npm - node-opcua-pki - Versions diffs - 5.2.0 → 5.4.0 - Mend

node-opcua-pki 5.2.0 → 5.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/CHANGELOG.md +15 -0
package/LICENSE +22 -22
package/bin/crypto_create_CA.js +0 -0
package/bin/crypto_create_CA_config.example.js +18 -18
package/bin/install_prerequisite.js +9 -9
package/dist/lib/ca/certificate_authority.js +1 -1
package/dist/lib/toolbox/with_openssl/install_prerequisite.js +1 -4
package/package.json +7 -9
package/readme.md +230 -230
package/dist/lib/toolbox/without_openssl/deprecated_create_private_key.d.ts +0 -0
package/dist/lib/toolbox/without_openssl/deprecated_create_private_key.js +0 -2

package/CHANGELOG.md CHANGED Viewed

@@ -4,8 +4,23 @@ All notable changes to this project will be documented in this file. Dates are d
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
+#### [5.4.0](https://github.com/node-opcua/node-opcua-pki/compare/5.3.0...5.4.0)
+- update packages [`4eea782`](https://github.com/node-opcua/node-opcua-pki/commit/4eea7820d1f56f26fdb49497b72d73e224ff6ef9)
+- update packages [`72339cc`](https://github.com/node-opcua/node-opcua-pki/commit/72339cc34c506fd5bd8fc6ba893fbadab614e158)
+#### [5.3.0](https://github.com/node-opcua/node-opcua-pki/compare/5.2.0...5.3.0)
+> 5 April 2025
+- update packages [`f0a315c`](https://github.com/node-opcua/node-opcua-pki/commit/f0a315c48209b0a12e53804929223e354e5639b3)
+- fix certificate generation when uniformResourceIdentifier is not present [`8e287ed`](https://github.com/node-opcua/node-opcua-pki/commit/8e287ed5ddc51cf86c4679f2ce0cc944d2e374de)
+- remove cli-table dependency [`b37726d`](https://github.com/node-opcua/node-opcua-pki/commit/b37726d843dbea92718a1f529b60e4a59deab66c)
 #### [5.2.0](https://github.com/node-opcua/node-opcua-pki/compare/5.1.0...5.2.0)
+> 9 March 2025
 - generate signing request without openssl in CA [`399a051`](https://github.com/node-opcua/node-opcua-pki/commit/399a0511da935be24b95ac8ed69de6c513745781)
 - fix openssl issue that could cause command to fail when rootDir is a relative path [`b0f6425`](https://github.com/node-opcua/node-opcua-pki/commit/b0f642598746ab93add7fd772eaa817285a2e1d5)
 - chore: minor cleanup [`34d173e`](https://github.com/node-opcua/node-opcua-pki/commit/34d173e598a2c6a3eef114d60433dcd09c638874)

package/LICENSE CHANGED Viewed

@@ -1,22 +1,22 @@
-The MIT License (MIT)
-Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org
-Copyright (c) 2022-2024 - Sterfive.com
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+The MIT License (MIT)
+Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org
+Copyright (c) 2022-2024 - Sterfive.com
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/bin/crypto_create_CA.js CHANGED Viewed

File without changes

package/bin/crypto_create_CA_config.example.js CHANGED Viewed

@@ -1,18 +1,18 @@
-"use strict";
-// ---------------------------------------------------------------------------------------------------------------------
-module.exports = {
-    subject: {
-        commonName: "NodeOPCUA-TEST",
-        organization: "NodeOPCUA",
-        organizationalUnit: "Unit",
-        locality: "Paris",
-        state: "IDF",
-        country: "FR" // Two letters
-    },
-    validity: 365 * 15, // 15 years
-    keySize: 2048 // default private key size : 2048, 3072 or 4096 (avoid 1024 too weak)
-};
+"use strict";
+// ---------------------------------------------------------------------------------------------------------------------
+module.exports = {
+    subject: {
+        commonName: "NodeOPCUA-TEST",
+        organization: "NodeOPCUA",
+        organizationalUnit: "Unit",
+        locality: "Paris",
+        state: "IDF",
+        country: "FR" // Two letters
+    },
+    validity: 365 * 15, // 15 years
+    keySize: 2048 // default private key size : 2048, 3072 or 4096 (avoid 1024 too weak)
+};

