npm - node-opcua-pki - Versions diffs - 3.0.2 → 3.1.0 - Mend

node-opcua-pki 3.0.2 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/.ignore +6 -6
package/.prettierrc +5 -5
package/LICENSE +22 -22
package/bin/crypto_create_CA.js +0 -0
package/bin/crypto_create_CA_config.example.js +18 -18
package/bin/install_prerequisite.js +9 -9
package/dist/crypto_create_CA.d.ts +2 -2
package/dist/crypto_create_CA.js +897 -897
package/dist/index.d.ts +6 -6
package/dist/index.js +44 -44
package/dist/misc/applicationurn.d.ts +1 -1
package/dist/misc/applicationurn.js +46 -46
package/dist/misc/hostname.d.ts +8 -8
package/dist/misc/hostname.js +102 -102
package/dist/misc/install_prerequisite.d.ts +9 -9
package/dist/misc/install_prerequisite.js +363 -360
package/dist/misc/install_prerequisite.js.map +1 -1
package/dist/misc/subject.d.ts +26 -26
package/dist/misc/subject.js +121 -121
package/dist/pki/certificate_authority.d.ts +61 -61
package/dist/pki/certificate_authority.js +481 -481
package/dist/pki/certificate_manager.d.ts +144 -144
package/dist/pki/certificate_manager.js +883 -883
package/dist/pki/certificate_manager.js.map +1 -1
package/dist/pki/common.d.ts +5 -5
package/dist/pki/common.js +2 -2
package/dist/pki/templates/ca_config_template.cnf.d.ts +2 -2
package/dist/pki/templates/ca_config_template.cnf.js +129 -129
package/dist/pki/templates/simple_config_template.cnf.d.ts +2 -2
package/dist/pki/templates/simple_config_template.cnf.js +75 -75
package/dist/pki/toolbox.d.ts +160 -160
package/dist/pki/toolbox.js +699 -699
package/dist/pki/toolbox_pfx.js +18 -18
package/lib/crypto_create_CA.ts +1135 -1135
package/lib/index.ts +28 -28
package/lib/misc/applicationurn.ts +45 -45
package/lib/misc/hostname.ts +89 -89
package/lib/misc/install_prerequisite.ts +454 -454
package/lib/misc/subject.ts +141 -141
package/lib/pki/certificate_manager.ts +1 -1
package/lib/pki/common.ts +5 -5
package/lib/pki/templates/ca_config_template.cnf.ts +129 -129
package/lib/pki/templates/simple_config_template.cnf.ts +75 -75
package/lib/pki/toolbox_pfx.ts +19 -19
package/package.json +89 -89
package/readme.md +214 -214
package/tsconfig.json +20 -20
package/dist/misc/fs.d.ts +0 -24
package/dist/misc/fs.js +0 -21
package/dist/misc/fs.js.map +0 -1
package/dist/misc/get_default_filesystem.d.ts +0 -2
package/dist/misc/get_default_filesystem.js +0 -9
package/dist/misc/get_default_filesystem.js.map +0 -1

package/dist/pki/toolbox.js CHANGED Viewed

@@ -1,700 +1,700 @@
-"use strict";
-/* eslint-disable @typescript-eslint/no-explicit-any */
-// ---------------------------------------------------------------------------------------------------------------------
-// node-opcua-pki
-// ---------------------------------------------------------------------------------------------------------------------
-// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org
-// Copyright (c) 2022 - Sterfive.com
-// ---------------------------------------------------------------------------------------------------------------------
-//
-// This  project is licensed under the terms of the MIT license.
-//
-// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
-// documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
-// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so,  subject to the following conditions:
-//
-// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
-// Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
-// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-// ---------------------------------------------------------------------------------------------------------------------
-// tslint:disable:no-console
-// tslint:disable:no-shadowed-variable
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.fingerprint = exports.toDer = exports.dumpCertificate = exports.configurationFileSimpleTemplate = exports.configurationFileTemplate = exports.createSelfSignCertificate = exports.processAltNames = exports.certificateFileExist = exports.adjustApplicationUri = exports.adjustDate = exports.CertificatePurpose = exports.x509Date = exports.createCertificateSigningRequest = exports.createRandomFileIfNotExist = exports.createRandomFile = exports.createPrivateKey = exports.getPublicKeyFromCertificate = exports.getPublicKeyFromPrivateKey = exports.make_path = exports.generateStaticConfig = exports.getEnvironmentVarNames = exports.displaySubtitle = exports.displayTitle = exports.displayChapter = exports.execute_openssl_no_failure = exports.executeOpensslAsync = exports.execute_openssl = exports.ensure_openssl_installed = exports.useRandFile = exports.execute = exports.hasEnv = exports.setEnv = exports.mkdir = exports.find_openssl = exports.debugLog = exports.g_config = exports.quote = void 0;
-const assert = require("assert");
-const async = require("async");
-const byline = require("byline");
-const chalk = require("chalk");
-const child_process = require("child_process");
-const fs = require("fs");
-const os = require("os");
-const path = require("path");
-const install_prerequisite_1 = require("../misc/install_prerequisite");
-const subject_1 = require("../misc/subject");
-const ca_config_template_cnf_1 = require("./templates/ca_config_template.cnf");
-const simple_config_template_cnf_1 = require("./templates/simple_config_template.cnf");
-const exportedEnvVars = {};
-function quote(str) {
-    return "\"" + (str || "") + "\"";
-}
-exports.quote = quote;
-// tslint:disable-next-line:variable-name
-exports.g_config = {
-    opensslVersion: "unset",
-    silent: process.env.VERBOSE ? !process.env.VERBOSE : true,
-    force: false,
-};
-const doDebug = process.env.NODEOPCUAPKIDEBUG || false;
-const displayError = true;
-const displayDebug = !!process.env.NODEOPCUAPKIDEBUG || false;
-// tslint:disable-next-line:no-empty
-function debugLog(...args) {
-    // istanbul ignore next
-    if (displayDebug) {
-        console.log.apply(null, args);
-    }
-}
-exports.debugLog = debugLog;
-let opensslPath; // not initialized
-function find_openssl(callback) {
-    (0, install_prerequisite_1.get_openssl_exec_path)((err, _opensslPath) => {
-        opensslPath = _opensslPath;
-        callback(err, opensslPath);
-    });
-}
-exports.find_openssl = find_openssl;
-function mkdir(folder) {
-    if (!fs.existsSync(folder)) {
-        // istanbul ignore next
-        if (!exports.g_config.silent) {
-            console.log(chalk.white(" .. constructing "), folder);
-        }
-        fs.mkdirSync(folder);
-    }
-}
-exports.mkdir = mkdir;
-function setEnv(varName, value) {
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        console.log("          set " + varName + "=" + value);
-    }
-    exportedEnvVars[varName] = value;
-    if (["OPENSSL_CONF"].indexOf(varName) >= 0) {
-        process.env[varName] = value;
-    }
-    if (["RANDFILE"].indexOf(varName) >= 0) {
-        process.env[varName] = value;
-    }
-}
-exports.setEnv = setEnv;
-function hasEnv(varName) {
-    return Object.prototype.hasOwnProperty.call(exportedEnvVars, varName);
-}
-exports.hasEnv = hasEnv;
-function execute(cmd, options, callback) {
-    assert(typeof callback === "function");
-    /// assert(g_config.CARootDir && fs.existsSync(option.CARootDir));
-    options.cwd = options.cwd || process.cwd();
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        console.log(chalk.cyan("                  CWD         "), options.cwd);
-    }
-    const outputs = [];
-    const child = child_process.exec(cmd, {
