node-opcua-server-configuration 2.163.0 → 2.164.2

package/dist/index.js

@@ -1,28 +1,14 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
 /**
  * @module node-opcua-server-configuration
  */
 // export * from "./trust_list_impl";
-__exportStar(require("./push_certificate_manager"), exports);
-__exportStar(require("./clientTools/push_certificate_management_client"), exports);
-__exportStar(require("./standard_certificate_types"), exports);
-__exportStar(require("./server/install_push_certitifate_management"), exports);
-__exportStar(require("./server/push_certificate_manager_server_impl"), exports);
-__exportStar(require("./server/push_certificate_manager_helpers"), exports);
-__exportStar(require("./server/promote_trust_list"), exports);
+export * from "./clientTools/certificate_types.js";
+export * from "./clientTools/push_certificate_management_client.js";
+export * from "./push_certificate_manager.js";
+export * from "./server/install_push_certitifate_management.js";
+export * from "./server/promote_trust_list.js";
+export * from "./server/push_certificate_manager/subject_to_string.js";
+export * from "./server/push_certificate_manager_helpers.js";
+export * from "./server/push_certificate_manager_server_impl.js";
+export * from "./standard_certificate_types.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../source/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA;;GAEG;AACH,qCAAqC;AACrC,6DAA2C;AAC3C,mFAAiE;AACjE,+DAA6C;AAE7C,+EAA6D;AAC7D,gFAA8D;AAC9D,4EAA0D;AAC1D,8DAA4C"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../source/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qCAAqC;AAErC,cAAc,oCAAoC,CAAC;AACnD,cAAc,qDAAqD,CAAC;AACpE,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iDAAiD,CAAC;AAChE,cAAc,gCAAgC,CAAC;AAC/C,cAAc,wDAAwD,CAAC;AACvE,cAAc,8CAA8C,CAAC;AAC7D,cAAc,kDAAkD,CAAC;AACjE,cAAc,iCAAiC,CAAC"}

package/dist/push_certificate_manager.d.ts

@@ -1,9 +1,9 @@
 /**
  * @module node-opcua-server-configuration
  */
-import { ByteString, UAString } from "node-opcua-basic-types";
-import { NodeId } from "node-opcua-nodeid";
-import { StatusCode } from "node-opcua-status-code";
+import type { ByteString, UAString } from "node-opcua-basic-types";
+import type { NodeId } from "node-opcua-nodeid";
+import type { StatusCode } from "node-opcua-status-code";
 export interface CreateSigningRequestResult {
     statusCode: StatusCode;
     certificateSigningRequest?: Buffer;
@@ -58,7 +58,7 @@ export interface PushCertificateManager {
      * BadSecurityChecksFailed      Some failure occurred verifying the integrity of the Certificate.
      *
      */
-    updateCertificate(certificateGroupId: NodeId | string, certificateTypeId: NodeId | string, certificate: ByteString, issuerCertificates: ByteString[], privateKeyFormat: UAString, privateKey: ByteString): Promise<UpdateCertificateResult>;
+    updateCertificate(certificateGroupId: NodeId | string, certificateTypeId: NodeId | string, certificate: ByteString, issuerCertificates: ByteString[], privateKeyFormat?: UAString, privateKey?: ByteString): Promise<UpdateCertificateResult>;
     /**
      * The ApplyChanges Method is used to apply any security related changes if the Server sets
      * the applyChangesRequired flag when another Method is called. Servers should minimize the

package/dist/push_certificate_manager.js

@@ -1,3 +1,2 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
+export {};
 //# sourceMappingURL=push_certificate_manager.js.map

package/dist/server/certificate_validation.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @module node-opcua-server-configuration-server
+ */
+import type { ByteString } from "node-opcua-basic-types";
+import type { OPCUACertificateManager } from "node-opcua-certificate-manager";
+import { type StatusCode } from "node-opcua-status-code";
+/**
+ * Validates the certificate and its issuer chain, including parsing, date validity,
+ * chain verification, and trust verification.
+ * @returns Object with statusCode. If Good, also contains the concatenated certificateChain.
+ */
+export declare function validateCertificateAndChain(certificateManager: OPCUACertificateManager, isApplicationGroup: boolean, certificate: Buffer, issuerCertificates: ByteString[] | null | undefined): Promise<{
+    statusCode: StatusCode;
+    certificateChain?: Buffer;
+}>;

