node-opcua-pki 2.15.2 → 2.16.0

package/lib/misc/subject.ts

@@ -1,110 +1,110 @@
-// ---------------------------------------------------------------------------------------------------------------------
-// node-opcua-pki
-// ---------------------------------------------------------------------------------------------------------------------
-// Copyright (c) 2014-2021 - Etienne Rossignon - etienne.rossignon (at) gadz.org
-// ---------------------------------------------------------------------------------------------------------------------
-//
-// This  project is licensed under the terms of the MIT license.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
-// documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
-// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so,  subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
-// Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
-// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-// ---------------------------------------------------------------------------------------------------------------------
-
-export interface SubjectOptions {
-    commonName?: string;
-    organization?: string;
-    organizationalUnit?: string;
-    locality?: string;
-    state?: string;
-    country?: string;
-    domainComponent?: string;
-}
-
-const _keys = {
-    C: "country",
-    CN: "commonName",
-    DC: "domainComponent",
-    L: "locality",
-    O: "organization",
-    OU: "organizationalUnit",
-    ST: "state",
-};
-
-export class Subject implements SubjectOptions {
-    public readonly commonName?: string;
-    public readonly organization?: string;
-    public readonly organizationalUnit?: string;
-    public readonly locality?: string;
-    public readonly state?: string;
-    public readonly country?: string;
-    public readonly domainComponent?: string;
-
-    constructor(options: SubjectOptions | string) {
-        if (typeof options === "string") {
-            options = Subject.parse(options);
-        }
-        this.commonName = options.commonName;
-        this.organization = options.organization;
-        this.organizationalUnit = options.organizationalUnit;
-        this.locality = options.locality;
-        this.state = options.state;
-        this.country = options.country;
-        this.domainComponent = options.domainComponent;
-    }
-
-    public static parse(str: string): SubjectOptions {
-        const elements = str.split(/\/(?=[^/]*?=)/);
-        const options: Record<string, unknown> = {};
-
-        elements.forEach((element: string) => {
-            if (element.length === 0) {
-                return;
-            }
-            const s: string[] = element.split("=");
-
-            if (s.length !== 2) {
-                throw new Error("invalid format for " + element);
-            }
-            const longName = (_keys as any)[s[0]];
-            const value = s[1];
-            options[longName] = Buffer.from(value, "ascii").toString("utf8");
-        });
-        return options as SubjectOptions;
-    }
-
-    public toString() {
-        let tmp = "";
-        if (this.country) {
-            tmp += "/C=" + this.country;
-        }
-        if (this.state) {
-            tmp += "/ST=" + this.state;
-        }
-        if (this.locality) {
-            tmp += "/L=" + this.locality;
-        }
-        if (this.organization) {
-            tmp += "/O=" + this.organization;
-        }
-        if (this.organizationalUnit) {
-            tmp += "/OU=" + this.organization;
-        }
-        if (this.commonName) {
-            tmp += "/CN=" + this.commonName;
-        }
-        if (this.domainComponent) {
-            tmp += "/DC=" + this.domainComponent;
-        }
-        return tmp;
-    }
-}
+// ---------------------------------------------------------------------------------------------------------------------
+// node-opcua-pki
+// ---------------------------------------------------------------------------------------------------------------------
+// Copyright (c) 2014-2021 - Etienne Rossignon - etienne.rossignon (at) gadz.org
+// ---------------------------------------------------------------------------------------------------------------------
+//
