node-opcua-pki 4.2.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/ca/crypto_create_CA.js +30 -31
- package/dist/lib/pki/certificate_manager.d.ts +9 -3
- package/dist/lib/pki/certificate_manager.js +36 -16
- package/dist/lib/toolbox/common.js +2 -2
- package/dist/lib/toolbox/common2.js +1 -1
- package/dist/lib/toolbox/debug.d.ts +1 -0
- package/dist/lib/toolbox/debug.js +5 -1
- package/dist/lib/toolbox/display.js +11 -10
- package/dist/lib/toolbox/with_openssl/_create_random_file.js +0 -3
- package/dist/lib/toolbox/with_openssl/_env.js +2 -1
- package/dist/lib/toolbox/with_openssl/execute_openssl.js +5 -6
- package/dist/lib/toolbox/with_openssl/install_prerequisite.js +22 -21
- package/package.json +10 -12
|
@@ -116,20 +116,19 @@ function displayConfig(config) {
|
|
|
116
116
|
function w(str, l) {
|
|
117
117
|
return (str + " ").substring(0, l);
|
|
118
118
|
}
|
|
119
|
-
|
|
119
|
+
(0, toolbox_1.warningLog)(chalk.yellow(" configuration = "));
|
|
120
120
|
for (const [key, value] of Object.entries(config)) {
|
|
121
|
-
|
|
121
|
+
(0, toolbox_1.warningLog)(" " + chalk.yellow(w(key, 30)) + " : " + chalk.cyan(value.toString()));
|
|
122
122
|
}
|
|
123
123
|
}
|
|
124
124
|
function default_template_content() {
|
|
125
125
|
// istanbul ignore next
|
|
126
126
|
if (process.pkg && process.pkg.entrypoint) {
|
|
127
127
|
// we are using PKG compiled package !
|
|
128
|
-
//
|
|
129
|
-
//
|
|
130
|
-
//
|
|
128
|
+
// warningLog("___filename", __filename);
|
|
129
|
+
// warningLog("__dirname", __dirname);
|
|
130
|
+
// warningLog("process.pkg.entrypoint", (process as any).pkg.entrypoint);
|
|
131
131
|
const a = fs.readFileSync(path.join(__dirname, "../../bin/crypto_create_CA_config.example.js"), "utf8");
|
|
132
|
-
console.log(a);
|
|
133
132
|
return a;
|
|
134
133
|
}
|
|
135
134
|
function find_default_config_template() {
|
|
@@ -208,7 +207,7 @@ function readConfiguration(argv) {
|
|
|
208
207
|
(0, toolbox_1.debugLog)(chalk.yellow(" using g_config file "), chalk.cyan(default_config));
|
|
209
208
|
}
|
|
210
209
|
if (!fs.existsSync(default_config)) {
|
|
211
|
-
|
|
210
|
+
(0, toolbox_1.debugLog)(chalk.redBright(" cannot find config file ", default_config));
|
|
212
211
|
}
|
|
213
212
|
// see http://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean
|
|
214
213
|
// set random file to be random.rnd in the same folder as the g_config file
|
|
@@ -328,7 +327,7 @@ function on_completion(err, done) {
|
|
|
328
327
|
assert(typeof done === "function", "expecting function");
|
|
329
328
|
// istanbul ignore next
|
|
330
329
|
if (err) {
|
|
331
|
-
|
|
330
|
+
(0, toolbox_1.warningLog)(chalk.redBright("ERROR : ") + err.message);
|
|
332
331
|
}
|
|
333
332
|
done();
|
|
334
333
|
}
|
|
@@ -358,7 +357,7 @@ function createDefaultCertificate(base_name, prefix, key_length, applicationUri,
|
|
|
358
357
|
return __awaiter(this, void 0, void 0, function* () {
|
|
359
358
|
// istanbul ignore next
|
|
360
359
|
if (fs.existsSync(certificate)) {
|
|
361
|
-
|
|
360
|
+
(0, toolbox_1.warningLog)(chalk.yellow(" certificate"), chalk.cyan(certificate), chalk.yellow(" already exists => skipping"));
|
|
362
361
|
return "";
|
|
363
362
|
}
|
|
364
363
|
else {
|
|
@@ -411,7 +410,7 @@ function createDefaultCertificate(base_name, prefix, key_length, applicationUri,
|
|
|
411
410
|
function createPrivateKeyIfNotExist(privateKey, keyLength) {
|
|
412
411
|
return __awaiter(this, void 0, void 0, function* () {
|
|
413
412
|
if (fs.existsSync(privateKey)) {
|
|
414
|
-
|
|
413
|
+
(0, toolbox_1.warningLog)(chalk.yellow(" privateKey"), chalk.cyan(privateKey), chalk.yellow(" already exists => skipping"));
|
|
415
414
|
return;
|
|
416
415
|
}
|
|
417
416
|
else {
|
|
@@ -438,7 +437,7 @@ function createDefaultCertificate(base_name, prefix, key_length, applicationUri,
|
|
|
438
437
|
// self_signed certificate already exists
|
|
439
438
|
const certificate = yield createCertificateIfNotExist(certificate_revoked, private_key_file, applicationUri + "Revoked", // make sure we used a uniq URI here
|
|
440
439
|
yesterday, 365);
|
|
441
|
-
|
|
440
|
+
(0, toolbox_1.warningLog)(" certificate to revoke => ", certificate);
|
|
442
441
|
revoke_certificate(certificate_revoked);
|
|
443
442
|
}
|
|
444
443
|
}
|
|
@@ -472,8 +471,8 @@ function create_default_certificates(dev) {