package/dist/server/certificate_validation.js

@@ -0,0 +1,76 @@
+import { exploreCertificate, verifyCertificateChain } from "node-opcua-crypto/web";
+import { make_errorLog, make_warningLog } from "node-opcua-debug";
+import { StatusCodes } from "node-opcua-status-code";
+const warningLog = make_warningLog("ServerConfiguration");
+const errorLog = make_errorLog("ServerConfiguration");
+/**
+ * Validates the certificate and its issuer chain, including parsing, date validity,
+ * chain verification, and trust verification.
+ * @returns Object with statusCode. If Good, also contains the concatenated certificateChain.
+ */
+export async function validateCertificateAndChain(certificateManager, isApplicationGroup, certificate, issuerCertificates) {
+    let certInfo;
+    try {
+        certInfo = exploreCertificate(certificate);
+    }
+    catch (err) {
+        errorLog("Cannot parse certificate:", err.message);
+        return { statusCode: StatusCodes.BadCertificateInvalid };
+    }
+    const issuerCertBuffers = (issuerCertificates || []).filter((cert) => {
+        return Buffer.isBuffer(cert) && cert.length > 0;
+    });
+    if ((issuerCertificates || []).length !== issuerCertBuffers.length) {
+        warningLog("issuerCertificates contains invalid entries");
+        return { statusCode: StatusCodes.BadCertificateInvalid };
+    }
+    for (const issuerCert of issuerCertBuffers) {
+        try {
+            const issuerInfo = exploreCertificate(issuerCert);
+            const nowIssuer = new Date();
+            if (issuerInfo.tbsCertificate.validity.notBefore.getTime() > nowIssuer.getTime()) {
+                warningLog("Issuer certificate is not yet valid");
+                return { statusCode: StatusCodes.BadSecurityChecksFailed };
+            }
+            if (issuerInfo.tbsCertificate.validity.notAfter.getTime() < nowIssuer.getTime()) {
+                warningLog("Issuer certificate is out of date");
+                return { statusCode: StatusCodes.BadSecurityChecksFailed };
+            }
+        }
+        catch (err) {
+            errorLog("Cannot parse issuer certificate:", err.message);
+            return { statusCode: StatusCodes.BadCertificateInvalid };
+        }
+    }
+    if (issuerCertBuffers.length > 0) {
+        const chainCheck = await verifyCertificateChain([certificate, ...issuerCertBuffers]);
+        if (chainCheck.status !== "Good") {
+            warningLog("Issuer chain validation failed:", chainCheck.status, chainCheck.reason);
+            return { statusCode: StatusCodes.BadSecurityChecksFailed };
+        }
+    }
+    const certificateChain = Buffer.concat([certificate, ...issuerCertBuffers]);
+    // Trust validation is only relevant for client certificates, not the server's own certificate
+    if (!isApplicationGroup) {
+        if (certificateManager.verifyCertificate) {
+            const status = await certificateManager.verifyCertificate(certificateChain, {
+                acceptCertificateWithValidIssuerChain: true
+            });
+            if (status !== "Good") {
+                warningLog("Certificate trust validation failed:", status);
+                return { statusCode: StatusCodes.BadSecurityChecksFailed };
+            }
+        }
+    }
+    const now = new Date();
+    if (certInfo.tbsCertificate.validity.notBefore.getTime() > now.getTime()) {
+        warningLog("Certificate is not yet valid : not before ", certInfo.tbsCertificate.validity.notBefore.toISOString(), "now = ", now.toISOString());
+        return { statusCode: StatusCodes.BadSecurityChecksFailed };
+    }
+    if (certInfo.tbsCertificate.validity.notAfter.getTime() < now.getTime()) {
+        warningLog("Certificate is already out of date : not after ", certInfo.tbsCertificate.validity.notAfter.toISOString(), "now = ", now.toISOString());
+        return { statusCode: StatusCodes.BadSecurityChecksFailed };
+    }
+    return { statusCode: StatusCodes.Good, certificateChain };
+}
+//# sourceMappingURL=certificate_validation.js.map