package/bin/install_prerequisite.js CHANGED Viewed

@@ -1,9 +1,9 @@
-#!/usr/bin/env node
-"use strict";
-// eslint-disable-next-line @typescript-eslint/no-var-requires
-const install_prerequisite = require("../dist/lib/misc/install_prerequisite").install_prerequisite;
-install_prerequisite(function(err){
-    if (err) {
-        console.log("err = ",err.message);
-    }
-});
+#!/usr/bin/env node
+"use strict";
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const install_prerequisite = require("../dist/lib/misc/install_prerequisite").install_prerequisite;
+install_prerequisite(function(err){
+    if (err) {
+        console.log("err = ",err.message);
+    }
+});

package/dist/lib/ca/certificate_authority.js CHANGED Viewed

@@ -391,7 +391,7 @@ class CertificateAuthority {
             //  see https://github.com/openssl/openssl/issues/10458
             const csr = yield (0, node_opcua_crypto_1.readCertificateSigningRequest)(certificateSigningRequestFilename);
             const csrInfo = (0, node_opcua_crypto_1.exploreCertificateSigningRequest)(csr);
-            const applicationUri = csrInfo.extensionRequest.subjectAltName.uniformResourceIdentifier[0];
+            const applicationUri = csrInfo.extensionRequest.subjectAltName.uniformResourceIdentifier ? csrInfo.extensionRequest.subjectAltName.uniformResourceIdentifier[0] : undefined;
             if (typeof applicationUri !== "string") {
                 throw new Error("Cannot find applicationUri in CSR");
             }

package/dist/lib/toolbox/with_openssl/install_prerequisite.js CHANGED Viewed

@@ -48,7 +48,6 @@ const chalk_1 = __importDefault(require("chalk"));
 const child_process_1 = __importDefault(require("child_process"));
 const progress_1 = __importDefault(require("progress"));
 const yauzl_1 = __importDefault(require("yauzl"));
-const Table = require("cli-table");
 const debug_1 = require("../debug");
 const doDebug = process.env.NODEOPCUAPKIDEBUG || false;
 // tslint:disable-next-line:no-var-requires
@@ -154,9 +153,7 @@ function check_system_openssl_version() {
                     chalk_1.default.cyan("\nplease refer to :") +
                         chalk_1.default.yellow(" https://github.com/node-opcua/node-opcua/" + "wiki/installing-node-opcua-or-node-red-on-MacOS");
             }
-            const table = new Table();
-            table.push([message]);
-            console.error(table.toString());
+            console.log(message);
         }
         return output;
     });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "node-opcua-pki",
-  "version": "5.2.0",
+  "version": "5.4.0",
   "description": "PKI management for node-opcua",
   "type": "commonjs",
   "main": "./dist/lib/index.js",
@@ -41,7 +41,6 @@
     "byline": "^5.0.0",
     "chalk": "4.1.2",
     "chokidar": "4.0.3",
-    "cli-table": "^0.3.11",
     "node-opcua-crypto": "4.16.0",
     "progress": "^2.0.3",
     "rimraf": "4.4.1",
@@ -52,23 +51,22 @@
   "devDependencies": {
     "@types/async": "^3.2.24",
     "@types/byline": "^4.2.36",
-    "@types/cli-table": "^0.3.4",
     "@types/mocha": "^10.0.10",
-    "@types/node": "^22.12.0",
+    "@types/node": "^24.0.10",
     "@types/node-dir": "0.0.37",
     "@types/progress": "^2.0.7",
     "@types/rimraf": "^4.0.5",
-    "@types/sinon": "^17.0.3",
+    "@types/sinon": "^17.0.4",
     "@types/yargs": "^17.0.33",
     "@types/yauzl": "^2.10.3",
-    "eslint": "^9.19.0",
-    "mocha": "^11.1.0",
+    "eslint": "^9.30.1",
+    "mocha": "^11.7.1",
     "node-dir": "^0.1.17",
     "should": "^13.2.3",
-    "sinon": "^19.0.2",
+    "sinon": "^21.0.0",
     "source-map-support": "^0.5.21",
     "ts-node": "^10.9.2",
-    "typescript": "^5.7.3"
+    "typescript": "^5.8.3"
   },
   "bin": {
     "pki": "./bin/crypto_create_CA.js"