|
|
|
472
471
|
yield (0, hostname_1.extractFullyQualifiedDomainName)();
|
|
473
472
|
const hostname = os.hostname();
|
|
474
473
|
const fqdn = (0, hostname_1.getFullyQualifiedDomainName)();
|
|
475
|
-
|
|
476
|
-
|
|
474
|
+
(0, toolbox_1.warningLog)(chalk.yellow(" hostname = "), chalk.cyan(hostname));
|
|
475
|
+
(0, toolbox_1.warningLog)(chalk.yellow(" fqdn = "), chalk.cyan(fqdn));
|
|
477
476
|
clientURN = (0, applicationurn_1.makeApplicationUrn)(hostname, "NodeOPCUA-Client");
|
|
478
477
|
serverURN = (0, applicationurn_1.makeApplicationUrn)(hostname, "NodeOPCUA-Server");
|
|
479
478
|
discoveryServerURN = (0, applicationurn_1.makeApplicationUrn)(hostname, "NodeOPCUA-DiscoveryServer");
|
|
@@ -681,7 +680,7 @@ argv
|
|
|
681
680
|
if (!csr_file) {
|
|
682
681
|
return;
|
|
683
682
|
}
|
|
684
|
-
|
|
683
|
+
(0, toolbox_1.warningLog)(" csr_file = ", csr_file);
|
|
685
684
|
const certificate = csr_file.replace(".csr", ".pem");
|
|
686
685
|
if (fs.existsSync(certificate)) {
|
|
687
686
|
throw new Error(" File " + certificate + " already exist");
|
|
@@ -707,16 +706,16 @@ argv
|
|
|
707
706
|
wrap(() => __awaiter(void 0, void 0, void 0, function* () {
|
|
708
707
|
// example : node bin\crypto_create_CA.js revoke my_certificate.pem
|
|
709
708
|
const certificate = path.resolve(local_argv.certificateFile);
|
|
710
|
-
|
|
709
|
+
(0, toolbox_1.warningLog)(chalk.yellow(" Certificate to revoke : "), chalk.cyan(certificate));
|
|
711
710
|
if (!fs.existsSync(certificate)) {
|
|
712
711
|
throw new Error("cannot find certificate to revoke " + certificate);
|
|
713
712
|
}
|
|
714
713
|
yield readConfiguration(local_argv);
|
|
715
714
|
yield construct_CertificateAuthority("");
|
|
716
715
|
yield (0, util_1.promisify)(revoke_certificate)(certificate);
|
|
717
|
-
|
|
718
|
-
|
|
719
|
-
|
|
716
|
+
(0, toolbox_1.warningLog)("done ... ");
|
|
717
|
+
(0, toolbox_1.warningLog)(" crl = ", g_certificateAuthority.revocationList);
|
|
718
|
+
(0, toolbox_1.warningLog)("\nyou should now publish the new Certificate Revocation List");
|
|
720
719
|
}));
|
|
721
720
|
})
|
|
722
721
|
.command("csr", "create a certificate signing request", (yargs) => {
|
|
@@ -760,7 +759,7 @@ argv
|
|
|
760
759
|
wrap(() => __awaiter(void 0, void 0, void 0, function* () {
|
|
761
760
|
yield readConfiguration(local_argv);
|
|
762
761
|
if (!fs.existsSync(gLocalConfig.PKIFolder || "")) {
|
|
763
|
-
|
|
762
|
+
(0, toolbox_1.warningLog)("PKI folder must exist");
|
|
764
763
|
}
|
|
765
764
|
yield construct_CertificateManager();
|
|
766
765
|
if (!gLocalConfig.outputFile || fs.existsSync(gLocalConfig.outputFile)) {
|
|
@@ -775,17 +774,17 @@ argv
|
|
|
775
774
|
return;
|
|
776
775
|
}
|
|
777
776
|
if (!gLocalConfig.outputFile) {
|
|
778
|
-
|
|
777
|
+
(0, toolbox_1.warningLog)("please specify a output file");
|
|
779
778
|
return;
|
|
780
779
|
}
|
|
781
780
|
const csr = yield fs.promises.readFile(internal_csr_file, "utf-8");
|
|
782
781
|
fs.writeFileSync(gLocalConfig.outputFile || "", csr, "utf-8");
|
|
783
|
-
|
|
784
|
-
|
|
785
|
-
|
|
786
|
-
|
|
787
|
-
|
|
788
|
-
|
|
782
|
+
(0, toolbox_1.warningLog)("Subject = ", gLocalConfig.subject);
|
|
783
|
+
(0, toolbox_1.warningLog)("applicationUri = ", gLocalConfig.applicationUri);
|
|
784
|
+
(0, toolbox_1.warningLog)("altNames = ", gLocalConfig.altNames);
|
|
785
|
+
(0, toolbox_1.warningLog)("dns = ", gLocalConfig.dns);
|
|
786
|
+
(0, toolbox_1.warningLog)("ip = ", gLocalConfig.ip);
|
|
787
|
+
(0, toolbox_1.warningLog)("CSR file = ", gLocalConfig.outputFile);
|
|
789
788
|
}));
|
|
790
789
|
})
|
|
791
790
|
.command("sign", "validate a certificate signing request and generate a certificate", (yargs) => {
|
|
@@ -841,7 +840,7 @@ argv
|
|
|
841
840
|
}, (yargs) => {
|
|
842
841
|
wrap(() => __awaiter(void 0, void 0, void 0, function* () {
|
|
843
842
|
const data = yield (0, util_1.promisify)(with_openssl_1.dumpCertificate)(yargs.certificateFile);
|
|
844
|
-
|
|
843
|
+
(0, toolbox_1.warningLog)(data);
|
|
845
844
|
}));
|
|
846
845
|
})
|
|
847
846
|
.command("toder <pemCertificate>", "convert a certificate to a DER format with finger print", () => {
|
|
@@ -860,11 +859,11 @@ argv
|
|
|
860
859
|
if (!data)
|
|
861
860
|
return;
|
|
862
861
|
const s = data.split("=")[1].split(":").join("").trim();
|
|
863
|
-
|
|