package/dist/server/certificate_validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"certificate_validation.js","sourceRoot":"","sources":["../../source/server/certificate_validation.ts"],"names":[],"mappings":"AAKA,OAAO,EAA6B,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC9G,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAmB,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAEtE,MAAM,UAAU,GAAG,eAAe,CAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AAEtD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC7C,kBAA2C,EAC3C,kBAA2B,EAC3B,WAAmB,EACnB,kBAAmD;IAEnD,IAAI,QAA8B,CAAC;IACnC,IAAI,CAAC;QACD,QAAQ,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,2BAA2B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC9D,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAC7D,CAAC;IAED,MAAM,iBAAiB,GAAG,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAkB,EAAE;QACjF,OAAO,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EAAE,CAAC;QACjE,UAAU,CAAC,6CAA6C,CAAC,CAAC;QAC1D,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAC7D,CAAC;IAED,KAAK,MAAM,UAAU,IAAI,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC;YACD,MAAM,UAAU,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;YAC7B,IAAI,UAAU,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC/E,UAAU,CAAC,qCAAqC,CAAC,CAAC;gBAClD,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,uBAAuB,EAAE,CAAC;YAC/D,CAAC;YACD,IAAI,UAAU,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC9E,UAAU,CAAC,mCAAmC,CAAC,CAAC;gBAChD,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,uBAAuB,EAAE,CAAC;YAC/D,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,kCAAkC,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACrE,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,qBAAqB,EAAE,CAAC;QAC7D,CAAC;IACL,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,CAAC,WAAW,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC;QACrF,IAAI,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC/B,UAAU,CAAC,iCAAiC,EAAE,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;YACpF,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,uBAAuB,EAAE,CAAC;QAC/D,CAAC;IACL,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,GAAG,iBAAiB,CAAC,CAAC,CAAC;IAE5E,8FAA8F;IAC9F,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACtB,IAAI,kBAAkB,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CAAC,gBAAgB,EAAE;gBACxE,qCAAqC,EAAE,IAAI;aAC9C,CAAC,CAAC;YACH,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;gBACpB,UAAU,CAAC,sCAAsC,EAAE,MAAM,CAAC,CAAC;gBAC3D,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,uBAAuB,EAAE,CAAC;YAC/D,CAAC;QACL,CAAC;IACL,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;QACvE,UAAU,CACN,4CAA4C,EAC5C,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,EACxD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;QACF,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,uBAAuB,EAAE,CAAC;IAC/D,CAAC;IACD,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;QACtE,UAAU,CACN,iDAAiD,EACjD,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,EACvD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;QACF,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,uBAAuB,EAAE,CAAC;IAC/D,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,IAAI,EAAE,gBAAgB,EAAE,CAAC;AAC9D,CAAC"}

package/dist/server/file_transaction_manager.d.ts

@@ -0,0 +1,30 @@
+/**
+ * @module node-opcua-server-configuration-server
+ */
+type Functor = () => Promise<void>;
+export declare class FileTransactionManager {
+    #private;
+    /**
+     * Gets or initializes the underlying temporary directory for the transaction.
+     */
+    getTmpDir(): Promise<string>;
+    /**
+     * Stages a file for writing during the transaction.
+     * Writes the content to a temporary location and registers
+     * a move operation to atomically place it at destinationPath upon applyFileOps().
+     */
+    stageFile(destinationPath: string, content: Buffer | string, encoding?: BufferEncoding): Promise<void>;
+    addFileOp(functor: Functor): void;
+    addCleanupTask(functor: Functor): void;
+    get pendingTasksCount(): number;
+    /**
+     * Abort the current transaction by clearing pending file operations
+     * and deleting the temporary staging folder.
+     */
+    abortTransaction(): Promise<void>;
+    /**
+     * Commit the transaction by executing all pending file operations.
+     */
+    applyFileOps(): Promise<void>;
+}
+export {};