-        cwd: options.cwd,
-        windowsHide: true,
-    }, (err) => {
-        // istanbul ignore next
-        if (err) {
-            if (!options.hideErrorMessage) {
-                const fence = "###########################################";
-                console.error(chalk.bgWhiteBright.redBright(`${fence} OPENSSL ERROR ${fence}`));
-                console.error(chalk.bgWhiteBright.redBright("CWD = " + options.cwd));
-                console.error(chalk.bgWhiteBright.redBright(err.message));
-                console.error(chalk.bgWhiteBright.redBright(`${fence} OPENSSL ERROR ${fence}`));
-            }
-            // console.log("        ERR = ".bgWhite.red, err);
-            callback(new Error(err.message));
-            return;
-        }
-        callback(null, outputs.join(""));
-    });
-    if (child.stdout) {
-        const stream2 = byline(child.stdout);
-        stream2.on("data", (line) => {
-            outputs.push(line + "\n");
-        });
-        if (!exports.g_config.silent) {
-            stream2.on("data", (line) => {
-                line = line.toString();
-                if (doDebug) {
-                    process.stdout.write(chalk.white("        stdout ") + chalk.whiteBright(line) + "\n");
-                }
-            });
-        }
-    }
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        if (child.stderr) {
-            const stream1 = byline(child.stderr);
-            stream1.on("data", (line) => {
-                line = line.toString();
-                if (displayError) {
-                    process.stdout.write(chalk.white("        stderr ") + chalk.red(line) + "\n");
-                }
-            });
-        }
-    }
-}
-exports.execute = execute;
-function useRandFile() {
-    // istanbul ignore next
-    if (exports.g_config.opensslVersion && exports.g_config.opensslVersion.toLowerCase().indexOf("libressl") > -1) {
-        return false;
-    }
-    return true;
-}
-exports.useRandFile = useRandFile;
-function openssl_require2DigitYearInDate() {
-    // istanbul ignore next
-    if (!exports.g_config.opensslVersion) {
-        throw new Error("openssl_require2DigitYearInDate : openssl version is not known:" + "  please call ensure_openssl_installed(callback)");
-    }
-    return exports.g_config.opensslVersion.match(/OpenSSL 0\.9/);
-}
-exports.g_config.opensslVersion = "";
-function ensure_openssl_installed(callback) {
-    assert(typeof callback === "function");
-    if (!opensslPath) {
-        return find_openssl((err) => {
-            // istanbul ignore next
-            if (err) {
-                return callback(err);
-            }
-            execute_openssl("version", { cwd: "." }, (err, outputs) => {
-                // istanbul ignore next
-                if (err || !outputs) {
-                    return callback(err || new Error("no outputs"));
-                }
-                exports.g_config.opensslVersion = outputs.trim();
-                if (doDebug) {
-                    console.log("OpenSSL version : ", exports.g_config.opensslVersion);
-                }
-                callback(err ? err : undefined);
-            });
-        });
-    }
-    else {
-        return callback();
-    }
-}
-exports.ensure_openssl_installed = ensure_openssl_installed;
-function getTempFolder() {
-    return os.tmpdir();
-}
-function execute_openssl(cmd, options, callback) {
-    // tslint:disable-next-line:variable-name
-    const empty_config_file = n(getTempFolder(), "empty_config.cnf");
-    if (!fs.existsSync(empty_config_file)) {
-        fs.writeFileSync(empty_config_file, "# empty config file");
-    }
-    assert(typeof callback === "function");
-    options = options || {};
-    options.openssl_conf = options.openssl_conf || empty_config_file; // "!! OPEN SLL CONF NOT DEFINED BAD FILE !!";
-    assert(options.openssl_conf);
-    setEnv("OPENSSL_CONF", options.openssl_conf);
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        console.log(chalk.cyan("                  OPENSSL_CONF"), process.env.OPENSSL_CONF);
-        console.log(chalk.cyan("                  RANDFILE    "), process.env.RANDFILE);
-        console.log(chalk.cyan("                  CMD         openssl "), chalk.cyanBright(cmd));
-    }
-    ensure_openssl_installed((err) => {
-        // istanbul ignore next
-        if (err) {
-            return callback(err);
-        }
-        execute(quote(opensslPath) + " " + cmd, options, callback);
-    });
-}
-exports.execute_openssl = execute_openssl;
-function executeOpensslAsync(cmd, options) {
-    return new Promise((resolve, reject) => {
-        execute_openssl(cmd, options, (err, output) => {
-            // istanbul ignore next
-            if (err) {
-                reject(err);
-            }
-            else {
-                resolve(output || "");
-            }
-        });
-    });
-}
-exports.executeOpensslAsync = executeOpensslAsync;
-function execute_openssl_no_failure(cmd, options, callback) {
-    options = options || {};
-    options.hideErrorMessage = true;
-    execute_openssl(cmd, options, (err, output) => {
-        // istanbul ignore next
-        if (err) {
-            debugLog(" (ignored error =  ERROR : )", err.message);
-        }
-        callback(null, output);
-    });
-}
-exports.execute_openssl_no_failure = execute_openssl_no_failure;
-// istanbul ignore next
-function displayChapter(str, callback) {
-    const l = "                                                                                               ";
-    console.log(chalk.bgWhite(l) + " ");
-    str = ("        " + str + l).substring(0, l.length);
-    console.log(chalk.bgWhite.cyan(str));
-    console.log(chalk.bgWhite(l) + " ");
-    if (callback) {
-        callback();
-    }
-}
-exports.displayChapter = displayChapter;
-function displayTitle(str, callback) {
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        console.log("");
-        console.log(chalk.yellowBright(str));
-        console.log(chalk.yellow(new Array(str.length + 1).join("=")), "\n");
-    }
-    if (callback) {
-        callback();
-    }
-}
-exports.displayTitle = displayTitle;
-function displaySubtitle(str, callback) {
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        console.log("");
-        console.log("    " + chalk.yellowBright(str));
-        console.log("    " + chalk.white(new Array(str.length + 1).join("-")), "\n");
-    }
-    if (callback) {
-        callback();
-    }
-}
-exports.displaySubtitle = displaySubtitle;
-function getEnvironmentVarNames() {
-    return Object.keys(exportedEnvVars).map((varName) => {
-        return { key: varName, pattern: "\\$ENV\\:\\:" + varName };
-    });
-}
-exports.getEnvironmentVarNames = getEnvironmentVarNames;
-function generateStaticConfig(configPath, options) {
-    const prePath = (options && options.cwd) || "";
-    const staticConfigPath = configPath + ".tmp";
-    let staticConfig = fs.readFileSync(path.join(prePath, configPath), { encoding: "utf8" });
-    for (const envVar of getEnvironmentVarNames()) {
-        staticConfig = staticConfig.replace(new RegExp(envVar.pattern, "gi"), exportedEnvVars[envVar.key]);
-    }
-    fs.writeFileSync(path.join(prePath, staticConfigPath), staticConfig);
-    return staticConfigPath;
-}
-exports.generateStaticConfig = generateStaticConfig;
-const q = quote;
-function make_path(folderName, filename) {
-    let s;
-    if (filename) {