+// This  project is licensed under the terms of the MIT license.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+// documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so,  subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+// Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+// ---------------------------------------------------------------------------------------------------------------------
+
+export interface SubjectOptions {
+    commonName?: string;
+    organization?: string;
+    organizationalUnit?: string;
+    locality?: string;
+    state?: string;
+    country?: string;
+    domainComponent?: string;
+}
+
+const _keys = {
+    C: "country",
+    CN: "commonName",
+    DC: "domainComponent",
+    L: "locality",
+    O: "organization",
+    OU: "organizationalUnit",
+    ST: "state",
+};
+
+export class Subject implements SubjectOptions {
+    public readonly commonName?: string;
+    public readonly organization?: string;
+    public readonly organizationalUnit?: string;
+    public readonly locality?: string;
+    public readonly state?: string;
+    public readonly country?: string;
+    public readonly domainComponent?: string;
+
+    constructor(options: SubjectOptions | string) {
+        if (typeof options === "string") {
+            options = Subject.parse(options);
+        }
+        this.commonName = options.commonName;
+        this.organization = options.organization;
+        this.organizationalUnit = options.organizationalUnit;
+        this.locality = options.locality;
+        this.state = options.state;
+        this.country = options.country;
+        this.domainComponent = options.domainComponent;
+    }
+
+    public static parse(str: string): SubjectOptions {
+        const elements = str.split(/\/(?=[^/]*?=)/);
+        const options: Record<string, unknown> = {};
+
+        elements.forEach((element: string) => {
+            if (element.length === 0) {
+                return;
+            }
+            const s: string[] = element.split("=");
+
+            if (s.length !== 2) {
+                throw new Error("invalid format for " + element);
+            }
+            const longName = (_keys as any)[s[0]];
+            const value = s[1];
+            options[longName] = Buffer.from(value, "ascii").toString("utf8");
+        });
+        return options as SubjectOptions;
+    }
+
+    public toString() {
+        let tmp = "";
+        if (this.country) {
+            tmp += "/C=" + this.country;
+        }
+        if (this.state) {
+            tmp += "/ST=" + this.state;
+        }
+        if (this.locality) {
+            tmp += "/L=" + this.locality;
+        }
+        if (this.organization) {
+            tmp += "/O=" + this.organization;
+        }
+        if (this.organizationalUnit) {
+            tmp += "/OU=" + this.organization;
+        }
+        if (this.commonName) {
+            tmp += "/CN=" + this.commonName;
+        }
+        if (this.domainComponent) {
+            tmp += "/DC=" + this.domainComponent;
+        }
+        return tmp;
+    }
+}

package/lib/pki/common.ts

@@ -1,5 +1,5 @@
-export type KeySize = 1024 | 2048 | 3072 | 4096;
-export type Thumbprint = string;
-export type Filename = string;
-export type CertificateStatus = "unknown" | "trusted" | "rejected";
-export type ErrorCallback = (err?: Error | null) => void;
+export type KeySize = 1024 | 2048 | 3072 | 4096;
+export type Thumbprint = string;
+export type Filename = string;
+export type CertificateStatus = "unknown" | "trusted" | "rejected";
+export type ErrorCallback = (err?: Error | null) => void;

package/lib/pki/templates/ca_config_template.cnf.ts

@@ -1,129 +1,129 @@
-const config =
-    "#.........DO NOT MODIFY BY HAND .........................\n" +
-    "[ ca ]\n" +
-    "default_ca               = CA_default\n" +
-    "[ CA_default ]\n" +
-    "dir                      = %%ROOT_FOLDER%%            # the main CA folder\n" +
-    "certs                    = $dir/certs                 # where to store certificates\n" +
-    "new_certs_dir            = $dir/certs                 #\n" +
-    "database                 = $dir/index.txt             # the certificate database\n" +
-    "serial                   = $dir/serial                # the serial number counter\n" +
-    "certificate              = $dir/public/cacert.pem     # The root CA certificate\n" +
