node-opcua-pki 6.2.0 → 6.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +15 -0
- package/dist/index.d.ts +15 -0
- package/dist/index.js +202 -157
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +203 -157
- package/dist/index.mjs.map +1 -1
- package/package.json +2 -2
- package/readme.md +24 -7
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node-opcua-pki",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.4.0",
|
|
4
4
|
"description": "PKI management for node-opcua",
|
|
5
5
|
"type": "commonjs",
|
|
6
6
|
"main": "./dist/index.js",
|
|
@@ -49,5 +49,5 @@
|
|
|
49
49
|
"wget-improved-2": "^3.3.0",
|
|
50
50
|
"yauzl": "^3.2.0"
|
|
51
51
|
},
|
|
52
|
-
"gitHead": "
|
|
52
|
+
"gitHead": "605b89f114cd144148e5766e2fc270bd5382b7bb"
|
|
53
53
|
}
|
package/readme.md
CHANGED
|
@@ -213,13 +213,16 @@ await cm.createSelfSignedCertificate({
|
|
|
213
213
|
|
|
214
214
|
#### Certificate Trust
|
|
215
215
|
|
|
216
|
-
| Method
|
|
217
|
-
|
|
|
218
|
-
| `trustCertificate(cert)`
|
|
219
|
-
| `rejectCertificate(cert)`
|
|
220
|
-
| `getCertificateStatus(cert)`
|
|
221
|
-
| `removeTrustedCertificate(thumbprint)`
|
|
222
|
-
| `
|
|
216
|
+
| Method | Description |
|
|
217
|
+
| ----------------------------------------------- | ------------------------------------------------------------------------------------------ |
|
|
218
|
+
| `trustCertificate(cert)` | Add a certificate to the trusted store |
|
|
219
|
+
| `rejectCertificate(cert)` | Move a certificate to the rejected store |
|
|
220
|
+
| `getCertificateStatus(cert)` | Returns `"trusted"`, `"rejected"`, or `"unknown"` |
|
|
221
|
+
| `removeTrustedCertificate(thumbprint)` | Remove a trusted certificate by SHA-1 thumbprint. Returns the certificate buffer or `null` |
|
|
222
|
+
| `addTrustedCertificateFromChain(certChain)` | Validate and trust the leaf certificate from a DER chain |
|
|
223
|
+
| `isIssuerInUseByTrustedCertificate(issuerCert)` | Check if any trusted cert was signed by this issuer |
|
|
224
|
+
| `verifyCertificate(cert, options?)` | Full certificate chain validation |
|
|
225
|
+
| `reloadCertificates()` | Force a full re-scan of all PKI folders |
|
|
223
226
|
|
|
224
227
|
#### Issuer (CA) Certificates
|
|
225
228
|
|
|
@@ -250,6 +253,20 @@ await cm.createSelfSignedCertificate({
|
|
|
250
253
|
| `issuersCrlFolder` | `{location}/issuers/crl` |
|
|
251
254
|
| `rootDir` | `{location}` |
|
|
252
255
|
|
|
256
|
+
### File Watching
|
|
257
|
+
|
|
258
|
+
`CertificateManager` uses [chokidar](https://github.com/paulmillr/chokidar) to watch the PKI folders for changes. By default, it uses **native OS events** (inotify, FSEvents, ReadDirectoryChangesW) for near-real-time detection.
|
|
259
|
+
|
|
260
|
+
If the PKI folders are on a network file system (NFS, CIFS) or inside a Docker volume where native events don't propagate, set the environment variable:
|
|
261
|
+
|
|
262
|
+
```bash
|
|
263
|
+
OPCUA_PKI_USE_POLLING=true
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
This falls back to filesystem polling, which is slower but works on all file systems.
|
|
267
|
+
|
|
268
|
+
> **Note:** If external processes modify the PKI folders directly (e.g., CLI tools, OPC UA `WriteTrustList`), call `reloadCertificates()` to force an immediate re-scan of the folder state.
|
|
269
|
+
|
|
253
270
|
## References
|
|
254
271
|
|
|
255
272
|
- [OPC Foundation GDS File Store](https://reference.opcfoundation.org/GDS/docs/F.1/)
|