npm - node-opcua-pki - Versions diffs - 4.2.1 → 4.3.0 - Mend

node-opcua-pki 4.2.1 → 4.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/lib/pki/certificate_manager.d.ts +9 -3
package/dist/lib/pki/certificate_manager.js +36 -15
package/package.json +10 -12

package/dist/lib/pki/certificate_manager.d.ts CHANGED Viewed

@@ -23,6 +23,12 @@ export interface CreateSelfSignCertificateParam1 extends CreateSelfSignCertifica
     startDate: Date;
     validity: number;
 }
+export interface VerifyCertificateOptions {
+    acceptOutdatedCertificate?: boolean;
+    acceptOutDatedIssuerCertificate?: boolean;
+    ignoreMissingRevocationList?: boolean;
+    acceptPendingCertificate?: boolean;
+}
 export declare enum VerificationStatus {
     /** The certificate provided as a parameter is not valid. */
     BadCertificateInvalid = "BadCertificateInvalid",
@@ -97,14 +103,14 @@ export declare class CertificateManager {
     get issuersCrlFolder(): string;
     isCertificateTrusted(certificate: Certificate, callback: (err: Error | null, trustedStatus: string) => void): void;
     isCertificateTrusted(certificate: Certificate): Promise<string>;
-    _innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number): Promise<VerificationStatus>;
-    verifyCertificateAsync(certificate: Certificate): Promise<VerificationStatus>;
+    _innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number, options: VerifyCertificateOptions): Promise<VerificationStatus>;
+    protected verifyCertificateAsync(certificate: Certificate, options: VerifyCertificateOptions): Promise<VerificationStatus>;
     /**
      * Verify certificate validity
      * @method verifyCertificate
      * @param certificate
      */
-    verifyCertificate(certificate: Certificate): Promise<VerificationStatus>;
+    verifyCertificate(certificate: Certificate, options?: VerifyCertificateOptions): Promise<VerificationStatus>;
     verifyCertificate(certificate: Certificate, callback: (err: Error | null, status?: VerificationStatus) => void): void;
     initialize(): Promise<void>;
     initialize(callback: (err?: Error) => void): void;

