node-opcua-server-configuration 2.163.0 → 2.164.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/certificate_types.d.ts +17 -0
- package/dist/clientTools/certificate_types.js +20 -0
- package/dist/clientTools/certificate_types.js.map +1 -0
- package/dist/clientTools/get_certificate_key_type.d.ts +6 -0
- package/dist/clientTools/get_certificate_key_type.js +55 -0
- package/dist/clientTools/get_certificate_key_type.js.map +1 -0
- package/dist/clientTools/index.d.ts +2 -1
- package/dist/clientTools/index.js +2 -17
- package/dist/clientTools/index.js.map +1 -1
- package/dist/clientTools/push_certificate_management_client.d.ts +10 -10
- package/dist/clientTools/push_certificate_management_client.js +85 -89
- package/dist/clientTools/push_certificate_management_client.js.map +1 -1
- package/dist/index.d.ts +9 -7
- package/dist/index.js +9 -23
- package/dist/index.js.map +1 -1
- package/dist/push_certificate_manager.d.ts +4 -4
- package/dist/push_certificate_manager.js +1 -2
- package/dist/server/certificate_validation.d.ts +15 -0
- package/dist/server/certificate_validation.js +76 -0
- package/dist/server/certificate_validation.js.map +1 -0
- package/dist/server/file_transaction_manager.d.ts +30 -0
- package/dist/server/file_transaction_manager.js +223 -0
- package/dist/server/file_transaction_manager.js.map +1 -0
- package/dist/server/install_certificate_file_watcher.d.ts +1 -1
- package/dist/server/install_certificate_file_watcher.js +8 -14
- package/dist/server/install_certificate_file_watcher.js.map +1 -1
- package/dist/server/install_push_certitifate_management.d.ts +6 -6
- package/dist/server/install_push_certitifate_management.js +61 -65
- package/dist/server/install_push_certitifate_management.js.map +1 -1
- package/dist/server/promote_trust_list.d.ts +1 -1
- package/dist/server/promote_trust_list.js +323 -82
- package/dist/server/promote_trust_list.js.map +1 -1
- package/dist/server/push_certificate_manager/apply_changes.d.ts +3 -0
- package/dist/server/push_certificate_manager/apply_changes.js +59 -0
- package/dist/server/push_certificate_manager/apply_changes.js.map +1 -0
- package/dist/server/push_certificate_manager/create_signing_request.d.ts +5 -0
- package/dist/server/push_certificate_manager/create_signing_request.js +108 -0
- package/dist/server/push_certificate_manager/create_signing_request.js.map +1 -0
- package/dist/server/push_certificate_manager/get_rejected_list.d.ts +3 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js +46 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js.map +1 -0
- package/dist/server/push_certificate_manager/internal_context.d.ts +35 -0
- package/dist/server/push_certificate_manager/internal_context.js +45 -0
- package/dist/server/push_certificate_manager/internal_context.js.map +1 -0
- package/dist/server/push_certificate_manager/subject_to_string.d.ts +3 -0
- package/dist/server/push_certificate_manager/subject_to_string.js +27 -0
- package/dist/server/push_certificate_manager/subject_to_string.js.map +1 -0
- package/dist/server/push_certificate_manager/update_certificate.d.ts +5 -0
- package/dist/server/push_certificate_manager/update_certificate.js +132 -0
- package/dist/server/push_certificate_manager/update_certificate.js.map +1 -0
- package/dist/server/push_certificate_manager/util.d.ts +29 -0
- package/dist/server/push_certificate_manager/util.js +117 -0
- package/dist/server/push_certificate_manager/util.js.map +1 -0