862
|
+
(0, toolbox_1.warningLog)(s);
|
|
864
863
|
}));
|
|
865
864
|
})
|
|
866
865
|
.command("$0", "help", (yargs) => {
|
|
867
|
-
|
|
866
|
+
(0, toolbox_1.warningLog)("--help for help");
|
|
868
867
|
return yargs;
|
|
869
868
|
})
|
|
870
869
|
.epilog(epilog)
|
|
@@ -877,8 +876,8 @@ function main(argumentsList, _done) {
|
|
|
877
876
|
commands.parse(argumentsList, (err, g_argv) => {
|
|
878
877
|
// istanbul ignore next
|
|
879
878
|
if (err) {
|
|
880
|
-
|
|
881
|
-
|
|
879
|
+
(0, toolbox_1.warningLog)(" err = ", err);
|
|
880
|
+
(0, toolbox_1.warningLog)(" use --help for more info");
|
|
882
881
|
setImmediate(() => {
|
|
883
882
|
commands.showHelp();
|
|
884
883
|
done(err);
|
|
@@ -23,6 +23,12 @@ export interface CreateSelfSignCertificateParam1 extends CreateSelfSignCertifica
|
|
|
23
23
|
startDate: Date;
|
|
24
24
|
validity: number;
|
|
25
25
|
}
|
|
26
|
+
export interface VerifyCertificateOptions {
|
|
27
|
+
acceptOutdatedCertificate?: boolean;
|
|
28
|
+
acceptOutDatedIssuerCertificate?: boolean;
|
|
29
|
+
ignoreMissingRevocationList?: boolean;
|
|
30
|
+
acceptPendingCertificate?: boolean;
|
|
31
|
+
}
|
|
26
32
|
export declare enum VerificationStatus {
|
|
27
33
|
/** The certificate provided as a parameter is not valid. */
|
|
28
34
|
BadCertificateInvalid = "BadCertificateInvalid",
|
|
@@ -97,14 +103,14 @@ export declare class CertificateManager {
|
|
|
97
103
|
get issuersCrlFolder(): string;
|
|
98
104
|
isCertificateTrusted(certificate: Certificate, callback: (err: Error | null, trustedStatus: string) => void): void;
|
|
99
105
|
isCertificateTrusted(certificate: Certificate): Promise<string>;
|
|
100
|
-
_innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number): Promise<VerificationStatus>;
|
|
101
|
-
verifyCertificateAsync(certificate: Certificate): Promise<VerificationStatus>;
|
|
106
|
+
_innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number, options: VerifyCertificateOptions): Promise<VerificationStatus>;
|
|
107
|
+
protected verifyCertificateAsync(certificate: Certificate, options: VerifyCertificateOptions): Promise<VerificationStatus>;
|
|
102
108
|
/**
|
|
103
109
|
* Verify certificate validity
|
|
104
110
|
* @method verifyCertificate
|
|
105
111
|
* @param certificate
|
|
106
112
|
*/
|
|
107
|
-
verifyCertificate(certificate: Certificate): Promise<VerificationStatus>;
|
|
113
|
+
verifyCertificate(certificate: Certificate, options?: VerifyCertificateOptions): Promise<VerificationStatus>;
|
|
108
114
|
verifyCertificate(certificate: Certificate, callback: (err: Error | null, status?: VerificationStatus) => void): void;
|
|
109
115
|
initialize(): Promise<void>;
|
|
110
116
|
initialize(callback: (err?: Error) => void): void;
|
|
@@ -299,7 +299,7 @@ class CertificateManager {
|
|
|
299
299
|
}
|
|
300
300
|
});
|
|
301
301
|
}
|
|
302
|
-
_innerVerifyCertificateAsync(certificate, isIssuer, level) {
|
|
302
|
+
_innerVerifyCertificateAsync(certificate, isIssuer, level, options) {
|
|
303
303
|
var _a, _b, _c, _d, _e;
|
|
304
304
|
return __awaiter(this, void 0, void 0, function* () {
|
|
305
305
|
if (level >= 5) {
|
|
@@ -314,7 +314,6 @@ class CertificateManager {
|
|
|
314
314
|
// check if certificate is attached to a issuer
|
|
315
315
|
const hasIssuerKey = (_b = (_a = info.tbsCertificate.extensions) === null || _a === void 0 ? void 0 : _a.authorityKeyIdentifier) === null || _b === void 0 ? void 0 : _b.keyIdentifier;
|
|
316
316
|
(0, debug_1.debugLog)("Certificate as an Issuer Key", hasIssuerKey);
|
|
317
|
-
// console.log(inspect(info, { depth: 100 }));
|
|
318
317
|
if (hasIssuerKey) {
|
|
319
318
|
const isSelfSigned = isSelfSigned2(info);
|
|
320
319
|
(0, debug_1.debugLog)("Is the Certificate self-signed ?", isSelfSigned);
|
|
@@ -334,7 +333,7 @@ class CertificateManager {
|
|
|
334
333
|
else {
|
|
335
334
|
(0, debug_1.debugLog)(" the issuer certificate has been found in the issuer.cert folder !");
|
|
336
335
|
}
|
|
337
|
-
const issuerStatus = yield this._innerVerifyCertificateAsync(issuerCertificate, true, level + 1);
|
|
336
|
+
const issuerStatus = yield this._innerVerifyCertificateAsync(issuerCertificate, true, level + 1, options);
|
|
338
337
|
if (issuerStatus === VerificationStatus.BadCertificateRevocationUnknown) {
|
|
339
338
|
// the issuer must have a CRL available .... !