package/dist/server/file_transaction_manager.js

@@ -0,0 +1,223 @@
+/**
+ * @module node-opcua-server-configuration-server
+ */
+import crypto from "node:crypto";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { make_debugLog, make_errorLog, make_warningLog } from "node-opcua-debug";
+const debugLog = make_debugLog("ServerConfiguration");
+const errorLog = make_errorLog("ServerConfiguration");
+const warningLog = make_warningLog("ServerConfiguration");
+async function _copyFile(source, dest) {
+    try {
+        debugLog("copying file \n source ", source, "\n =>\n dest ", dest);
+        const sourceExist = fs.existsSync(source);
+        if (sourceExist) {
+            await fs.promises.copyFile(source, dest);
+        }
+    }
+    catch (err) {
+        errorLog(err);
+    }
+}
+async function _deleteFile(file) {
+    try {
+        const exists = fs.existsSync(file);
+        if (exists) {
+            debugLog("deleting file ", file);
+            await fs.promises.unlink(file);
+        }
+    }
+    catch (err) {
+        errorLog(err);
+    }
+}
+async function _moveFile(source, dest) {
+    debugLog("moving file file \n source ", source, "\n =>\n dest ", dest);
+    try {
+        await _copyFile(source, dest);
+        await _deleteFile(source);
+    }
+    catch (err) {
+        errorLog(err);
+    }
+}
+async function _moveFileWithBackup(source, dest, backupPath) {
+    // let make a copy of the destination file
+    debugLog("moveFileWithBackup file \n source ", source, "\n =>\n dest ", dest);
+    await _copyFile(dest, backupPath);
+    await _moveFile(source, dest);
+}
+export class FileTransactionManager {
+    #pendingFileOps = [];
+    #cleanupTasks = [];
+    #backupFiles = new Map();
+    #tmpdir;
+    /**
+     * Gets or initializes the underlying temporary directory for the transaction.
+     */
+    async getTmpDir() {
+        if (!this.#tmpdir) {
+            const tempBase = path.join(os.tmpdir(), "node-opcua-tx-");
+            this.#tmpdir = await fs.promises.mkdtemp(tempBase);
+        }
+        return this.#tmpdir;
+    }
+    /**
+     * Stages a file for writing during the transaction.
+     * Writes the content to a temporary location and registers
+     * a move operation to atomically place it at destinationPath upon applyFileOps().
+     */
+    async stageFile(destinationPath, content, encoding) {
+        // ensure tmpdir exists
+        const tmpDir = await this.getTmpDir();
+        const uniqueFileName = `${crypto.randomBytes(16).toString("hex")}.tmp`;
+        const tempFilePath = path.join(tmpDir, uniqueFileName);
+        if (encoding) {
+            await fs.promises.writeFile(tempFilePath, content, encoding);
+        }
+        else {
+            await fs.promises.writeFile(tempFilePath, content);
+        }
+        this.addFileOp(() => this.#moveFileWithBackupTracked(tempFilePath, destinationPath));
+    }
+    addFileOp(functor) {
+        this.#pendingFileOps.push(functor);
+    }
+    addCleanupTask(functor) {
+        this.#cleanupTasks.push(functor);
+    }
+    get pendingTasksCount() {
+        return this.#pendingFileOps.length;
+    }
+    /**
+     * Abort the current transaction by clearing pending file operations
+     * and deleting the temporary staging folder.
+     */
+    async abortTransaction() {
+        this.#pendingFileOps.length = 0;
+        await this.#executeCleanupTasks();
+        await this.#cleanupTempFolder();
+    }
+    /**
+     * Move file with backup and track the backup for potential rollback.
+     * This method creates a backup of the destination file and tracks it
+     * so it can be restored if the transaction fails.
+     */
+    async #moveFileWithBackupTracked(source, dest) {
+        const tmpDir = await this.getTmpDir();
+        const uniqueFileName = `${crypto.randomBytes(16).toString("hex")}_backup.tmp`;
+        const backupPath = path.join(tmpDir, uniqueFileName);
+        // Track the backup before creating it
+        this.#backupFiles.set(dest, backupPath);
+        // Perform the actual move with backup
+        await _moveFileWithBackup(source, dest, backupPath);
+    }
+    /**
+     * Commit the transaction by executing all pending file operations.
