node-opcua-server-configuration 2.113.0 → 2.115.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/dist/clientTools/push_certificate_management_client.js +237 -289
  2. package/dist/clientTools/push_certificate_management_client.js.map +1 -1
  3. package/dist/server/install_push_certitifate_management.js +117 -136
  4. package/dist/server/install_push_certitifate_management.js.map +1 -1
  5. package/dist/server/promote_trust_list.js +117 -134
  6. package/dist/server/promote_trust_list.js.map +1 -1
  7. package/dist/server/push_certificate_manager_helpers.js +258 -283
  8. package/dist/server/push_certificate_manager_helpers.js.map +1 -1
  9. package/dist/server/push_certificate_manager_server_impl.js +329 -388
  10. package/dist/server/push_certificate_manager_server_impl.js.map +1 -1
  11. package/dist/server/tools.js +1 -2
  12. package/dist/server/tools.js.map +1 -1
  13. package/dist/server/trust_list_server.js +47 -62
  14. package/dist/server/trust_list_server.js.map +1 -1
  15. package/package.json +25 -25
package/dist/server/push_certificate_manager_helpers.js CHANGED
@@ -22,15 +22,6 @@ var __importStar = (this && this.__importStar) || function (mod) {
22
22
  __setModuleDefault(result, mod);
23
23
  return result;
24
24
  };
25
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
26
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
27
- return new (P || (P = Promise))(function (resolve, reject) {
28
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
29
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
30
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
31
- step((generator = generator.apply(thisArg, _arguments || [])).next());
32
- });
33
- };
34
25
  Object.defineProperty(exports, "__esModule", { value: true });
35
26
  exports.installPushCertificateManagement = exports.promoteCertificateGroup = void 0;
36
27
  /**
@@ -77,169 +68,159 @@ function getPushCertificateManager(method) {
77
68
  // throw new Error("Cannot find pushCertificateManager object");
78
69
  return null;
79
70
  }
80
- function _createSigningRequest(inputArguments, context) {
81
- return __awaiter(this, void 0, void 0, function* () {
82
- const certificateGroupIdVariant = inputArguments[0];
83
- const certificateTypeIdVariant = inputArguments[1];
84
- const subjectNameVariant = inputArguments[2];
85
- const regeneratePrivateKeyVariant = inputArguments[3];
86
- const nonceVariant = inputArguments[4];
87
- if (!expected(certificateGroupIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
88
- warningLog("expecting an NodeId for certificateGroupId - 0");
89
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
90
- }
91
- if (!expected(certificateTypeIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
92
- warningLog("expecting an NodeId for certificateTypeId - 1");
93
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
94
- }
95
- if (!expected(subjectNameVariant, node_opcua_variant_1.DataType.String, node_opcua_variant_1.VariantArrayType.Scalar)) {
96
- warningLog("expecting an String for subjectName - 2");
97
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
98
- }
99
- if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
100
- warningLog("expecting an Boolean for regeneratePrivateKey - 3");
101
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
102
- }
103
- if (!expected(nonceVariant, node_opcua_variant_1.DataType.ByteString, node_opcua_variant_1.VariantArrayType.Scalar)) {
104
- warningLog("expecting an ByteString for nonceVariant - 4");
105
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
106
- }
107
- if (!(0, tools_1.hasEncryptedChannel)(context)) {
108
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
109
- }
110
- if (!(0, tools_1.hasExpectedUserAccess)(context)) {
111
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
112
- }
113
- const certificateGroupId = certificateGroupIdVariant.value;
114
- const certificateTypeId = certificateTypeIdVariant.value;
115
- const subjectName = subjectNameVariant.value;
116
- const regeneratePrivateKey = regeneratePrivateKeyVariant.value;
117
- const nonce = nonceVariant.value;
118
- const pushCertificateManager = getPushCertificateManager(this);
119
- if (!pushCertificateManager) {
120
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
121
- }
122
- const result = yield pushCertificateManager.createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