|
|
340
339
|
return VerificationStatus.BadCertificateIssuerRevocationUnknown;
|
|
@@ -344,8 +343,10 @@ class CertificateManager {
|
|
|
344
343
|
return VerificationStatus.BadCertificateIssuerRevocationUnknown;
|
|
345
344
|
}
|
|
346
345
|
if (issuerStatus === VerificationStatus.BadCertificateTimeInvalid) {
|
|
347
|
-
|
|
348
|
-
|
|
346
|
+
if (!options || !options.acceptOutDatedIssuerCertificate) {
|
|
347
|
+
// the issuer must have valid dates ....
|
|
348
|
+
return VerificationStatus.BadCertificateIssuerTimeInvalid;
|
|
349
|
+
}
|
|
349
350
|
}
|
|
350
351
|
if (issuerStatus == VerificationStatus.BadCertificateUntrusted) {
|
|
351
352
|
(0, debug_1.debugLog)("warning issuerStatus = ", issuerStatus.toString(), "the issuer certificate is not trusted");
|
|
@@ -363,9 +364,14 @@ class CertificateManager {
|
|
|
363
364
|
}
|
|
364
365
|
hasValidIssuer = true;
|
|
365
366
|
// let detected if our certificate is in the revocation list
|
|
366
|
-
|
|
367
|
+
let revokedStatus = yield this.isCertificateRevoked(certificate);
|
|
367
368
|
if (revokedStatus === VerificationStatus.BadCertificateRevocationUnknown) {
|
|
368
|
-
|
|
369
|
+
if (!options || !options.ignoreMissingRevocationList) {
|
|
370
|
+
return VerificationStatus.BadCertificateRevocationUnknown;
|
|
371
|
+
}
|
|
372
|
+
else {
|
|
373
|
+
revokedStatus = VerificationStatus.Good;
|
|
374
|
+
}
|
|
369
375
|
}
|
|
370
376
|
if (revokedStatus !== VerificationStatus.Good) {
|
|
371
377
|
// certificate is revoked !!!
|
|
@@ -413,13 +419,17 @@ class CertificateManager {
|
|
|
413
419
|
(0, debug_1.debugLog)(chalk.red("certificate is invalid : certificate is not active yet !") +
|
|
414
420
|
" not before date =" +
|
|
415
421
|
certificateInfo.notBefore);
|
|
416
|
-
|
|
422
|
+
if (!options.acceptPendingCertificate) {
|
|
423
|
+
isTimeInvalid = true;
|
|
424
|
+
}
|
|
417
425
|
}
|
|
418
426
|
// check that certificate has not expired
|
|
419
427
|
if (certificateInfo.notAfter.getTime() <= now.getTime()) {
|
|
420
428
|
// certificate is obsolete
|
|
421
429
|
(0, debug_1.debugLog)(chalk.red("certificate is invalid : certificate has expired !") + " not after date =" + certificateInfo.notAfter);
|
|
422
|
-
|
|
430
|
+
if (!options.acceptOutdatedCertificate) {
|
|
431
|
+
isTimeInvalid = true;
|
|
432
|
+
}
|
|
423
433
|
}
|
|
424
434
|
if (status === "trusted") {
|
|
425
435
|
return isTimeInvalid ? VerificationStatus.BadCertificateTimeInvalid : VerificationStatus.Good;
|
|
@@ -439,21 +449,31 @@ class CertificateManager {
|
|
|
439
449
|
}
|
|
440
450
|
});
|
|
441
451
|
}
|
|
442
|
-
verifyCertificateAsync(certificate) {
|
|
452
|
+
verifyCertificateAsync(certificate, options) {
|
|
443
453
|
return __awaiter(this, void 0, void 0, function* () {
|
|
444
|
-
const status1 = yield this._innerVerifyCertificateAsync(certificate, false, 0);
|
|
454
|
+
const status1 = yield this._innerVerifyCertificateAsync(certificate, false, 0, options);
|
|
445
455
|
return status1;
|
|
446
456
|
});
|
|
447
457
|
}
|
|
448
|
-
verifyCertificate(certificate,
|
|
449
|
-
|
|
458
|
+
verifyCertificate(certificate, ...args) {
|
|
459
|
+
let options;
|
|
460
|
+
let callback = undefined;
|
|
461
|
+
if (args.length === 1) {
|
|
462
|
+
callback = args[0];
|
|
463
|
+
}
|
|
464
|
+
else if (args.length === 2) {
|
|
465
|
+
options = args[0];
|
|
466
|
+
callback = args[1];
|
|
467
|
+
}
|
|
468
|
+
// istanbul ignore next
|
|
469
|
+
if (!callback || typeof callback !== "function")
|
|
450
470
|
throw new Error("internal error");
|
|
451
471
|
// Is the signature on the SoftwareCertificate valid .?
