node-opcua-server-configuration 2.163.0 → 2.164.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/certificate_types.d.ts +17 -0
- package/dist/clientTools/certificate_types.js +20 -0
- package/dist/clientTools/certificate_types.js.map +1 -0
- package/dist/clientTools/get_certificate_key_type.d.ts +6 -0
- package/dist/clientTools/get_certificate_key_type.js +55 -0
- package/dist/clientTools/get_certificate_key_type.js.map +1 -0
- package/dist/clientTools/index.d.ts +2 -1
- package/dist/clientTools/index.js +2 -17
- package/dist/clientTools/index.js.map +1 -1
- package/dist/clientTools/push_certificate_management_client.d.ts +10 -10
- package/dist/clientTools/push_certificate_management_client.js +85 -89
- package/dist/clientTools/push_certificate_management_client.js.map +1 -1
- package/dist/index.d.ts +9 -7
- package/dist/index.js +9 -23
- package/dist/index.js.map +1 -1
- package/dist/push_certificate_manager.d.ts +4 -4
- package/dist/push_certificate_manager.js +1 -2
- package/dist/server/certificate_validation.d.ts +15 -0
- package/dist/server/certificate_validation.js +76 -0
- package/dist/server/certificate_validation.js.map +1 -0
- package/dist/server/file_transaction_manager.d.ts +30 -0
- package/dist/server/file_transaction_manager.js +223 -0
- package/dist/server/file_transaction_manager.js.map +1 -0
- package/dist/server/install_certificate_file_watcher.d.ts +1 -1
- package/dist/server/install_certificate_file_watcher.js +8 -14
- package/dist/server/install_certificate_file_watcher.js.map +1 -1
- package/dist/server/install_push_certitifate_management.d.ts +6 -6
- package/dist/server/install_push_certitifate_management.js +61 -65
- package/dist/server/install_push_certitifate_management.js.map +1 -1
- package/dist/server/promote_trust_list.d.ts +1 -1
- package/dist/server/promote_trust_list.js +323 -82
- package/dist/server/promote_trust_list.js.map +1 -1
- package/dist/server/push_certificate_manager/apply_changes.d.ts +3 -0
- package/dist/server/push_certificate_manager/apply_changes.js +59 -0
- package/dist/server/push_certificate_manager/apply_changes.js.map +1 -0
- package/dist/server/push_certificate_manager/create_signing_request.d.ts +5 -0
- package/dist/server/push_certificate_manager/create_signing_request.js +108 -0
- package/dist/server/push_certificate_manager/create_signing_request.js.map +1 -0
- package/dist/server/push_certificate_manager/get_rejected_list.d.ts +3 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js +46 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js.map +1 -0
- package/dist/server/push_certificate_manager/internal_context.d.ts +35 -0
- package/dist/server/push_certificate_manager/internal_context.js +45 -0
- package/dist/server/push_certificate_manager/internal_context.js.map +1 -0
- package/dist/server/push_certificate_manager/subject_to_string.d.ts +3 -0
- package/dist/server/push_certificate_manager/subject_to_string.js +27 -0
- package/dist/server/push_certificate_manager/subject_to_string.js.map +1 -0
- package/dist/server/push_certificate_manager/update_certificate.d.ts +5 -0
- package/dist/server/push_certificate_manager/update_certificate.js +132 -0
- package/dist/server/push_certificate_manager/update_certificate.js.map +1 -0
- package/dist/server/push_certificate_manager/util.d.ts +29 -0
- package/dist/server/push_certificate_manager/util.js +117 -0
- package/dist/server/push_certificate_manager/util.js.map +1 -0
- package/dist/server/push_certificate_manager_helpers.d.ts +5 -2
- package/dist/server/push_certificate_manager_helpers.js +109 -112
- package/dist/server/push_certificate_manager_helpers.js.map +1 -1
- package/dist/server/push_certificate_manager_server_impl.d.ts +16 -29
- package/dist/server/push_certificate_manager_server_impl.js +49 -437
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -1
- package/dist/server/roles_and_permissions.d.ts +1 -1
- package/dist/server/roles_and_permissions.js +24 -27
- package/dist/server/roles_and_permissions.js.map +1 -1
- package/dist/server/tools.d.ts +1 -1
- package/dist/server/tools.js +7 -13
- package/dist/server/tools.js.map +1 -1
- package/dist/server/trust_list_server.d.ts +2 -2
- package/dist/server/trust_list_server.js +40 -29
- package/dist/server/trust_list_server.js.map +1 -1
- package/dist/standard_certificate_types.js +6 -9
- package/dist/standard_certificate_types.js.map +1 -1
- package/dist/trust_list.d.ts +2 -2
- package/dist/trust_list.js +1 -2
- package/dist/trust_list_impl.js +1 -2
- package/dist/trust_list_impl.js.map +1 -1
- package/package.json +29 -30
- package/source/clientTools/certificate_types.ts +21 -0
- package/source/clientTools/get_certificate_key_type.ts +73 -0
- package/source/clientTools/index.ts +2 -1
- package/source/clientTools/push_certificate_management_client.ts +49 -44
- package/source/index.ts +9 -7
- package/source/push_certificate_manager.ts +15 -17
- package/source/server/certificate_validation.ts +103 -0
- package/source/server/file_transaction_manager.ts +253 -0
- package/source/server/install_certificate_file_watcher.ts +15 -11
- package/source/server/install_push_certitifate_management.ts +52 -51
- package/source/server/promote_trust_list.ts +362 -73
- package/source/server/push_certificate_manager/apply_changes.ts +63 -0
- package/source/server/push_certificate_manager/create_signing_request.ts +137 -0
- package/source/server/push_certificate_manager/get_rejected_list.ts +63 -0
- package/source/server/push_certificate_manager/internal_context.ts +63 -0
- package/source/server/push_certificate_manager/subject_to_string.ts +25 -0
- package/source/server/push_certificate_manager/update_certificate.ts +201 -0
- package/source/server/push_certificate_manager/util.ts +145 -0
- package/source/server/push_certificate_manager_helpers.ts +61 -51
- package/source/server/push_certificate_manager_server_impl.ts +94 -553
- package/source/server/roles_and_permissions.ts +7 -8
- package/source/server/tools.ts +2 -5
- package/source/server/trust_list_server.ts +24 -9
- package/source/standard_certificate_types.ts +2 -3
- package/source/trust_list.ts +26 -33
|
@@ -1,140 +1,63 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.PushCertificateManagerServerImpl = void 0;
|
|
7
|
-
exports.copyFile = copyFile;
|
|
8
|
-
exports.deleteFile = deleteFile;
|
|
9
|
-
exports.moveFile = moveFile;
|
|
10
|
-
exports.moveFileWithBackup = moveFileWithBackup;
|
|
11
|
-
exports.subjectToString = subjectToString;
|
|
12
1
|
/**
|
|
13
2
|
* @module node-opcua-server-configuration-server
|
|
14
3
|
*/
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
const
|
|
26
|
-
|
|
27
|
-
const { readFile, writeFile, readdir } = fs_1.default.promises;
|
|
28
|
-
const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
|
|
29
|
-
const errorLog = (0, node_opcua_debug_1.make_errorLog)("ServerConfiguration");
|
|
30
|
-