-    "private_key              = $dir/private/cakey.pem     # the CA private key\n" +
-    "x509_extensions          = usr_cert                   #\n" +
-    "default_days             = 3650                       # default validity : 10 years\n" +
-    "\n" +
-    "# default_md               = sha1\n" +
-    "\n" +
-    "default_md                = sha256                      # The default digest algorithm\n" +
-    "\n" +
-    "preserve                 = no\n" +
-    "policy                   = policy_match\n" +
-    "# randfile                 = $dir/random.rnd\n" +
-    "# default_startdate        = YYMMDDHHMMSSZ\n" +
-    "# default_enddate          = YYMMDDHHMMSSZ\n" +
-    "crl_dir                  = $dir/crl\n" +
-    "crl_extensions           = crl_ext\n" +
-    "crl                      = $dir/revocation_list.crl # the Revocation list\n" +
-    "crlnumber                = $dir/crlnumber           # CRL number file\n" +
-    "default_crl_days         = 30\n" +
-    "default_crl_hours        = 24\n" +
-    "#msie_hack\n" +
-    "\n" +
-    "[ policy_match ]\n" +
-    "countryName              = optional\n" +
-    "stateOrProvinceName      = optional\n" +
-    "localityName             = optional\n" +
-    "organizationName         = optional\n" +
-    "organizationalUnitName   = optional\n" +
-    "commonName               = optional\n" +
-    "emailAddress             = optional\n" +
-    "\n" +
-    "[ req ]\n" +
-    "default_bits             = 4096                     # Size of keys\n" +
-    "default_keyfile          = key.pem                  # name of generated keys\n" +
-    "distinguished_name       = req_distinguished_name\n" +
-    "attributes               = req_attributes\n" +
-    "x509_extensions          = v3_ca\n" +
-    "#input_password\n" +
-    "#output_password\n" +
-    "string_mask              = nombstr                  # permitted characters\n" +
-    "req_extensions           = v3_req\n" +
-    "\n" +
-    "[ req_distinguished_name ]\n" +
-    "\n" +
-    "#0 countryName             = Country Name (2 letter code)\n" +
-    "# countryName_default     = FR\n" +
-    "# countryName_min         = 2\n" +
-    "# countryName_max         = 2\n" +
-    "# stateOrProvinceName     = State or Province Name (full name)\n" +
-    "# stateOrProvinceName_default = Ile de France\n" +
-    "# localityName            = Locality Name (city, district)\n" +
-    "# localityName_default    = Paris\n" +
-    "organizationName          = Organization Name (company)\n" +
-    "organizationName_default  = NodeOPCUA\n" +
-    "# organizationalUnitName  = Organizational Unit Name (department, division)\n" +
-    "# organizationalUnitName_default = R&D\n" +
-    "commonName                = Common Name (hostname, FQDN, IP, or your name)\n" +
-    "commonName_max            = 256\n" +
-    "commonName_default        = NodeOPCUA\n" +
-    "# emailAddress            = Email Address\n" +
-    "# emailAddress_max        = 40\n" +
-    "# emailAddress_default    = node-opcua (at) node-opcua (dot) com\n" +
-    "\n" +
-    "[ req_attributes ]\n" +
-    "#challengePassword        = A challenge password\n" +
-    "#challengePassword_min    = 4\n" +
-    "#challengePassword_max    = 20\n" +
-    "#unstructuredName         = An optional company name\n" +
-    "[ usr_cert ]\n" +
-    "basicConstraints          = critical, CA:FALSE\n" +
-    "subjectKeyIdentifier      = hash\n" +
-    "authorityKeyIdentifier    = keyid,issuer:always\n" +
-    "#authorityKeyIdentifier    = keyid\n" +
-    "subjectAltName            = $ENV::ALTNAME\n" +
-    "# issuerAltName            = issuer:copy\n" +
-    "nsComment                 = ''OpenSSL Generated Certificate''\n" +
-    "#nsCertType               = client, email, objsign for ''everything including object signing''\n" +
-    "#nsCaRevocationUrl        = http://www.domain.dom/ca-crl.pem\n" +
-    "#nsBaseUrl                =\n" +
-    "#nsRenewalUrl             =\n" +
-    "#nsCaPolicyUrl            =\n" +
-    "#nsSslServerName          =\n" +
-    "keyUsage                  = critical, digitalSignature, nonRepudiation," +
-    " keyEncipherment, dataEncipherment, keyAgreement, keyCertSign\n" +
-    "extendedKeyUsage          = critical,serverAuth ,clientAuth\n" +