-        s = path.join(path.normalize(folderName), filename);
-    }
-    else {
-        assert(folderName);
-        s = folderName;
-    }
-    s = s.replace(/\\/g, "/");
-    return s;
-}
-exports.make_path = make_path;
-const n = make_path;
-/**
- *   calculate the public key from private key
- *   openssl rsa -pubout -in private_key.pem
- *
- * @method getPublicKeyFromPrivateKey
- * @param privateKeyFilename
- * @param publicKeyFilename
- * @param callback
- */
-function getPublicKeyFromPrivateKey(privateKeyFilename, publicKeyFilename, callback) {
-    assert(fs.existsSync(privateKeyFilename));
-    execute_openssl("rsa -pubout -in " + q(n(privateKeyFilename)) + " -out " + q(n(publicKeyFilename)), {}, callback);
-}
-exports.getPublicKeyFromPrivateKey = getPublicKeyFromPrivateKey;
-/**
- * extract public key from a certificate
- *   openssl x509 -pubkey -in certificate.pem -nottext
- *
- * @method getPublicKeyFromCertificate
- * @param certificateFilename
- * @param publicKeyFilename
- * @param callback
- */
-function getPublicKeyFromCertificate(certificateFilename, publicKeyFilename, callback) {
-    assert(fs.existsSync(certificateFilename));
-    execute_openssl("x509 -pubkey -in " + q(n(certificateFilename)) + " > " + q(n(publicKeyFilename)), {}, callback);
-}
-exports.getPublicKeyFromCertificate = getPublicKeyFromCertificate;
-/**
- * create a RSA PRIVATE KEY
- *
- * @method createPrivateKey
- *
- * @param privateKeyFilename
- * @param keyLength
- * @param callback {Function}
- */
-function createPrivateKey(privateKeyFilename, keyLength, callback) {
-    // istanbul ignore next
-    if (useRandFile()) {
-        assert(hasEnv("RANDFILE"));
-    }
-    assert([1024, 2048, 3072, 4096].indexOf(keyLength) >= 0);
-    const randomFile = exportedEnvVars.RANDFILE ? n(exportedEnvVars.RANDFILE) : "random.rnd";
-    const tasks = [
-        (callback) => createRandomFileIfNotExist(randomFile, {}, callback),
-        // Note   OpenSSL1 generates a -----BEGIN RSA PRIVATE KEY---- whereas
-        //        OpenSSL3 generates a -----BEGIN PRIVATE KEY----- unless the new -traditional option is used
-        //
-        // a BEGIN PRIVATE KEY structure is
-        //
-        // SEQUENCE (3 elem)
-        //   INTEGER 0
-        //   SEQUENCE (2 elem)
-        //     OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
-        //     NULL
-        //   OCTET STRING (609 byte) 3082025D02010002818100C5B53231183906122A5E3778736B05C095C75F1BB80D48B
-        //      SEQUENCE (9 elem)
-        //
-        // a BEGIN RSA PRIVATE KEY structure is just
-        //   SEQUENCE (9 elem)
-        //
-        (callback) => {
-            execute_openssl("genrsa " +
-                " -out " +
-                q(n(privateKeyFilename)) +
-                (useRandFile() ? " -rand " + q(randomFile) : "") +
-                " " +
-                keyLength, {}, (err) => {
-                callback(err ? err : undefined);
-            });
-        },
-    ];
-    async.series(tasks, callback);
-}
-exports.createPrivateKey = createPrivateKey;
-function createRandomFile(randomFile, options, callback) {
-    // istanbul ignore next
-    if (!useRandFile()) {
-        return callback();
-    }
-    execute_openssl("rand " + " -out " + q(randomFile) + " -hex 256", options, (err) => {
-        callback(err ? err : undefined);
-    });
-}
-exports.createRandomFile = createRandomFile;
-function createRandomFileIfNotExist(randomFile, options, callback) {
-    const randomFilePath = options.cwd ? path.join(options.cwd, randomFile) : randomFile;
-    if (fs.existsSync(randomFilePath)) {
-        if (doDebug) {
-            console.log(chalk.yellow("         randomFile"), chalk.cyan(randomFile), chalk.yellow(" already exists => skipping"));
-        }
-        return callback();
-    }
-    else {
-        createRandomFile(randomFile, options, callback);
-    }
-}
-exports.createRandomFileIfNotExist = createRandomFileIfNotExist;
-/**
- * create a certificate signing request
- *
- * @param certificateSigningRequestFilename
- * @param params
- * @param callback
- */
-function createCertificateSigningRequest(certificateSigningRequestFilename, params, callback) {
-    assert(params);
-    assert(params.rootDir);
-    assert(params.configFile);
-    assert(params.privateKey);
-    assert(typeof params.privateKey === "string");
-    assert(fs.existsSync(params.configFile), "config file must exist " + params.configFile);
-    assert(fs.existsSync(params.privateKey), "Private key must exist" + params.privateKey);
-    assert(fs.existsSync(params.rootDir), "RootDir key must exist");
-    assert(typeof certificateSigningRequestFilename === "string");
-    // note : this openssl command requires a config file
-    processAltNames(params);
-    const configFile = generateStaticConfig(params.configFile);
-    const options = { cwd: params.rootDir, openssl_conf: configFile };
-    const configOption = " -config " + q(n(configFile));
-    const subject = params.subject ? new subject_1.Subject(params.subject).toString() : undefined;
-    // process.env.OPENSSL_CONF  ="";
-    const subjectOptions = subject ? " -subj \"" + subject + "\"" : "";
-    async.series([
-        (callback) => {
-            displaySubtitle("- Creating a Certificate Signing Request", callback);
-        },
-        (callback) => {
-            execute_openssl("req -new" +
-                "  -sha256 " +
-                " -batch " +
-                " -text " +
-                configOption +
-                " -key " +
-                q(n(params.privateKey)) +
-                subjectOptions +
-                " -out " +
-                q(n(certificateSigningRequestFilename)), options, (err) => {
-                callback(err ? err : undefined);
-            });
-        },
-    ], (err) => callback(err));
-}
-exports.createCertificateSigningRequest = createCertificateSigningRequest;
-function x509Date(date) {
-    date = date || new Date();
-    const Y = date.getUTCFullYear();
-    const M = date.getUTCMonth() + 1;
-    const D = date.getUTCDate();
-    const h = date.getUTCHours();
-    const m = date.getUTCMinutes();
-    const s = date.getUTCSeconds();
-    function w(s, l) {
-        return ("" + s).padStart(l, "0");
-    }
-    if (openssl_require2DigitYearInDate()) {
-        // for example: on MacOS , where openssl 0.98 is installed by default
-        return w(Y, 2) + w(M, 2) + w(D, 2) + w(h, 2) + w(m, 2) + w(s, 2) + "Z";
-    }
-    else {
-        // for instance when openssl version is greater than 1.0.0
-        return w(Y, 4) + w(M, 2) + w(D, 2) + w(h, 2) + w(m, 2) + w(s, 2) + "Z";
-    }
-}
-exports.x509Date = x509Date;
-// purpose of self-signed certificate
-var CertificatePurpose;
-(function (CertificatePurpose) {
-    CertificatePurpose[CertificatePurpose["NotSpecified"] = 0] = "NotSpecified";
-    CertificatePurpose[CertificatePurpose["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
-    CertificatePurpose[CertificatePurpose["ForApplication"] = 2] = "ForApplication";
-    CertificatePurpose[CertificatePurpose["ForUserAuthentication"] = 3] = "ForUserAuthentication";
-})(CertificatePurpose = exports.CertificatePurpose || (exports.CertificatePurpose = {}));
-function adjustDate(params) {
-    assert(params instanceof Object);
-    params.startDate = params.startDate || new Date();
-    assert(params.startDate instanceof Date);
-    params.validity = params.validity || 365; // one year