- package/dist/server/push_certificate_manager_helpers.d.ts +5 -2
- package/dist/server/push_certificate_manager_helpers.js +109 -112
- package/dist/server/push_certificate_manager_helpers.js.map +1 -1
- package/dist/server/push_certificate_manager_server_impl.d.ts +16 -29
- package/dist/server/push_certificate_manager_server_impl.js +49 -437
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -1
- package/dist/server/roles_and_permissions.d.ts +1 -1
- package/dist/server/roles_and_permissions.js +24 -27
- package/dist/server/roles_and_permissions.js.map +1 -1
- package/dist/server/tools.d.ts +1 -1
- package/dist/server/tools.js +7 -13
- package/dist/server/tools.js.map +1 -1
- package/dist/server/trust_list_server.d.ts +2 -2
- package/dist/server/trust_list_server.js +40 -29
- package/dist/server/trust_list_server.js.map +1 -1
- package/dist/standard_certificate_types.js +6 -9
- package/dist/standard_certificate_types.js.map +1 -1
- package/dist/trust_list.d.ts +2 -2
- package/dist/trust_list.js +1 -2
- package/dist/trust_list_impl.js +1 -2
- package/dist/trust_list_impl.js.map +1 -1
- package/package.json +29 -30
- package/source/clientTools/certificate_types.ts +21 -0
- package/source/clientTools/get_certificate_key_type.ts +73 -0
- package/source/clientTools/index.ts +2 -1
- package/source/clientTools/push_certificate_management_client.ts +49 -44
- package/source/index.ts +9 -7
- package/source/push_certificate_manager.ts +15 -17
- package/source/server/certificate_validation.ts +103 -0
- package/source/server/file_transaction_manager.ts +253 -0
- package/source/server/install_certificate_file_watcher.ts +15 -11
- package/source/server/install_push_certitifate_management.ts +52 -51
- package/source/server/promote_trust_list.ts +362 -73
- package/source/server/push_certificate_manager/apply_changes.ts +63 -0
- package/source/server/push_certificate_manager/create_signing_request.ts +137 -0
- package/source/server/push_certificate_manager/get_rejected_list.ts +63 -0
- package/source/server/push_certificate_manager/internal_context.ts +63 -0
- package/source/server/push_certificate_manager/subject_to_string.ts +25 -0
- package/source/server/push_certificate_manager/update_certificate.ts +201 -0
- package/source/server/push_certificate_manager/util.ts +145 -0
- package/source/server/push_certificate_manager_helpers.ts +61 -51
- package/source/server/push_certificate_manager_server_impl.ts +94 -553
- package/source/server/roles_and_permissions.ts +7 -8
- package/source/server/tools.ts +2 -5
- package/source/server/trust_list_server.ts +24 -9
- package/source/standard_certificate_types.ts +2 -3
- package/source/trust_list.ts +26 -33
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import fs from "fs";
|
|
2
|
-
import path from "path";
|
|
3
|
-
import { UAObject } from "node-opcua-address-space-base";
|
|
1
|
+
import fs from "node:fs";
|
|
2
|
+
import path from "node:path";
|
|
3
|
+
import type { UAObject } from "node-opcua-address-space-base";
|
|
4
4
|
import { make_debugLog } from "node-opcua-debug";
|
|
5
5
|
|
|
6
6
|
const debugLog = make_debugLog("ServerConfiguration");
|
|
@@ -10,15 +10,19 @@ export interface ChangeDetector {
|
|
|
10
10
|
}
|
|
11
11
|
export function installCertificateFileWatcher(node: UAObject, certificateFile: string): ChangeDetector {
|
|
12
12
|
const fileToWatch = path.basename(certificateFile);
