile,
   generatePrivateKeyFileAlternate,
   getCertificateStore,
   readCertificate,
   readCertificateAsync,
+  readCertificateChain,
+  readCertificateChainAsync,
   readCertificatePEM,
   readCertificatePEMAsync,
   readCertificateRevocationList,
@@ -41,6 +53,10 @@ export {
   readPublicKeyPEM,
   readPublicKeyPEMAsync,
   readPublicRsaKey,
-  setCertificateStore
+  setCertificateStore,
+  writeCertificateChain,
+  writeCertificateChainAsync,
+  writeCertificateChainDer,
+  writeCertificateChainDerAsync
 };
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "node-opcua-crypto",
-    "version": "5.3.0",
+    "version": "5.3.2",
     "type": "module",
     "description": "Crypto tools for Node-OPCUA",
     "types": "./dist/index.d.ts",
@@ -57,7 +57,7 @@
         "node": ">=18.0"
     },
     "devDependencies": {
-        "@types/node": "^24.10.1",
+        "@types/node": "^24.12.0",
         "@types/sshpk": "^1.17.4",
         "assert": "^2.1.0",
         "buffer": "^6.0.3",
@@ -65,13 +65,13 @@
         "crypto-browserify": "^3.12.1",
         "events": "^3.3.0",
         "stream-browserify": "^3.0.0",
-        "string_decoder": "^1.1.1",
+        "string_decoder": "^1.3.0",
         "util": "^0.12.5",
         "vm-browserify": "^1.1.2"
     },
     "dependencies": {
         "@peculiar/webcrypto": "^1.5.0",
-        "@peculiar/x509": "^1.14.2",
+        "@peculiar/x509": "^2.0.0",
         "sshpk": "^1.18.0"
     },
     "repository": {
@@ -86,5 +86,5 @@
         "LICENSE",
         "README.md"
     ],
-    "gitHead": "8660de787a060bca52573588214fd7f715e637a4"
+    "gitHead": "ddf7780fd57e6babfd9df320c8d50a8d2f9a8a6a"
 }

package/dist/chunk-7GWSCCWS.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/chunk-7GWSCCWS.cjs","../source_nodejs/generate_private_key_filename.ts","../source_nodejs/read.ts","../source_nodejs/read_certificate_revocation_list.ts","../source_nodejs/read_certificate_signing_request.ts"],"names":["fs"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACF,wDAA6B;AAC7B;AACA;ACcA,gCAAoC;AACpC,gEAAe;AAEf,MAAA,SAAsB,sBAAA,CAAuB,kBAAA,EAA4B,aAAA,EAA0C;AAC/G,EAAA,MAAM,KAAA,EAAO,MAAM,+CAAA,aAA6B,CAAA;AAChD,EAAA,MAAM,cAAA,EAAgB,MAAM,+CAAA,IAAgB,CAAK,UAAU,CAAA;AAC3D,EAAA,MAAM,YAAA,CAAG,QAAA,CAAS,SAAA,CAAU,kBAAA,EAAoB,aAAA,CAAc,OAAA,EAAS,OAAO,CAAA;AAC9E,EAAA,aAAA,CAAc,QAAA,EAAU,EAAA;AACxB,EAAA,aAAA,CAAc,QAAA,EAAU,IAAI,WAAA,CAAY,CAAC,CAAA;AAC7C;AAQA,MAAA,SAAsB,+BAAA,CAAgC,kBAAA,EAA4B,aAAA,EAAmC;AACjH,EAAA,MAAM,EAAE,WAAW,EAAA,EAAI,yCAAA,KAAoB,EAAO;AAAA,IAC9C,aAAA;AAAA,IACA,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,MAAA,EAAQ,MAAM,CAAA;AAAA,IACnD,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,EAAQ,MAAM;AAAA,EACrD,CAAC,CAAA;AACD,EAAA,MAAM,YAAA,CAAG,QAAA,CAAS,SAAA,CAAU,kBAAA,EAAoB,UAAA,EAAY,OAAO,CAAA;AACvE;ADpBA;AACA;AELA,gFAAmB;AACnB;AACA;AACA,wEAAiB;AACjB,4EAAkB;AAclB,SAAS,YAAA,CAAa,QAAA,EAAuB;AACzC,EAAA,8BAAA,OAAc,SAAA,IAAa,QAAQ,CAAA;AACnC,EAAA,OAAO,gDAAA,YAAiBA,CAAG,YAAA,CAAa,QAAA,EAAU,OAAO,CAAC,CAAA;AAC9D;AAEA,SAAS,sBAAA,CAAuB,QAAA,EAAuB;AACnD,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAOA,YAAAA,CAAG,YAAA,CAAa,QAAQ,CAAA;AAAA,EACnC;AACA,EAAA,MAAM,QAAA,EAAkB,YAAA,CAAa,QAAQ,CAAA;AAC7C,EAAA,OAAO,+CAAA,OAAuB,CAAA;AAClC;AAKO,SAAS,eAAA,CAAgB,QAAA,EAA+B;AAC3D,EAAA,OAAO,sBAAA,CAAuB,QAAQ,CAAA;AAC1C;AAOA,MAAA,SAAsB,oBAAA,CAAqB,QAAA,EAAwC;AAC/E,EAAA,MAAM,IAAA,EAAM,MAAMA,YAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,QAAQ,CAAA;AAC/C,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAO,GAAA;AAAA,EACX;AACA,EAAA,MAAM,QAAA,EAAU,gDAAA,GAAiB,CAAI,QAAA,CAAS,OAAO,CAAC,CAAA;AACtD,EAAA,OAAO,+CAAA,OAAuB,CAAA;AAClC;AAKO,SAAS,aAAA,CAAc,QAAA,EAA6B;AACvD,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAA,EAAMA,YAAAA,CAAG,YAAA,CAAa,QAAQ,CAAA;AACpC,IAAA,OAAO,qCAAA,GAAmB,CAAA;AAAA,EAC9B,EAAA,KAAO;AACH,IAAA,MAAM,QAAA,EAAkB,YAAA,CAAa,QAAQ,CAAA;AAC7C,IAAA,OAAO,qCAAA,OAAuB,CAAA;AAAA,EAClC;AACJ;AAKA,MAAA,SAAsB,kBAAA,CAAmB,QAAA,EAAsC;AAC3E,EAAA,MAAM,IAAA,EAAM,MAAMA,YAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,QAAQ,CAAA;AAC/C,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAO,qCAAA,GAAmB,CAAA;AAAA,EAC9B;AACA,EAAA,OAAO,qCAAA,gDAAgB,GAAiB,CAAI,QAAA,CAAS,OAAO,CAAC,CAAC,CAAA;AAClE;AAIA,SAAS,kBAAA,CAAmB,MAAA,EAAqC;AAC7D,EAAA,GAAA,CAAI,CAAC,yBAAA,GAAoB,OAAA,CAAQ,GAAA,CAAI,oBAAA,EAAsB;AAEvD,IAAA,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,EAAG;AACzB,MAAA,MAAM,OAAA,EAAS,qCAAA,MAAM,EAAQ,aAAa,CAAA;AAC1C,MAAA,8BAAA,CAAQ,iBAAA,EAAmB,aAAa,CAAA,CAAE,OAAA,CAAQ,+CAAA,MAAsB,CAAW,EAAA,GAAK,CAAC,CAAA;AACzF,MAAA,OAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,IAC5B;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,gBAAA,CAAiB,MAAgB,EAAE,CAAA;AAAA,EACxD;AAEA,EAAA,MAAM,OAAA,EAAS,OAAA,CAAQ,GAAA,CAAI,YAAA;AAC3B,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe,WAAA;AAC3B,EAAA,MAAM,SAAA,EAAW,sCAAA,MAAuB,CAAA;AACxC,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe,MAAA;AAC3B,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAS,CAAA;AAC9B;AAEA,SAAS,gBAAA,CAAiB,GAAA,EAAqB;AAC3C,EAAA,OAAO,GAAA,CAAI,KAAA,CAAM,KAAK,EAAA,EAAI,IAAA,EAAM,CAAA,EAAA;AAAM;AAC1C;AAI6D;AAC1B,EAAA;AACS,IAAA;AACP,IAAA;AAC1B,EAAA;AACkC,IAAA;AACX,IAAA;AAC9B,EAAA;AACJ;AAK0C;AACR,EAAA;AACC,EAAA;AACE,IAAA;AACjC,EAAA;AAC0B,EAAA;AAC9B;AAEmC;AACH,EAAA;AAChC;AAKsB;AACY,EAAA;AACH,EAAA;AAC/B;AAEiC;AACD,EAAA;AAChC;AAKsB;AACY,EAAA;AACH,EAAA;AAC/B;AAKkC;AACF,EAAA;AAChC;AAMsB;AACY,EAAA;AACH,EAAA;AAC/B;AAEmC;AAEC;AACd,EAAA;AACK,EAAA;AAChB,EAAA;AACX;AAC8C;AACf,EAAA;AACK,IAAA;AAChC,EAAA;AACO,EAAA;AACX;AAKkC;AACP,EAAA;AACH,IAAA;AACpB,EAAA;AACiC,EAAA;AACR,IAAA;AACzB,EAAA;AACgC,EAAA;AACX,EAAA;AACO,EAAA;AACI,EAAA;AAChB,EAAA;AACpB;AAEiC;AACI,EAAA;AACR,IAAA;AACzB,EAAA;AACgC,EAAA;AACF,EAAA;AACF,EAAA;AACK,EAAA;AACrC;AF/DmC;AACA;AG5IpB;AAIO;AACY,EAAA;AACI,EAAA;AAEvB,IAAA;AACX,EAAA;AAC6B,EAAA;AACC,EAAA;AAClC;AH0ImC;AACA;AIvJpB;AAMO;AACY,EAAA;AACI,EAAA;AAEvB,IAAA;AACX,EAAA;AAC6B,EAAA;AACC,EAAA;AAClC;AJmJmC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/chunk-7GWSCCWS.cjs","sourcesContent":[null,"// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport { generateKeyPairSync } from \"node:crypto\";\nimport fs from \"node:fs\";\nimport { generateKeyPair, privateKeyToPEM } from \"../source/index.js\";\nexport async function generatePrivateKeyFile(privateKeyFilename: string, modulusLength: 1024 | 2048 | 3072 | 4096) {\n    const keys = await generateKeyPair(modulusLength);\n    const privateKeyPem = await privateKeyToPEM(keys.privateKey);\n    await fs.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, \"utf-8\");\n    privateKeyPem.privPem = \"\";\n    privateKeyPem.privDer = new ArrayBuffer(0);\n}\n\n/**\n * alternate function to generate PrivateKeyFile, using native\n * node:crypto.\n *\n * This function is slower than generatePrivateKeyFile\n */\nexport async function generatePrivateKeyFileAlternate(privateKeyFilename: string, modulusLength: 2048 | 3072 | 4096) {\n    const { privateKey } = generateKeyPairSync(\"rsa\", {\n        modulusLength,\n        privateKeyEncoding: { type: \"pkcs8\", format: \"pem\" },\n        publicKeyEncoding: { type: \"spki\", format: \"pem\" },\n    });\n    await fs.promises.writeFile(privateKeyFilename, privateKey, \"utf-8\");\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport assert from \"node:assert\";\nimport { createPrivateKey, createPublicKey } from \"node:crypto\";\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport sshpk from \"sshpk\";\nimport type {\n    Certificate,\n    CertificatePEM,\n    DER,\n    KeyObject,\n    PEM,\n    PrivateKey,\n    PrivateKeyPEM,\n    PublicKey,\n    PublicKeyPEM,\n} from \"../source/common.js\";\nimport { convertPEMtoDER, identifyPemType, removeTrailingLF, toPem } from \"../source/crypto_utils.js\";\n\nfunction _readPemFile(filename: string): PEM {\n    assert(typeof filename === \"string\");\n    return removeTrailingLF(fs.readFileSync(filename, \"utf-8\"));\n}\n\nfunction _readPemOrDerFileAsDER(filename: string): DER {\n    if (filename.match(/.