node-opcua-server-configuration 2.163.1 → 2.164.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/certificate_types.d.ts +17 -0
- package/dist/clientTools/certificate_types.js +20 -0
- package/dist/clientTools/certificate_types.js.map +1 -0
- package/dist/clientTools/get_certificate_key_type.d.ts +6 -0
- package/dist/clientTools/get_certificate_key_type.js +55 -0
- package/dist/clientTools/get_certificate_key_type.js.map +1 -0
- package/dist/clientTools/index.d.ts +2 -1
- package/dist/clientTools/index.js +2 -17
- package/dist/clientTools/index.js.map +1 -1
- package/dist/clientTools/push_certificate_management_client.d.ts +10 -10
- package/dist/clientTools/push_certificate_management_client.js +85 -89
- package/dist/clientTools/push_certificate_management_client.js.map +1 -1
- package/dist/index.d.ts +9 -7
- package/dist/index.js +9 -23
- package/dist/index.js.map +1 -1
- package/dist/push_certificate_manager.d.ts +4 -4
- package/dist/push_certificate_manager.js +1 -2
- package/dist/server/certificate_validation.d.ts +15 -0
- package/dist/server/certificate_validation.js +76 -0
- package/dist/server/certificate_validation.js.map +1 -0
- package/dist/server/file_transaction_manager.d.ts +30 -0
- package/dist/server/file_transaction_manager.js +223 -0
- package/dist/server/file_transaction_manager.js.map +1 -0
- package/dist/server/install_certificate_file_watcher.d.ts +1 -1
- package/dist/server/install_certificate_file_watcher.js +8 -14
- package/dist/server/install_certificate_file_watcher.js.map +1 -1
- package/dist/server/install_push_certitifate_management.d.ts +6 -6
- package/dist/server/install_push_certitifate_management.js +61 -65
- package/dist/server/install_push_certitifate_management.js.map +1 -1
- package/dist/server/promote_trust_list.d.ts +1 -1
- package/dist/server/promote_trust_list.js +323 -82
- package/dist/server/promote_trust_list.js.map +1 -1
- package/dist/server/push_certificate_manager/apply_changes.d.ts +3 -0
- package/dist/server/push_certificate_manager/apply_changes.js +59 -0
- package/dist/server/push_certificate_manager/apply_changes.js.map +1 -0
- package/dist/server/push_certificate_manager/create_signing_request.d.ts +5 -0
- package/dist/server/push_certificate_manager/create_signing_request.js +108 -0
- package/dist/server/push_certificate_manager/create_signing_request.js.map +1 -0
- package/dist/server/push_certificate_manager/get_rejected_list.d.ts +3 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js +46 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js.map +1 -0
- package/dist/server/push_certificate_manager/internal_context.d.ts +35 -0
- package/dist/server/push_certificate_manager/internal_context.js +45 -0
- package/dist/server/push_certificate_manager/internal_context.js.map +1 -0
- package/dist/server/push_certificate_manager/subject_to_string.d.ts +3 -0
- package/dist/server/push_certificate_manager/subject_to_string.js +27 -0
- package/dist/server/push_certificate_manager/subject_to_string.js.map +1 -0
- package/dist/server/push_certificate_manager/update_certificate.d.ts +5 -0
- package/dist/server/push_certificate_manager/update_certificate.js +132 -0
- package/dist/server/push_certificate_manager/update_certificate.js.map +1 -0
- package/dist/server/push_certificate_manager/util.d.ts +29 -0
- package/dist/server/push_certificate_manager/util.js +117 -0
- package/dist/server/push_certificate_manager/util.js.map +1 -0
- package/dist/server/push_certificate_manager_helpers.d.ts +5 -2