package/dist/lib/pki/certificate_manager.js CHANGED Viewed

@@ -95,7 +95,7 @@ var VerificationStatus;
     VerificationStatus["BadCertificateChainIncomplete"] = "BadCertificateChainIncomplete";
     /** Validation OK. */
     VerificationStatus["Good"] = "Good";
-})(VerificationStatus = exports.VerificationStatus || (exports.VerificationStatus = {}));
+})(VerificationStatus || (exports.VerificationStatus = VerificationStatus = {}));
 function makeFingerprint(certificate) {
     return (0, node_opcua_crypto_1.makeSHA1Thumbprint)(certificate).toString("hex");
 }
@@ -169,7 +169,7 @@ var CertificateManagerState;
     CertificateManagerState[CertificateManagerState["Initialized"] = 2] = "Initialized";
     CertificateManagerState[CertificateManagerState["Disposing"] = 3] = "Disposing";
     CertificateManagerState[CertificateManagerState["Disposed"] = 4] = "Disposed";
-})(CertificateManagerState = exports.CertificateManagerState || (exports.CertificateManagerState = {}));
+})(CertificateManagerState || (exports.CertificateManagerState = CertificateManagerState = {}));
 class CertificateManager {
     constructor(options) {
         this.untrustUnknownCertificate = true;
@@ -299,7 +299,7 @@ class CertificateManager {
             }
         });
     }
-    _innerVerifyCertificateAsync(certificate, isIssuer, level) {
+    _innerVerifyCertificateAsync(certificate, isIssuer, level, options) {
         var _a, _b, _c, _d, _e;
         return __awaiter(this, void 0, void 0, function* () {
             if (level >= 5) {
@@ -333,7 +333,7 @@ class CertificateManager {
                     else {
                         (0, debug_1.debugLog)(" the issuer certificate has been found in the issuer.cert folder !");
                     }
-                    const issuerStatus = yield this._innerVerifyCertificateAsync(issuerCertificate, true, level + 1);
+                    const issuerStatus = yield this._innerVerifyCertificateAsync(issuerCertificate, true, level + 1, options);
                     if (issuerStatus === VerificationStatus.BadCertificateRevocationUnknown) {
                         // the issuer must have a CRL available .... !
                         return VerificationStatus.BadCertificateIssuerRevocationUnknown;
@@ -343,8 +343,10 @@ class CertificateManager {
                         return VerificationStatus.BadCertificateIssuerRevocationUnknown;
                     }
                     if (issuerStatus === VerificationStatus.BadCertificateTimeInvalid) {
-                        // the issuer must have valid dates ....
-                        return VerificationStatus.BadCertificateIssuerTimeInvalid;
+                        if (!options || !options.acceptOutDatedIssuerCertificate) {
+                            // the issuer must have valid dates ....
+                            return VerificationStatus.BadCertificateIssuerTimeInvalid;
+                        }
                     }
                     if (issuerStatus == VerificationStatus.BadCertificateUntrusted) {
                         (0, debug_1.debugLog)("warning issuerStatus = ", issuerStatus.toString(), "the issuer certificate is not trusted");
@@ -362,9 +364,14 @@ class CertificateManager {
                     }
                     hasValidIssuer = true;
                     // let detected if our certificate is in the revocation list
-                    const revokedStatus = yield this.isCertificateRevoked(certificate);
+                    let revokedStatus = yield this.isCertificateRevoked(certificate);
                     if (revokedStatus === VerificationStatus.BadCertificateRevocationUnknown) {
-                        return VerificationStatus.BadCertificateRevocationUnknown;
+                        if (!options || !options.ignoreMissingRevocationList) {
+                            return VerificationStatus.BadCertificateRevocationUnknown;
+                        }
+                        else {
+                            revokedStatus = VerificationStatus.Good;
+                        }
                     }
                     if (revokedStatus !== VerificationStatus.Good) {
                         // certificate is revoked !!!
@@ -412,13 +419,17 @@ class CertificateManager {
                 (0, debug_1.debugLog)(chalk.red("certificate is invalid : certificate is not active yet !") +
                     "  not before date =" +
                     certificateInfo.notBefore);
-                isTimeInvalid = true;
+                if (!options.acceptPendingCertificate) {
+                    isTimeInvalid = true;
+                }
             }
             //  check that certificate has not expired
             if (certificateInfo.notAfter.getTime() <= now.getTime()) {
                 // certificate is obsolete
                 (0, debug_1.debugLog)(chalk.red("certificate is invalid : certificate has expired !") + " not after date =" + certificateInfo.notAfter);
-                isTimeInvalid = true;
+                if (!options.acceptOutdatedCertificate) {
+                    isTimeInvalid = true;
+                }
             }
             if (status === "trusted") {
                 return isTimeInvalid ? VerificationStatus.BadCertificateTimeInvalid : VerificationStatus.Good;
@@ -438,21 +449,31 @@ class CertificateManager {
             }
         });
     }
-    verifyCertificateAsync(certificate) {
+    verifyCertificateAsync(certificate, options) {
         return __awaiter(this, void 0, void 0, function* () {
-            const status1 = yield this._innerVerifyCertificateAsync(certificate, false, 0);
+            const status1 = yield this._innerVerifyCertificateAsync(certificate, false, 0, options);
             return status1;
         });
     }
-    verifyCertificate(certificate, callback) {
-        if (!callback)
+    verifyCertificate(certificate, ...args) {
+        let options;
+        let callback = undefined;
+        if (args.length === 1) {
+            callback = args[0];
+        }
+        else if (args.length === 2) {
+            options = args[0];
+            callback = args[1];
+        }
+        // istanbul ignore next
+        if (!callback || typeof callback !== "function")
             throw new Error("internal error");
         // Is the  signature on the SoftwareCertificate valid .?
         if (!certificate) {
             // missing certificate
             return callback(null, VerificationStatus.BadSecurityChecksFailed);
         }
-        (0, util_1.callbackify)(this.verifyCertificateAsync).call(this, certificate, callback);
+        (0, util_1.callbackify)(this.verifyCertificateAsync).call(this, certificate, options || {}, callback);
     }
     initialize(...args) {
         const callback = args[0];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "node-opcua-pki",
-  "version": "4.2.1",
+  "version": "4.3.0",
   "description": "PKI management for node-opcua",
   "main": "./dist/lib/index.js",
   "types": "./dist/lib/index.d.ts",
@@ -49,7 +49,7 @@
     "chokidar": "^3.5.3",
     "cli-table": "^0.3.11",
     "minimist": "^1.2.8",
-    "node-opcua-crypto": "3.0.6",
+    "node-opcua-crypto": "4.1.0",
     "progress": "^2.0.3",
     "rimraf": "3.0.2",
     "thenify": "^3.3.1",
@@ -58,30 +58,28 @@
     "yauzl": "^2.10.0"
   },
   "devDependencies": {
-    "@istanbuljs/nyc-config-typescript": "^1.0.2",
     "@types/async": "^3.2.20",
     "@types/byline": "^4.2.33",
     "@types/cli-table": "^0.3.1",
     "@types/mocha": "^10.0.1",
-    "@types/node": "^20.2.6",
+    "@types/node": "^20.5.0",
     "@types/node-dir": "0.0.34",
     "@types/progress": "^2.0.5",
     "@types/rimraf": "^3.0.2",
-    "@types/sinon": "^10.0.15",
-    "@types/underscore": "^1.11.5",
+    "@types/sinon": "^10.0.16",
+    "@types/underscore": "^1.11.6",
     "@types/yargs": "^17.0.24",
     "@types/yauzl": "^2.10.0",
-    "@typescript-eslint/eslint-plugin": "^5.59.9",
-    "@typescript-eslint/parser": "^5.59.9",
-    "eslint": "^8.42.0",
+    "@typescript-eslint/eslint-plugin": "^6.4.0",
+    "@typescript-eslint/parser": "^6.4.0",
+    "eslint": "^8.47.0",
     "mocha": "^10.2.0",
     "node-dir": "^0.1.17",
-    "nyc": "^15.1.0",
     "should": "^13.2.3",
-    "sinon": "^15.1.0",
+    "sinon": "^15.2.0",
     "source-map-support": "^0.5.21",
     "ts-node": "^10.9.1",
-    "typescript": "^5.1.3"
+    "typescript": "^5.1.6"
   },
   "bin": {
     "pki": "./bin/crypto_create_CA.js"