node-opcua-pki 6.10.0 → 6.10.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/pki.mjs +19 -4
- package/dist/bin/pki.mjs.map +1 -1
- package/dist/index.js +19 -4
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +19 -4
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
package/dist/index.mjs
CHANGED
|
@@ -710,9 +710,14 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment, d
|
|
|
710
710
|
extendedKeyUsage = critical,serverAuth ,clientAuth
|
|
711
711
|
subjectAltName = $ENV::ALTNAME
|
|
712
712
|
nsComment = "CA Generated by Node-OPCUA Certificate utility using openssl"
|
|
713
|
+
[ v3_ca_req ]
|
|
714
|
+
subjectKeyIdentifier = hash
|
|
715
|
+
basicConstraints = CA:TRUE
|
|
716
|
+
keyUsage = critical, cRLSign, keyCertSign
|
|
717
|
+
nsComment = "CA CSR generated by Node-OPCUA Certificate utility using openssl"
|
|
713
718
|
[ v3_ca ]
|
|
714
719
|
subjectKeyIdentifier = hash
|
|
715
|
-
authorityKeyIdentifier = keyid
|
|
720
|
+
authorityKeyIdentifier = keyid:always,issuer:always
|
|
716
721
|
basicConstraints = CA:TRUE
|
|
717
722
|
keyUsage = critical, cRLSign, keyCertSign
|
|
718
723
|
nsComment = "CA Certificate generated by Node-OPCUA Certificate utility using openssl"
|
|
@@ -777,10 +782,20 @@ async function construct_CertificateAuthority(certificateAuthority) {
|
|
|
777
782
|
}
|
|
778
783
|
}
|
|
779
784
|
await construct_default_files();
|
|
780
|
-
|
|
781
|
-
|
|
785
|
+
const caKeyExists = fs6.existsSync(path5.join(caRootDir, "private/cakey.pem"));
|
|
786
|
+
const caCertExists = fs6.existsSync(path5.join(caRootDir, "public/cacert.pem"));
|
|
787
|
+
if (caKeyExists && caCertExists && !config2.forceCA) {
|
|
788
|
+
debugLog("CA private key and certificate already exist ... skipping");
|
|
782
789
|
return;
|
|
783
790
|
}
|
|
791
|
+
if (caKeyExists && !caCertExists) {
|
|
792
|
+
debugLog("CA private key exists but cacert.pem is missing \u2014 rebuilding CA");
|
|
793
|
+
fs6.unlinkSync(path5.join(caRootDir, "private/cakey.pem"));
|
|
794
|
+
const staleCsr = path5.join(caRootDir, "private/cakey.csr");
|
|
795
|
+
if (fs6.existsSync(staleCsr)) {
|
|
796
|
+
fs6.unlinkSync(staleCsr);
|
|
797
|
+
}
|
|
798
|
+
}
|
|
784
799
|
displayTitle("Create Certificate Authority (CA)");
|
|
785
800
|
const indexFileAttr = path5.join(caRootDir, "index.txt.attr");
|
|
786
801
|
if (!fs6.existsSync(indexFileAttr)) {
|
|
@@ -804,7 +819,7 @@ async function construct_CertificateAuthority(certificateAuthority) {
|
|
|
804
819
|
await generatePrivateKeyFile(privateKeyFilename, keySize);
|
|
805
820
|
displayTitle("Generate a certificate request for the CA key");
|
|
806
821
|
await execute_openssl(
|
|
807
|
-
"req -new -sha256 -text -extensions
|
|
822
|
+
"req -new -sha256 -text -extensions v3_ca_req" + configOption + " -key " + q(n2(privateKeyFilename)) + " -out " + q(n2(csrFilename)) + " " + subjectOpt,
|
|
808
823
|
options
|
|
809
824
|
);
|
|
810
825
|
displayTitle("Generate CA Certificate (self-signed)");
|