package/readme.md CHANGED Viewed

@@ -1,230 +1,230 @@
-### node-opcua-pki
-  [![NPM download](https://img.shields.io/npm/dm/node-opcua-pki.svg)](https://www.npmtrends.com/node-opcua-pki)
-  [![NPM version](https://img.shields.io/npm/v/node-opcua-pki)](https://www.npmjs.com/package/node-opcua-pki?activeTab=versions)
-[![Build Status](https://github.com/node-opcua/node-opcua-pki/actions/workflows/ci.yml/badge.svg)](https://github.com/node-opcua/node-opcua-pki/actions/workflows/ci.yml)
-  [![Coverage Status](https://coveralls.io/repos/github/node-opcua/node-opcua-pki/badge.svg?branch=master)](https://coveralls.io/github/node-opcua/node-opcua-pki?branch=master)
-  [![install size](https://packagephobia.com/badge?p=node-opcua-pki)](https://packagephobia.com/result?p=node-opcua-pki)
-  [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B20248%2Fgithub.com%2Fnode-opcua%2Fnode-opcua-pki.svg?type=shield)](https://app.fossa.com/projects/custom%2B20248%2Fgithub.com%2Fnode-opcua%2Fnode-opcua-pki?ref=badge_shield)
-## Installation
-##### install globally
-```
-$ npm install -g node-opcua-pki
-$ crypto_create_CA --help
-```
-##### use with npx
-```
-npx node-opcua-pki --help
-npx node-opcua-pki certificate --help
-```
-Note: see https://reference.opcfoundation.org/GDS/docs/F.1/
-# commands
-| command     | Help                                            |
-| ----------- | ----------------------------------------------- |
-| demo        | create default certificate for node-opcua demos |
-| createCA    | create a Certificate Authority                  |
-| createPKI   | create a Public Key Infrastructure              |
-| certificate | create a new certificate                        |
-| csr         | create a new certificate signing request(CSR)   |
-| sign        | sign a CSR and generate a certificate           |
-| revoke      | revoke an existing certificate                  |
-| dump        | display a certificate                           |
-| toder       | convert a certificate to a DER format           |
-| fingerprint | print the certificate fingerprint               |
-Options:
---help display help
-## create a PKI
-```
-node-opcua-pki createPKI
-```
-### Options:
-| option                     | description                                        | type      | default                         |
-| -------------------------- | -------------------------------------------------- | --------- | ------------------------------- |
-| -r, --root                 | the location of the Certificate folder             | [string]  | [default: "{CWD}/certificates"] |
-| --PKIFolder                | the location of the Public Key Infrastructure      | [string]  | [default: "{root}/PKI"]         |
-| -k, --keySize, --keyLength | the private key size in bits (1024,2048,3072,4096) | [number]  | [default: 2048]                 |
-| -s, --silent               | minimize output                                    | [boolean] | [default: false]                |
-The result
-```
-└─ 📂certificates
-    └─📂PKI
-       ├─📂issuers
-       │ ├─📂certs                 contains known Certificate Authorities' certificates
-       │ └─📂crl                   contains Certificate Revocation List associates with the CA Certificates
-       ├─📂own
-       │ ├─📂certs                 where to store generated public certificates generated for the private key.
-       │ └─📂private
-       │    └─🔐private_key.pem  the private key in PEM format
-       ├─📂rejected                  contains certificates that have been rejected.
-       └─📂trusted
-         ├─📂certs                 contains the X.509 v3 Certificates that are trusted.
-         └─📂crl                   contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
-```
-## create a Certificate Signing Request (CSR)
-Options:
-| option              | description                                     | type   | default                                       |
-|---------------------|-------------------------------------------------|--------|-----------------------------------------------|
-|-a, --applicationUri |the application URI                              |[string]|[default: "urn:{hostname}:Node-OPCUA-Server"]  |
-|-o, --output         | the name of the generated signing_request       |[string]|[default: "my_certificate_signing_request.csr"]|
-|--dns                | the list of valid domain name (comma separated) |[string]|[default: "{hostname}"]                        |
-|--ip                 | the list of valid IPs (comma separated)         |[string]|[default: ""]                                  |
-|--subject            | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )|[string]| [default: "/CN=Certificate"]|
-|-r, --root           | the location of the Certificate folder          |[string]|[default: "{CWD}/certificates"]                |
-|--PKIFolder          | the location of the Public Key Infrastructure   |[string]|[default: "{root}/PKI"]                        |