-    params.endDate = new Date(params.startDate.getTime());
-    params.endDate.setDate(params.startDate.getDate() + params.validity);
-    // xx params.endDate = x509Date(endDate);
-    // xx params.startDate = x509Date(startDate);
-    assert(params.endDate instanceof Date);
-    assert(params.startDate instanceof Date);
-    // istanbul ignore next
-    if (!exports.g_config.silent) {
-        console.log(" start Date ", params.startDate.toUTCString(), x509Date(params.startDate));
-        console.log(" end   Date ", params.endDate.toUTCString(), x509Date(params.endDate));
-    }
-}
-exports.adjustDate = adjustDate;
-function adjustApplicationUri(params) {
-    const applicationUri = params.applicationUri || "";
-    if (applicationUri.length > 200) {
-        throw new Error("Openssl doesn't support urn with length greater than 200" + applicationUri);
-    }
-}
-exports.adjustApplicationUri = adjustApplicationUri;
-function certificateFileExist(certificateFile) {
-    assert(typeof certificateFile === "string");
-    // istanbul ignore next
-    if (fs.existsSync(certificateFile) && !exports.g_config.force) {
-        console.log(chalk.yellow("        certificate ") + chalk.cyan(certificateFile) + chalk.yellow(" already exists => do not overwrite"));
-        return false;
-    }
-    return true;
-}
-exports.certificateFileExist = certificateFileExist;
-/**
- *
- * @param params
- * @param params.applicationUri
- * @param params.dns
- * @param params.ip
- * @private
- */
-function processAltNames(params) {
-    params.dns = params.dns || [];
-    params.ip = params.ip || [];
-    // construct subjectAtlName
-    let subjectAltName = [];
-    subjectAltName.push("URI:" + params.applicationUri);
-    subjectAltName = [].concat(subjectAltName, params.dns.map((d) => "DNS:" + d));
-    subjectAltName = [].concat(subjectAltName, params.ip.map((d) => "IP:" + d));
-    const subjectAltNameString = subjectAltName.join(", ");
-    setEnv("ALTNAME", subjectAltNameString);
-}
-exports.processAltNames = processAltNames;
-/**
- *
- * @param certificate
- * @param params
- * @param params.configFile
- * @param params.rootDir
- * @param params.privateKey
- * @param params.applicationUri
- * @param params.dns
- * @param params.ip
- * @param params.validity certificate duration in days
- * @param params.purpose
- * @param [params.subject= "C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=ZZNodeOPCUA"]
- * @param callback
- */
-function createSelfSignCertificate(certificate, params, callback) {
-    ensure_openssl_installed((err) => {
-        if (err) {
-            return callback(err);
-        }
-        try {
-            params.purpose = params.purpose || CertificatePurpose.ForApplication;
-            assert(params.purpose, "Please provide a Certificate Purpose");
-            /**
-             * note: due to a limitation of openssl ,
-             *       it is not possible to control the startDate of the certificate validity
-             *       to achieve this the certificateAuthority tool shall be used.
-             */
-            assert(fs.existsSync(params.configFile));
-            assert(fs.existsSync(params.rootDir));
-            assert(fs.existsSync(params.privateKey));
-            if (!params.subject) {
-                return callback(new Error("Missing subject"));
-            }
-            assert(typeof params.applicationUri === "string");
-            assert(params.dns instanceof Array);
-            // xx no key size in self-signed assert(params.keySize == 2048 || params.keySize == 4096);
-            processAltNames(params);
-            adjustDate(params);
-            assert(Object.prototype.hasOwnProperty.call(params, "validity"));
-            let subject = new subject_1.Subject(params.subject);
-            subject = subject.toString();
-            const certificateRequestFilename = certificate + ".csr";
-            const configFile = generateStaticConfig(params.configFile);
-            const configOption = " -config " + q(n(configFile));
-            let extension;
-            switch (params.purpose) {
-                case CertificatePurpose.ForApplication:
-                    extension = "v3_selfsigned";
-                    break;
-                case CertificatePurpose.ForCertificateAuthority:
-                    extension = "v3_ca";
-                    break;
-                case CertificatePurpose.ForUserAuthentication:
-                default:
-                    extension = "v3_selfsigned";
-            }
-            const tasks = [
-                (callback) => {
-                    displayTitle("Generate a certificate request", callback);
-                },
-                // Once the private key is generated a Certificate Signing Request can be generated.
-                // The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as
-                // Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate.
-                // The second option is to self-sign the CSR, which will be demonstrated in the next section
-                (callback) => {
-                    execute_openssl("req -new" +
-                        " -sha256 " +
-                        " -text " +
-                        " -extensions " +
-                        extension +
-                        " " +
-                        configOption +
-                        " -key " +
-                        q(n(params.privateKey)) +
-                        " -out " +
-                        q(n(certificateRequestFilename)) +
-                        " -subj \"" +
-                        subject +
-                        "\"", {}, callback);
-                },
-                // Xx // Step 3: Remove Passphrase from Key
-                // Xx execute("cp private/cakey.pem private/cakey.pem.org");
-                // Xx execute(openssl_path + " rsa -in private/cakey.pem.org
-                // Xx -out private/cakey.pem -passin pass:"+paraphrase);
-                (callback) => {
-                    displayTitle("Generate Certificate (self-signed)", callback);
-                },
-                (callback) => {
-                    execute_openssl(" x509 -req " +
-                        " -days " +
-                        params.validity +
-                        " -extensions " +
-                        extension +
-                        " " +
-                        " -extfile " +
-                        q(n(configFile)) +
-                        " -in " +
-                        q(n(certificateRequestFilename)) +
-                        " -signkey " +
-                        q(n(params.privateKey)) +
-                        " -text " +
-                        " -out " +
-                        q(certificate) +
-                        " -text ", {}, callback);
-                },
-                // remove unnecessary certificate request file
-                (callback) => {
-                    fs.unlink(certificateRequestFilename, callback);
-                },
-            ];
-            async.series(tasks, callback);
-        }
-        catch (err) {
-            callback(err);
-        }
-    });
-}
-exports.createSelfSignCertificate = createSelfSignCertificate;
-// tslint:disable-next-line:variable-name
-exports.configurationFileTemplate = ca_config_template_cnf_1.default;
-/**
- *
- * a minimalist config file for openssl that allows
- * self-signed certificate to be generated.