+     */
+    async applyFileOps() {
+        debugLog("start applyFileOps");
+        const fileOperation = this.#pendingFileOps.splice(0);
+        try {
+            while (fileOperation.length) {
+                const op = fileOperation.shift();
+                await op?.();
+            }
+            debugLog("end applyFileOps");
+            // Transaction successful - clean up backup files
+            await this.#cleanupBackupFiles();
+            await this.#executeCleanupTasks();
+            await this.#cleanupTempFolder();
+        }
+        catch (err) {
+            errorLog("Error during applyFileOps:", err.message);
+            errorLog("Rolling back transaction to restore previous certificate state");
+            // Rollback: restore all backup files to their original locations
+            try {
+                await this.#rollbackTransaction();
+                debugLog("Transaction rollback successful");
+            }
+            catch (rollbackErr) {
+                errorLog("Critical: Rollback failed:", rollbackErr.message);
+                errorLog("Certificate state may be inconsistent - manual intervention required");
+            }
+            // Clear backup tracking after rollback
+            this.#backupFiles.clear();
+            await this.#executeCleanupTasks();
+            await this.#cleanupTempFolder();
+            throw err;
+        }
+    }
+    /**
+     * Rollback the transaction by restoring all backup files.
+     * This restores files from their *_old backups to recover the previous state.
+     */
+    async #rollbackTransaction() {
+        debugLog("Rolling back transaction, restoring", this.#backupFiles.size, "backup files");
+        const rollbackPromises = [];
+        for (const [dest, backupPath] of this.#backupFiles.entries()) {
+            rollbackPromises.push((async () => {
+                try {
+                    // Check if backup exists before trying to restore
+                    if (fs.existsSync(backupPath)) {
+                        debugLog("Restoring backup:", backupPath, "to", dest);
+                        await _copyFile(backupPath, dest);
+                        // Delete backup immediately after restoration
+                        await _deleteFile(backupPath);
+                    }
+                }
+                catch (err) {
+                    errorLog("Error restoring backup file", backupPath, "to", dest, ":", err.message);
+                }
+            })());
+        }
+        await Promise.all(rollbackPromises);
+        debugLog("Transaction rollback completed");
+    }
+    /**
+     * Clean up backup files after successful transaction.
+     * Removes all *_old backup files that were created during the transaction.
+     */
+    async #cleanupBackupFiles() {
+        debugLog("Cleaning up", this.#backupFiles.size, "backup files");
+        const cleanupPromises = [];
+        for (const backupPath of this.#backupFiles.values()) {
+            cleanupPromises.push(_deleteFile(backupPath).catch((err) => {
+                warningLog("Failed to delete backup file", backupPath, ":", err);
+            }));
+        }
+        await Promise.all(cleanupPromises);
+        this.#backupFiles.clear();
+    }
+    /**
+     * Clean up the temporary transaction folder.
+     */
+    async #cleanupTempFolder() {
+        if (this.#tmpdir) {
+            try {
+                await fs.promises.rm(this.#tmpdir, { recursive: true, force: true });
+            }
+            catch (err) {
+                warningLog("Failed to delete temporary transaction folder", this.#tmpdir, ":", err);
+            }
+            finally {
+                this.#tmpdir = undefined;
+            }
+        }
+    }
+    async #executeCleanupTasks() {
+        debugLog("Executing cleanup tasks");
+        const tasks = this.#cleanupTasks.splice(0);
+        for (const task of tasks) {
+            try {
+                await task();
+            }
+            catch (err) {
+                errorLog("Error during cleanup task:", err.message);
+            }
+        }
+    }
+}
+//# sourceMappingURL=file_transaction_manager.js.map