|
|
452
472
|
if (!certificate) {
|
|
453
473
|
// missing certificate
|
|
454
474
|
return callback(null, VerificationStatus.BadSecurityChecksFailed);
|
|
455
475
|
}
|
|
456
|
-
(0, util_1.callbackify)(this.verifyCertificateAsync).call(this, certificate, callback);
|
|
476
|
+
(0, util_1.callbackify)(this.verifyCertificateAsync).call(this, certificate, options || {}, callback);
|
|
457
477
|
}
|
|
458
478
|
initialize(...args) {
|
|
459
479
|
const callback = args[0];
|
|
@@ -684,7 +704,7 @@ class CertificateManager {
|
|
|
684
704
|
if (selectedIssuerCertificates.length > 0) {
|
|
685
705
|
if (selectedIssuerCertificates.length > 1) {
|
|
686
706
|
// tslint:disable-next-line: no-console
|
|
687
|
-
|
|
707
|
+
(0, debug_1.warningLog)("Warning more than one issuer certificate exists with subjectKeyIdentifier ", wantedIssuerKey);
|
|
688
708
|
}
|
|
689
709
|
return selectedIssuerCertificates[0].certificate || null;
|
|
690
710
|
}
|
|
@@ -694,7 +714,7 @@ class CertificateManager {
|
|
|
694
714
|
// istanbul ignore next
|
|
695
715
|
if (selectedTrustedCertificates.length > 1) {
|
|
696
716
|
// tslint:disable-next-line: no-console
|
|
697
|
-
|
|
717
|
+
(0, debug_1.warningLog)("Warning more than one certificate exists with subjectKeyIdentifier in trusted certificate list ", wantedIssuerKey, selectedTrustedCertificates.length);
|
|
698
718
|
for (const entry of selectedTrustedCertificates) {
|
|
699
719
|
(0, with_openssl_1.dumpCertificate)(entry.filename, (err, data) => {
|
|
700
720
|
(0, debug_1.debugLog)(" ", entry.filename);
|
|
@@ -41,8 +41,8 @@ function adjustDate(params) {
|
|
|
41
41
|
assert(params.startDate instanceof Date);
|
|
42
42
|
// // istanbul ignore next
|
|
43
43
|
// if (!g_config.silent) {
|
|
44
|
-
//
|
|
45
|
-
//
|
|
44
|
+
// warningLog(" start Date ", params.startDate.toUTCString(), x509Date(params.startDate));
|
|
45
|
+
// warningLog(" end Date ", params.endDate.toUTCString(), x509Date(params.endDate));
|
|
46
46
|
// }
|
|
47
47
|
}
|
|
48
48
|
exports.adjustDate = adjustDate;
|
|
@@ -32,7 +32,7 @@ const debug_1 = require("./debug");
|
|
|
32
32
|
function certificateFileExist(certificateFile) {
|
|
33
33
|
// istanbul ignore next
|
|
34
34
|
if (fs.existsSync(certificateFile) && !config_1.g_config.force) {
|
|
35
|
-
|
|
35
|
+
(0, debug_1.warningLog)(chalk.yellow(" certificate ") + chalk.cyan(certificateFile) + chalk.yellow(" already exists => do not overwrite"));
|
|
36
36
|
return false;
|
|
37
37
|
}
|
|
38
38
|
return true;
|
|
@@ -2,3 +2,4 @@ export declare const doDebug: string | boolean;
|
|
|
2
2
|
export declare const displayError = true;
|
|
3
3
|
export declare const displayDebug: boolean;
|
|
4
4
|
export declare function debugLog(...args: [any?, ...any[]]): void;
|
|
5
|
+
export declare function warningLog(...args: [any?, ...any[]]): void;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.debugLog = exports.displayDebug = exports.displayError = exports.doDebug = void 0;
|
|
3
|
+
exports.warningLog = exports.debugLog = exports.displayDebug = exports.displayError = exports.doDebug = void 0;
|
|
4
4
|
// ---------------------------------------------------------------------------------------------------------------------
|
|
5
5
|
// node-opcua-pki
|
|
6
6
|
// ---------------------------------------------------------------------------------------------------------------------
|
|
@@ -34,4 +34,8 @@ function debugLog(...args) {
|
|
|
34
34
|
}
|
|
35
35
|
}
|
|
36
36
|
exports.debugLog = debugLog;
|
|
37
|
+
function warningLog(...args) {
|
|
38
|
+
console.log.apply(null, args);
|
|
39
|
+
}
|
|
40
|
+
exports.warningLog = warningLog;
|
|
37
41
|
//# sourceMappingURL=debug.js.map
|
|
@@ -25,13 +25,14 @@ exports.display = exports.displaySubtitle = exports.displayTitle = exports.displ
|
|
|
25
25
|
// ---------------------------------------------------------------------------------------------------------------------
|
|
26
26
|
const chalk = require("chalk");
|
|
27
27
|
const config_1 = require("./config");
|
|
28
|
+
const debug_1 = require("./debug");
|
|
28
29
|
// istanbul ignore next
|
|
29
30
|
function displayChapter(str, callback) {
|
|
30
31
|
const l = " ";
|
|
31
|
-
|
|
32
|
+
(0, debug_1.warningLog)(chalk.bgWhite(l) + " ");
|
|
32
33
|
str = (" " + str + l).substring(0, l.length);
|
|
33
|
-
|
|
34
|
-
|
|
34
|
+
(0, debug_1.warningLog)(chalk.bgWhite.cyan(str));
|
|
35
|
+
(0, debug_1.warningLog)(chalk.bgWhite(l) + " ");