const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
|
|
31
|
-
const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
|
|
32
|
-
doDebug;
|
|
33
|
-
const defaultApplicationGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultApplicationGroup");
|
|
34
|
-
const defaultHttpsGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultHttpsGroup");
|
|
35
|
-
const defaultUserTokenGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultUserTokenGroup");
|
|
36
|
-
function findCertificateGroupName(certificateGroupNodeId) {
|
|
37
|
-
if (typeof certificateGroupNodeId === "string") {
|
|
38
|
-
return certificateGroupNodeId;
|
|
39
|
-
}
|
|
40
|
-
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, node_opcua_nodeid_1.NodeId.nullNodeId) || (0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultApplicationGroup)) {
|
|
41
|
-
return "DefaultApplicationGroup";
|
|
42
|
-
}
|
|
43
|
-
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultHttpsGroup)) {
|
|
44
|
-
return "DefaultHttpsGroup";
|
|
45
|
-
}
|
|
46
|
-
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultUserTokenGroup)) {
|
|
47
|
-
return "DefaultUserTokenGroup";
|
|
48
|
-
}
|
|
49
|
-
return "";
|
|
50
|
-
}
|
|
51
|
-
async function copyFile(source, dest) {
|
|
52
|
-
try {
|
|
53
|
-
debugLog("copying file \n source ", source, "\n =>\n dest ", dest);
|
|
54
|
-
const sourceExist = fs_1.default.existsSync(source);
|
|
55
|
-
if (sourceExist) {
|
|
56
|
-
await fs_1.default.promises.copyFile(source, dest);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
catch (err) {
|
|
60
|
-
errorLog(err);
|
|
61
|
-
}
|
|
62
|
-
}
|
|
63
|
-
async function deleteFile(file) {
|
|
64
|
-
try {
|
|
65
|
-
const exists = await fs_1.default.existsSync(file);
|
|
66
|
-
if (exists) {
|
|
67
|
-
debugLog("deleting file ", file);
|
|
68
|
-
await fs_1.default.promises.unlink(file);
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
catch (err) {
|
|
72
|
-
errorLog(err);
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
async function moveFile(source, dest) {
|
|
76
|
-
debugLog("moving file file \n source ", source, "\n =>\n dest ", dest);
|
|
77
|
-
try {
|
|
78
|
-
await copyFile(source, dest);
|
|
79
|
-
await deleteFile(source);
|
|
80
|
-
}
|
|
81
|
-
catch (err) {
|
|
82
|
-
errorLog(err);
|
|
83
|
-
}
|
|
84
|
-
}
|
|
85
|
-
async function moveFileWithBackup(source, dest) {
|
|
86
|
-
// let make a copy of the destination file
|
|
87
|
-
debugLog("moveFileWithBackup file \n source ", source, "\n =>\n dest ", dest);
|
|
88
|
-
await copyFile(dest, dest + "_old");
|
|
89
|
-
await moveFile(source, dest);
|
|
90
|
-
}
|
|
91
|
-
function subjectToString(subject) {
|
|
92
|
-
let s = "";
|
|
93
|
-
subject.commonName && (s += `/CN=${subject.commonName}`);
|
|
94
|
-
subject.country && (s += `/C=${subject.country}`);
|
|
95
|
-
subject.countryName && (s += `/C=${subject.countryName}`);
|
|
96
|
-
subject.domainComponent && (s += `/DC=${subject.domainComponent}`);
|
|
97
|
-
subject.locality && (s += `/L=${subject.locality}`);
|
|
98
|
-
subject.localityName && (s += `/L=${subject.localityName}`);
|
|
99
|
-
subject.organization && (s += `/O=${subject.organization}`);
|
|
100
|
-
subject.organizationName && (s += `/O=${subject.organizationName}`);
|
|
101
|
-
subject.organizationUnitName && (s += `/OU=${subject.organizationUnitName}`);
|
|
102
|
-
subject.state && (s += `/ST=${subject.state}`);
|
|
103
|
-
subject.stateOrProvinceName && (s += `/ST=${subject.stateOrProvinceName}`);
|
|
104
|
-
return s;
|
|
105
|
-
}
|
|
106
|
-
let fileCounter = 0;
|
|
107
|
-
class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
4
|
+
import { EventEmitter } from "node:events";
|
|
5
|
+
import { assert } from "node-opcua-assert";
|
|
6
|
+
import { CertificateManager } from "node-opcua-certificate-manager";
|
|
7
|
+
import { make_errorLog } from "node-opcua-debug";
|
|
8
|
+
import { rsaCertificateTypesArray } from "../clientTools/certificate_types.js";
|
|
9
|
+
import { executeApplyChanges } from "./push_certificate_manager/apply_changes.js";
|
|
10
|
+
import { executeCreateSigningRequest } from "./push_certificate_manager/create_signing_request.js";
|
|
11
|
+
import { executeGetRejectedList } from "./push_certificate_manager/get_rejected_list.js";
|
|
12
|
+
import { PushCertificateManagerInternalContext } from "./push_certificate_manager/internal_context.js";
|
|
13
|
+
import { executeUpdateCertificate } from "./push_certificate_manager/update_certificate.js";
|
|
14
|
+
const errorLog = make_errorLog("ServerConfiguration");
|
|
15
|
+
export class PushCertificateManagerServerImpl extends EventEmitter {
|
|
108
16
|
applicationGroup;
|
|
109
17
|
userTokenGroup;
|
|
110
18
|
httpsGroup;
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
$$actionQueue = [];
|
|
19
|
+
// Use a true private reference (could be upgraded to #context in recent ES)
|
|
20
|
+
_context;
|
|
21
|
+
/** @hidden */
|
|
115
22
|
applicationUri;
|
|
116
23
|
constructor(options) {
|
|
117
24
|
super();
|
|
25
|
+
this._context = new PushCertificateManagerInternalContext(this);
|
|
118
26
|
this.applicationUri = options ? options.applicationUri : "";
|
|
119
27
|
if (options) {
|
|
120
28
|
this.applicationGroup = options.applicationGroup;
|
|
121
29
|
this.userTokenGroup = options.userTokenGroup;
|
|
122
30
|
this.httpsGroup = options.httpsGroup;
|
|
123
31
|
if (this.userTokenGroup) {
|
|
124
|
-
this.
|
|
125
|
-
//
|
|
126
|
-
|
|
32
|
+
this._context.map.DefaultUserTokenGroup = this.userTokenGroup;
|
|
33
|
+
// Store allowed certificate types, or use all known types as default
|
|
34
|
+
this._context.certificateTypes.DefaultUserTokenGroup = options.userTokenGroupCertificateTypes || [
|
|
35
|
+
// [...rsaCertificateTypes, ...eccCertificateTypes];
|
|
36
|
+
...rsaCertificateTypesArray
|
|
37
|
+
]; // FIXME: ECC is not yet supported
|
|
38
|
+
// c8 ignore next
|
|
39
|
+
if (!(this.userTokenGroup instanceof CertificateManager)) {
|
|
127
40
|
errorLog("Expecting this.userTokenGroup to be instanceof CertificateManager :", this.userTokenGroup.constructor.name);
|
|
128
41
|
throw new Error("Expecting this.userTokenGroup to be instanceof CertificateManager ");
|
|
129
42
|
}
|
|
130
43
|
}
|
|
131
44
|
if (this.applicationGroup) {
|
|
132
|
-
this.
|
|
133
|
-
|
|
45
|
+
this._context.map.DefaultApplicationGroup = this.applicationGroup;
|
|
46
|
+
// Store allowed certificate types, or use all known types as default
|
|
47
|
+
this._context.certificateTypes.DefaultApplicationGroup = options.applicationGroupCertificateTypes || [
|
|
48
|
+
// [...rsaCertificateTypes, ...eccCertificateTypes];
|
|
49
|
+
...rsaCertificateTypesArray
|
|
50
|
+
]; // FIXME: ECC is not yet supported
|
|
51
|
+
assert(this.applicationGroup instanceof CertificateManager);
|
|
134
52
|
}
|
|
135
53
|
if (this.httpsGroup) {
|
|
136
|
-
this.