-## Create a certificate authority
-|                                  |                                                  | default value                                                                   |
-| -------------------------------- | ------------------------------------------------ | ------------------------------------------------------------------------------- |
-| `--subject`                      | the CA certificate subject                       | "/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA" |
-| `--root`, `-r`                   | the location of the Certificate folder           | "{CWD}/certificates"                                                            |
-| ` --CAFolder`, `-c`              | the location of the Certificate Authority folder | "{root}/CA"]                                                                    |
-| `--keySize`, `-k`, `--keyLength` | the private key size in bits (1024, 2048 ,3072, 4096)| |
-The result
-```
-└─ 📂certificates
-    └─📂PKI
-       ├─📂CA           Certificate Authority
-       ├─📂rejected     The Certificate store contains certificates that have been rejected.
-       │ ├─📂certs      Contains the X.509 v3 Certificates which have been rejected.
-       ├─📂trusted      The Certificate store contains trusted Certificates.
-       │ ├─📂certs      Contains the X.509 v3 Certificates that are trusted.
-       │ └─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
-       ├─📂issuers      The Certificate store contains the CA Certificates needed for validation.
-       │ ├─📂certs      Contains the X.509 v3 Certificates that are needed for validation.
-       │ ├─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
-```
-## sign a signing request (requires a CA)
-| option         | description                                      | type                | default                                         |
-| -------------- | ------------------------------------------------ | ------------------- | ----------------------------------------------- |
-| -i, --csr      | the csr                                          | [string] [required] | [default: "my_certificate_signing_request.csr"] |
-| -o, --output   | the name of the generated certificate            | [string] [required] | [default: "my_certificate.pem"]                 |
-| -v, --validity | the certificate validity in days                 | [number]            | [default: 365]                                  |
-| -r, --root     | the location of the Certificate folder           | [string]            | [default: "{CWD}/certificates"]                 |
-| -c, --CAFolder | the location of the Certificate Authority folder | [string]            | [default: "{root}/CA"]                          |
-## demo command
-this command creates a bunch of certificates with various characteristics for demo and testing purposes.
-```
-crypto_create_CA  demo [--dev] [--silent] [--clean]
-```
-Options:
-|              |                                                                |                    |
-| ------------ | -------------------------------------------------------------- | ------------------ |
-| --help       | display help                                                   |                    |
-| --dev        | create all sort of fancy certificates for dev testing purposes |                    |
-| --clean      | Purge existing directory [use with care!]                      |                    |
-| --silent, -s | minimize output                                                |                    |
-| --root, -r   | the location of the Certificate folder                         | {CWD}/certificates |
-Example:
-```
-$crypto_create_CA  demo --dev
-```
-##### certificate command
-```
-$crypto_create_CA certificate --help
-```
-Options:
-|                      |                                                                                                |                                  |
-| -------------------- | ---------------------------------------------------------------------------------------------- | -------------------------------- |
-| --help               | display help                                                                                   |                                  |
-| --applicationUri, -a | the application URI                                                                            | urn:{hostname}:Node-OPCUA-Server |
-| --output, -o         | the name of the generated certificate                                                          | my_certificate.pem               |
-| --selfSigned, -s     | if true, the certificate will be self-signed                                                   | false                            |
-| --validity, -v       | the certificate validity in days                                                               |                                  |