|
|
35
36
|
if (callback) {
|
|
36
37
|
callback();
|
|
37
38
|
}
|
|
@@ -40,9 +41,9 @@ exports.displayChapter = displayChapter;
|
|
|
40
41
|
function displayTitle(str, callback) {
|
|
41
42
|
// istanbul ignore next
|
|
42
43
|
if (!config_1.g_config.silent) {
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
44
|
+
(0, debug_1.warningLog)("");
|
|
45
|
+
(0, debug_1.warningLog)(chalk.yellowBright(str));
|
|
46
|
+
(0, debug_1.warningLog)(chalk.yellow(new Array(str.length + 1).join("=")), "\n");
|
|
46
47
|
}
|
|
47
48
|
if (callback) {
|
|
48
49
|
callback();
|
|
@@ -52,9 +53,9 @@ exports.displayTitle = displayTitle;
|
|
|
52
53
|
function displaySubtitle(str, callback) {
|
|
53
54
|
// istanbul ignore next
|
|
54
55
|
if (!config_1.g_config.silent) {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
56
|
+
(0, debug_1.warningLog)("");
|
|
57
|
+
(0, debug_1.warningLog)(" " + chalk.yellowBright(str));
|
|
58
|
+
(0, debug_1.warningLog)(" " + chalk.white(new Array(str.length + 1).join("-")), "\n");
|
|
58
59
|
}
|
|
59
60
|
if (callback) {
|
|
60
61
|
callback();
|
|
@@ -64,7 +65,7 @@ exports.displaySubtitle = displaySubtitle;
|
|
|
64
65
|
function display(str, callback) {
|
|
65
66
|
// istanbul ignore next
|
|
66
67
|
if (!config_1.g_config.silent) {
|
|
67
|
-
|
|
68
|
+
(0, debug_1.warningLog)(" " + str);
|
|
68
69
|
}
|
|
69
70
|
if (callback) {
|
|
70
71
|
callback();
|
|
@@ -42,9 +42,6 @@ exports.createRandomFile = createRandomFile;
|
|
|
42
42
|
function createRandomFileIfNotExist(randomFile, options, callback) {
|
|
43
43
|
const randomFilePath = options.cwd ? path.join(options.cwd, randomFile) : randomFile;
|
|
44
44
|
if (fs.existsSync(randomFilePath)) {
|
|
45
|
-
// if (doDebug) {
|
|
46
|
-
// console.log(chalk.yellow(" randomFile"), chalk.cyan(randomFile), chalk.yellow(" already exists => skipping"));
|
|
47
|
-
// }
|
|
48
45
|
return callback();
|
|
49
46
|
}
|
|
50
47
|
else {
|
|
@@ -2,11 +2,12 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.processAltNames = exports.getEnvironmentVarNames = exports.getEnv = exports.hasEnv = exports.setEnv = exports.exportedEnvVars = void 0;
|
|
4
4
|
const config_1 = require("../config");
|
|
5
|
+
const debug_1 = require("../debug");
|
|
5
6
|
exports.exportedEnvVars = {};
|
|
6
7
|
function setEnv(varName, value) {
|
|
7
8
|
// istanbul ignore next
|
|
8
9
|
if (!config_1.g_config.silent) {
|
|
9
|
-
|
|
10
|
+
(0, debug_1.warningLog)(" set " + varName + "=" + value);
|
|
10
11
|
}
|
|
11
12
|
exports.exportedEnvVars[varName] = value;
|
|
12
13
|
if (["OPENSSL_CONF"].indexOf(varName) >= 0) {
|
|
@@ -48,7 +48,7 @@ function execute(cmd, options, callback) {
|
|
|
48
48
|
options.cwd = options.cwd || process.cwd();
|
|
49
49
|
// istanbul ignore next
|
|
50
50
|
if (!config_1.g_config.silent) {
|
|
51
|
-
|
|
51
|
+
(0, debug_1.warningLog)(chalk.cyan(" CWD "), options.cwd);
|
|
52
52
|
}
|
|
53
53
|
const outputs = [];
|
|
54
54
|
const child = child_process.exec(cmd, {
|
|
@@ -65,7 +65,6 @@ function execute(cmd, options, callback) {
|
|
|
65
65
|
console.error(chalk.bgWhiteBright.redBright(`${fence} OPENSSL ERROR ${fence}`));
|
|
66
66
|
console.error(from.stack);
|
|
67
67
|
}
|
|
68
|
-
// console.log(" ERR = ".bgWhite.red, err);
|
|
69
68
|
callback(new Error(err.message));
|
|
70
69
|
return;
|
|
71
70
|
}
|
|
@@ -121,7 +120,7 @@ function ensure_openssl_installed(callback) {
|
|
|
121
120
|
}
|
|
122
121
|
config_1.g_config.opensslVersion = outputs.trim();
|
|
123
122
|
if (debug_1.doDebug) {
|
|
124
|
-
|
|
123
|
+
(0, debug_1.warningLog)("OpenSSL version : ", config_1.g_config.opensslVersion);
|
|
125
124
|
}
|
|
126
125
|
callback(err ? err : undefined);
|
|
127
126
|
});
|
|
@@ -174,9 +173,9 @@ function execute_openssl(cmd, options, callback) {
|
|
|
174
173
|
(0, _env_1.setEnv)("OPENSSL_CONF", options.openssl_conf);
|
|
175
174
|
// istanbul ignore next
|
|
176
175
|
if (!config_1.g_config.silent) {
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
176
|
+
(0, debug_1.warningLog)(chalk.cyan(" OPENSSL_CONF"), process.env.OPENSSL_CONF);
|
|
177
|
+
(0, debug_1.warningLog)(chalk.cyan(" RANDFILE "), process.env.RANDFILE);
|
|
178
|
+
(0, debug_1.warningLog)(chalk.cyan(" CMD openssl "), chalk.cyanBright(cmd));
|
|
180
179
|
}
|
|
181
180
|
ensure_openssl_installed((err) => {
|
|
182
181
|
// istanbul ignore next
|
|
@@ -36,6 +36,7 @@ const child_process = require("child_process");
|
|
|
36