- package/dist/server/push_certificate_manager_helpers.js +109 -112
- package/dist/server/push_certificate_manager_helpers.js.map +1 -1
- package/dist/server/push_certificate_manager_server_impl.d.ts +16 -29
- package/dist/server/push_certificate_manager_server_impl.js +49 -437
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -1
- package/dist/server/roles_and_permissions.d.ts +1 -1
- package/dist/server/roles_and_permissions.js +24 -27
- package/dist/server/roles_and_permissions.js.map +1 -1
- package/dist/server/tools.d.ts +1 -1
- package/dist/server/tools.js +7 -13
- package/dist/server/tools.js.map +1 -1
- package/dist/server/trust_list_server.d.ts +2 -2
- package/dist/server/trust_list_server.js +40 -29
- package/dist/server/trust_list_server.js.map +1 -1
- package/dist/standard_certificate_types.js +6 -9
- package/dist/standard_certificate_types.js.map +1 -1
- package/dist/trust_list.d.ts +2 -2
- package/dist/trust_list.js +1 -2
- package/dist/trust_list_impl.js +1 -2
- package/dist/trust_list_impl.js.map +1 -1
- package/package.json +29 -30
- package/source/clientTools/certificate_types.ts +21 -0
- package/source/clientTools/get_certificate_key_type.ts +73 -0
- package/source/clientTools/index.ts +2 -1
- package/source/clientTools/push_certificate_management_client.ts +49 -44
- package/source/index.ts +9 -7
- package/source/push_certificate_manager.ts +15 -17
- package/source/server/certificate_validation.ts +103 -0
- package/source/server/file_transaction_manager.ts +253 -0
- package/source/server/install_certificate_file_watcher.ts +15 -11
- package/source/server/install_push_certitifate_management.ts +52 -51
- package/source/server/promote_trust_list.ts +362 -73
- package/source/server/push_certificate_manager/apply_changes.ts +63 -0
- package/source/server/push_certificate_manager/create_signing_request.ts +137 -0
- package/source/server/push_certificate_manager/get_rejected_list.ts +63 -0
- package/source/server/push_certificate_manager/internal_context.ts +63 -0
- package/source/server/push_certificate_manager/subject_to_string.ts +25 -0
- package/source/server/push_certificate_manager/update_certificate.ts +201 -0
- package/source/server/push_certificate_manager/util.ts +145 -0
- package/source/server/push_certificate_manager_helpers.ts +61 -51
- package/source/server/push_certificate_manager_server_impl.ts +94 -553
- package/source/server/roles_and_permissions.ts +7 -8
- package/source/server/tools.ts +2 -5
- package/source/server/trust_list_server.ts +24 -9
- package/source/standard_certificate_types.ts +2 -3
- package/source/trust_list.ts +26 -33
|
@@ -1,120 +1,358 @@
|
|
|
1
|
-
"use strict";
|
|
2
1
|
/**
|
|
3
2
|
* @module node-opcua-server-configuration
|
|
4
3
|
*/
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
const debugLog =
|
|
19
|
-
const doDebug =
|
|
20
|
-
|
|
21
|
-
const
|
|
22
|
-
const errorLog = debugLog;
|
|
4
|
+
import { fs as MemFs } from "memfs";
|
|
5
|
+
import { BinaryStream } from "node-opcua-binary-stream";
|
|
6
|
+
import { split_der, verifyCertificateChain } from "node-opcua-crypto/web";
|
|
7
|
+
import { AccessRestrictionsFlag } from "node-opcua-data-model";
|
|
8
|
+
import { checkDebugFlag, make_debugLog, make_errorLog, make_warningLog } from "node-opcua-debug";
|
|
9
|
+
import { installFileType, OpenFileMode } from "node-opcua-file-transfer";
|
|
10
|
+
import { VerificationStatus } from "node-opcua-pki";
|
|
11
|
+
import { StatusCodes } from "node-opcua-status-code";
|
|
12
|
+