123
- if (result.statusCode.isNotGood()) {
124
- return { statusCode: result.statusCode };
125
- }
126
- const callMethodResult = {
127
- outputArguments: [
128
- {
129
- dataType: node_opcua_variant_1.DataType.ByteString,
130
- value: result.certificateSigningRequest
131
- }
132
- ],
133
- statusCode: result.statusCode
134
- };
135
- return callMethodResult;
136
- });
71
+ async function _createSigningRequest(inputArguments, context) {
72
+ const certificateGroupIdVariant = inputArguments[0];
73
+ const certificateTypeIdVariant = inputArguments[1];
74
+ const subjectNameVariant = inputArguments[2];
75
+ const regeneratePrivateKeyVariant = inputArguments[3];
76
+ const nonceVariant = inputArguments[4];
77
+ if (!expected(certificateGroupIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
78
+ warningLog("expecting an NodeId for certificateGroupId - 0");
79
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
80
+ }
81
+ if (!expected(certificateTypeIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
82
+ warningLog("expecting an NodeId for certificateTypeId - 1");
83
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
84
+ }
85
+ if (!expected(subjectNameVariant, node_opcua_variant_1.DataType.String, node_opcua_variant_1.VariantArrayType.Scalar)) {
86
+ warningLog("expecting an String for subjectName - 2");
87
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
88
+ }
89
+ if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
90
+ warningLog("expecting an Boolean for regeneratePrivateKey - 3");
91
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
92
+ }
93
+ if (!expected(nonceVariant, node_opcua_variant_1.DataType.ByteString, node_opcua_variant_1.VariantArrayType.Scalar)) {
94
+ warningLog("expecting an ByteString for nonceVariant - 4");
95
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
96
+ }
97
+ if (!(0, tools_1.hasEncryptedChannel)(context)) {
98
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
99
+ }
100
+ if (!(0, tools_1.hasExpectedUserAccess)(context)) {
101
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
102
+ }
103
+ const certificateGroupId = certificateGroupIdVariant.value;
104
+ const certificateTypeId = certificateTypeIdVariant.value;
105
+ const subjectName = subjectNameVariant.value;
106
+ const regeneratePrivateKey = regeneratePrivateKeyVariant.value;
107
+ const nonce = nonceVariant.value;
108
+ const pushCertificateManager = getPushCertificateManager(this);
109
+ if (!pushCertificateManager) {
110
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
111
+ }
112
+ const result = await pushCertificateManager.createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
113
+ if (result.statusCode.isNotGood()) {
114
+ return { statusCode: result.statusCode };
115
+ }
116
+ const callMethodResult = {
117
+ outputArguments: [
118
+ {
119
+ dataType: node_opcua_variant_1.DataType.ByteString,
120
+ value: result.certificateSigningRequest
121
+ }
122
+ ],
123
+ statusCode: result.statusCode
124
+ };
125
+ return callMethodResult;
137
126
  }
138
- function _updateCertificate(inputArguments, context) {
139
- return __awaiter(this, void 0, void 0, function* () {
140
- const certificateGroupId = inputArguments[0].value;
141
- const certificateTypeId = inputArguments[1].value;
142
- const certificate = inputArguments[2].value;
143
- const issuerCertificates = inputArguments[3].value;
144
- const privateKeyFormat = inputArguments[4].value;
145
- const privateKey = inputArguments[5].value;
146
- // This Method requires an encrypted channel and that the Client provides credentials with
147
- // administrative rights on the Server
148
- if (!(0, tools_1.hasEncryptedChannel)(context)) {
149
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
150
- }
151
- if (!(0, tools_1.hasExpectedUserAccess)(context)) {
152
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
153
- }
154
- if (privateKeyFormat && privateKeyFormat !== "" && privateKeyFormat.toLowerCase() !== "pem") {
155
- errorLog("_updateCertificate: Invalid PEM format requested " + privateKeyFormat);
156
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
157
- }
158
- const pushCertificateManager = getPushCertificateManager(this);
159
- if (!pushCertificateManager) {
160
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
161
- }
162
- const result = yield pushCertificateManager.updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