package/dist/server/file_transaction_manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file_transaction_manager.js","sourceRoot":"","sources":["../../source/server/file_transaction_manager.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEjF,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,eAAe,CAAC,qBAAqB,CAAC,CAAC;AAI1D,KAAK,UAAU,SAAS,CAAC,MAAc,EAAE,IAAY;IACjD,IAAI,CAAC;QACD,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,WAAW,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAY;IACnC,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,MAAM,EAAE,CAAC;YACT,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,MAAc,EAAE,IAAY;IACjD,QAAQ,CAAC,6BAA6B,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IACvE,IAAI,CAAC;QACD,MAAM,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC9B,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,MAAc,EAAE,IAAY,EAAE,UAAkB;IAC/E,0CAA0C;IAC1C,QAAQ,CAAC,oCAAoC,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAClC,MAAM,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,OAAO,sBAAsB;IACtB,eAAe,GAAc,EAAE,CAAC;IAChC,aAAa,GAAc,EAAE,CAAC;IAC9B,YAAY,GAAwB,IAAI,GAAG,EAAE,CAAC;IACvD,OAAO,CAAU;IAEjB;;OAEG;IACI,KAAK,CAAC,SAAS;QAClB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,gBAAgB,CAAC,CAAC;YAC1D,IAAI,CAAC,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,SAAS,CAAC,eAAuB,EAAE,OAAwB,EAAE,QAAyB;QAC/F,uBAAuB;QACvB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QAEtC,MAAM,cAAc,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC;QACvE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAEvD,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,YAAY,EAAE,OAAiB,EAAE,QAAQ,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACJ,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,0BAA0B,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,CAAC;IACzF,CAAC;IAEM,SAAS,CAAC,OAAgB;QAC7B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAEM,cAAc,CAAC,OAAgB;QAClC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,IAAW,iBAAiB;QACxB,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;IACvC,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,gBAAgB;QACzB,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC;QAChC,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAClC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACpC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,0BAA0B,CAAC,MAAc,EAAE,IAAY;QACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,cAAc,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC;QAC9E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;QAErD,sCAAsC;QACtC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAExC,sCAAsC;QACtC,MAAM,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,YAAY;QACrB,QAAQ,CAAC,oBAAoB,CAAC,CAAC;QAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAErD,IAAI,CAAC;YACD,OAAO,aAAa,CAAC,MAAM,EAAE,CAAC;gBAC1B,MAAM,EAAE,GAAG,aAAa,CAAC,KAAK,EAAE,CAAC;gBACjC,MAAM,EAAE,EAAE,EAAE,CAAC;YACjB,CAAC;YACD,QAAQ,CAAC,kBAAkB,CAAC,CAAC;YAE7B,iDAAiD;YACjD,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,4BAA4B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC/D,QAAQ,CAAC,gEAAgE,CAAC,CAAC;YAE3E,iEAAiE;YACjE,IAAI,CAAC;gBACD,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAClC,QAAQ,CAAC,iCAAiC,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,WAAW,EAAE,CAAC;gBACnB,QAAQ,CAAC,4BAA4B,EAAG,WAAqB,CAAC,OAAO,CAAC,CAAC;gBACvE,QAAQ,CAAC,sEAAsE,CAAC,CAAC;YACrF,CAAC;YAED,uCAAuC;YACvC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YAC1B,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAClC,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAEhC,MAAM,GAAG,CAAC;QACd,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,oBAAoB;QACtB,QAAQ,CAAC,qCAAqC,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QAExF,MAAM,gBAAgB,GAAoB,EAAE,CAAC;QAE7C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3D,gBAAgB,CAAC,IAAI,CACjB,CAAC,KAAK,IAAI,EAAE;gBACR,IAAI,CAAC;oBACD,kDAAkD;oBAClD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;wBAC5B,QAAQ,CAAC,mBAAmB,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;wBACtD,MAAM,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;wBAClC,8CAA8C;wBAC9C,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;oBAClC,CAAC;gBACL,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACX,QAAQ,CAAC,6BAA6B,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;gBACjG,CAAC;YACL,CAAC,CAAC,EAAE,CACP,CAAC;QACN,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACpC,QAAQ,CAAC,gCAAgC,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,mBAAmB;QACrB,QAAQ,CAAC,aAAa,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QAEhE,MAAM,eAAe,GAAoB,EAAE,CAAC;QAE5C,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YAClD,eAAe,CAAC,IAAI,CAChB,WAAW,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBAClC,UAAU,CAAC,8BAA8B,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YACrE,CAAC,CAAC,CACL,CAAC;QACN,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QACnC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,IAAI,CAAC;gBACD,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACzE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,UAAU,CAAC,+CAA+C,EAAE,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YACxF,CAAC;oBAAS,CAAC;gBACP,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;YAC7B,CAAC;QACL,CAAC;IACL,CAAC;IAED,KAAK,CAAC,oBAAoB;QACtB,QAAQ,CAAC,yBAAyB,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACvB,IAAI,CAAC;gBACD,MAAM,IAAI,EAAE,CAAC;YACjB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,QAAQ,CAAC,4BAA4B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACnE,CAAC;QACL,CAAC;IACL,CAAC;CACJ"}

