node-opcua-pki 6.10.0 → 6.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/pki.mjs +19 -4
- package/dist/bin/pki.mjs.map +1 -1
- package/dist/index.js +19 -4
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +19 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -753,9 +753,14 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment, d
|
|
|
753
753
|
extendedKeyUsage = critical,serverAuth ,clientAuth
|
|
754
754
|
subjectAltName = $ENV::ALTNAME
|
|
755
755
|
nsComment = "CA Generated by Node-OPCUA Certificate utility using openssl"
|
|
756
|
+
[ v3_ca_req ]
|
|
757
|
+
subjectKeyIdentifier = hash
|
|
758
|
+
basicConstraints = CA:TRUE
|
|
759
|
+
keyUsage = critical, cRLSign, keyCertSign
|
|
760
|
+
nsComment = "CA CSR generated by Node-OPCUA Certificate utility using openssl"
|
|
756
761
|
[ v3_ca ]
|
|
757
762
|
subjectKeyIdentifier = hash
|
|
758
|
-
authorityKeyIdentifier = keyid
|
|
763
|
+
authorityKeyIdentifier = keyid:always,issuer:always
|
|
759
764
|
basicConstraints = CA:TRUE
|
|
760
765
|
keyUsage = critical, cRLSign, keyCertSign
|
|
761
766
|
nsComment = "CA Certificate generated by Node-OPCUA Certificate utility using openssl"
|
|
@@ -820,10 +825,20 @@ async function construct_CertificateAuthority(certificateAuthority) {
|
|
|
820
825
|
}
|
|
821
826
|
}
|
|
822
827
|
await construct_default_files();
|
|
823
|
-
|
|
824
|
-
|
|
828
|
+
const caKeyExists = import_node_fs6.default.existsSync(import_node_path5.default.join(caRootDir, "private/cakey.pem"));
|
|
829
|
+
const caCertExists = import_node_fs6.default.existsSync(import_node_path5.default.join(caRootDir, "public/cacert.pem"));
|
|
830
|
+
if (caKeyExists && caCertExists && !config2.forceCA) {
|
|
831
|
+
debugLog("CA private key and certificate already exist ... skipping");
|
|
825
832
|
return;
|
|
826
833
|
}
|
|
834
|
+
if (caKeyExists && !caCertExists) {
|
|
835
|
+
debugLog("CA private key exists but cacert.pem is missing \u2014 rebuilding CA");
|
|
836
|
+
import_node_fs6.default.unlinkSync(import_node_path5.default.join(caRootDir, "private/cakey.pem"));
|
|
837
|
+
const staleCsr = import_node_path5.default.join(caRootDir, "private/cakey.csr");
|
|
838
|
+
if (import_node_fs6.default.existsSync(staleCsr)) {
|
|
839
|
+
import_node_fs6.default.unlinkSync(staleCsr);
|
|
840
|
+
}
|
|
841
|
+
}
|
|
827
842
|
displayTitle("Create Certificate Authority (CA)");
|
|
828
843
|
const indexFileAttr = import_node_path5.default.join(caRootDir, "index.txt.attr");
|
|
829
844
|
if (!import_node_fs6.default.existsSync(indexFileAttr)) {
|
|
@@ -847,7 +862,7 @@ async function construct_CertificateAuthority(certificateAuthority) {
|
|
|
847
862
|
await (0, import_node_opcua_crypto2.generatePrivateKeyFile)(privateKeyFilename, keySize);
|
|
848
863
|
displayTitle("Generate a certificate request for the CA key");
|
|
849
864
|
await execute_openssl(
|
|
850
|
-
"req -new -sha256 -text -extensions
|
|
865
|
+
"req -new -sha256 -text -extensions v3_ca_req" + configOption + " -key " + q(n2(privateKeyFilename)) + " -out " + q(n2(csrFilename)) + " " + subjectOpt,
|
|
851
866
|
options
|
|
852
867
|
);
|
|
853
868
|
displayTitle("Generate CA Certificate (self-signed)");
|