import { TrustListDataType } from "node-opcua-types";
|
|
13
|
+
import { DataType, Variant } from "node-opcua-variant";
|
|
14
|
+
import { rolePermissionAdminOnly } from "./roles_and_permissions.js";
|
|
15
|
+
import { hasEncryptedChannel, hasExpectedUserAccess } from "./tools.js";
|
|
16
|
+
import { TrustListMasks, writeTrustList } from "./trust_list_server.js";
|
|
17
|
+
const debugLog = make_debugLog("ServerConfiguration");
|
|
18
|
+
const doDebug = checkDebugFlag("ServerConfiguration");
|
|
19
|
+
const warningLog = make_warningLog("ServerConfiguration");
|
|
20
|
+
const errorLog = make_errorLog("ServerConfiguration");
|
|
23
21
|
function trustListIsAlreadyOpened(trustList) {
|
|
24
|
-
|
|
22
|
+
// TrustList extends FileType, which has an openCount property tracking how many handles are open
|
|
23
|
+
const openCountNode = trustList.openCount;
|
|
24
|
+
if (!openCountNode) {
|
|
25
|
+
return false;
|
|
26
|
+
}
|
|
27
|
+
const dataValue = openCountNode.readValue();
|
|
28
|
+
if (!dataValue || !dataValue.value) {
|
|
29
|
+
return false;
|
|
30
|
+
}
|
|
31
|
+
const openCount = dataValue.value.value;
|
|
32
|
+
return openCount > 0;
|
|
25
33
|
}
|
|
26
|
-
|
|
27
|
-
|
|
34
|
+
/**
|
|
35
|
+
* Update the mandatory LastUpdateTime property whenever the trust list is modified.
|
|
36
|
+
* Per OPC UA Part 12 spec, this must be updated after AddCertificate, RemoveCertificate, or CloseAndUpdate.
|
|
37
|
+
*/
|
|
38
|
+
function updateLastUpdateTime(trustList) {
|
|
39
|
+
try {
|
|
40
|
+
const lastUpdateTimeNode = trustList.lastUpdateTime;
|
|
41
|
+
if (lastUpdateTimeNode) {
|
|
42
|
+
lastUpdateTimeNode.setValueFromSource({
|
|
43
|
+
dataType: DataType.DateTime,
|
|
44
|
+
value: new Date()
|
|
45
|
+
});
|
|
46
|
+
doDebug && debugLog("Updated LastUpdateTime to", new Date().toISOString());
|
|
47
|
+
}
|
|
48
|
+
else {
|
|
49
|
+
warningLog("LastUpdateTime property not found on TrustList");
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
catch (err) {
|
|
53
|
+
errorLog("Error updating LastUpdateTime:", err);
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
async function applyTrustListChanges(cm, trustListData) {
|
|
57
|
+
try {
|
|
58
|
+
// Automatically update specifiedLists mask
|
|
59
|
+
if (trustListData.issuerCrls && trustListData.issuerCrls.length > 0) {
|
|
60
|
+
trustListData.specifiedLists |= TrustListMasks.IssuerCrls;
|
|
61
|
+
}
|
|
62
|
+
if (trustListData.trustedCrls && trustListData.trustedCrls.length > 0) {
|
|
63
|
+
trustListData.specifiedLists |= TrustListMasks.TrustedCrls;
|
|
64
|
+
}
|
|
65
|
+
if (trustListData.trustedCertificates && trustListData.trustedCertificates.length > 0) {
|
|
66
|
+
trustListData.specifiedLists |= TrustListMasks.TrustedCertificates;
|
|
67
|
+
}
|
|
68
|
+
if (trustListData.issuerCertificates && trustListData.issuerCertificates.length > 0) {
|
|
69
|
+
trustListData.specifiedLists |= TrustListMasks.IssuerCertificates;
|
|
70
|
+
}
|
|
71
|
+
// Process CRLs
|
|
72
|
+
if ((trustListData.specifiedLists & TrustListMasks.IssuerCrls) === TrustListMasks.IssuerCrls) {
|
|
73
|
+
doDebug && debugLog("Processing issuer CRLs");
|
|
74
|
+
await cm.clearRevocationLists("issuers");
|
|
75
|
+
if (trustListData.issuerCrls && trustListData.issuerCrls.length > 0) {
|
|
76
|
+
doDebug && debugLog(` Writing ${trustListData.issuerCrls.length} issuer CRLs`);
|
|
77
|
+
for (const crl of trustListData.issuerCrls) {
|
|
78
|
+
await cm.addRevocationList(crl, "issuers");