-| --silent, -s         | minimize output                                                                                |                                  |
-| --root, -r           | the location of the Certificate folder                                                         | {CWD}/certificates               |
-| --CAFolder, -c       | the location of the Certificate Authority folder                                               | {root}/CA                        |
-| --PKIFolder, -p      | the location of the Public Key Infrastructure                                                  | {root}/PKI                       |
-| --privateKey, -p     | optional:the private key to use to generate certificate                                        |                                  |
-| --subject            | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello ) |                                  |
-###### examples
-* create a self-signed certificate
-```
-npx node-opcua-pki certificate --dns=machine1.com,machine2.com --ip="192.1.2.3;192.3.4.5" -a 'urn:{hostname}:My-OPCUA-Server' --selfSigned -o  my_self_signed_certificate.pem
-```
-#### References
--   https://www.entrust.com/wp-content/uploads/2013/05/pathvalidation_wp.pdf
--   https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
--   https://tools.ietf.org/html/rfc5280
-#### prerequisite:
-This module requires OpenSSL or LibreSSL to be installed.
-On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need an internet connection open.
-You need to install it on Linux, (or in your docker image), or on macOS
--   on ubuntu/Debian:
-```
-apt install openssl
-```
-or alpine:
-```
-apk add openssl
-```
-# Support
-Sterfive provides this module free of charge, “as is,” with the hope that it will be useful to you. However, any support requests, bug fixes, or enhancements are handled exclusively through our paid services. We believe strongly that independent open-source companies should be fairly compensated for their contributions to the community.
-We highly recommend subscribing to our [support program](https://support.sterfive.com) to ensure your requests are addressed and resolved. Please note that we only consider requests from members of our support program or sponsors.
-## Getting professional support
-NodeOPCUA PKI is developed and maintained by sterfive.com.
-To get professional support, consider subscribing to the node-opcua membership community:
-[![Professional Support](https://img.shields.io/static/v1?style=for-the-badge&label=Professional&message=Support&labelColor=blue&color=green&logo=data:image/svg%2bxml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjEiIGlkPSJMYXllcl8xIiB4PSIwcHgiIHk9IjBweCIgdmlld0JveD0iMCAwIDQ5MS41MiA0OTEuNTIiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDQ5MS41MiA0OTEuNTI7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4NCjxnPg0KCTxnPg0KCQk8cGF0aCBkPSJNNDg3Ljk4OSwzODkuNzU1bC05My4xMDktOTIuOTc2Yy00LjgxMy00LjgwNi0xMi42NDItNC42NzQtMTcuMjczLDAuMzA3Yy03LjE0OCw3LjY4OS0xNC42NCwxNS41NTQtMjEuNzMsMjIuNjM0ICAgIGMtMC4yNzEsMC4yNy0wLjUwMSwwLjQ5My0wLjc2MywwLjc1NUw0NjcuMyw0MzIuNTA0YzguOTEtMTAuNjE0LDE2LjY1Ny0yMC40MSwyMS43My0yNi45NyAgICBDNDkyLjcyLDQwMC43NjIsNDkyLjI1NywzOTQuMDE5LDQ4Ny45ODksMzg5Ljc1NXoiLz4NCgk8L2c+DQo8L2c+DQo8Zz4NCgk8Zz4NCgkJPHBhdGggZD0iTTMzNC4zLDMzNy42NjFjLTM0LjMwNCwxMS4zNzktNzcuNTYsMC40MTMtMTE0LjU1NC0yOS41NDJjLTQ5LjAyMS0zOS42OTMtNzUuOTcyLTEwMi42NDItNjUuODM4LTE1MC41OTNMMzcuNjM0LDQxLjQxOCAgICBDMTcuNjUzLDU5LjQyNCwwLDc4LjU0NSwwLDkwYzAsMTQxLjc1MSwyNjAuMzQ0LDQxNS44OTYsNDAxLjUwMyw0MDAuOTMxYzExLjI5Ni0xLjE5OCwzMC4xNzYtMTguNjUxLDQ4LjA2Mi0zOC4xNjdMMzM0LjMsMzM3LjY2MSAgICB6Ii8+DQoJPC9nPg0KPC9nPg0KPGc+DQoJPGc+DQoJCTxwYXRoIGQ9Ik0xOTMuODU0LDk2LjA0MUwxMDEuMjEzLDMuNTNjLTQuMjI1LTQuMjItMTAuODgyLTQuNzI0LTE1LjY2NC0xLjE0NWMtNi42NTQsNC45ODMtMTYuNjQ4LDEyLjY1MS0yNy40NTMsMjEuNDk4ICAgIGwxMTEuOTQ1LDExMS43ODVjMC4wNjEtMC4wNiwwLjExMS0wLjExMywwLjE3Mi0wLjE3NGM3LjIzOC03LjIyOCwxNS4zNTUtMTQuODg1LDIzLjI5MS0yMi4xNjcgICAgQzE5OC41MzQsMTA4LjcxMywxOTguNjg0LDEwMC44NjMsMTkzLjg1NCw5Ni4wNDF6Ii8+DQoJPC9nPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPC9zdmc+)](https://support.sterfive.com)
-or contact [sterfive](https://www.sterfive.com) for dedicated consulting and more advanced support.
-## :heart: Supporting the development effort - Sponsors & Backers</span>
-If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and [sponsoring us](https://github.com/sponsors/node-opcua), this will help us to maintain a high-quality stack and constant evolution of this module.
-If your company would like to participate and influence the development of future versions of node-opcua please contact [sterfive](mailto:contact@sterfive.com).
+### node-opcua-pki
+  [![NPM download](https://img.shields.io/npm/dm/node-opcua-pki.svg)](https://www.npmtrends.com/node-opcua-pki)
+  [![NPM version](https://img.shields.io/npm/v/node-opcua-pki)](https://www.npmjs.com/package/node-opcua-pki?activeTab=versions)