|
|
13
|
-
const fsWatcher = fs.watch(
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
13
|
+
const fsWatcher = fs.watch(
|
|
14
|
+
path.dirname(certificateFile),
|
|
15
|
+
{ persistent: false },
|
|
16
|
+
(_eventType: "rename" | "change", filename) => {
|
|
17
|
+
/** */
|
|
18
|
+
if (filename === fileToWatch) {
|
|
19
|
+
debugLog("filename changed = ", filename, fileToWatch);
|
|
20
|
+
node.emit("certificateChange");
|
|
21
|
+
}
|
|
18
22
|
}
|
|
19
|
-
|
|
20
|
-
const addressSpace = node.addressSpace
|
|
21
|
-
addressSpace
|
|
23
|
+
);
|
|
24
|
+
const addressSpace = node.addressSpace;
|
|
25
|
+
addressSpace?.registerShutdownTask(() => {
|
|
22
26
|
fsWatcher.close();
|
|
23
27
|
});
|
|
24
28
|
return node as unknown as ChangeDetector;
|
|
@@ -1,31 +1,25 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* @module node-opcua-server-configuration-server
|
|
3
3
|
*/
|
|
4
|
-
import fs from "fs";
|
|
5
|
-
import os from "os";
|
|
6
|
-
import path from "path";
|
|
4
|
+
import fs from "node:fs";
|
|
5
|
+
import os from "node:os";
|
|
6
|
+
import path from "node:path";
|
|
7
7
|
|
|
8
|
-
import { types } from "util";
|
|
9
8
|
import chalk from "chalk";
|
|
10
9
|
|
|
11
|
-
import {
|
|
10
|
+
import type { AddressSpace, UAServerConfiguration } from "node-opcua-address-space";
|
|
12
11
|
import { assert } from "node-opcua-assert";
|
|
13
|
-
import { OPCUACertificateManager } from "node-opcua-certificate-manager";
|
|
14
|
-
import {
|
|
15
|
-
Certificate,
|
|
16
|
-
convertPEMtoDER,
|
|
17
|
-
PrivateKey,
|
|
18
|
-
split_der
|
|
19
|
-
} from "node-opcua-crypto/web";
|
|
12
|
+
import type { OPCUACertificateManager } from "node-opcua-certificate-manager";
|
|
13
|
+
import type { ICertificateKeyPairProviderPriv } from "node-opcua-common";
|
|
20
14
|
import { readPrivateKey } from "node-opcua-crypto";
|
|
15
|
+
import { type Certificate, convertPEMtoDER, type PrivateKey, split_der } from "node-opcua-crypto/web";
|
|
21
16
|
import { checkDebugFlag, make_debugLog, make_errorLog } from "node-opcua-debug";
|
|
22
17
|
import { getFullyQualifiedDomainName } from "node-opcua-hostname";
|
|
23
|
-
import {
|
|
24
|
-
import {
|
|
25
|
-
import { ApplicationDescriptionOptions } from "node-opcua-types";
|
|
18
|
+
import type { OPCUAServer, OPCUAServerEndPoint } from "node-opcua-server";
|
|
19
|
+
import type { ApplicationDescriptionOptions } from "node-opcua-types";
|
|
26
20
|
|
|
27
|
-
import { installPushCertificateManagement } from "./push_certificate_manager_helpers";
|
|
28
|
-
import { ActionQueue, PushCertificateManagerServerImpl } from "./push_certificate_manager_server_impl";
|
|
21
|
+
import { installPushCertificateManagement } from "./push_certificate_manager_helpers.js";
|
|
22
|
+
import type { ActionQueue, PushCertificateManagerServerImpl } from "./push_certificate_manager_server_impl.js";
|
|
29
23
|
|
|
30
24
|
// node 14 onward : import { readFile } from "fs/promises";
|
|
31
25
|
const { readFile } = fs.promises;
|
|
@@ -33,7 +27,6 @@ const { readFile } = fs.promises;
|
|
|
33
27
|
const debugLog = make_debugLog("ServerConfiguration");
|
|
34
28
|
const errorLog = make_errorLog("ServerConfiguration");
|
|
35
29
|
const doDebug = checkDebugFlag("ServerConfiguration");
|
|
36
|
-
doDebug;
|
|
37
30
|
|
|
38
31
|
export interface OPCUAServerPartial extends ICertificateKeyPairProviderPriv {
|
|
39
32
|