- *
- */
-// tslint:disable-next-line:variable-name
-exports.configurationFileSimpleTemplate = simple_config_template_cnf_1.default;
-/**
- * @param certificate - the certificate file in PEM format, file must exist
- * @param callback
- */
-function dumpCertificate(certificate, callback) {
-    assert(fs.existsSync(certificate));
-    assert(typeof callback === "function");
-    execute_openssl("x509 " + " -in " + q(n(certificate)) + " -text " + " -noout", {}, callback);
-}
-exports.dumpCertificate = dumpCertificate;
-function toDer(certificatePem, callback) {
-    assert(fs.existsSync(certificatePem));
-    const certificateDer = certificatePem.replace(".pem", ".der");
-    execute_openssl("x509  " + " -outform der " + " -in " + certificatePem + " -out " + certificateDer, {}, callback);
-}
-exports.toDer = toDer;
-function fingerprint(certificatePem, callback) {
-    // openssl x509 -in my_certificate.pem -hash -dates -noout -fingerprint
-    assert(fs.existsSync(certificatePem));
-    execute_openssl("x509  " + " -fingerprint " + " -noout " + " -in " + certificatePem, {}, callback);
-}
-exports.fingerprint = fingerprint;
+"use strict";
+/* eslint-disable @typescript-eslint/no-explicit-any */
+// ---------------------------------------------------------------------------------------------------------------------
+// node-opcua-pki
+// ---------------------------------------------------------------------------------------------------------------------
+// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org
+// Copyright (c) 2022 - Sterfive.com
+// ---------------------------------------------------------------------------------------------------------------------
+//
+// This  project is licensed under the terms of the MIT license.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+// documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so,  subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
+// Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+// ---------------------------------------------------------------------------------------------------------------------
+// tslint:disable:no-console
+// tslint:disable:no-shadowed-variable
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fingerprint = exports.toDer = exports.dumpCertificate = exports.configurationFileSimpleTemplate = exports.configurationFileTemplate = exports.createSelfSignCertificate = exports.processAltNames = exports.certificateFileExist = exports.adjustApplicationUri = exports.adjustDate = exports.CertificatePurpose = exports.x509Date = exports.createCertificateSigningRequest = exports.createRandomFileIfNotExist = exports.createRandomFile = exports.createPrivateKey = exports.getPublicKeyFromCertificate = exports.getPublicKeyFromPrivateKey = exports.make_path = exports.generateStaticConfig = exports.getEnvironmentVarNames = exports.displaySubtitle = exports.displayTitle = exports.displayChapter = exports.execute_openssl_no_failure = exports.executeOpensslAsync = exports.execute_openssl = exports.ensure_openssl_installed = exports.useRandFile = exports.execute = exports.hasEnv = exports.setEnv = exports.mkdir = exports.find_openssl = exports.debugLog = exports.g_config = exports.quote = void 0;
+const assert = require("assert");
+const async = require("async");
+const byline = require("byline");
+const chalk = require("chalk");
+const child_process = require("child_process");
+const fs = require("fs");
+const os = require("os");
+const path = require("path");
+const install_prerequisite_1 = require("../misc/install_prerequisite");
+const subject_1 = require("../misc/subject");
+const ca_config_template_cnf_1 = require("./templates/ca_config_template.cnf");
+const simple_config_template_cnf_1 = require("./templates/simple_config_template.cnf");
+const exportedEnvVars = {};
+function quote(str) {
+    return "\"" + (str || "") + "\"";
+}
+exports.quote = quote;
+// tslint:disable-next-line:variable-name
+exports.g_config = {
+    opensslVersion: "unset",
+    silent: process.env.VERBOSE ? !process.env.VERBOSE : true,
+    force: false,
+};
+const doDebug = process.env.NODEOPCUAPKIDEBUG || false;
+const displayError = true;
+const displayDebug = !!process.env.NODEOPCUAPKIDEBUG || false;
+// tslint:disable-next-line:no-empty
+function debugLog(...args) {
+    // istanbul ignore next
+    if (displayDebug) {
+        console.log.apply(null, args);
+    }
+}
+exports.debugLog = debugLog;
+let opensslPath; // not initialized
+function find_openssl(callback) {
+    (0, install_prerequisite_1.get_openssl_exec_path)((err, _opensslPath) => {
+        opensslPath = _opensslPath;
+        callback(err, opensslPath);
+    });
+}
+exports.find_openssl = find_openssl;
+function mkdir(folder) {
+    if (!fs.existsSync(folder)) {
+        // istanbul ignore next
+        if (!exports.g_config.silent) {
+            console.log(chalk.white(" .. constructing "), folder);
+        }
+        fs.mkdirSync(folder);
+    }
+}
+exports.mkdir = mkdir;
+function setEnv(varName, value) {
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        console.log("          set " + varName + "=" + value);
+    }
+    exportedEnvVars[varName] = value;
+    if (["OPENSSL_CONF"].indexOf(varName) >= 0) {
+        process.env[varName] = value;
+    }
+    if (["RANDFILE"].indexOf(varName) >= 0) {
+        process.env[varName] = value;
+    }
+}
+exports.setEnv = setEnv;
+function hasEnv(varName) {
+    return Object.prototype.hasOwnProperty.call(exportedEnvVars, varName);
+}
+exports.hasEnv = hasEnv;
+function execute(cmd, options, callback) {
+    assert(typeof callback === "function");
+    /// assert(g_config.CARootDir && fs.existsSync(option.CARootDir));
+    options.cwd = options.cwd || process.cwd();
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        console.log(chalk.cyan("                  CWD         "), options.cwd);
+    }
+    const outputs = [];
+    const child = child_process.exec(cmd, {
+        cwd: options.cwd,
+        windowsHide: true,
+    }, (err) => {
+        // istanbul ignore next
+        if (err) {
+            if (!options.hideErrorMessage) {
+                const fence = "###########################################";
+                console.error(chalk.bgWhiteBright.redBright(`${fence} OPENSSL ERROR ${fence}`));
+                console.error(chalk.bgWhiteBright.redBright("CWD = " + options.cwd));
+                console.error(chalk.bgWhiteBright.redBright(err.message));
+                console.error(chalk.bgWhiteBright.redBright(`${fence} OPENSSL ERROR ${fence}`));
+            }
+            // console.log("        ERR = ".bgWhite.red, err);
+            callback(new Error(err.message));
+            return;
+        }
+        callback(null, outputs.join(""));
+    });
+    if (child.stdout) {
+        const stream2 = byline(child.stdout);
+        stream2.on("data", (line) => {
+            outputs.push(line + "\n");
+        });
+        if (!exports.g_config.silent) {
+            stream2.on("data", (line) => {
+                line = line.toString();
+                if (doDebug) {
+                    process.stdout.write(chalk.white("        stdout ") + chalk.whiteBright(line) + "\n");
+                }
+            });
+        }
+    }
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        if (child.stderr) {
+            const stream1 = byline(child.stderr);