|
|
137
|
-
|
|
54
|
+
this._context.map.DefaultHttpsGroup = this.httpsGroup;
|
|
55
|
+
// Store allowed certificate types, or use all known types as default
|
|
56
|
+
this._context.certificateTypes.DefaultHttpsGroup = options.httpsGroupCertificateTypes || [
|
|
57
|
+
// [...rsaCertificateTypes, ...eccCertificateTypes];
|
|
58
|
+
...rsaCertificateTypesArray
|
|
59
|
+
]; // FIXME: ECC is not yet supported
|
|
60
|
+
assert(this.httpsGroup instanceof CertificateManager);
|
|
138
61
|
}
|
|
139
62
|
}
|
|
140
63
|
}
|
|
@@ -153,277 +76,17 @@ class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
|
153
76
|
return ["PEM"];
|
|
154
77
|
}
|
|
155
78
|
async getSupportedPrivateKeyFormats() {
|
|
156
|
-
return
|
|
79
|
+
return ["PEM"];
|
|
157
80
|
}
|
|
158
81
|
async createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce) {
|
|
159
|
-
|
|
160
|
-
if (!certificateManager) {
|
|
161
|
-
debugLog(" cannot find group ", certificateGroupId);
|
|
162
|
-
return {
|
|
163
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
164
|
-
};
|
|
165
|
-
}
|
|
166
|
-
if (!subjectName) {
|
|
167
|
-
// reuse existing subjectName
|
|
168
|
-
const currentCertificateFilename = path_1.default.join(certificateManager.rootDir, "own/certs/certificate.pem");
|
|
169
|
-
if (!fs_1.default.existsSync(currentCertificateFilename)) {
|
|
170
|
-
errorLog("Cannot find existing certificate to extract subjectName", currentCertificateFilename);
|
|
171
|
-
return {
|
|
172
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidState
|
|
173
|
-
};
|
|
174
|
-
}
|
|
175
|
-
const certificate = (0, node_opcua_crypto_1.readCertificate)(currentCertificateFilename);
|
|
176
|
-
const e = (0, web_1.exploreCertificate)(certificate);
|
|
177
|
-
subjectName = subjectToString(e.tbsCertificate.subject);
|
|
178
|
-
warningLog("reusing existing certificate subjectAltName = ", subjectName);
|
|
179
|
-
}
|
|
180
|
-
// todo : at this time regenerate private key is not supported
|
|
181
|
-
if (regeneratePrivateKey) {
|
|
182
|
-
// The Server shall create a new Private Key which it stores until the
|
|
183
|
-
// matching signed Certificate is uploaded with the UpdateCertificate Method.
|
|
184
|
-
// Previously created Private Keys may be discarded if UpdateCertificate was not
|
|
185
|
-
// called before calling this method again.
|
|
186
|
-
// Additional entropy which the caller shall provide if regeneratePrivateKey is TRUE.
|
|
187
|
-
// It shall be at least 32 bytes long
|
|
188
|
-
if (!nonce || nonce.length < 32) {
|
|
189
|
-
(0, node_opcua_debug_1.make_warningLog)(" nonce should be provided when regeneratePrivateKey is set, and length shall be greater than 32 bytes");
|
|
190
|
-
return {
|
|
191
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
192
|
-
};
|
|
193
|
-
}
|
|
194
|
-
const location = path_1.default.join(certificateManager.rootDir, "tmp");
|
|
195
|
-
if (fs_1.default.existsSync(location)) {
|
|
196
|
-
await rimraf_1.rimraf.rimraf(path_1.default.join(location));
|
|
197
|
-
}
|
|
198
|
-
if (!fs_1.default.existsSync(location)) {
|
|
199
|
-
await fs_1.default.promises.mkdir(location);
|
|
200
|
-
}
|
|
201
|
-
const destCertificateManager = certificateManager;
|
|
202
|
-
const keySize = certificateManager.keySize; // because keySize is private !
|
|
203
|
-
certificateManager = new node_opcua_certificate_manager_1.CertificateManager({
|
|
204
|
-
keySize,
|
|
205
|
-
location
|
|
206
|
-
});
|
|
207
|
-
debugLog("generating a new private key ...");
|
|
208
|
-
await certificateManager.initialize();
|
|
209
|
-
this._tmpCertificateManager = certificateManager;
|
|
210
|
-
this.addPendingTask(async () => {
|
|
211
|
-
await moveFileWithBackup(certificateManager.privateKey, destCertificateManager.privateKey);
|
|
212
|
-
});
|
|
213
|
-
this.addPendingTask(async () => {
|
|
214
|
-
await rimraf_1.rimraf.rimraf(path_1.default.join(location));
|
|
215
|
-
});
|
|
216
|
-
}
|
|
217
|
-
else {
|
|
218
|
-
// The Server uses its existing Private Key
|
|
219
|
-
}
|
|
220
|
-
if (typeof subjectName !== "string") {
|
|
221
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadInternalError };
|
|
222
|
-
}
|
|
223
|
-
const options = {
|
|
224
|
-
applicationUri: this.applicationUri,
|
|
225
|
-
subject: subjectName
|
|
226
|
-
};
|
|
227
|
-
await certificateManager.initialize();
|
|
228
|
-
const csrFile = await certificateManager.createCertificateRequest(options);
|
|
229
|
-
const csrPEM = await readFile(csrFile, "utf8");
|
|
230
|
-
const certificateSigningRequest = (0, web_1.convertPEMtoDER)(csrPEM);
|
|
231
|
-
this.addPendingTask(() => deleteFile(csrFile));
|
|
232
|
-
return {
|
|
233
|
-
certificateSigningRequest,
|
|
234
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
235
|
-
};
|
|
82
|
+
return await executeCreateSigningRequest(this._context, certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
|
|
236
83
|
}
|
|
237
84
|
async getRejectedList() {
|
|
238
|
-
|
|
239
|
-
async function extractRejectedList(group, certificateList) {
|
|
240
|
-
if (!group) {
|
|
241
|
-
return;
|
|
242
|
-
}
|
|
243
|
-
const rejectedFolder = path_1.default.join(group.rootDir, "rejected");
|
|
244
|
-
const files = await readdir(rejectedFolder);
|
|
245
|
-
const stat = fs_1.default.promises.stat;
|
|
246
|
-
const promises1 = [];
|
|
247
|
-
for (const certFile of files) {
|
|
248
|
-
// read date
|
|
249
|
-
promises1.push(stat(path_1.default.join(rejectedFolder, certFile)));
|
|
250
|
-
}
|
|
251
|
-
const stats = await Promise.all(promises1);
|
|
252
|
-
for (let i = 0; i < stats.length; i++) {
|
|
253
|
-
certificateList.push({
|
|
254
|
-
filename: path_1.default.join(rejectedFolder, files[i]),
|
|
255
|
-
stat: stats[i]
|
|
256
|
-
});
|
|
257
|
-
}
|
|
258
|
-
}
|
|
259
|
-
const list = [];
|
|
260
|
-
await extractRejectedList(this.applicationGroup, list);
|
|
261
|
-
await extractRejectedList(this.userTokenGroup, list);
|
|
262
|
-
await extractRejectedList(this.httpsGroup, list);
|
|
263
|
-
// now sort list from newer file to older file
|
|
264
|
-
list.sort((a, b) => b.stat.mtime.getTime() - a.stat.mtime.getTime());
|
|
265
|
-
const promises = [];
|
|
266
|
-
for (const item of list) {
|
|
267
|
-
promises.push(readFile(item.filename, "utf8"));
|
|
268
|
-
}
|
|
269
|
-
const certificatesPEM = await Promise.all(promises);
|
|
270
|
-
const certificates = certificatesPEM.map(web_1.convertPEMtoDER);
|
|
271
|
-
return {
|
|
272
|
-
certificates,
|
|
273
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
274
|
-
};
|
|
85
|
+
return await executeGetRejectedList(this._context);
|
|
275
86
|
}
|
|
276
87
|
// eslint-disable-next-line max-statements
|
|
277
88
|
async updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey) {
|
|
278
|
-
|
|
279
|
-
// BadInvalidArgument The certificateTypeId or certificateGroupId is not valid.