serverInfo?: ApplicationDescriptionOptions;
|
|
@@ -51,7 +44,7 @@ function getCertificate(this: OPCUAServerPartial): Certificate {
|
|
|
51
44
|
const certificateChain = getCertificateChain.call(this);
|
|
52
45
|
this.$$certificate = split_der(certificateChain)[0];
|
|
53
46
|
}
|
|
54
|
-
return this.$$certificate
|
|
47
|
+
return this.$$certificate;
|
|
55
48
|
}
|
|
56
49
|
|
|
57
50
|
function getCertificateChain(this: OPCUAServerPartial): Certificate {
|
|
@@ -62,7 +55,7 @@ function getCertificateChain(this: OPCUAServerPartial): Certificate {
|
|
|
62
55
|
}
|
|
63
56
|
|
|
64
57
|
function getPrivateKey(this: OPCUAServerPartial): PrivateKey {
|
|
65
|
-
//
|
|
58
|
+
// c8 ignore next
|
|
66
59
|
if (!this.$$privateKey) {
|
|
67
60
|
throw new Error("internal Error. cannot find $$privateKey");
|
|
68
61
|
}
|
|
@@ -76,7 +69,7 @@ async function getIpAddresses(): Promise<string[]> {
|
|
|
76
69
|
if (!netInterfaces[interfaceName]) {
|
|
77
70
|
continue;
|
|
78
71
|
}
|
|
79
|
-
for (const interFace of netInterfaces[interfaceName]
|
|
72
|
+
for (const interFace of netInterfaces[interfaceName]) {
|
|
80
73
|
if ("IPv4" !== interFace.family || interFace.internal !== false) {
|
|
81
74
|
// skip over internal (i.e. 127.0.0.1) and non-ipv4 addresses
|
|
82
75
|
continue;
|
|
@@ -91,12 +84,16 @@ async function getIpAddresses(): Promise<string[]> {
|
|
|
91
84
|
*
|
|
92
85
|
*/
|
|
93
86
|
async function install(this: OPCUAServerPartial): Promise<void> {
|
|
94
|
-
debugLog("install push certificate management", this.serverCertificateManager.rootDir);
|
|
87
|
+
doDebug && debugLog("install push certificate management", this.serverCertificateManager.rootDir);
|
|
95
88
|
|
|
96
|
-
(this
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
);
|
|
89
|
+
Object.defineProperty(this, "privateKeyFile", {
|
|
90
|
+
get: () => this.serverCertificateManager.privateKey,
|
|
91
|
+
configurable: true
|
|
92
|
+
});
|
|
93
|
+
Object.defineProperty(this, "certificateFile", {
|
|
94
|
+
get: () => path.join(this.serverCertificateManager.rootDir, "own/certs/certificate.pem"),
|
|
95
|
+
configurable: true
|
|
96
|
+
});
|
|
100
97
|
|
|
101
98
|
if (!this.$$privateKey) {
|
|
102
99
|
this.$$privateKey = readPrivateKey(this.serverCertificateManager.privateKey);
|
|
@@ -112,7 +109,7 @@ async function install(this: OPCUAServerPartial): Promise<void> {
|
|
|
112
109
|
const fqdn = await getFullyQualifiedDomainName();
|
|
113
110
|
const ipAddresses = await getIpAddresses();
|
|
114
111
|
|
|
115
|
-
const applicationUri = (this.serverInfo ? this.serverInfo
|
|
112
|
+
const applicationUri = (this.serverInfo ? this.serverInfo.applicationUri : null) || "uri:MISSING";
|
|
116
113
|
|
|
117
114
|
const options = {
|
|
118
115
|
applicationUri,
|
|
@@ -120,7 +117,7 @@ async function install(this: OPCUAServerPartial): Promise<void> {
|
|
|
120
117
|
dns: [fqdn],
|
|
121
118
|
ip: ipAddresses,
|
|
122
119
|
|
|
123
|
-
subject:
|
|
120
|
+
subject: `/CN=${applicationUri};/L=Paris`,
|
|
124
121
|
|
|
125
122
|
startDate: new Date(),
|
|
126
123
|
|
|
@@ -130,7 +127,7 @@ async function install(this: OPCUAServerPartial): Promise<void> {
|
|
|
130
127
|
outputFile: certificateFile
|
|
131
128
|
};
|
|
132
129
|
|
|
133
|
-
debugLog("creating self signed certificate", options);
|
|
130
|
+
doDebug && debugLog("creating self signed certificate", options);
|
|
134
131
|