36
|
const ProgressBar = require("progress");
|
|
37
37
|
const yauzl = require("yauzl");
|
|
38
38
|
const Table = require("cli-table");
|
|
39
|
+
const debug_1 = require("../debug");
|
|
39
40
|
const doDebug = process.env.NODEOPCUAPKIDEBUG || false;
|
|
40
41
|
// tslint:disable-next-line:no-var-requires
|
|
41
42
|
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
@@ -54,8 +55,8 @@ function makeOptions() {
|
|
|
54
55
|
proxyAuth: auth,
|
|
55
56
|
},
|
|
56
57
|
};
|
|
57
|
-
|
|
58
|
-
|
|
58
|
+
(0, debug_1.warningLog)(chalk.green("- using proxy "), proxy);
|
|
59
|
+
(0, debug_1.warningLog)(options);
|
|
59
60
|
return options;
|
|
60
61
|
}
|
|
61
62
|
return {};
|
|
@@ -90,14 +91,14 @@ function check_system_openssl_version(callback) {
|
|
|
90
91
|
execute("which openssl", (err, result) => {
|
|
91
92
|
// istanbul ignore next
|
|
92
93
|
if (err) {
|
|
93
|
-
|
|
94
|
+
(0, debug_1.warningLog)("warning: ", err.message);
|
|
94
95
|
return callback(new Error("Cannot find openssl"));
|
|
95
96
|
}
|
|
96
97
|
const exitCode = result.exitCode;
|
|
97
98
|
const output = result.output;
|
|
98
99
|
if (exitCode !== 0) {
|
|
99
|
-
|
|
100
|
-
|
|
100
|
+
(0, debug_1.warningLog)(chalk.yellow(" it seems that ") + chalk.cyan("openssl") + chalk.yellow(" is not installed on your computer "));
|
|
101
|
+
(0, debug_1.warningLog)(chalk.yellow("Please install it before running this programs"));
|
|
101
102
|
return callback(new Error("Cannot find openssl"));
|
|
102
103
|
}
|
|
103
104
|
const opensslExecPath = output.replace(/\n\r/g, "").trim();
|
|
@@ -105,7 +106,7 @@ function check_system_openssl_version(callback) {
|
|
|
105
106
|
const q_opensslExecPath = quote(opensslExecPath);
|
|
106
107
|
// istanbul ignore next
|
|
107
108
|
if (doDebug) {
|
|
108
|
-
|
|
109
|
+
(0, debug_1.warningLog)(" OpenSSL found in : " + chalk.yellow(opensslExecPath));
|
|
109
110
|
}
|
|
110
111
|
// ------------------------ now verify that openssl version is the correct one
|
|
111
112
|
execute(q_opensslExecPath + " version", (err, result) => {
|
|
@@ -154,8 +155,8 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
154
155
|
const opensslExecPath = get_openssl_exec_path_win32();
|
|
155
156
|
const exists = fs.existsSync(opensslExecPath);
|
|
156
157
|
if (!exists) {
|
|
157
|
-
|
|
158
|
-
|
|
158
|
+
(0, debug_1.warningLog)("checking presence of ", opensslExecPath);
|
|
159
|
+
(0, debug_1.warningLog)(chalk.red(" cannot find file ") + opensslExecPath);
|
|
159
160
|
return callback(null, false, "cannot find file " + opensslExecPath);
|
|
160
161
|
}
|
|
161
162
|
else {
|
|
@@ -171,7 +172,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
171
172
|
const version = output.trim();
|
|
172
173
|
// istanbul ignore next
|
|
173
174
|
if (doDebug) {
|
|
174
|
-
|
|
175
|
+
(0, debug_1.warningLog)(" Version = ", version);
|
|
175
176
|
}
|
|
176
177
|
callback(null, exitCode === 0 && is_expected_openssl_version(version), version);
|
|
177
178
|
}, cwd);
|
|
@@ -206,7 +207,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
206
207
|
: "https://github.com/node-opcua/node-opcua-pki/releases/download/2.14.2/openssl-1.0.2u-i386-win32.zip";
|
|
207
208
|
// the zip file
|
|
208
209
|
const outputFilename = path.join(downloadFolder, path.basename(url));
|
|
209
|
-
|
|
210
|
+
(0, debug_1.warningLog)("downloading " + chalk.yellow(url) + " to " + outputFilename);
|
|
210
211
|
if (fs.existsSync(outputFilename)) {
|
|
211
212
|
return callback(null, outputFilename);
|
|
212
213
|
}
|
|
@@ -219,7 +220,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
219
220
|
});
|
|
220
221
|
const download = wget.download(url, outputFilename, options);
|
|
221
222
|
download.on("error", (err) => {
|
|
222
|
-
|
|
223
|
+
(0, debug_1.warningLog)(err);
|
|
223
224
|
setImmediate(() => {
|
|
224
225
|
callback(err);
|
|
225
226
|
});
|
|
@@ -227,9 +228,9 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
227
228
|
download.on("end", (output) => {
|
|
228
229
|
// istanbul ignore next
|
|
229
230
|
if (doDebug) {
|
|
230
|
-
|
|
231
|
+
(0, debug_1.warningLog)(output);
|
|
231
232
|
}
|
|
232
|
-
//
|
|
233
|
+
// warningLog("done ...");
|
|
233
234
|
setImmediate(() => {
|
|
234
235
|
callback(null, outputFilename);
|
|
235
236
|
});
|
|
@@ -252,7 +253,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
252
253
|
setImmediate(() => {
|
|
253
254
|
// istanbul ignore next
|
|
254
255
|
if (doDebug) {