-    "\n" +
-    "[ v3_req ]\n" +
-    "basicConstraints          = critical, CA:FALSE\n" +
-    "keyUsage                  = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement\n" +
-    "extendedKeyUsage          = critical,serverAuth ,clientAuth\n" +
-    "subjectAltName            = $ENV::ALTNAME\n" +
-    "nsComment                 = \"CA Generated by Node-OPCUA Certificate utility using openssl\"\n" +
-    "[ v3_ca ]\n" +
-    "subjectKeyIdentifier      = hash\n" +
-    "authorityKeyIdentifier    = keyid:always,issuer:always\n" +
-    "# authorityKeyIdentifier    = keyid\n" +
-    "basicConstraints          = CA:TRUE\n" +
-    "keyUsage                  = critical, cRLSign, keyCertSign\n" +
-    "nsComment                 = \"CA Certificate generated by Node-OPCUA Certificate utility using openssl\"\n" +
-    "#nsCertType                 = sslCA, emailCA\n" +
-    "#subjectAltName             = email:copy\n" +
-    "#issuerAltName              = issuer:copy\n" +
-    "#obj                        = DER:02:03\n" +
-    "crlDistributionPoints     = @crl_info\n" +
-    "[ crl_info ]\n" +
-    "URI.0                     = http://localhost:8900/crl.pem\n" +
-    "[ v3_selfsigned]\n" +
-    "basicConstraints          = critical, CA:FALSE\n" +
-    "keyUsage                  = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement\n" +
-    "extendedKeyUsage          = critical,serverAuth ,clientAuth\n" +
-    "nsComment                 = \"Self-signed certificate, generated by NodeOPCUA\"\n" +
-    "subjectAltName            = $ENV::ALTNAME\n" +
-    "\n" +
-    "[ crl_ext ]\n" +
-    "#issuerAltName            = issuer:copy\n" +
-    "authorityKeyIdentifier    = keyid:always,issuer:always\n" +
-    "#authorityInfoAccess       = @issuer_info";
-
-export default config;
+const config =
+    "#.........DO NOT MODIFY BY HAND .........................\n" +
+    "[ ca ]\n" +
+    "default_ca               = CA_default\n" +
+    "[ CA_default ]\n" +
+    "dir                      = %%ROOT_FOLDER%%            # the main CA folder\n" +
+    "certs                    = $dir/certs                 # where to store certificates\n" +
+    "new_certs_dir            = $dir/certs                 #\n" +
+    "database                 = $dir/index.txt             # the certificate database\n" +
+    "serial                   = $dir/serial                # the serial number counter\n" +
+    "certificate              = $dir/public/cacert.pem     # The root CA certificate\n" +
+    "private_key              = $dir/private/cakey.pem     # the CA private key\n" +
+    "x509_extensions          = usr_cert                   #\n" +
+    "default_days             = 3650                       # default validity : 10 years\n" +
+    "\n" +
+    "# default_md               = sha1\n" +
+    "\n" +
+    "default_md                = sha256                      # The default digest algorithm\n" +
+    "\n" +
+    "preserve                 = no\n" +
+    "policy                   = policy_match\n" +
+    "# randfile                 = $dir/random.rnd\n" +
+    "# default_startdate        = YYMMDDHHMMSSZ\n" +
+    "# default_enddate          = YYMMDDHHMMSSZ\n" +
+    "crl_dir                  = $dir/crl\n" +
+    "crl_extensions           = crl_ext\n" +
+    "crl                      = $dir/revocation_list.crl # the Revocation list\n" +
+    "crlnumber                = $dir/crlnumber           # CRL number file\n" +
+    "default_crl_days         = 30\n" +
+    "default_crl_hours        = 24\n" +
+    "#msie_hack\n" +
+    "\n" +
+    "[ policy_match ]\n" +
+    "countryName              = optional\n" +
+    "stateOrProvinceName      = optional\n" +
+    "localityName             = optional\n" +
+    "organizationName         = optional\n" +
+    "organizationalUnitName   = optional\n" +
+    "commonName               = optional\n" +
+    "emailAddress             = optional\n" +
+    "\n" +
+    "[ req ]\n" +
+    "default_bits             = 4096                     # Size of keys\n" +
+    "default_keyfile          = key.pem                  # name of generated keys\n" +
+    "distinguished_name       = req_distinguished_name\n" +
+    "attributes               = req_attributes\n" +
+    "x509_extensions          = v3_ca\n" +
+    "#input_password\n" +