await this.serverCertificateManager.createSelfSignedCertificate(options);
|
|
135
132
|
}
|
|
136
133
|
const certificatePEM = await readFile(certificateFile, "utf8");
|
|
@@ -154,9 +151,9 @@ function getPrivateKeyEP(this: OPCUAServerEndPoint): PrivateKey {
|
|
|
154
151
|
}
|
|
155
152
|
|
|
156
153
|
async function onCertificateAboutToChange(server: OPCUAServer) {
|
|
157
|
-
debugLog(chalk.yellow(" onCertificateAboutToChange => Suspending End points"));
|
|
154
|
+
doDebug && debugLog(chalk.yellow(" onCertificateAboutToChange => Suspending End points"));
|
|
158
155
|
await server.suspendEndPoints();
|
|
159
|
-
debugLog(chalk.yellow(" onCertificateAboutToChange => End points suspended"));
|
|
156
|
+
doDebug && debugLog(chalk.yellow(" onCertificateAboutToChange => End points suspended"));
|
|
160
157
|
}
|
|
161
158
|
|
|
162
159
|
/**
|
|
@@ -169,9 +166,9 @@ async function onCertificateAboutToChange(server: OPCUAServer) {
|
|
|
169
166
|
* @param server
|
|
170
167
|
*/
|
|
171
168
|
async function onCertificateChange(server: OPCUAServer) {
|
|
172
|
-
debugLog("on CertificateChanged");
|
|
169
|
+
doDebug && debugLog("on CertificateChanged");
|
|
173
170
|
|
|
174
|
-
const _server = server as
|
|
171
|
+
const _server = server as unknown as OPCUAServerPartial;
|
|
175
172
|
|
|
176
173
|
_server.$$privateKey = readPrivateKey(server.serverCertificateManager.privateKey);
|
|
177
174
|
const certificateFile = path.join(server.serverCertificateManager.rootDir, "own/certs/certificate.pem");
|
|
@@ -188,19 +185,17 @@ async function onCertificateChange(server: OPCUAServer) {
|
|
|
188
185
|
|
|
189
186
|
setTimeout(async () => {
|
|
190
187
|
try {
|
|
191
|
-
debugLog(chalk.yellow(" onCertificateChange => shutting down channels"));
|
|
188
|
+
doDebug && debugLog(chalk.yellow(" onCertificateChange => shutting down channels"));
|
|
192
189
|
await server.shutdownChannels();
|
|
193
|
-
debugLog(chalk.yellow(" onCertificateChange => channels shut down"));
|
|
190
|
+
doDebug && debugLog(chalk.yellow(" onCertificateChange => channels shut down"));
|
|
194
191
|
|
|
195
|
-
debugLog(chalk.yellow(" onCertificateChange => resuming end points"));
|
|
192
|
+
doDebug && debugLog(chalk.yellow(" onCertificateChange => resuming end points"));
|
|
196
193
|
await server.resumeEndPoints();
|
|
197
|
-
debugLog(chalk.yellow(" onCertificateChange => end points resumed"));
|
|
194
|
+
doDebug && debugLog(chalk.yellow(" onCertificateChange => end points resumed"));
|
|
198
195
|
|
|
199
196
|
debugLog(chalk.yellow("channels have been closed -> client should reconnect "));
|
|
200
197
|
} catch (err) {
|
|
201
|
-
|
|
202
|
-
errorLog("Error in CertificateChanged handler ", err.message);
|
|
203
|
-
}
|
|
198
|
+
errorLog("Error in CertificateChanged handler ", (err as Error).message);
|
|
204
199
|
debugLog("err = ", err);
|
|
205
200
|
}
|
|
206
201
|
}, 2000);
|
|
@@ -209,6 +204,12 @@ async function onCertificateChange(server: OPCUAServer) {
|
|
|
209
204
|
interface UAServerConfigurationEx extends UAServerConfiguration {
|
|
210
205
|
$pushCertificateManager: PushCertificateManagerServerImpl;
|
|
211
206
|
}
|
|
207
|
+
|
|
208
|
+
type OPCUAServerEndPointEx = typeof OPCUAServerEndPoint & {
|
|
209
|
+
_certificateChain: Buffer | null;
|
|
210
|
+
_privateKey: PrivateKey | null;
|
|
211
|
+
};
|
|
212
|
+
|
|
212
213
|
export async function installPushCertificateManagementOnServer(server: OPCUAServer): Promise<void> {