163
- // todo raise a CertificateUpdatedAuditEventType
164
- if (result.statusCode.isNotGood()) {
165
- return { statusCode: result.statusCode };
166
- }
167
- const callMethodResult = {
168
- outputArguments: [
169
- {
170
- dataType: node_opcua_variant_1.DataType.Boolean,
171
- value: !!result.applyChangesRequired
172
- }
173
- ],
174
- statusCode: result.statusCode
175
- };
176
- return callMethodResult;
177
- });
127
+ async function _updateCertificate(inputArguments, context) {
128
+ const certificateGroupId = inputArguments[0].value;
129
+ const certificateTypeId = inputArguments[1].value;
130
+ const certificate = inputArguments[2].value;
131
+ const issuerCertificates = inputArguments[3].value;
132
+ const privateKeyFormat = inputArguments[4].value;
133
+ const privateKey = inputArguments[5].value;
134
+ // This Method requires an encrypted channel and that the Client provides credentials with
135
+ // administrative rights on the Server
136
+ if (!(0, tools_1.hasEncryptedChannel)(context)) {
137
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
138
+ }
139
+ if (!(0, tools_1.hasExpectedUserAccess)(context)) {
140
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
141
+ }
142
+ if (privateKeyFormat && privateKeyFormat !== "" && privateKeyFormat.toLowerCase() !== "pem") {
143
+ errorLog("_updateCertificate: Invalid PEM format requested " + privateKeyFormat);
144
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
145
+ }
146
+ const pushCertificateManager = getPushCertificateManager(this);
147
+ if (!pushCertificateManager) {
148
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
149
+ }
150
+ const result = await pushCertificateManager.updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
151
+ // todo raise a CertificateUpdatedAuditEventType
152
+ if (result.statusCode.isNotGood()) {
153
+ return { statusCode: result.statusCode };
154
+ }
155
+ const callMethodResult = {
156
+ outputArguments: [
157
+ {
158
+ dataType: node_opcua_variant_1.DataType.Boolean,
159
+ value: !!result.applyChangesRequired
160
+ }
161
+ ],
162
+ statusCode: result.statusCode
163
+ };
164
+ return callMethodResult;
178
165
  }
179
- function _getRejectedList(inputArguments, context) {
180
- return __awaiter(this, void 0, void 0, function* () {
181
- if (!(0, tools_1.hasEncryptedChannel)(context)) {
182
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
183
- }
184
- if (!(0, tools_1.hasExpectedUserAccess)(context)) {
185
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
186
- }
187
- const pushCertificateManager = getPushCertificateManager(this);
188
- if (!pushCertificateManager) {
189
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
190
- }
191
- const result = yield pushCertificateManager.getRejectedList();
192
- if (result.statusCode.isNotGood()) {
193
- return { statusCode: result.statusCode };
194
- }
195
- return {
196
- outputArguments: [
197
- {
198
- arrayType: node_opcua_variant_1.VariantArrayType.Array,
199
- dataType: node_opcua_variant_1.DataType.ByteString,
200
- value: result.certificates
201
- }
202
- ],
203
- statusCode: node_opcua_status_code_1.StatusCodes.Good
204
- };
205
- });
166
+ async function _getRejectedList(inputArguments, context) {
167
+ if (!(0, tools_1.hasEncryptedChannel)(context)) {
168
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
169
+ }
170
+ if (!(0, tools_1.hasExpectedUserAccess)(context)) {
171
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
172
+ }
173
+ const pushCertificateManager = getPushCertificateManager(this);
174
+ if (!pushCertificateManager) {
175
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
176
+ }
177
+ const result = await pushCertificateManager.getRejectedList();
178
+ if (result.statusCode.isNotGood()) {
179
+ return { statusCode: result.statusCode };
180
+ }
181
+ return {
182
+ outputArguments: [
183
+ {
184
+ arrayType: node_opcua_variant_1.VariantArrayType.Array,
185
+ dataType: node_opcua_variant_1.DataType.ByteString,
186
+ value: result.certificates
187
+ }
188
+ ],
189
+ statusCode: node_opcua_status_code_1.StatusCodes.Good
190
+ };
206
191
  }
207
- function _applyChanges(inputArguments, context) {
208
- return __awaiter(this, void 0, void 0, function* () {
209
- // This Method requires an encrypted channel and that the Client provide credentials with
210
- // administrative rights on the Server.