+[![Build Status](https://github.com/node-opcua/node-opcua-pki/actions/workflows/ci.yml/badge.svg)](https://github.com/node-opcua/node-opcua-pki/actions/workflows/ci.yml)
+  [![Coverage Status](https://coveralls.io/repos/github/node-opcua/node-opcua-pki/badge.svg?branch=master)](https://coveralls.io/github/node-opcua/node-opcua-pki?branch=master)
+  [![install size](https://packagephobia.com/badge?p=node-opcua-pki)](https://packagephobia.com/result?p=node-opcua-pki)
+  [![FOSSA Status](https://app.fossa.com/api/projects/custom%2B20248%2Fgithub.com%2Fnode-opcua%2Fnode-opcua-pki.svg?type=shield)](https://app.fossa.com/projects/custom%2B20248%2Fgithub.com%2Fnode-opcua%2Fnode-opcua-pki?ref=badge_shield)
+## Installation
+##### install globally
+```
+$ npm install -g node-opcua-pki
+$ crypto_create_CA --help
+```
+##### use with npx
+```
+npx node-opcua-pki --help
+npx node-opcua-pki certificate --help
+```
+Note: see https://reference.opcfoundation.org/GDS/docs/F.1/
+# commands
+| command     | Help                                            |
+| ----------- | ----------------------------------------------- |
+| demo        | create default certificate for node-opcua demos |
+| createCA    | create a Certificate Authority                  |
+| createPKI   | create a Public Key Infrastructure              |
+| certificate | create a new certificate                        |
+| csr         | create a new certificate signing request(CSR)   |
+| sign        | sign a CSR and generate a certificate           |
+| revoke      | revoke an existing certificate                  |
+| dump        | display a certificate                           |
+| toder       | convert a certificate to a DER format           |
+| fingerprint | print the certificate fingerprint               |
+Options:
+--help display help
+## create a PKI
+```
+node-opcua-pki createPKI
+```
+### Options:
+| option                     | description                                        | type      | default                         |
+| -------------------------- | -------------------------------------------------- | --------- | ------------------------------- |
+| -r, --root                 | the location of the Certificate folder             | [string]  | [default: "{CWD}/certificates"] |
+| --PKIFolder                | the location of the Public Key Infrastructure      | [string]  | [default: "{root}/PKI"]         |
+| -k, --keySize, --keyLength | the private key size in bits (1024,2048,3072,4096) | [number]  | [default: 2048]                 |
+| -s, --silent               | minimize output                                    | [boolean] | [default: false]                |
+The result
+```
+└─ 📂certificates
+    └─📂PKI
+       ├─📂issuers
+       │ ├─📂certs                 contains known Certificate Authorities' certificates
+       │ └─📂crl                   contains Certificate Revocation List associates with the CA Certificates
+       ├─📂own
+       │ ├─📂certs                 where to store generated public certificates generated for the private key.
+       │ └─📂private
+       │    └─🔐private_key.pem  the private key in PEM format
+       ├─📂rejected                  contains certificates that have been rejected.
+       └─📂trusted
+         ├─📂certs                 contains the X.509 v3 Certificates that are trusted.
+         └─📂crl                   contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
+```
+## create a Certificate Signing Request (CSR)
+Options:
+| option              | description                                     | type   | default                                       |
+|---------------------|-------------------------------------------------|--------|-----------------------------------------------|
+|-a, --applicationUri |the application URI                              |[string]|[default: "urn:{hostname}:Node-OPCUA-Server"]  |
+|-o, --output         | the name of the generated signing_request       |[string]|[default: "my_certificate_signing_request.csr"]|
+|--dns                | the list of valid domain name (comma separated) |[string]|[default: "{hostname}"]                        |
+|--ip                 | the list of valid IPs (comma separated)         |[string]|[default: ""]                                  |
+|--subject            | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello )|[string]| [default: "/CN=Certificate"]|
+|-r, --root           | the location of the Certificate folder          |[string]|[default: "{CWD}/certificates"]                |
+|--PKIFolder          | the location of the Public Key Infrastructure   |[string]|[default: "{root}/PKI"]                        |
+## Create a certificate authority
+|                                  |                                                  | default value                                                                   |