+    "#output_password\n" +
+    "string_mask              = nombstr                  # permitted characters\n" +
+    "req_extensions           = v3_req\n" +
+    "\n" +
+    "[ req_distinguished_name ]\n" +
+    "\n" +
+    "#0 countryName             = Country Name (2 letter code)\n" +
+    "# countryName_default     = FR\n" +
+    "# countryName_min         = 2\n" +
+    "# countryName_max         = 2\n" +
+    "# stateOrProvinceName     = State or Province Name (full name)\n" +
+    "# stateOrProvinceName_default = Ile de France\n" +
+    "# localityName            = Locality Name (city, district)\n" +
+    "# localityName_default    = Paris\n" +
+    "organizationName          = Organization Name (company)\n" +
+    "organizationName_default  = NodeOPCUA\n" +
+    "# organizationalUnitName  = Organizational Unit Name (department, division)\n" +
+    "# organizationalUnitName_default = R&D\n" +
+    "commonName                = Common Name (hostname, FQDN, IP, or your name)\n" +
+    "commonName_max            = 256\n" +
+    "commonName_default        = NodeOPCUA\n" +
+    "# emailAddress            = Email Address\n" +
+    "# emailAddress_max        = 40\n" +
+    "# emailAddress_default    = node-opcua (at) node-opcua (dot) com\n" +
+    "\n" +
+    "[ req_attributes ]\n" +
+    "#challengePassword        = A challenge password\n" +
+    "#challengePassword_min    = 4\n" +
+    "#challengePassword_max    = 20\n" +
+    "#unstructuredName         = An optional company name\n" +
+    "[ usr_cert ]\n" +
+    "basicConstraints          = critical, CA:FALSE\n" +
+    "subjectKeyIdentifier      = hash\n" +
+    "authorityKeyIdentifier    = keyid,issuer:always\n" +
+    "#authorityKeyIdentifier    = keyid\n" +
+    "subjectAltName            = $ENV::ALTNAME\n" +
+    "# issuerAltName            = issuer:copy\n" +
+    "nsComment                 = ''OpenSSL Generated Certificate''\n" +
+    "#nsCertType               = client, email, objsign for ''everything including object signing''\n" +
+    "#nsCaRevocationUrl        = http://www.domain.dom/ca-crl.pem\n" +
+    "#nsBaseUrl                =\n" +
+    "#nsRenewalUrl             =\n" +
+    "#nsCaPolicyUrl            =\n" +
+    "#nsSslServerName          =\n" +
+    "keyUsage                  = critical, digitalSignature, nonRepudiation," +
+    " keyEncipherment, dataEncipherment, keyAgreement, keyCertSign\n" +
+    "extendedKeyUsage          = critical,serverAuth ,clientAuth\n" +
+    "\n" +
+    "[ v3_req ]\n" +
+    "basicConstraints          = critical, CA:FALSE\n" +
+    "keyUsage                  = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement\n" +
+    "extendedKeyUsage          = critical,serverAuth ,clientAuth\n" +
+    "subjectAltName            = $ENV::ALTNAME\n" +
+    "nsComment                 = \"CA Generated by Node-OPCUA Certificate utility using openssl\"\n" +
+    "[ v3_ca ]\n" +
+    "subjectKeyIdentifier      = hash\n" +
+    "authorityKeyIdentifier    = keyid:always,issuer:always\n" +
+    "# authorityKeyIdentifier    = keyid\n" +
+    "basicConstraints          = CA:TRUE\n" +
+    "keyUsage                  = critical, cRLSign, keyCertSign\n" +
+    "nsComment                 = \"CA Certificate generated by Node-OPCUA Certificate utility using openssl\"\n" +
+    "#nsCertType                 = sslCA, emailCA\n" +
+    "#subjectAltName             = email:copy\n" +
+    "#issuerAltName              = issuer:copy\n" +
+    "#obj                        = DER:02:03\n" +
+    "crlDistributionPoints     = @crl_info\n" +
+    "[ crl_info ]\n" +
+    "URI.0                     = http://localhost:8900/crl.pem\n" +
+    "[ v3_selfsigned]\n" +
+    "basicConstraints          = critical, CA:FALSE\n" +
+    "keyUsage                  = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement\n" +
+    "extendedKeyUsage          = critical,serverAuth ,clientAuth\n" +
+    "nsComment                 = \"Self-signed certificate, generated by NodeOPCUA\"\n" +
+    "subjectAltName            = $ENV::ALTNAME\n" +
+    "\n" +
+    "[ crl_ext ]\n" +
+    "#issuerAltName            = issuer:copy\n" +
+    "authorityKeyIdentifier    = keyid:always,issuer:always\n" +
+    "#authorityInfoAccess       = @issuer_info";
+
+export default config;