211
- if (!(0, tools_1.hasEncryptedChannel)(context)) {
212
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
213
- }
214
- if (!(0, tools_1.hasExpectedUserAccess)(context)) {
215
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
216
- }
217
- const pushCertificateManager = getPushCertificateManager(this);
218
- if (!pushCertificateManager) {
219
- return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
220
- }
221
- const statusCode = yield pushCertificateManager.applyChanges();
222
- return { statusCode };
223
- });
192
+ async function _applyChanges(inputArguments, context) {
193
+ // This Method requires an encrypted channel and that the Client provide credentials with
194
+ // administrative rights on the Server.
195
+ if (!(0, tools_1.hasEncryptedChannel)(context)) {
196
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
197
+ }
198
+ if (!(0, tools_1.hasExpectedUserAccess)(context)) {
199
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
200
+ }
201
+ const pushCertificateManager = getPushCertificateManager(this);
202
+ if (!pushCertificateManager) {
203
+ return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
204
+ }
205
+ const statusCode = await pushCertificateManager.applyChanges();
206
+ return { statusCode };
224
207
  }
225
208
  function getCertificateFilename(certificateManager) {
226
209
  return path.join(certificateManager.rootDir, "own/certs/certificate.pem"); // to do , find a better way
227
210
  }
228
- function getCertificate(certificateManager) {
229
- return __awaiter(this, void 0, void 0, function* () {
230
- try {
231
- const certificateFile = getCertificateFilename(certificateManager);
232
- if (fs.existsSync(certificateFile)) {
233
- const certificate = yield (0, node_opcua_crypto_1.readCertificate)(certificateFile);
234
- return certificate;
235
- }
236
- return null;
237
- }
238
- catch (err) {
239
- warningLog("getCertificate Error", err.message);
240
- return null;
211
+ async function getCertificate(certificateManager) {
212
+ try {
213
+ const certificateFile = getCertificateFilename(certificateManager);
214
+ if (fs.existsSync(certificateFile)) {
215
+ const certificate = await (0, node_opcua_crypto_1.readCertificate)(certificateFile);
216
+ return certificate;
241
217
  }
242
- });
218
+ return null;
219
+ }
220
+ catch (err) {
221
+ warningLog("getCertificate Error", err.message);
222
+ return null;
223
+ }
243
224
  }
244
225
  function bindCertificateGroup(certificateGroup, certificateManager) {
245
226
  if (certificateManager) {
@@ -250,21 +231,19 @@ function bindCertificateGroup(certificateGroup, certificateManager) {
250
231
  updateCertificateAlarm();
251
232
  });
252
233
  }
253
- function updateCertificateAlarm() {
254
- return __awaiter(this, void 0, void 0, function* () {
255
- try {
256
- debugLog("updateCertificateAlarm", certificateGroup.browseName.toString());
257
- const certificateExpired = certificateGroup.getComponentByName("CertificateExpired");
258
- if (certificateExpired && certificateManager) {
259
- const certificateExpiredEx = certificateExpired;
260
- const certificate = yield getCertificate(certificateManager);
261
- certificateExpiredEx.setCertificate(certificate);
262
- }
263
- }
264
- catch (err) {
265
- warningLog("updateCertificateAlarm Error", err.message);
234
+ async function updateCertificateAlarm() {
235
+ try {
236
+ debugLog("updateCertificateAlarm", certificateGroup.browseName.toString());
237
+ const certificateExpired = certificateGroup.getComponentByName("CertificateExpired");
238
+ if (certificateExpired && certificateManager) {
239
+ const certificateExpiredEx = certificateExpired;
240
+ const certificate = await getCertificate(certificateManager);
241
+ certificateExpiredEx.setCertificate(certificate);
266
242
  }
267
- });
243
+ }
244
+ catch (err) {
245
+ warningLog("updateCertificateAlarm Error", err.message);
246
+ }
268
247
  }
269
248
  const addressSpace = certificateGroup.addressSpace;
270
249
  if (!certificateManager) {
@@ -316,120 +295,116 @@ function setNotifierOfChain(childObject) {
316
295
  }
317
296
  setNotifierOfChain(parentObject);
318
297
  }
319
- function promoteCertificateGroup(certificateGroup) {
320
- return __awaiter(this, void 0, void 0, function* () {
321
- const trustList = certificateGroup.getChildByName("TrustList");
322
- if (trustList) {
323
- yield (0, promote_trust_list_1.promoteTrustList)(trustList);
324
- }
325
- if (!certificateGroup.certificateExpired) {
326
- const namespace = certificateGroup.addressSpace.getOwnNamespace();
327
- // certificateGroup.