+| -------------------------------- | ------------------------------------------------ | ------------------------------------------------------------------------------- |
+| `--subject`                      | the CA certificate subject                       | "/C=FR/ST=IDF/L=Paris/O=Local NODE-OPCUA Certificate Authority/CN=NodeOPCUA-CA" |
+| `--root`, `-r`                   | the location of the Certificate folder           | "{CWD}/certificates"                                                            |
+| ` --CAFolder`, `-c`              | the location of the Certificate Authority folder | "{root}/CA"]                                                                    |
+| `--keySize`, `-k`, `--keyLength` | the private key size in bits (1024, 2048 ,3072, 4096)| |
+The result
+```
+└─ 📂certificates
+    └─📂PKI
+       ├─📂CA           Certificate Authority
+       ├─📂rejected     The Certificate store contains certificates that have been rejected.
+       │ ├─📂certs      Contains the X.509 v3 Certificates which have been rejected.
+       ├─📂trusted      The Certificate store contains trusted Certificates.
+       │ ├─📂certs      Contains the X.509 v3 Certificates that are trusted.
+       │ └─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
+       ├─📂issuers      The Certificate store contains the CA Certificates needed for validation.
+       │ ├─📂certs      Contains the X.509 v3 Certificates that are needed for validation.
+       │ ├─📂crl        Contains the X.509 v3 CRLs for any Certificates in the ./certs directory.
+```
+## sign a signing request (requires a CA)
+| option         | description                                      | type                | default                                         |
+| -------------- | ------------------------------------------------ | ------------------- | ----------------------------------------------- |
+| -i, --csr      | the csr                                          | [string] [required] | [default: "my_certificate_signing_request.csr"] |
+| -o, --output   | the name of the generated certificate            | [string] [required] | [default: "my_certificate.pem"]                 |
+| -v, --validity | the certificate validity in days                 | [number]            | [default: 365]                                  |
+| -r, --root     | the location of the Certificate folder           | [string]            | [default: "{CWD}/certificates"]                 |
+| -c, --CAFolder | the location of the Certificate Authority folder | [string]            | [default: "{root}/CA"]                          |
+## demo command
+this command creates a bunch of certificates with various characteristics for demo and testing purposes.
+```
+crypto_create_CA  demo [--dev] [--silent] [--clean]
+```
+Options:
+|              |                                                                |                    |
+| ------------ | -------------------------------------------------------------- | ------------------ |
+| --help       | display help                                                   |                    |
+| --dev        | create all sort of fancy certificates for dev testing purposes |                    |
+| --clean      | Purge existing directory [use with care!]                      |                    |
+| --silent, -s | minimize output                                                |                    |
+| --root, -r   | the location of the Certificate folder                         | {CWD}/certificates |
+Example:
+```
+$crypto_create_CA  demo --dev
+```
+##### certificate command
+```
+$crypto_create_CA certificate --help
+```
+Options:
+|                      |                                                                                                |                                  |
+| -------------------- | ---------------------------------------------------------------------------------------------- | -------------------------------- |
+| --help               | display help                                                                                   |                                  |
+| --applicationUri, -a | the application URI                                                                            | urn:{hostname}:Node-OPCUA-Server |
+| --output, -o         | the name of the generated certificate                                                          | my_certificate.pem               |
+| --selfSigned, -s     | if true, the certificate will be self-signed                                                   | false                            |
+| --validity, -v       | the certificate validity in days                                                               |                                  |
+| --silent, -s         | minimize output                                                                                |                                  |