*\\.der/)) {\n        return fs.readFileSync(filename) as Buffer;\n    }\n    const raw_key: string = _readPemFile(filename);\n    return convertPEMtoDER(raw_key);\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readCertificate(filename: string): Certificate {\n    return _readPemOrDerFileAsDER(filename) as Certificate;\n}\n\n/**\n * Async version of {@link readCertificate}.\n * Uses `fs.promises.readFile` so the event loop is not blocked\n * during I/O.\n */\nexport async function readCertificateAsync(filename: string): Promise<Certificate> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return buf as Certificate;\n    }\n    const raw_key = removeTrailingLF(buf.toString(\"utf-8\"));\n    return convertPEMtoDER(raw_key) as Certificate;\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPublicKey(filename: string): KeyObject {\n    if (filename.match(/.*\\.der/)) {\n        const der = fs.readFileSync(filename) as Buffer;\n        return createPublicKey(der);\n    } else {\n        const raw_key: string = _readPemFile(filename);\n        return createPublicKey(raw_key);\n    }\n}\n\n/**\n * Async version of {@link readPublicKey}.\n */\nexport async function readPublicKeyAsync(filename: string): Promise<KeyObject> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return createPublicKey(buf);\n    }\n    return createPublicKey(removeTrailingLF(buf.toString(\"utf-8\")));\n}\n\n// console.log(\"createPrivateKey\", (crypto as any).createPrivateKey, process.env.NO_CREATE_PRIVATEKEY);\n\nfunction myCreatePrivateKey(rawKey: string | Buffer): PrivateKey {\n    if (!createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {\n        // we are not running nodejs or createPrivateKey is not supported in the environment\n        if (Buffer.isBuffer(rawKey)) {\n            const pemKey = toPem(rawKey, \"PRIVATE KEY\");\n            assert([\"RSA PRIVATE KEY\", \"PRIVATE KEY\"].indexOf(identifyPemType(pemKey) as string) >= 0);\n            return { hidden: pemKey };\n        }\n        return { hidden: ensureTrailingLF(rawKey as string) };\n    }\n    // see https://askubuntu.com/questions/1409458/openssl-config-cuases-error-in-node-js-crypto-how-should-the-config-be-updated\n    const backup = process.env.OPENSSL_CONF;\n    process.env.OPENSSL_CONF = \"/dev/null\";\n    const retValue = createPrivateKey(rawKey);\n    process.env.OPENSSL_CONF = backup;\n    return { hidden: retValue };\n}\n\nfunction ensureTrailingLF(str: string): string {\n    return str.match(/\\n$/) ? str : `${str}\\n`;\n}\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPrivateKey(filename: string): PrivateKey {\n    if (filename.match(/.*\\.der/)) {\n        const der: Buffer = fs.readFileSync(filename);\n        return myCreatePrivateKey(der);\n    } else {\n        const raw_key: string = _readPemFile(filename);\n        return myCreatePrivateKey(raw_key);\n    }\n}\n\n/**\n * Async version of {@link readPrivateKey}.\n */\nexport async function readPrivateKeyAsync(filename: string): Promise<PrivateKey> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return myCreatePrivateKey(buf);\n    }\n    return myCreatePrivateKey(removeTrailingLF(buf.toString(\"utf-8\")));\n}\n\nexport function readCertificatePEM(filename: string): CertificatePEM {\n    return _readPemFile(filename);\n}\n\n/**\n * Async version of {@link readCertificatePEM}.