328
- (0, node_opcua_address_space_1.instantiateCertificateExpirationAlarm)(namespace, "CertificateExpirationAlarmType", {
329
- browseName: (0, node_opcua_data_model_1.coerceQualifiedName)("0:CertificateExpired"),
330
- componentOf: certificateGroup,
331
- conditionSource: null,
332
- conditionOf: certificateGroup,
333
- inputNode: node_opcua_nodeid_1.NodeId.nullNodeId,
334
- normalState: node_opcua_nodeid_1.NodeId.nullNodeId,
335
- optionals: ["ExpirationLimit"],
336
- conditionName: "CertificateExpired",
337
- conditionClass: (0, node_opcua_nodeid_1.resolveNodeId)("CertificateExpirationAlarmType"),
338
- });
339
- }
340
- certificateGroup.setEventNotifier(node_opcua_address_space_base_1.EventNotifierFlags.SubscribeToEvents);
341
- setNotifierOfChain(certificateGroup);
342
- });
298
+ async function promoteCertificateGroup(certificateGroup) {
299
+ const trustList = certificateGroup.getChildByName("TrustList");
300
+ if (trustList) {
301
+ await (0, promote_trust_list_1.promoteTrustList)(trustList);
302
+ }
303
+ if (!certificateGroup.certificateExpired) {
304
+ const namespace = certificateGroup.addressSpace.getOwnNamespace();
305
+ // certificateGroup.
306
+ (0, node_opcua_address_space_1.instantiateCertificateExpirationAlarm)(namespace, "CertificateExpirationAlarmType", {
307
+ browseName: (0, node_opcua_data_model_1.coerceQualifiedName)("0:CertificateExpired"),
308
+ componentOf: certificateGroup,
309
+ conditionSource: null,
310
+ conditionOf: certificateGroup,
311
+ inputNode: node_opcua_nodeid_1.NodeId.nullNodeId,
312
+ normalState: node_opcua_nodeid_1.NodeId.nullNodeId,
313
+ optionals: ["ExpirationLimit"],
314
+ conditionName: "CertificateExpired",
315
+ conditionClass: (0, node_opcua_nodeid_1.resolveNodeId)("CertificateExpirationAlarmType"),
316
+ });
317
+ }
318
+ certificateGroup.setEventNotifier(node_opcua_address_space_base_1.EventNotifierFlags.SubscribeToEvents);
319
+ setNotifierOfChain(certificateGroup);
343
320
  }
344
321
  exports.promoteCertificateGroup = promoteCertificateGroup;
345
322
  ;
346
- function installPushCertificateManagement(addressSpace, options) {
347
- return __awaiter(this, void 0, void 0, function* () {
348
- addressSpace.installAlarmsAndConditionsService();
349
- const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
350
- const serverConfigurationPriv = serverConfiguration;
351
- if (serverConfigurationPriv.$pushCertificateManager) {
352
- warningLog("PushCertificateManagement has already been installed");
353
- return;
354
- }
355
- const accessRestrictionFlag = node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired;
356
- function installAccessRestrictions(serverConfiguration) {
357
- serverConfiguration.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
358
- serverConfiguration.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
359
- const applyName = serverConfiguration.getMethodByName("ApplyChanges");
360
- applyName === null || applyName === void 0 ? void 0 : applyName.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
361
- applyName === null || applyName === void 0 ? void 0 : applyName.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
362
- const createSigningRequest = serverConfiguration.getMethodByName("CreateSigningRequest");
363
- createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
364
- createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setAccessRestrictions(accessRestrictionFlag);
365
- const getRejectedList = serverConfiguration.getMethodByName("GetRejectedList");
366
- getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
367
- getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setAccessRestrictions(accessRestrictionFlag);
368
- const updateCertificate = serverConfiguration.getMethodByName("UpdateCertificate");
369
- updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
370
- updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setAccessRestrictions(accessRestrictionFlag);
371
- const certificateGroups = serverConfiguration.getComponentByName("CertificateGroups");
372