+| --root, -r           | the location of the Certificate folder                                                         | {CWD}/certificates               |
+| --CAFolder, -c       | the location of the Certificate Authority folder                                               | {root}/CA                        |
+| --PKIFolder, -p      | the location of the Public Key Infrastructure                                                  | {root}/PKI                       |
+| --privateKey, -p     | optional:the private key to use to generate certificate                                        |                                  |
+| --subject            | the certificate subject ( for instance /C=FR/ST=Centre/L=Orleans/O=SomeOrganization/CN=Hello ) |                                  |
+###### examples
+* create a self-signed certificate
+```
+npx node-opcua-pki certificate --dns=machine1.com,machine2.com --ip="192.1.2.3;192.3.4.5" -a 'urn:{hostname}:My-OPCUA-Server' --selfSigned -o  my_self_signed_certificate.pem
+```
+#### References
+-   https://www.entrust.com/wp-content/uploads/2013/05/pathvalidation_wp.pdf
+-   https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
+-   https://tools.ietf.org/html/rfc5280
+#### prerequisite:
+This module requires OpenSSL or LibreSSL to be installed.
+On Windows, a version of OpenSSL is automatically downloaded and installed at run time, if not present. You will need an internet connection open.
+You need to install it on Linux, (or in your docker image), or on macOS
+-   on ubuntu/Debian:
+```
+apt install openssl
+```
+or alpine:
+```
+apk add openssl
+```
+# Support
+Sterfive provides this module free of charge, “as is,” with the hope that it will be useful to you. However, any support requests, bug fixes, or enhancements are handled exclusively through our paid services. We believe strongly that independent open-source companies should be fairly compensated for their contributions to the community.
+We highly recommend subscribing to our [support program](https://support.sterfive.com) to ensure your requests are addressed and resolved. Please note that we only consider requests from members of our support program or sponsors.
+## Getting professional support
+NodeOPCUA PKI is developed and maintained by sterfive.com.
+To get professional support, consider subscribing to the node-opcua membership community:
+[![Professional Support](https://img.shields.io/static/v1?style=for-the-badge&label=Professional&message=Support&labelColor=blue&color=green&logo=data:image/svg%2bxml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjEiIGlkPSJMYXllcl8xIiB4PSIwcHgiIHk9IjBweCIgdmlld0JveD0iMCAwIDQ5MS41MiA0OTEuNTIiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDQ5MS41MiA0OTEuNTI7IiB4bWw6c3BhY2U9InByZXNlcnZlIj4NCjxnPg0KCTxnPg0KCQk8cGF0aCBkPSJNNDg3Ljk4OSwzODkuNzU1bC05My4xMDktOTIuOTc2Yy00LjgxMy00LjgwNi0xMi42NDItNC42NzQtMTcuMjczLDAuMzA3Yy03LjE0OCw3LjY4OS0xNC42NCwxNS41NTQtMjEuNzMsMjIuNjM0ICAgIGMtMC4yNzEsMC4yNy0wLjUwMSwwLjQ5My0wLjc2MywwLjc1NUw0NjcuMyw0MzIuNTA0YzguOTEtMTAuNjE0LDE2LjY1Ny0yMC40MSwyMS43My0yNi45NyAgICBDNDkyLjcyLDQwMC43NjIsNDkyLjI1NywzOTQuMDE5LDQ4Ny45ODksMzg5Ljc1NXoiLz4NCgk8L2c+DQo8L2c+DQo8Zz4NCgk8Zz4NCgkJPHBhdGggZD0iTTMzNC4zLDMzNy42NjFjLTM0LjMwNCwxMS4zNzktNzcuNTYsMC40MTMtMTE0LjU1NC0yOS41NDJjLTQ5LjAyMS0zOS42OTMtNzUuOTcyLTEwMi42NDItNjUuODM4LTE1MC41OTNMMzcuNjM0LDQxLjQxOCAgICBDMTcuNjUzLDU5LjQyNCwwLDc4LjU0NSwwLDkwYzAsMTQxLjc1MSwyNjAuMzQ0LDQxNS44OTYsNDAxLjUwMyw0MDAuOTMxYzExLjI5Ni0xLjE5OCwzMC4xNzYtMTguNjUxLDQ4LjA2Mi0zOC4xNjdMMzM0LjMsMzM3LjY2MSAgICB6Ii8+DQoJPC9nPg0KPC9nPg0KPGc+DQoJPGc+DQoJCTxwYXRoIGQ9Ik0xOTMuODU0LDk2LjA0MUwxMDEuMjEzLDMuNTNjLTQuMjI1LTQuMjItMTAuODgyLTQuNzI0LTE1LjY2NC0xLjE0NWMtNi42NTQsNC45ODMtMTYuNjQ4LDEyLjY1MS0yNy40NTMsMjEuNDk4ICAgIGwxMTEuOTQ1LDExMS43ODVjMC4wNjEtMC4wNiwwLjExMS0wLjExMywwLjE3Mi0wLjE3NGM3LjIzOC03LjIyOCwxNS4zNTUtMTQuODg1LDIzLjI5MS0yMi4xNjcgICAgQzE5OC41MzQsMTA4LjcxMywxOTguNjg0LDEwMC44NjMsMTkzLjg1NCw5Ni4wNDF6Ii8+DQoJPC9nPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPGc+DQo8L2c+DQo8Zz4NCjwvZz4NCjxnPg0KPC9nPg0KPC9zdmc+)](https://support.sterfive.com)
+or contact [sterfive](https://www.sterfive.com) for dedicated consulting and more advanced support.
+## :heart: Supporting the development effort - Sponsors & Backers</span>
+If you like node-opcua-pki and if you are relying on it in one of your projects, please consider becoming a backer and [sponsoring us](https://github.com/sponsors/node-opcua), this will help us to maintain a high-quality stack and constant evolution of this module.
+If your company would like to participate and influence the development of future versions of node-opcua please contact [sterfive](mailto:contact@sterfive.com).

package/dist/lib/toolbox/without_openssl/deprecated_create_private_key.d.ts DELETED Viewed

File without changes

package/dist/lib/toolbox/without_openssl/deprecated_create_private_key.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- "use strict";
2	- //# sourceMappingURL=deprecated_create_private_key.js.map