+            stream1.on("data", (line) => {
+                line = line.toString();
+                if (displayError) {
+                    process.stdout.write(chalk.white("        stderr ") + chalk.red(line) + "\n");
+                }
+            });
+        }
+    }
+}
+exports.execute = execute;
+function useRandFile() {
+    // istanbul ignore next
+    if (exports.g_config.opensslVersion && exports.g_config.opensslVersion.toLowerCase().indexOf("libressl") > -1) {
+        return false;
+    }
+    return true;
+}
+exports.useRandFile = useRandFile;
+function openssl_require2DigitYearInDate() {
+    // istanbul ignore next
+    if (!exports.g_config.opensslVersion) {
+        throw new Error("openssl_require2DigitYearInDate : openssl version is not known:" + "  please call ensure_openssl_installed(callback)");
+    }
+    return exports.g_config.opensslVersion.match(/OpenSSL 0\.9/);
+}
+exports.g_config.opensslVersion = "";
+function ensure_openssl_installed(callback) {
+    assert(typeof callback === "function");
+    if (!opensslPath) {
+        return find_openssl((err) => {
+            // istanbul ignore next
+            if (err) {
+                return callback(err);
+            }
+            execute_openssl("version", { cwd: "." }, (err, outputs) => {
+                // istanbul ignore next
+                if (err || !outputs) {
+                    return callback(err || new Error("no outputs"));
+                }
+                exports.g_config.opensslVersion = outputs.trim();
+                if (doDebug) {
+                    console.log("OpenSSL version : ", exports.g_config.opensslVersion);
+                }
+                callback(err ? err : undefined);
+            });
+        });
+    }
+    else {
+        return callback();
+    }
+}
+exports.ensure_openssl_installed = ensure_openssl_installed;
+function getTempFolder() {
+    return os.tmpdir();
+}
+function execute_openssl(cmd, options, callback) {
+    // tslint:disable-next-line:variable-name
+    const empty_config_file = n(getTempFolder(), "empty_config.cnf");
+    if (!fs.existsSync(empty_config_file)) {
+        fs.writeFileSync(empty_config_file, "# empty config file");
+    }
+    assert(typeof callback === "function");
+    options = options || {};
+    options.openssl_conf = options.openssl_conf || empty_config_file; // "!! OPEN SLL CONF NOT DEFINED BAD FILE !!";
+    assert(options.openssl_conf);
+    setEnv("OPENSSL_CONF", options.openssl_conf);
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        console.log(chalk.cyan("                  OPENSSL_CONF"), process.env.OPENSSL_CONF);
+        console.log(chalk.cyan("                  RANDFILE    "), process.env.RANDFILE);
+        console.log(chalk.cyan("                  CMD         openssl "), chalk.cyanBright(cmd));
+    }
+    ensure_openssl_installed((err) => {
+        // istanbul ignore next
+        if (err) {
+            return callback(err);
+        }
+        execute(quote(opensslPath) + " " + cmd, options, callback);
+    });
+}
+exports.execute_openssl = execute_openssl;
+function executeOpensslAsync(cmd, options) {
+    return new Promise((resolve, reject) => {
+        execute_openssl(cmd, options, (err, output) => {
+            // istanbul ignore next
+            if (err) {
+                reject(err);
+            }
+            else {
+                resolve(output || "");
+            }
+        });
+    });
+}
+exports.executeOpensslAsync = executeOpensslAsync;
+function execute_openssl_no_failure(cmd, options, callback) {
+    options = options || {};
+    options.hideErrorMessage = true;
+    execute_openssl(cmd, options, (err, output) => {
+        // istanbul ignore next
+        if (err) {
+            debugLog(" (ignored error =  ERROR : )", err.message);
+        }
+        callback(null, output);
+    });
+}
+exports.execute_openssl_no_failure = execute_openssl_no_failure;
+// istanbul ignore next
+function displayChapter(str, callback) {
+    const l = "                                                                                               ";
+    console.log(chalk.bgWhite(l) + " ");
+    str = ("        " + str + l).substring(0, l.length);
+    console.log(chalk.bgWhite.cyan(str));
+    console.log(chalk.bgWhite(l) + " ");
+    if (callback) {
+        callback();
+    }
+}
+exports.displayChapter = displayChapter;
+function displayTitle(str, callback) {
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        console.log("");
+        console.log(chalk.yellowBright(str));
+        console.log(chalk.yellow(new Array(str.length + 1).join("=")), "\n");
+    }
+    if (callback) {
+        callback();
+    }
+}
+exports.displayTitle = displayTitle;
+function displaySubtitle(str, callback) {
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        console.log("");
+        console.log("    " + chalk.yellowBright(str));
+        console.log("    " + chalk.white(new Array(str.length + 1).join("-")), "\n");
+    }
+    if (callback) {
+        callback();
+    }
+}
+exports.displaySubtitle = displaySubtitle;
+function getEnvironmentVarNames() {
+    return Object.keys(exportedEnvVars).map((varName) => {
+        return { key: varName, pattern: "\\$ENV\\:\\:" + varName };
+    });
+}
+exports.getEnvironmentVarNames = getEnvironmentVarNames;
+function generateStaticConfig(configPath, options) {
+    const prePath = (options && options.cwd) || "";
+    const staticConfigPath = configPath + ".tmp";
+    let staticConfig = fs.readFileSync(path.join(prePath, configPath), { encoding: "utf8" });
+    for (const envVar of getEnvironmentVarNames()) {
+        staticConfig = staticConfig.replace(new RegExp(envVar.pattern, "gi"), exportedEnvVars[envVar.key]);
+    }
+    fs.writeFileSync(path.join(prePath, staticConfigPath), staticConfig);
+    return staticConfigPath;
+}
+exports.generateStaticConfig = generateStaticConfig;
+const q = quote;
+function make_path(folderName, filename) {
+    let s;
+    if (filename) {
+        s = path.join(path.normalize(folderName), filename);
+    }
+    else {
+        assert(folderName);
+        s = folderName;
+    }
+    s = s.replace(/\\/g, "/");
+    return s;
+}
+exports.make_path = make_path;
+const n = make_path;
+/**
+ *   calculate the public key from private key
+ *   openssl rsa -pubout -in private_key.pem
+ *
+ * @method getPublicKeyFromPrivateKey
+ * @param privateKeyFilename
+ * @param publicKeyFilename
+ * @param callback
+ */
+function getPublicKeyFromPrivateKey(privateKeyFilename, publicKeyFilename, callback) {
+    assert(fs.existsSync(privateKeyFilename));
+    execute_openssl("rsa -pubout -in " + q(n(privateKeyFilename)) + " -out " + q(n(publicKeyFilename)), {}, callback);
+}
+exports.getPublicKeyFromPrivateKey = getPublicKeyFromPrivateKey;
+/**
+ * extract public key from a certificate
+ *   openssl x509 -pubkey -in certificate.pem -nottext
+ *
+ * @method getPublicKeyFromCertificate
+ * @param certificateFilename
+ * @param publicKeyFilename
+ * @param callback
+ */
+function getPublicKeyFromCertificate(certificateFilename, publicKeyFilename, callback) {
+    assert(fs.existsSync(certificateFilename));
+    execute_openssl("x509 -pubkey -in " + q(n(certificateFilename)) + " > " + q(n(publicKeyFilename)), {}, callback);
+}
+exports.getPublicKeyFromCertificate = getPublicKeyFromCertificate;