- certificateGroups.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
373
- certificateGroups.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
374
- function installAccessRestrictionOnGroup(group) {
375
- const trustList = group.getComponentByName("TrustList");
376
- if (trustList) {
377
- (0, promote_trust_list_1.installAccessRestrictionOnTrustList)(trustList);
378
- }
379
- }
380
- for (const group of certificateGroups.getComponents()) {
381
- group.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
382
- group.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
383
- if (group.nodeClass === node_opcua_data_model_1.NodeClass.Object) {
384
- installAccessRestrictionOnGroup(group);
385
- }
323
+ async function installPushCertificateManagement(addressSpace, options) {
324
+ addressSpace.installAlarmsAndConditionsService();
325
+ const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
326
+ const serverConfigurationPriv = serverConfiguration;
327
+ if (serverConfigurationPriv.$pushCertificateManager) {
328
+ warningLog("PushCertificateManagement has already been installed");
329
+ return;
330
+ }
331
+ const accessRestrictionFlag = node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired;
332
+ function installAccessRestrictions(serverConfiguration) {
333
+ serverConfiguration.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
334
+ serverConfiguration.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
335
+ const applyName = serverConfiguration.getMethodByName("ApplyChanges");
336
+ applyName?.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
337
+ applyName?.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
338
+ const createSigningRequest = serverConfiguration.getMethodByName("CreateSigningRequest");
339
+ createSigningRequest?.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
340
+ createSigningRequest?.setAccessRestrictions(accessRestrictionFlag);
341
+ const getRejectedList = serverConfiguration.getMethodByName("GetRejectedList");
342
+ getRejectedList?.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
343
+ getRejectedList?.setAccessRestrictions(accessRestrictionFlag);
344
+ const updateCertificate = serverConfiguration.getMethodByName("UpdateCertificate");
345
+ updateCertificate?.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
346
+ updateCertificate?.setAccessRestrictions(accessRestrictionFlag);
347
+ const certificateGroups = serverConfiguration.getComponentByName("CertificateGroups");
348
+ certificateGroups.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
349
+ certificateGroups.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
350
+ function installAccessRestrictionOnGroup(group) {
351
+ const trustList = group.getComponentByName("TrustList");
352
+ if (trustList) {
353
+ (0, promote_trust_list_1.installAccessRestrictionOnTrustList)(trustList);
386
354
  }
387
355
  }
388
- installAccessRestrictions(serverConfiguration);
389
- serverConfigurationPriv.$pushCertificateManager = new push_certificate_manager_server_impl_1.PushCertificateManagerServerImpl(options);
390
- serverConfiguration.supportedPrivateKeyFormats.setValueFromSource({
391
- arrayType: node_opcua_variant_1.VariantArrayType.Array,
392
- dataType: node_opcua_variant_1.DataType.String,
393
- value: ["PEM"]
394
- });
395
- function install_method_handle_on_type(addressSpace) {
396
- const serverConfigurationType = addressSpace.findObjectType("ServerConfigurationType");
397
- if (serverConfigurationType.createSigningRequest.isBound()) {
398
- return;
356
+ for (const group of certificateGroups.getComponents()) {
357
+ group.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
358
+ group.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
359
+ if (group.nodeClass === node_opcua_data_model_1.NodeClass.Object) {
360
+ installAccessRestrictionOnGroup(group);
399
361
  }
400
- serverConfigurationType.createSigningRequest.bindMethod(_createSigningRequest);
401
- serverConfigurationType.getRejectedList.bindMethod(_getRejectedList);
402
- serverConfigurationType.updateCertificate.bindMethod(_updateCertificate);