package/dist/server/install_certificate_file_watcher.d.ts

@@ -1,4 +1,4 @@
-import { UAObject } from "node-opcua-address-space-base";
+import type { UAObject } from "node-opcua-address-space-base";
 export interface ChangeDetector {
     on(eventName: "certificateChange", handler: () => void): this;
 }

package/dist/server/install_certificate_file_watcher.js

@@ -1,16 +1,10 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.installCertificateFileWatcher = installCertificateFileWatcher;
-const fs_1 = __importDefault(require("fs"));
-const path_1 = __importDefault(require("path"));
-const node_opcua_debug_1 = require("node-opcua-debug");
-const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
-function installCertificateFileWatcher(node, certificateFile) {
-    const fileToWatch = path_1.default.basename(certificateFile);
-    const fsWatcher = fs_1.default.watch(path_1.default.dirname(certificateFile), { persistent: false }, (eventType, filename) => {
+import fs from "node:fs";
+import path from "node:path";
+import { make_debugLog } from "node-opcua-debug";
+const debugLog = make_debugLog("ServerConfiguration");
+export function installCertificateFileWatcher(node, certificateFile) {
+    const fileToWatch = path.basename(certificateFile);
+    const fsWatcher = fs.watch(path.dirname(certificateFile), { persistent: false }, (_eventType, filename) => {
         /** */
         if (filename === fileToWatch) {
             debugLog("filename changed = ", filename, fileToWatch);
@@ -18,7 +12,7 @@ function installCertificateFileWatcher(node, certificateFile) {
         }
     });
     const addressSpace = node.addressSpace;
-    addressSpace.registerShutdownTask(() => {
+    addressSpace?.registerShutdownTask(() => {
         fsWatcher.close();
     });
     return node;

package/dist/server/install_certificate_file_watcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"install_certificate_file_watcher.js","sourceRoot":"","sources":["../../source/server/install_certificate_file_watcher.ts"],"names":[],"mappings":";;;;;AAUA,sEAcC;AAxBD,4CAAoB;AACpB,gDAAwB;AAExB,uDAAiD;AAEjD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AAKtD,SAAgB,6BAA6B,CAAC,IAAc,EAAE,eAAuB;IACjF,MAAM,WAAW,GAAG,cAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,YAAE,CAAC,KAAK,CAAC,cAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,EAAE,UAAU,EAAE,KAAK,EAAE,EAAE,CAAC,SAA8B,EAAE,QAAQ,EAAE,EAAE;QAC1H,MAAM;QACN,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC3B,QAAQ,CAAC,qBAAqB,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,MAAM,YAAY,GAAG,IAAI,CAAC,YAAa,CAAC;IACxC,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE;QACnC,SAAS,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,OAAO,IAAiC,CAAC;AAC7C,CAAC"}
+{"version":3,"file":"install_certificate_file_watcher.js","sourceRoot":"","sources":["../../source/server/install_certificate_file_watcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AAKtD,MAAM,UAAU,6BAA6B,CAAC,IAAc,EAAE,eAAuB;IACjF,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CACtB,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAC7B,EAAE,UAAU,EAAE,KAAK,EAAE,EACrB,CAAC,UAA+B,EAAE,QAAQ,EAAE,EAAE;QAC1C,MAAM;QACN,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC3B,QAAQ,CAAC,qBAAqB,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;IACL,CAAC,CACJ,CAAC;IACF,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IACvC,YAAY,EAAE,oBAAoB,CAAC,GAAG,EAAE;QACpC,SAAS,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,OAAO,IAAiC,CAAC;AAC7C,CAAC"}

package/dist/server/install_push_certitifate_management.d.ts

@@ -1,9 +1,9 @@
-import { AddressSpace } from "node-opcua-address-space";
-import { OPCUACertificateManager } from "node-opcua-certificate-manager";
-import { Certificate, PrivateKey } from "node-opcua-crypto/web";
-import { ICertificateKeyPairProviderPriv } from "node-opcua-common";
-import { OPCUAServer } from "node-opcua-server";
-import { ApplicationDescriptionOptions } from "node-opcua-types";
+import type { AddressSpace } from "node-opcua-address-space";
+import type { OPCUACertificateManager } from "node-opcua-certificate-manager";
+import type { ICertificateKeyPairProviderPriv } from "node-opcua-common";
+import { type Certificate, type PrivateKey } from "node-opcua-crypto/web";
+import type { OPCUAServer } from "node-opcua-server";
+import type { ApplicationDescriptionOptions } from "node-opcua-types";
 export interface OPCUAServerPartial extends ICertificateKeyPairProviderPriv {
     serverInfo?: ApplicationDescriptionOptions;
     serverCertificateManager: OPCUACertificateManager;