|
|
280
|
-
// BadCertificateInvalid The Certificate is invalid or the format is not supported.
|
|
281
|
-
// BadNotSupported The Private Key is invalid or the format is not supported.
|
|
282
|
-
// BadUserAccessDenied The current user does not have the rights required.
|
|
283
|
-
// BadSecurityChecksFailed Some failure occurred verifying the integrity of the Certificate.
|
|
284
|
-
const certificateManager = this.getCertificateManager(certificateGroupId);
|
|
285
|
-
if (!certificateManager) {
|
|
286
|
-
debugLog(" cannot find group ", certificateGroupId);
|
|
287
|
-
return {
|
|
288
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument,
|
|
289
|
-
applyChangesRequired: false
|
|
290
|
-
};
|
|
291
|
-
}
|
|
292
|
-
async function preInstallCertificate(self) {
|
|
293
|
-
const certFolder = path_1.default.join(certificateManager.rootDir, "own/certs");
|
|
294
|
-
const certificateFileDER = path_1.default.join(certFolder, `_pending_certificate${fileCounter++}.der`);
|
|
295
|
-
const certificateFilePEM = path_1.default.join(certFolder, `_pending_certificate${fileCounter++}.pem`);
|
|
296
|
-
await writeFile(certificateFileDER, certificate, "binary");
|
|
297
|
-
await writeFile(certificateFilePEM, (0, web_1.toPem)(certificate, "CERTIFICATE"));
|
|
298
|
-
const destDER = path_1.default.join(certFolder, "certificate.der");
|
|
299
|
-
const destPEM = path_1.default.join(certFolder, "certificate.pem");
|
|
300
|
-
// put existing file in security by backing them up
|
|
301
|
-
self.addPendingTask(() => moveFileWithBackup(certificateFileDER, destDER));
|
|
302
|
-
self.addPendingTask(() => moveFileWithBackup(certificateFilePEM, destPEM));
|
|
303
|
-
}
|
|
304
|
-
async function preInstallPrivateKey(self) {
|
|
305
|
-
(0, node_opcua_assert_1.assert)(privateKeyFormat.toUpperCase() === "PEM");
|
|
306
|
-
const ownPrivateFolder = path_1.default.join(certificateManager.rootDir, "own/private");
|
|
307
|
-
const privateKeyFilePEM = path_1.default.join(ownPrivateFolder, `_pending_private_key${fileCounter++}.pem`);
|
|
308
|
-
if (privateKey) {
|
|
309
|
-
const privateKey1 = (0, web_1.coercePEMorDerToPrivateKey)(privateKey);
|
|
310
|
-
const privateKeyPEM = await (0, web_1.coercePrivateKeyPem)(privateKey1);
|
|
311
|
-
await writeFile(privateKeyFilePEM, privateKeyPEM, "utf-8");
|
|
312
|
-
self.addPendingTask(() => moveFileWithBackup(privateKeyFilePEM, certificateManager.privateKey));
|
|
313
|
-
}
|
|
314
|
-
}
|
|
315
|
-
// OPC Unified Architecture, Part 12 42 Release 1.04:
|
|
316
|
-
//
|
|
317
|
-
// UpdateCertificate is used to update a Certificate for a Server.
|
|
318
|
-
// There are the following three use cases for this Method:
|
|
319
|
-
//
|
|
320
|
-
// - The new Certificate was created based on a signing request created with the Method
|
|
321
|
-
// In this case there is no privateKey provided.
|
|
322
|
-
// - A new privateKey and Certificate was created outside the Server and both are updated
|
|
323
|
-
// with this Method.
|
|
324
|
-
// - A new Certificate was created and signed with the information from the old Certificate.
|
|
325
|
-
// In this case there is no privateKey provided.
|
|
326
|
-
// The Server shall do all normal integrity checks on the Certificate and all of the issuer
|
|
327
|
-
// Certificates. If errors occur the BadSecurityChecksFailed error is returned.
|
|
328
|
-
// todo : all normal integrity check on the certificate
|
|
329
|
-
const certInfo = (0, web_1.exploreCertificate)(certificate);
|
|
330
|
-
const now = new Date();
|
|
331
|
-
if (certInfo.tbsCertificate.validity.notBefore.getTime() > now.getTime()) {
|
|
332
|
-
// certificate is not yet valid
|
|
333
|
-
warningLog("Certificate is not yet valid : not before ", certInfo.tbsCertificate.validity.notBefore.toISOString(), "now = ", now.toISOString());
|
|
334
|
-
return {
|
|
335
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed,
|
|
336
|
-
applyChangesRequired: false
|
|
337
|
-
};
|
|
338
|
-
}
|
|
339
|
-
if (certInfo.tbsCertificate.validity.notAfter.getTime() < now.getTime()) {
|
|
340
|
-
// certificate is already out of date
|
|
341
|
-
warningLog("Certificate is already out of date : not after ", certInfo.tbsCertificate.validity.notAfter.toISOString(), "now = ", now.toISOString());
|
|
342
|
-
return {
|
|
343
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed,
|
|
344
|
-
applyChangesRequired: false
|
|
345
|
-
};
|
|
346
|
-
}
|
|
347
|
-
// If the Server returns applyChangesRequired=FALSE then it is indicating that it is able to
|
|
348
|
-
// satisfy the requirements specified for the ApplyChanges Method.
|
|
349
|
-
debugLog(" updateCertificate ", (0, web_1.makeSHA1Thumbprint)(certificate).toString("hex"));
|
|
350
|
-
if (!privateKeyFormat || !privateKey) {
|
|
351
|
-
// first of all we need to find the future private key;
|
|
352
|
-
// this one may have been created during the creation of the certificate signing request
|
|
353
|
-
// but is not active yet
|
|
354
|
-
const privateKey1 = (0, node_opcua_crypto_1.readPrivateKey)(this._tmpCertificateManager ? this._tmpCertificateManager.privateKey : certificateManager.privateKey);
|
|
355
|
-
// The Server shall report an error if the public key does not match the existing Certificate and
|
|
356
|
-
// the privateKey was not provided.
|
|
357
|
-
// privateKey is not provided, so check that the public key matches the existing certificate
|
|
358
|
-
if (!(0, web_1.certificateMatchesPrivateKey)(certificate, privateKey1)) {
|
|
359
|
-
// certificate doesn't match privateKey
|
|
360
|
-
warningLog("certificate doesn't match privateKey");
|
|
361
|
-
/* debug code */
|
|
362
|
-
const certificatePEM = (0, web_1.toPem)(certificate, "CERTIFICATE");
|
|
363
|
-
certificatePEM;
|
|
364
|
-
//xx const privateKeyPEM = toPem(privateKeyDER, "RSA PRIVATE KEY");
|
|
365
|
-
//xx const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
366
|
-
//xx const encryptedBuffer = publicEncrypt_long(initialBuffer, certificatePEM, 256, 11);
|
|
367
|
-
//xx const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKeyPEM, 256);
|
|
368
|
-
return {
|
|
369
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed,
|
|
370
|
-
applyChangesRequired: false,
|
|
371
|
-
};
|
|
372
|
-
}
|
|
373
|
-
// a new certificate is provided for us,
|
|
374
|
-
// we keep our private key
|
|
375
|
-
// we do this in two stages
|
|
376
|
-
await preInstallCertificate(this);
|
|
377
|
-
return {
|
|
378
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good,
|
|
379
|
-
applyChangesRequired: true,
|
|
380
|
-
};
|
|
381
|
-
}
|
|
382
|
-
else if (privateKey) {
|
|
383
|
-
// a private key has been provided by the caller !