403
- serverConfigurationType.applyChanges.bindMethod(_applyChanges);
404
- }
405
- install_method_handle_on_type(addressSpace);
406
- serverConfiguration.createSigningRequest.bindMethod(_createSigningRequest);
407
- serverConfiguration.updateCertificate.bindMethod(_updateCertificate);
408
- serverConfiguration.getRejectedList.bindMethod(_getRejectedList);
409
- if (serverConfiguration.applyChanges) {
410
- serverConfiguration.applyChanges.bindMethod(_applyChanges);
411
362
  }
412
- const cg = serverConfiguration.certificateGroups.getComponents();
413
- const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
414
- const certificateTypes = defaultApplicationGroup.getPropertyByName("CertificateTypes");
415
- certificateTypes.setValueFromSource({
416
- dataType: node_opcua_variant_1.DataType.NodeId,
417
- arrayType: node_opcua_variant_1.VariantArrayType.Array,
418
- value: [(0, node_opcua_nodeid_1.resolveNodeId)(node_opcua_constants_1.ObjectTypeIds.RsaSha256ApplicationCertificateType)]
419
- });
420
- const certificateGroupType = addressSpace.findObjectType("CertificateGroupType");
421
- for (const certificateGroup of cg) {
422
- if (certificateGroup.nodeClass !== node_opcua_data_model_1.NodeClass.Object) {
423
- continue;
424
- }
425
- const o = certificateGroup;
426
- if (!o.typeDefinitionObj.isSubtypeOf(certificateGroupType)) {
427
- continue;
428
- }
429
- yield promoteCertificateGroup(certificateGroup);
363
+ }
364
+ installAccessRestrictions(serverConfiguration);
365
+ serverConfigurationPriv.$pushCertificateManager = new push_certificate_manager_server_impl_1.PushCertificateManagerServerImpl(options);
366
+ serverConfiguration.supportedPrivateKeyFormats.setValueFromSource({
367
+ arrayType: node_opcua_variant_1.VariantArrayType.Array,
368
+ dataType: node_opcua_variant_1.DataType.String,
369
+ value: ["PEM"]
370
+ });
371
+ function install_method_handle_on_type(addressSpace) {
372
+ const serverConfigurationType = addressSpace.findObjectType("ServerConfigurationType");
373
+ if (serverConfigurationType.createSigningRequest.isBound()) {
374
+ return;
430
375
  }
431
- yield bindCertificateManager(addressSpace, options);
376
+ serverConfigurationType.createSigningRequest.bindMethod(_createSigningRequest);
377
+ serverConfigurationType.getRejectedList.bindMethod(_getRejectedList);
378
+ serverConfigurationType.updateCertificate.bindMethod(_updateCertificate);
379
+ serverConfigurationType.applyChanges.bindMethod(_applyChanges);
380
+ }
381
+ install_method_handle_on_type(addressSpace);
382
+ serverConfiguration.createSigningRequest.bindMethod(_createSigningRequest);
383
+ serverConfiguration.updateCertificate.bindMethod(_updateCertificate);
384
+ serverConfiguration.getRejectedList.bindMethod(_getRejectedList);
385
+ if (serverConfiguration.applyChanges) {
386
+ serverConfiguration.applyChanges.bindMethod(_applyChanges);
387
+ }
388
+ const cg = serverConfiguration.certificateGroups.getComponents();
389
+ const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
390
+ const certificateTypes = defaultApplicationGroup.getPropertyByName("CertificateTypes");
391
+ certificateTypes.setValueFromSource({
392
+ dataType: node_opcua_variant_1.DataType.NodeId,
393
+ arrayType: node_opcua_variant_1.VariantArrayType.Array,
394
+ value: [(0, node_opcua_nodeid_1.resolveNodeId)(node_opcua_constants_1.ObjectTypeIds.RsaSha256ApplicationCertificateType)]
432
395
  });
396
+ const certificateGroupType = addressSpace.findObjectType("CertificateGroupType");
397
+ for (const certificateGroup of cg) {
398
+ if (certificateGroup.nodeClass !== node_opcua_data_model_1.NodeClass.Object) {
399
+ continue;
400
+ }
401
+ const o = certificateGroup;
402
+ if (!o.typeDefinitionObj.isSubtypeOf(certificateGroupType)) {
403
+ continue;
404
+ }
405
+ await promoteCertificateGroup(certificateGroup);
406
+ }
407
+ await bindCertificateManager(addressSpace, options);
433
408
  }
434
409
  exports.installPushCertificateManagement = installPushCertificateManagement;
435
410
  //# sourceMappingURL=push_certificate_manager_helpers.js.map