|
|
213
214
|
if (!server.engine || !server.engine.addressSpace) {
|
|
214
215
|
throw new Error(
|
|
@@ -216,14 +217,14 @@ export async function installPushCertificateManagementOnServer(server: OPCUAServ
|
|
|
216
217
|
"you need to call installPushCertificateManagementOnServer after server has been initialized"
|
|
217
218
|
);
|
|
218
219
|
}
|
|
219
|
-
await install.call(server as
|
|
220
|
+
await install.call(server as unknown as OPCUAServerPartial);
|
|
220
221
|
|
|
221
222
|
server.getCertificate = getCertificate;
|
|
222
223
|
server.getCertificateChain = getCertificateChain;
|
|
223
224
|
server.getPrivateKey = getPrivateKey;
|
|
224
225
|
|
|
225
226
|
for (const endpoint of server.endpoints) {
|
|
226
|
-
const endpointPriv = endpoint as
|
|
227
|
+
const endpointPriv: OPCUAServerEndPointEx = endpoint as unknown as OPCUAServerEndPointEx;
|
|
227
228
|
endpointPriv._certificateChain = null;
|
|
228
229
|
endpointPriv._privateKey = null;
|
|
229
230
|
|
|
@@ -231,9 +232,9 @@ export async function installPushCertificateManagementOnServer(server: OPCUAServ
|
|
|
231
232
|
endpoint.getPrivateKey = getPrivateKeyEP;
|
|
232
233
|
|
|
233
234
|
for (const e of endpoint.endpointDescriptions()) {
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
235
|
+
Object.defineProperty(e, "serverCertificate", {
|
|
236
|
+
get: () => endpoint.getCertificate(),
|
|
237
|
+
configurable: true
|
|
237
238
|
});
|
|
238
239
|
}
|
|
239
240
|
}
|
|
@@ -242,25 +243,25 @@ export async function installPushCertificateManagementOnServer(server: OPCUAServ
|
|
|
242
243
|
applicationGroup: server.serverCertificateManager,
|
|
243
244
|
userTokenGroup: server.userCertificateManager,
|
|
244
245
|
|
|
245
|
-
applicationUri: server.serverInfo.applicationUri
|
|
246
|
+
applicationUri: server.serverInfo.applicationUri || "InvalidURI"
|
|
246
247
|
});
|
|
247
248
|
|
|
248
|
-
const serverConfiguration = server.engine.addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration")
|
|
249
|
+
const serverConfiguration = server.engine.addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
|
|
249
250
|
const serverConfigurationPriv = serverConfiguration as UAServerConfigurationEx;
|
|
250
251
|
assert(serverConfigurationPriv.$pushCertificateManager);
|
|
251
252
|
|
|
252
253
|
serverConfigurationPriv.$pushCertificateManager.on("CertificateAboutToChange", (actionQueue: ActionQueue) => {
|
|
253
254
|
actionQueue.push(async (): Promise<void> => {
|
|
254
|
-
debugLog("CertificateAboutToChange Event received");
|
|
255
|
+
doDebug && debugLog("CertificateAboutToChange Event received");
|
|
255
256
|
await onCertificateAboutToChange(server);
|
|
256
|
-
debugLog("CertificateAboutToChange Event processed");
|
|
257
|
+
doDebug && debugLog("CertificateAboutToChange Event processed");
|
|
257
258
|
});
|
|
258
259
|
});
|
|
259
260
|
serverConfigurationPriv.$pushCertificateManager.on("CertificateChanged", (actionQueue: ActionQueue) => {
|
|
260
261
|
actionQueue.push(async (): Promise<void> => {
|
|
261
|
-
debugLog("CertificateChanged Event received");
|
|
262
|
+
doDebug && debugLog("CertificateChanged Event received");
|
|
262
263
|
await onCertificateChange(server);
|
|
263
|
-
debugLog("CertificateChanged Event processed");
|
|
264
|
+
doDebug && debugLog("CertificateChanged Event processed");
|
|
264
265
|
});
|
|
265
266
|
});
|
|
266
267
|
}
|