+/**
+ * create a RSA PRIVATE KEY
+ *
+ * @method createPrivateKey
+ *
+ * @param privateKeyFilename
+ * @param keyLength
+ * @param callback {Function}
+ */
+function createPrivateKey(privateKeyFilename, keyLength, callback) {
+    // istanbul ignore next
+    if (useRandFile()) {
+        assert(hasEnv("RANDFILE"));
+    }
+    assert([1024, 2048, 3072, 4096].indexOf(keyLength) >= 0);
+    const randomFile = exportedEnvVars.RANDFILE ? n(exportedEnvVars.RANDFILE) : "random.rnd";
+    const tasks = [
+        (callback) => createRandomFileIfNotExist(randomFile, {}, callback),
+        // Note   OpenSSL1 generates a -----BEGIN RSA PRIVATE KEY---- whereas
+        //        OpenSSL3 generates a -----BEGIN PRIVATE KEY----- unless the new -traditional option is used
+        //
+        // a BEGIN PRIVATE KEY structure is
+        //
+        // SEQUENCE (3 elem)
+        //   INTEGER 0
+        //   SEQUENCE (2 elem)
+        //     OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1)
+        //     NULL
+        //   OCTET STRING (609 byte) 3082025D02010002818100C5B53231183906122A5E3778736B05C095C75F1BB80D48B
+        //      SEQUENCE (9 elem)
+        //
+        // a BEGIN RSA PRIVATE KEY structure is just
+        //   SEQUENCE (9 elem)
+        //
+        (callback) => {
+            execute_openssl("genrsa " +
+                " -out " +
+                q(n(privateKeyFilename)) +
+                (useRandFile() ? " -rand " + q(randomFile) : "") +
+                " " +
+                keyLength, {}, (err) => {
+                callback(err ? err : undefined);
+            });
+        },
+    ];
+    async.series(tasks, callback);
+}
+exports.createPrivateKey = createPrivateKey;
+function createRandomFile(randomFile, options, callback) {
+    // istanbul ignore next
+    if (!useRandFile()) {
+        return callback();
+    }
+    execute_openssl("rand " + " -out " + q(randomFile) + " -hex 256", options, (err) => {
+        callback(err ? err : undefined);
+    });
+}
+exports.createRandomFile = createRandomFile;
+function createRandomFileIfNotExist(randomFile, options, callback) {
+    const randomFilePath = options.cwd ? path.join(options.cwd, randomFile) : randomFile;
+    if (fs.existsSync(randomFilePath)) {
+        if (doDebug) {
+            console.log(chalk.yellow("         randomFile"), chalk.cyan(randomFile), chalk.yellow(" already exists => skipping"));
+        }
+        return callback();
+    }
+    else {
+        createRandomFile(randomFile, options, callback);
+    }
+}
+exports.createRandomFileIfNotExist = createRandomFileIfNotExist;
+/**
+ * create a certificate signing request
+ *
+ * @param certificateSigningRequestFilename
+ * @param params
+ * @param callback
+ */
+function createCertificateSigningRequest(certificateSigningRequestFilename, params, callback) {
+    assert(params);
+    assert(params.rootDir);
+    assert(params.configFile);
+    assert(params.privateKey);
+    assert(typeof params.privateKey === "string");
+    assert(fs.existsSync(params.configFile), "config file must exist " + params.configFile);
+    assert(fs.existsSync(params.privateKey), "Private key must exist" + params.privateKey);
+    assert(fs.existsSync(params.rootDir), "RootDir key must exist");
+    assert(typeof certificateSigningRequestFilename === "string");
+    // note : this openssl command requires a config file
+    processAltNames(params);
+    const configFile = generateStaticConfig(params.configFile);
+    const options = { cwd: params.rootDir, openssl_conf: configFile };
+    const configOption = " -config " + q(n(configFile));
+    const subject = params.subject ? new subject_1.Subject(params.subject).toString() : undefined;
+    // process.env.OPENSSL_CONF  ="";
+    const subjectOptions = subject ? " -subj \"" + subject + "\"" : "";
+    async.series([
+        (callback) => {
+            displaySubtitle("- Creating a Certificate Signing Request", callback);
+        },
+        (callback) => {
+            execute_openssl("req -new" +
+                "  -sha256 " +
+                " -batch " +
+                " -text " +
+                configOption +
+                " -key " +
+                q(n(params.privateKey)) +
+                subjectOptions +
+                " -out " +
+                q(n(certificateSigningRequestFilename)), options, (err) => {
+                callback(err ? err : undefined);
+            });
+        },
+    ], (err) => callback(err));
+}
+exports.createCertificateSigningRequest = createCertificateSigningRequest;
+function x509Date(date) {
+    date = date || new Date();
+    const Y = date.getUTCFullYear();
+    const M = date.getUTCMonth() + 1;
+    const D = date.getUTCDate();
+    const h = date.getUTCHours();
+    const m = date.getUTCMinutes();
+    const s = date.getUTCSeconds();
+    function w(s, l) {
+        return ("" + s).padStart(l, "0");
+    }
+    if (openssl_require2DigitYearInDate()) {
+        // for example: on MacOS , where openssl 0.98 is installed by default
+        return w(Y, 2) + w(M, 2) + w(D, 2) + w(h, 2) + w(m, 2) + w(s, 2) + "Z";
+    }
+    else {
+        // for instance when openssl version is greater than 1.0.0
+        return w(Y, 4) + w(M, 2) + w(D, 2) + w(h, 2) + w(m, 2) + w(s, 2) + "Z";
+    }
+}
+exports.x509Date = x509Date;
+// purpose of self-signed certificate
+var CertificatePurpose;
+(function (CertificatePurpose) {
+    CertificatePurpose[CertificatePurpose["NotSpecified"] = 0] = "NotSpecified";
+    CertificatePurpose[CertificatePurpose["ForCertificateAuthority"] = 1] = "ForCertificateAuthority";
+    CertificatePurpose[CertificatePurpose["ForApplication"] = 2] = "ForApplication";
+    CertificatePurpose[CertificatePurpose["ForUserAuthentication"] = 3] = "ForUserAuthentication";
+})(CertificatePurpose = exports.CertificatePurpose || (exports.CertificatePurpose = {}));
+function adjustDate(params) {
+    assert(params instanceof Object);
+    params.startDate = params.startDate || new Date();
+    assert(params.startDate instanceof Date);
+    params.validity = params.validity || 365; // one year
+    params.endDate = new Date(params.startDate.getTime());
+    params.endDate.setDate(params.startDate.getDate() + params.validity);
+    // xx params.endDate = x509Date(endDate);
+    // xx params.startDate = x509Date(startDate);
+    assert(params.endDate instanceof Date);
+    assert(params.startDate instanceof Date);
+    // istanbul ignore next
+    if (!exports.g_config.silent) {
+        console.log(" start Date ", params.startDate.toUTCString(), x509Date(params.startDate));
+        console.log(" end   Date ", params.endDate.toUTCString(), x509Date(params.endDate));
+    }
+}
+exports.adjustDate = adjustDate;
+function adjustApplicationUri(params) {
+    const applicationUri = params.applicationUri || "";
+    if (applicationUri.length > 200) {
+        throw new Error("Openssl doesn't support urn with length greater than 200" + applicationUri);
+    }
+}
+exports.adjustApplicationUri = adjustApplicationUri;
+function certificateFileExist(certificateFile) {
+    assert(typeof certificateFile === "string");
+    // istanbul ignore next
+    if (fs.existsSync(certificateFile) && !exports.g_config.force) {
+        console.log(chalk.yellow("        certificate ") + chalk.cyan(certificateFile) + chalk.yellow(" already exists => do not overwrite"));