\n */\nexport async function readCertificatePEMAsync(filename: string): Promise<CertificatePEM> {\n    const buf = await fs.promises.readFile(filename, \"utf-8\");\n    return removeTrailingLF(buf);\n}\n\nexport function readPublicKeyPEM(filename: string): PublicKeyPEM {\n    return _readPemFile(filename);\n}\n\n/**\n * Async version of {@link readPublicKeyPEM}.\n */\nexport async function readPublicKeyPEMAsync(filename: string): Promise<PublicKeyPEM> {\n    const buf = await fs.promises.readFile(filename, \"utf-8\");\n    return removeTrailingLF(buf);\n}\n/**\n *\n * @deprecated\n */\nexport function readPrivateKeyPEM(filename: string): PrivateKeyPEM {\n    return _readPemFile(filename);\n}\n\n/**\n * Async version of {@link readPrivateKeyPEM}.\n * @deprecated\n */\nexport async function readPrivateKeyPEMAsync(filename: string): Promise<PrivateKeyPEM> {\n    const buf = await fs.promises.readFile(filename, \"utf-8\");\n    return removeTrailingLF(buf);\n}\n\nlet _g_certificate_store: string = \"\";\n\nexport function setCertificateStore(store: string): string {\n    const old_store = _g_certificate_store;\n    _g_certificate_store = store;\n    return old_store;\n}\nexport function getCertificateStore(): string {\n    if (!_g_certificate_store) {\n        _g_certificate_store = path.join(__dirname, \"../../certificates/\");\n    }\n    return _g_certificate_store;\n}\n/**\n *\n * @param filename\n */\nexport function readPrivateRsaKey(filename: string): PrivateKey {\n    if (!createPrivateKey) {\n        throw new Error(\"createPrivateKey is not supported in this environment\");\n    }\n    if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n        filename = path.join(getCertificateStore(), filename);\n    }\n    const content = fs.readFileSync(filename, \"utf8\");\n    const sshKey = sshpk.parsePrivateKey(content, \"auto\");\n    const key = sshKey.toString(\"pkcs1\") as PEM;\n    const hidden = createPrivateKey({ format: \"pem\", type: \"pkcs1\", key });\n    return { hidden };\n}\n\nexport function readPublicRsaKey(filename: string): PublicKey {\n    if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n        filename = path.join(getCertificateStore(), filename);\n    }\n    const content = fs.readFileSync(filename, \"utf-8\");\n    const sshKey = sshpk.parseKey(content, \"ssh\");\n    const key = sshKey.toString(\"pkcs1\") as PEM;\n    return createPublicKey({ format: \"pem\", type: \"pkcs1\", key });\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\nimport type { CertificateRevocationList } from \"../source/common.js\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\n\nexport async function readCertificateRevocationList(filename: string): Promise<CertificateRevocationList> {\n    const crl = await fs.promises.readFile(filename);\n    if (crl[0] === 0x30 && crl[1] === 0x82) {\n        // der format\n        return crl as CertificateRevocationList;\n    }\n    const raw_crl = crl.toString();\n    return convertPEMtoDER(raw_crl);\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\nimport type { CertificateRevocationList } from \"../source/common.js\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\n\nexport type CertificateSigningRequest = Buffer;\n\nexport async function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest> {\n    const csr = await fs.promises.readFile(filename);\n    if (csr[0] === 0x30 && csr[1] === 0x82) {\n        // der format\n        return csr as CertificateRevocationList;\n    }\n    const raw_crl = csr.toString();\n    return convertPEMtoDER(raw_crl);\n}\n"]}