|
|
255
|
-
|
|
256
|
+
(0, debug_1.warningLog)("unzip done");
|
|
256
257
|
}
|
|
257
258
|
callback(err);
|
|
258
259
|
});
|
|
@@ -265,7 +266,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
265
266
|
const file = path.join(opensslFolder, entry.fileName);
|
|
266
267
|
// istanbul ignore next
|
|
267
268
|
if (doDebug) {
|
|
268
|
-
|
|
269
|
+
(0, debug_1.warningLog)(" unzipping :", file);
|
|
269
270
|
}
|
|
270
271
|
const writeStream = fs.createWriteStream(file, "binary");
|
|
271
272
|
// ensure parent directory exists
|
|
@@ -282,7 +283,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
282
283
|
if (!fs.existsSync(opensslFolder)) {
|
|
283
284
|
// istanbul ignore next
|
|
284
285
|
if (doDebug) {
|
|
285
|
-
|
|
286
|
+
(0, debug_1.warningLog)("creating openssl_folder", opensslFolder);
|
|
286
287
|
}
|
|
287
288
|
fs.mkdirSync(opensslFolder);
|
|
288
289
|
}
|
|
@@ -291,14 +292,14 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
291
292
|
return callback(err);
|
|
292
293
|
}
|
|
293
294
|
if (!opensslOK) {
|
|
294
|
-
|
|
295
|
+
(0, debug_1.warningLog)(chalk.yellow("openssl seems to be missing and need to be installed"));
|
|
295
296
|
download_openssl((err, filename) => {
|
|
296
297
|
if (err) {
|
|
297
298
|
return callback(err);
|
|
298
299
|
}
|
|
299
300
|
// istanbul ignore next
|
|
300
301
|
if (doDebug) {
|
|
301
|
-
|
|
302
|
+
(0, debug_1.warningLog)("deflating ", chalk.yellow(filename));
|
|
302
303
|
}
|
|
303
304
|
unzip_openssl(filename, (err) => {
|
|
304
305
|
if (err) {
|
|
@@ -307,8 +308,8 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
307
308
|
const opensslExists = !!fs.existsSync(opensslExecPath);
|
|
308
309
|
// istanbul ignore next
|
|
309
310
|
if (doDebug) {
|
|
310
|
-
|
|
311
|
-
|
|
311
|
+
(0, debug_1.warningLog)("verifying ", opensslExists, opensslExists ? chalk.green("OK ") : chalk.red(" Error"), opensslExecPath);
|
|
312
|
+
(0, debug_1.warningLog)("done ", err ? err : "");
|
|
312
313
|
}
|
|
313
314
|
check_openssl_win32((err) => {
|
|
314
315
|
callback(err, opensslExecPath);
|
|
@@ -319,7 +320,7 @@ function install_and_check_win32_openssl_version(callback) {
|
|
|
319
320
|
else {
|
|
320
321
|
// istanbul ignore next
|
|
321
322
|
if (doDebug) {
|
|
322
|
-
|
|
323
|
+
(0, debug_1.warningLog)(chalk.green("openssl is already installed and have the expected version."));
|
|
323
324
|
}
|
|
324
325
|
return callback(null, opensslExecPath);
|
|
325
326
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node-opcua-pki",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.3.0",
|
|
4
4
|
"description": "PKI management for node-opcua",
|
|
5
5
|
"main": "./dist/lib/index.js",
|
|
6
6
|
"types": "./dist/lib/index.d.ts",
|
|
@@ -49,7 +49,7 @@
|
|
|
49
49
|
"chokidar": "^3.5.3",
|
|
50
50
|
"cli-table": "^0.3.11",
|
|
51
51
|
"minimist": "^1.2.8",
|
|
52
|
-
"node-opcua-crypto": "
|
|
52
|
+
"node-opcua-crypto": "4.1.0",
|
|
53
53
|
"progress": "^2.0.3",
|
|
54
54
|
"rimraf": "3.0.2",
|
|
55
55
|
"thenify": "^3.3.1",
|
|
@@ -58,30 +58,28 @@
|
|
|
58
58
|
"yauzl": "^2.10.0"
|
|
59
59
|
},
|
|
60
60
|
"devDependencies": {
|
|
61
|
-
"@istanbuljs/nyc-config-typescript": "^1.0.2",
|
|
62
61
|
"@types/async": "^3.2.20",
|
|
63
62
|
"@types/byline": "^4.2.33",
|
|
64
63
|
"@types/cli-table": "^0.3.1",
|
|
65
64
|
"@types/mocha": "^10.0.1",
|
|
66
|
-
"@types/node": "^20.
|
|
65
|
+
"@types/node": "^20.5.0",
|
|
67
66
|
"@types/node-dir": "0.0.34",
|
|
68
67
|
"@types/progress": "^2.0.5",
|
|
69
68
|
"@types/rimraf": "^3.0.2",
|
|
70
|
-
"@types/sinon": "^10.0.
|
|
71
|
-
"@types/underscore": "^1.11.
|
|
69
|
+
"@types/sinon": "^10.0.16",
|
|
70
|
+
"@types/underscore": "^1.11.6",
|
|
72
71
|
"@types/yargs": "^17.0.24",
|
|
73
72
|
"@types/yauzl": "^2.10.0",
|
|
74
|
-
"@typescript-eslint/eslint-plugin": "^
|
|
75
|
-
"@typescript-eslint/parser": "^
|
|
76
|
-
"eslint": "^8.
|
|
73
|
+
"@typescript-eslint/eslint-plugin": "^6.4.0",
|
|
74
|
+
"@typescript-eslint/parser": "^6.4.0",
|
|
75
|
+
"eslint": "^8.47.0",
|
|
77
76
|
"mocha": "^10.2.0",
|
|
78
77
|
"node-dir": "^0.1.17",
|
|
79
|
-
"nyc": "^15.1.0",
|
|
80
78
|
"should": "^13.2.3",
|
|
81
|
-
"sinon": "^15.
|
|
79
|
+
"sinon": "^15.2.0",
|
|
82
80
|
"source-map-support": "^0.5.21",
|
|
83
81
|
"ts-node": "^10.9.1",
|
|
84
|
-
"typescript": "^5.1.
|
|
82
|
+
"typescript": "^5.1.6"
|
|
85
83
|
},
|
|
86
84
|
"bin": {
|
|
87
85
|
"pki": "./bin/crypto_create_CA.js"
|