+        return false;
+    }
+    return true;
+}
+exports.certificateFileExist = certificateFileExist;
+/**
+ *
+ * @param params
+ * @param params.applicationUri
+ * @param params.dns
+ * @param params.ip
+ * @private
+ */
+function processAltNames(params) {
+    params.dns = params.dns || [];
+    params.ip = params.ip || [];
+    // construct subjectAtlName
+    let subjectAltName = [];
+    subjectAltName.push("URI:" + params.applicationUri);
+    subjectAltName = [].concat(subjectAltName, params.dns.map((d) => "DNS:" + d));
+    subjectAltName = [].concat(subjectAltName, params.ip.map((d) => "IP:" + d));
+    const subjectAltNameString = subjectAltName.join(", ");
+    setEnv("ALTNAME", subjectAltNameString);
+}
+exports.processAltNames = processAltNames;
+/**
+ *
+ * @param certificate
+ * @param params
+ * @param params.configFile
+ * @param params.rootDir
+ * @param params.privateKey
+ * @param params.applicationUri
+ * @param params.dns
+ * @param params.ip
+ * @param params.validity certificate duration in days
+ * @param params.purpose
+ * @param [params.subject= "C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=ZZNodeOPCUA"]
+ * @param callback
+ */
+function createSelfSignCertificate(certificate, params, callback) {
+    ensure_openssl_installed((err) => {
+        if (err) {
+            return callback(err);
+        }
+        try {
+            params.purpose = params.purpose || CertificatePurpose.ForApplication;
+            assert(params.purpose, "Please provide a Certificate Purpose");
+            /**
+             * note: due to a limitation of openssl ,
+             *       it is not possible to control the startDate of the certificate validity
+             *       to achieve this the certificateAuthority tool shall be used.
+             */
+            assert(fs.existsSync(params.configFile));
+            assert(fs.existsSync(params.rootDir));
+            assert(fs.existsSync(params.privateKey));
+            if (!params.subject) {
+                return callback(new Error("Missing subject"));
+            }
+            assert(typeof params.applicationUri === "string");
+            assert(params.dns instanceof Array);
+            // xx no key size in self-signed assert(params.keySize == 2048 || params.keySize == 4096);
+            processAltNames(params);
+            adjustDate(params);
+            assert(Object.prototype.hasOwnProperty.call(params, "validity"));
+            let subject = new subject_1.Subject(params.subject);
+            subject = subject.toString();
+            const certificateRequestFilename = certificate + ".csr";
+            const configFile = generateStaticConfig(params.configFile);
+            const configOption = " -config " + q(n(configFile));
+            let extension;
+            switch (params.purpose) {
+                case CertificatePurpose.ForApplication:
+                    extension = "v3_selfsigned";
+                    break;
+                case CertificatePurpose.ForCertificateAuthority:
+                    extension = "v3_ca";
+                    break;
+                case CertificatePurpose.ForUserAuthentication:
+                default:
+                    extension = "v3_selfsigned";
+            }
+            const tasks = [
+                (callback) => {
+                    displayTitle("Generate a certificate request", callback);
+                },
+                // Once the private key is generated a Certificate Signing Request can be generated.
+                // The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as
+                // Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate.
+                // The second option is to self-sign the CSR, which will be demonstrated in the next section
+                (callback) => {
+                    execute_openssl("req -new" +
+                        " -sha256 " +
+                        " -text " +
+                        " -extensions " +
+                        extension +
+                        " " +
+                        configOption +
+                        " -key " +
+                        q(n(params.privateKey)) +
+                        " -out " +
+                        q(n(certificateRequestFilename)) +
+                        " -subj \"" +
+                        subject +
+                        "\"", {}, callback);
+                },
+                // Xx // Step 3: Remove Passphrase from Key
+                // Xx execute("cp private/cakey.pem private/cakey.pem.org");
+                // Xx execute(openssl_path + " rsa -in private/cakey.pem.org
+                // Xx -out private/cakey.pem -passin pass:"+paraphrase);
+                (callback) => {
+                    displayTitle("Generate Certificate (self-signed)", callback);
+                },
+                (callback) => {
+                    execute_openssl(" x509 -req " +
+                        " -days " +
+                        params.validity +
+                        " -extensions " +
+                        extension +
+                        " " +
+                        " -extfile " +
+                        q(n(configFile)) +
+                        " -in " +
+                        q(n(certificateRequestFilename)) +
+                        " -signkey " +
+                        q(n(params.privateKey)) +
+                        " -text " +
+                        " -out " +
+                        q(certificate) +
+                        " -text ", {}, callback);
+                },
+                // remove unnecessary certificate request file
+                (callback) => {
+                    fs.unlink(certificateRequestFilename, callback);
+                },
+            ];
+            async.series(tasks, callback);
+        }
+        catch (err) {
+            callback(err);
+        }
+    });
+}
+exports.createSelfSignCertificate = createSelfSignCertificate;
+// tslint:disable-next-line:variable-name
+exports.configurationFileTemplate = ca_config_template_cnf_1.default;
+/**
+ *
+ * a minimalist config file for openssl that allows
+ * self-signed certificate to be generated.
+ *
+ */
+// tslint:disable-next-line:variable-name
+exports.configurationFileSimpleTemplate = simple_config_template_cnf_1.default;
+/**
+ * @param certificate - the certificate file in PEM format, file must exist
+ * @param callback
+ */
+function dumpCertificate(certificate, callback) {
+    assert(fs.existsSync(certificate));
+    assert(typeof callback === "function");
+    execute_openssl("x509 " + " -in " + q(n(certificate)) + " -text " + " -noout", {}, callback);
+}
+exports.dumpCertificate = dumpCertificate;
+function toDer(certificatePem, callback) {
+    assert(fs.existsSync(certificatePem));
+    const certificateDer = certificatePem.replace(".pem", ".der");
+    execute_openssl("x509  " + " -outform der " + " -in " + certificatePem + " -out " + certificateDer, {}, callback);
+}
+exports.toDer = toDer;
+function fingerprint(certificatePem, callback) {
+    // openssl x509 -in my_certificate.pem -hash -dates -noout -fingerprint
+    assert(fs.existsSync(certificatePem));
+    execute_openssl("x509  " + " -fingerprint " + " -noout " + " -in " + certificatePem, {}, callback);
+}
+exports.fingerprint = fingerprint;
 //# sourceMappingURL=toolbox.js.map