|
|
384
|
-
if (!privateKeyFormat) {
|
|
385
|
-
warningLog("the privateKeyFormat must be specified " + privateKeyFormat);
|
|
386
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
387
|
-
}
|
|
388
|
-
if (privateKeyFormat !== "PEM" && privateKeyFormat !== "PFX") {
|
|
389
|
-
warningLog(" the private key format is invalid privateKeyFormat =" + privateKeyFormat);
|
|
390
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
391
|
-
}
|
|
392
|
-
if (privateKeyFormat !== "PEM") {
|
|
393
|
-
warningLog("in NodeOPCUA we only support PEM for the moment privateKeyFormat =" + privateKeyFormat);
|
|
394
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
395
|
-
}
|
|
396
|
-
let privateKey1;
|
|
397
|
-
if (privateKey && (privateKey instanceof Buffer || typeof privateKey === "string")) {
|
|
398
|
-
if (privateKey instanceof Buffer) {
|
|
399
|
-
(0, node_opcua_assert_1.assert)(privateKeyFormat === "PEM");
|
|
400
|
-
privateKey = privateKey.toString("utf-8");
|
|
401
|
-
}
|
|
402
|
-
privateKey1 = (0, web_1.coercePEMorDerToPrivateKey)(privateKey);
|
|
403
|
-
}
|
|
404
|
-
if (!privateKey1) {
|
|
405
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
406
|
-
}
|
|
407
|
-
// privateKey is provided, so check that the public key matches provided private key
|
|
408
|
-
if (!(0, web_1.certificateMatchesPrivateKey)(certificate, privateKey1)) {
|
|
409
|
-
// certificate doesn't match privateKey
|
|
410
|
-
warningLog("certificate doesn't match privateKey");
|
|
411
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed, applyChangesRequired: false };
|
|
412
|
-
}
|
|
413
|
-
await preInstallPrivateKey(this);
|
|
414
|
-
await preInstallCertificate(this);
|
|
415
|
-
return {
|
|
416
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good,
|
|
417
|
-
applyChangesRequired: true
|
|
418
|
-
};
|
|
419
|
-
}
|
|
420
|
-
else {
|
|
421
|
-
// todo !
|
|
422
|
-
return {
|
|
423
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported,
|
|
424
|
-
applyChangesRequired: true
|
|
425
|
-
};
|
|
426
|
-
}
|
|
89
|
+
return await executeUpdateCertificate(this._context, certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
|
|
427
90
|
}
|
|
428
91
|
/**
|
|
429
92
|
*
|
|
@@ -462,67 +125,16 @@ class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
|
462
125
|
*
|
|
463
126
|
*/
|
|
464
127
|
async applyChanges() {
|
|
465
|
-
|
|
466
|
-
// This Method should only be called if a previous call to a Method that changed the
|
|
467
|
-
// configuration returns applyChangesRequired=true.
|
|
468
|
-
//
|
|
469
|
-
// If the Server Certificate has changed, Secure Channels using the old Certificate will
|
|
470
|
-
// eventually be interrupted.
|
|
471
|
-
this.emit("CertificateAboutToChange", this.$$actionQueue);
|
|
472
|
-
await this.flushActionQueue();
|
|
473
|
-
try {
|
|
474
|
-
await this.applyPendingTasks();
|
|
475
|
-
}
|
|
476
|
-
catch (err) {
|
|
477
|
-
debugLog("err ", err);
|
|
478
|
-
return node_opcua_basic_types_1.StatusCodes.BadInternalError;
|
|
479
|
-
}
|
|
480
|
-
this.emit("CertificateChanged", this.$$actionQueue);
|
|
481
|
-
await this.flushActionQueue();
|
|
482
|
-
// The only leeway the Server has is with the timing.
|
|
483
|
-
// In the best case, the Server can close the TransportConnections for the affected Endpoints and leave any
|
|
484
|
-
// Subscriptions intact. This should appear no different than a network interruption from the
|
|
485
|
-
// perspective of the Client. The Client should be prepared to deal with Certificate changes
|
|
486
|
-
// during its reconnect logic. In the worst case, a full shutdown which affects all connected
|
|
487
|
-
// Clients will be necessary. In the latter case, the Server shall advertise its intent to interrupt
|
|
488
|
-
// connections by setting the SecondsTillShutdown and ShutdownReason Properties in the
|
|
489
|
-
// ServerStatus Variable.
|
|
490
|
-
// If the Secure Channel being used to call this Method will be affected by the Certificate change
|
|
491
|
-
// then the Server shall introduce a delay long enough to allow the caller to receive a reply.
|
|
492
|
-
return node_opcua_basic_types_1.StatusCodes.Good;
|
|
128
|
+
return await executeApplyChanges(this._context);
|
|
493
129
|
}
|
|
494
|
-
getCertificateManager(
|
|
495
|
-
|
|
496
|
-
return this._map[groupName] || null;
|
|
130
|
+
getCertificateManager(groupName) {
|
|
131
|
+
return this._context.map[groupName] || null;
|
|
497
132
|
}
|
|
498
|
-
|
|
499
|
-
this.
|
|
133
|
+
getCertificateTypes(groupName) {
|
|
134
|
+
return this._context.certificateTypes[groupName];
|
|
500
135
|
}
|
|
501
|
-
async
|
|
502
|
-
|
|
503
|
-
const promises = [];
|
|
504
|
-
const t = this._pendingTasks.splice(0);
|
|
505
|
-
if (false) {
|
|
506
|
-
// node 10.2 and above
|
|
507
|
-
for await (const task of t) {
|
|
508
|
-
await task();
|
|
509
|
-
}
|
|
510
|
-
}
|
|
511
|
-
else {
|
|
512
|
-
while (t.length) {
|
|
513
|
-
const task = t.shift();
|
|
514
|
-
await task();
|
|
515
|
-
}
|
|
516
|
-
}
|
|
517
|
-
await Promise.all(promises);
|
|
518
|
-
debugLog("end applyPendingTasks");
|
|
519
|
-
}
|
|
520
|
-
async flushActionQueue() {
|
|
521
|
-
while (this.$$actionQueue.length) {
|
|
522
|
-
const first = this.$$actionQueue.pop();
|
|
523
|
-
await first();
|
|
524
|
-
}
|
|
136
|
+
async dispose() {
|
|
137
|
+
await this._context.dispose();
|
|
525
138
|
}
|
|
526
139
|
}
|
|
527
|
-
exports.PushCertificateManagerServerImpl = PushCertificateManagerServerImpl;
|
|
528
140
|
//# sourceMappingURL=push_certificate_manager_server_impl.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"push_certificate_manager_server_impl.js","sourceRoot":"","sources":["../../source/server/push_certificate_manager_server_impl.ts"],"names":[],"mappings":";;;;;;AAsFA,4BAUC;AAED,gCAUC;AAED,4BAQC;AAED,gDAKC;AAGD,0CAqBC;AArJD;;GAEG;AACH,mCAAsC;AACtC,4CAAoB;AACpB,gDAAwB;AACxB,mCAAgC;AAEhC,yDAA2C;AAC3C,mEAAiE;AACjE,+CAS+B;AAE/B,yDAAoE;AAYpE,uDAAiG;AACjG,yDAAsE;AACtE,mFAAoE;AAUpE,gFAAgF;AAChF,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,YAAE,CAAC,QAAQ,CAAC;AAErD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AACtD,OAAO,CAAC;AAER,MAAM,uBAAuB,GAAG,IAAA,iCAAa,EAAC,+DAA+D,CAAC,CAAC;AAC/G,MAAM,iBAAiB,GAAG,IAAA,iCAAa,EAAC,yDAAyD,CAAC,CAAC;AACnG,MAAM,qBAAqB,GAAG,IAAA,iCAAa,EAAC,6DAA6D,CAAC,CAAC;AAI3G,SAAS,wBAAwB,CAAC,sBAAuC;IACrE,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,sBAAsB,CAAC;IAClC,CAAC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,0BAAM,CAAC,UAAU,CAAC,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,uBAAuB,CAAC,EAAE,CAAC;QACvH,OAAO,yBAAyB,CAAC;IACrC,CAAC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,iBAAiB,CAAC,EAAE,CAAC;QACxD,OAAO,mBAAmB,CAAC;IAC/B,CAAC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,qBAAqB,CAAC,EAAE,CAAC;QAC5D,OAAO,uBAAuB,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,CAAC;AACd,CAAC;AAYM,KAAK,UAAU,QAAQ,CAAC,MAAc,EAAE,IAAY;IACvD,IAAI,CAAC;QACD,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,WAAW,GAAG,YAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,YAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,IAAY;IACzC,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,MAAM,EAAE,CAAC;YACT,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,YAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,QAAQ,CAAC,MAAc,EAAE,IAAY;IACvD,QAAQ,CAAC,6BAA6B,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IACvE,IAAI,CAAC;QACD,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7B,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,MAAc,EAAE,IAAY;IACjE,0CAA0C;IAC1C,QAAQ,CAAC,oCAAoC,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAAC,CAAC;IACpC,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AACjC,CAAC;AAGD,SAAgB,eAAe,CAAC,OAAuC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEzD,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAE1D,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAEnE,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAE5D,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAEpE,OAAO,CAAC,oBAAoB,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAE7E,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAE3E,OAAO,CAAC,CAAC;AACb,CAAC;AACD,IAAI,WAAW,GAAG,CAAC,CAAC;AAIpB,MAAa,gCAAiC,SAAQ,qBAAY;IACvD,gBAAgB,CAAsB;IACtC,cAAc,CAAsB;IACpC,UAAU,CAAsB;IAEtB,IAAI,GAA0C,EAAE,CAAC;IACjD,aAAa,GAAc,EAAE,CAAC;IACvC,sBAAsB,CAAsB;IAC5C,aAAa,GAAgB,EAAE,CAAC;IAEhC,cAAc,CAAS;IAE/B,YAAY,OAA4C;QACpD,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,IAAI,OAAO,EAAE,CAAC;YACV,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YACjD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YACrC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;gBAEtD,uBAAuB;gBACvB,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,YAAY,mDAAkB,CAAC,EAAE,CAAC;oBACvD,QAAQ,CACJ,qEAAqE,EACpE,IAAI,CAAC,cAAsB,CAAC,WAAW,CAAC,IAAI,CAChD,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;gBAC1F,CAAC;YACL,CAAC;YACD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC;gBAC1D,IAAA,0BAAM,EAAC,IAAI,CAAC,gBAAgB,YAAY,mDAAkB,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC9C,IAAA,0BAAM,EAAC,IAAI,CAAC,UAAU,YAAY,mDAAkB,CAAC,CAAC;YAC1D,CAAC;QACL,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU;QACnB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;IAED,IAAW,0BAA0B;QACjC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,6BAA6B;QACtC,OAAO,IAAI,CAAC,0BAA0B,CAAC;IAC3C,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC7B,kBAAmC,EACnC,iBAAkC,EAClC,WAA2C,EAC3C,oBAA8B,EAC9B,KAAc;QAEd,IAAI,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QAExE,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACtB,QAAQ,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;YACpD,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;aAC7C,CAAC;QACN,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,6BAA6B;YAC7B,MAAM,0BAA0B,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;YACtG,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,QAAQ,CAAC,yDAAyD,EAAE,0BAA0B,CAAC,CAAC;gBAChG,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,eAAe;iBAC1C,CAAC;YACN,CAAC;YACD,MAAM,WAAW,GAAG,IAAA,mCAAe,EAAC,0BAA0B,CAAC,CAAC;YAChE,MAAM,CAAC,GAAG,IAAA,wBAAkB,EAAC,WAAW,CAAC,CAAC;YAC1C,WAAW,GAAG,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACxD,UAAU,CAAC,gDAAgD,EAAE,WAAW,CAAC,CAAC;QAC9E,CAAC;QAED,8DAA8D;QAC9D,IAAI,oBAAoB,EAAE,CAAC;YACvB,sEAAsE;YACtE,6EAA6E;YAC7E,gFAAgF;YAChF,2CAA2C;YAE3C,qFAAqF;YACrF,qCAAqC;YACrC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBAC9B,IAAA,kCAAe,EACX,uGAAuG,CAC1G,CAAC;gBACF,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;iBAC7C,CAAC;YACN,CAAC;YAED,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC9D,IAAI,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,MAAM,eAAM,CAAC,MAAM,CAAC,cAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC;YACD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,MAAM,YAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,sBAAsB,GAAG,kBAAkB,CAAC;YAClD,MAAM,OAAO,GAAI,kBAA0B,CAAC,OAAO,CAAC,CAAC,+BAA+B;YACpF,kBAAkB,GAAG,IAAI,mDAAkB,CAAC;gBACxC,OAAO;gBACP,QAAQ;aACX,CAAC,CAAC;YACH,QAAQ,CAAC,kCAAkC,CAAC,CAAC;YAC7C,MAAM,kBAAkB,CAAC,UAAU,EAAE,CAAC;YAEtC,IAAI,CAAC,sBAAsB,GAAG,kBAAkB,CAAC;YAEjD,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;gBAC3B,MAAM,kBAAkB,CAAC,kBAAmB,CAAC,UAAU,EAAE,sBAAsB,CAAC,UAAU,CAAC,CAAC;YAChG,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;gBAC3B,MAAM,eAAM,CAAC,MAAM,CAAC,cAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,2CAA2C;QAC/C,CAAC;QAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC;QACxD,CAAC;QACD,MAAM,OAAO,GAAG;YACZ,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,OAAO,EAAE,WAAY;SACxB,CAAC;QACF,MAAM,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,yBAAyB,GAAG,IAAA,qBAAe,EAAC,MAAM,CAAC,CAAC;QAE1D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QAE/C,OAAO;YACH,yBAAyB;YACzB,UAAU,EAAE,oCAAW,CAAC,IAAI;SAC/B,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,eAAe;QAQxB,qCAAqC;QACrC,KAAK,UAAU,mBAAmB,CAAC,KAAqC,EAAE,eAA2B;YACjG,IAAI,CAAC,KAAK,EAAE,CAAC;gBACT,OAAO;YACX,CAAC;YACD,MAAM,cAAc,GAAG,cAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAC5D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC;YAE5C,MAAM,IAAI,GAAG,YAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;YAE9B,MAAM,SAAS,GAAwB,EAAE,CAAC;YAC1C,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC3B,YAAY;gBACZ,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,eAAe,CAAC,IAAI,CAAC;oBACjB,QAAQ,EAAE,cAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7C,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;iBACjB,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,MAAM,IAAI,GAAe,EAAE,CAAC;QAC5B,MAAM,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QACvD,MAAM,mBAAmB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAEjD,8CAA8C;QAC9C,IAAI,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,CAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzF,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,eAAe,GAAa,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE9D,MAAM,YAAY,GAAa,eAAe,CAAC,GAAG,CAAC,qBAAe,CAAC,CAAC;QACpE,OAAO;YACH,YAAY;YACZ,UAAU,EAAE,oCAAW,CAAC,IAAI;SAC/B,CAAC;IACN,CAAC;IAQD,0CAA0C;IACnC,KAAK,CAAC,iBAAiB,CAC1B,kBAAmC,EACnC,iBAAkC,EAClC,WAAmB,EACnB,kBAAgC,EAChC,gBAAyB,EACzB,UAA4B;QAE5B,yCAAyC;QACzC,sFAAsF;QACtF,uFAAuF;QACvF,uFAAuF;QACvF,gFAAgF;QAChF,8FAA8F;QAC9F,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAE,CAAC;QAE3E,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACtB,QAAQ,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;YACpD,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;gBAC1C,oBAAoB,EAAE,KAAK;aAC9B,CAAC;QACN,CAAC;QAED,KAAK,UAAU,qBAAqB,CAAC,IAAsC;YACvE,MAAM,UAAU,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACtE,MAAM,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;YAC7F,MAAM,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;YAE7F,MAAM,SAAS,CAAC,kBAAkB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;YAC3D,MAAM,SAAS,CAAC,kBAAkB,EAAE,IAAA,WAAK,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;YAEvE,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;YAEzD,mDAAmD;YACnD,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;YAC3E,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,KAAK,UAAU,oBAAoB,CAAC,IAAsC;YACtE,IAAA,0BAAM,EAAC,gBAAiB,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;YAElD,MAAM,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;YAC9E,MAAM,iBAAiB,GAAG,cAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;YAElG,IAAI,UAAU,EAAE,CAAC;gBACb,MAAM,WAAW,GAAG,IAAA,gCAA0B,EAAC,UAAU,CAAC,CAAC;gBAC3D,MAAM,aAAa,GAAG,MAAM,IAAA,yBAAmB,EAAC,WAAW,CAAC,CAAC;gBAC7D,MAAM,SAAS,CAAC,iBAAiB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;gBAC3D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;YACpG,CAAC;QACL,CAAC;QAED,qDAAqD;QACrD,EAAE;QACF,kEAAkE;QAClE,2DAA2D;QAC3D,EAAE;QACF,wFAAwF;QACxF,mDAAmD;QACnD,0FAA0F;QAC1F,uBAAuB;QACvB,6FAA6F;QAC7F,mDAAmD;QAEnD,2FAA2F;QAC3F,+EAA+E;QAC/E,uDAAuD;QACvD,MAAM,QAAQ,GAAG,IAAA,wBAAkB,EAAC,WAAW,CAAC,CAAC;QAEjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACvE,+BAA+B;YAC/B,UAAU,CACN,4CAA4C,EAC5C,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,EACxD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;YACF,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,uBAAuB;gBAC/C,oBAAoB,EAAE,KAAK;aAC9B,CAAC;QACN,CAAC;QACD,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACtE,qCAAqC;YACrC,UAAU,CACN,iDAAiD,EACjD,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,EACvD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;YACF,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,uBAAuB;gBAC/C,oBAAoB,EAAE,KAAK;aAC9B,CAAC;QACN,CAAC;QAED,4FAA4F;QAC5F,kEAAkE;QAElE,QAAQ,CAAC,qBAAqB,EAAE,IAAA,wBAAkB,EAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAEjF,IAAI,CAAC,gBAAgB,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,uDAAuD;YACvD,wFAAwF;YACxF,wBAAwB;YACxB,MAAM,WAAW,GAAG,IAAA,kCAAc,EAC9B,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,UAAU,CACvG,CAAC;YAEF,iGAAiG;YACjG,mCAAmC;YACnC,4FAA4F;YAC5F,IAAI,CAAC,IAAA,kCAA4B,EAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC1D,uCAAuC;gBACvC,UAAU,CAAC,sCAAsC,CAAC,CAAC;gBACnD,gBAAgB;gBAChB,MAAM,cAAc,GAAG,IAAA,WAAK,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC;gBACzD,cAAc,CAAC;gBACf,mEAAmE;gBACnE,sDAAsD;gBACtD,wFAAwF;gBACxF,sFAAsF;gBACtF,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,uBAAuB;oBAC/C,oBAAoB,EAAE,KAAK;iBAC9B,CAAC;YACN,CAAC;YACD,wCAAwC;YACxC,0BAA0B;YAC1B,2BAA2B;YAC3B,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAElC,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,IAAI;gBAC5B,oBAAoB,EAAE,IAAI;aAC7B,CAAC;QACN,CAAC;aAAM,IAAI,UAAU,EAAE,CAAC;YACpB,kDAAkD;YAClD,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACpB,UAAU,CAAC,yCAAyC,GAAG,gBAAgB,CAAC,CAAC;gBACzE,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,oBAAoB,EAAE,KAAK,EAAC,CAAC;YACnF,CAAC;YACD,IAAI,gBAAgB,KAAK,KAAK,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;gBAC3D,UAAU,CAAC,uDAAuD,GAAG,gBAAgB,CAAC,CAAC;gBACvF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;YACpF,CAAC;YACD,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;gBAC7B,UAAU,CAAC,oEAAoE,GAAG,gBAAgB,CAAC,CAAC;gBACpG,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAG,oBAAoB,EAAE,KAAK,EAAE,CAAC;YACrF,CAAC;YAED,IAAI,WAAmC,CAAC;YACxC,IAAI,UAAU,IAAI,CAAC,UAAU,YAAY,MAAM,IAAI,OAAO,UAAU,KAAK,QAAQ,CAAC,EAAE,CAAC;gBACjF,IAAI,UAAU,YAAY,MAAM,EAAE,CAAC;oBAC/B,IAAA,0BAAM,EAAC,gBAAgB,KAAK,KAAK,CAAC,CAAC;oBACnC,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC9C,CAAC;gBACD,WAAW,GAAG,IAAA,gCAA0B,EAAC,UAAU,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACf,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;YACpF,CAAC;YACD,qFAAqF;YACrF,IAAI,CAAC,IAAA,kCAA4B,EAAC,WAAW,EAAE,WAAY,CAAC,EAAE,CAAC;gBAC3D,uCAAuC;gBACvC,UAAU,CAAC,sCAAsC,CAAC,CAAC;gBACnD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,uBAAuB,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;YAC5F,CAAC;YAED,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAEjC,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAIlC,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,IAAI;gBAC5B,oBAAoB,EAAE,IAAI;aAC7B,CAAC;QACN,CAAC;aAAM,CAAC;YACJ,SAAS;YACT,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,eAAe;gBACvC,oBAAoB,EAAE,IAAI;aAC7B,CAAC;QACN,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACI,KAAK,CAAC,YAAY;QACrB,yEAAyE;QACzE,oFAAoF;QACpF,mDAAmD;QACnD,EAAE;QACF,wFAAwF;QACxF,6BAA6B;QAE7B,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE9B,IAAI,CAAC;YACD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACtB,OAAO,oCAAW,CAAC,gBAAgB,CAAC;QACxC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE9B,qDAAqD;QACrD,2GAA2G;QAC3G,6FAA6F;QAC7F,4FAA4F;QAC5F,6FAA6F;QAC7F,oGAAoG;QACpG,sFAAsF;QACtF,yBAAyB;QAEzB,kGAAkG;QAClG,8FAA8F;QAC9F,OAAO,oCAAW,CAAC,IAAI,CAAC;IAC5B,CAAC;IAEO,qBAAqB,CAAC,kBAAmC;QAC7D,MAAM,SAAS,GAAG,wBAAwB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IACxC,CAAC;IAEO,cAAc,CAAC,OAA4B;QAC/C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC3B,QAAQ,CAAC,yBAAyB,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,KAAK,EAAE,CAAC;YACR,sBAAsB;YACtB,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,EAAE,CAAC;YACjB,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;gBACd,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,EAAG,CAAC;gBACxB,MAAM,IAAI,EAAE,CAAC;YACjB,CAAC;QACL,CAAC;QACD,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5B,QAAQ,CAAC,uBAAuB,CAAC,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAG,CAAC;YACxC,MAAM,KAAM,EAAE,CAAC;QACnB,CAAC;IACL,CAAC;CACJ;AAvgBD,4EAugBC"}
|
|
1
|
+
{"version":3,"file":"push_certificate_manager_server_impl.js","sourceRoot":"","sources":["../../source/server/push_certificate_manager_server_impl.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAIjD,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAO/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sDAAsD,CAAC;AACnG,OAAO,EAAE,sBAAsB,EAAE,MAAM,iDAAiD,CAAC;AACzF,OAAO,EAAE,qCAAqC,EAAE,MAAM,gDAAgD,CAAC;AACvG,OAAO,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AAE5F,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AAmBtD,MAAM,OAAO,gCAAiC,SAAQ,YAAY;IACvD,gBAAgB,CAAsB;IACtC,cAAc,CAAsB;IACpC,UAAU,CAAsB;IAEvC,4EAA4E;IAC3D,QAAQ,CAAwC;IAEjE,cAAc;IACP,cAAc,CAAS;IAE9B,YAAY,OAA4C;QACpD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,QAAQ,GAAG,IAAI,qCAAqC,CAAC,IAAI,CAAC,CAAC;QAEhE,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,IAAI,OAAO,EAAE,CAAC;YACV,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YACjD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YACrC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;gBAC9D,qEAAqE;gBACrE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,qBAAqB,GAAG,OAAO,CAAC,8BAA8B,IAAI;oBAC7F,oDAAoD;oBACpD,GAAG,wBAAwB;iBAC9B,CAAC,CAAC,kCAAkC;gBAErC,iBAAiB;gBACjB,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,YAAY,kBAAkB,CAAC,EAAE,CAAC;oBACvD,QAAQ,CACJ,qEAAqE,EACpE,IAAI,CAAC,cAA+D,CAAC,WAAW,CAAC,IAAI,CACzF,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;gBAC1F,CAAC;YACL,CAAC;YACD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC;gBAClE,qEAAqE;gBACrE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,uBAAuB,GAAG,OAAO,CAAC,gCAAgC,IAAI;oBACjG,oDAAoD;oBACpD,GAAG,wBAAwB;iBAC9B,CAAC,CAAC,kCAAkC;gBACrC,MAAM,CAAC,IAAI,CAAC,gBAAgB,YAAY,kBAAkB,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC;gBACtD,qEAAqE;gBACrE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,iBAAiB,GAAG,OAAO,CAAC,0BAA0B,IAAI;oBACrF,oDAAoD;oBACpD,GAAG,wBAAwB;iBAC9B,CAAC,CAAC,kCAAkC;gBACrC,MAAM,CAAC,IAAI,CAAC,UAAU,YAAY,kBAAkB,CAAC,CAAC;YAC1D,CAAC;QACL,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU;QACnB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;IAED,IAAW,0BAA0B;QACjC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,6BAA6B;QACtC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC7B,kBAAmC,EACnC,iBAAkC,EAClC,WAA2C,EAC3C,oBAA8B,EAC9B,KAAc;QAEd,OAAO,MAAM,2BAA2B,CACpC,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,KAAK,CACR,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,eAAe;QACxB,OAAO,MAAM,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAED,0CAA0C;IACnC,KAAK,CAAC,iBAAiB,CAC1B,kBAAmC,EACnC,iBAAkC,EAClC,WAAmB,EACnB,kBAAgC,EAChC,gBAAyB,EACzB,UAA4B;QAE5B,OAAO,MAAM,wBAAwB,CACjC,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,CACb,CAAC;IACN,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACI,KAAK,CAAC,YAAY;QACrB,OAAO,MAAM,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpD,CAAC;IAEM,qBAAqB,CAAC,SAAiB;QAC1C,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAChD,CAAC;IAEM,mBAAmB,CAAC,SAAiB;QACxC,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QAChB,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IAClC,CAAC;CACJ"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { RolePermissionTypeOptions } from "node-opcua-address-space";
|
|
1
|
+
import { type RolePermissionTypeOptions } from "node-opcua-address-space";
|
|
2
2
|
export declare const rolePermissionRestricted: RolePermissionTypeOptions[];
|
|
3
3
|
export declare const rolePermissionAdminOnly: RolePermissionTypeOptions[];
|
|
@@ -1,39 +1,36 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
const node_opcua_address_space_1 = require("node-opcua-address-space");
|
|
5
|
-
const node_opcua_data_model_1 = require("node-opcua-data-model");
|
|
6
|
-
exports.rolePermissionRestricted = [
|
|
1
|
+
import { PermissionType, WellKnownRoles } from "node-opcua-address-space";
|
|
2
|
+
import { allPermissions, makePermissionFlag } from "node-opcua-data-model";
|
|
3
|
+
export const rolePermissionRestricted = [
|
|
7
4
|
{
|
|
8
|
-
roleId:
|
|
9
|
-
permissions:
|
|
5
|
+
roleId: WellKnownRoles.Anonymous,
|
|
6
|
+
permissions: PermissionType.Browse
|
|
10
7
|
},
|
|
11
8
|
{
|
|
12
|
-
roleId:
|
|
13
|
-
permissions:
|
|
9
|
+
roleId: WellKnownRoles.AuthenticatedUser,
|
|
10
|
+
permissions: PermissionType.Browse
|
|
14
11
|
},
|
|
15
12
|
{
|
|
16
|
-
roleId:
|
|
17
|
-
permissions:
|
|
13
|
+
roleId: WellKnownRoles.ConfigureAdmin,
|
|
14
|
+
permissions: makePermissionFlag("Browse | ReadRolePermissions | Read | ReadHistory | ReceiveEvents")
|
|
18
15
|
},
|
|
19
16
|
{
|
|
20
|
-
roleId:
|
|
21
|
-
permissions:
|
|
22
|
-
}
|
|
17
|
+
roleId: WellKnownRoles.SecurityAdmin,
|
|
18
|
+
permissions: allPermissions
|
|
19
|
+
}
|
|
23
20
|
];
|
|
24
|
-
|
|
21
|
+
export const rolePermissionAdminOnly = [
|
|
25
22
|
{
|
|
26
|
-
roleId:
|
|
27
|
-
permissions:
|
|
28
|
-
}
|
|
23
|
+
roleId: WellKnownRoles.SecurityAdmin,
|
|
24
|
+
permissions: allPermissions
|
|
25
|
+
}
|
|
29
26
|
/* {
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
27
|
+
roleId: WellKnownRoles.Anonymous,
|
|
28
|
+
permissions: PermissionType.Browse
|
|
29
|
+
},
|
|
30
|
+
{
|
|
31
|
+
roleId: WellKnownRoles.AuthenticatedUser,
|
|
32
|
+
permissions: PermissionType.Browse
|
|
33
|
+
}
|
|
34
|
+
*/
|
|
38
35
|
];
|
|
39
36
|
//# sourceMappingURL=roles_and_permissions.js.map
|