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
if ((trustListData.specifiedLists & TrustListMasks.TrustedCrls) === TrustListMasks.TrustedCrls) {
|
|
83
|
+
doDebug && debugLog("Processing trusted CRLs");
|
|
84
|
+
await cm.clearRevocationLists("trusted");
|
|
85
|
+
if (trustListData.trustedCrls && trustListData.trustedCrls.length > 0) {
|
|
86
|
+
doDebug && debugLog(` Writing ${trustListData.trustedCrls.length} trusted CRLs`);
|
|
87
|
+
for (const crl of trustListData.trustedCrls) {
|
|
88
|
+
await cm.addRevocationList(crl, "trusted");
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
// Validate all trusted certificates
|
|
93
|
+
if ((trustListData.specifiedLists & TrustListMasks.TrustedCertificates) === TrustListMasks.TrustedCertificates &&
|
|
94
|
+
trustListData.trustedCertificates) {
|
|
95
|
+
for (const cert of trustListData.trustedCertificates) {
|
|
96
|
+
try {
|
|
97
|
+
const certs = split_der(cert);
|
|
98
|
+
const validationResult = await verifyCertificateChain([certs[0]]);
|
|
99
|
+
if (validationResult.status !== "Good") {
|
|
100
|
+
warningLog("Invalid certificate in trust list:", validationResult.status, validationResult.reason);
|
|
101
|
+
return StatusCodes.BadCertificateInvalid;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
catch (validationErr) {
|
|
105
|
+
errorLog("Certificate validation failed:", validationErr);
|
|
106
|
+
return StatusCodes.BadCertificateInvalid;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
// Validate all issuer certificates
|
|
111
|
+
if ((trustListData.specifiedLists & TrustListMasks.IssuerCertificates) === TrustListMasks.IssuerCertificates &&
|
|
112
|
+
trustListData.issuerCertificates) {
|
|
113
|
+
for (const cert of trustListData.issuerCertificates) {
|
|
114
|
+
try {
|
|
115
|
+
const certs = split_der(cert);
|
|
116
|
+
const validationResult = await verifyCertificateChain([certs[0]]);
|
|
117
|
+
if (validationResult.status !== "Good") {
|
|
118
|
+
warningLog("Invalid issuer certificate in trust list:", validationResult.status, validationResult.reason);
|
|
119
|
+
return StatusCodes.BadCertificateInvalid;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
catch (validationErr) {
|
|
123
|
+
errorLog("Issuer certificate validation failed:", validationErr);
|
|
124
|
+
return StatusCodes.BadCertificateInvalid;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
// Update certificates
|
|
129
|
+
if ((trustListData.specifiedLists & TrustListMasks.TrustedCertificates) === TrustListMasks.TrustedCertificates &&
|
|
130
|
+
trustListData.trustedCertificates) {
|
|
131
|
+
for (const cert of trustListData.trustedCertificates) {
|
|
132
|
+
await cm.trustCertificate(cert);
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
if ((trustListData.specifiedLists & TrustListMasks.IssuerCertificates) === TrustListMasks.IssuerCertificates &&
|
|
136
|
+
trustListData.issuerCertificates) {
|
|
137
|
+
for (const cert of trustListData.issuerCertificates) {
|
|
138
|
+
await cm.addIssuer(cert);
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
return StatusCodes.Good;
|
|
142
|
+
}
|
|
143
|
+
catch (err) {
|
|
144
|
+
errorLog("Error in applyTrustListChanges:", err);
|
|
145
|
+
return StatusCodes.BadInternalError;
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
async function _closeAndUpdate(inputArguments, context, _close_method) {
|
|
149
|
+
const trustList = context.object;
|
|
150
|
+
const cm = trustList.$$certificateManager;
|
|
151
|
+
const filename = trustList.$$filename;
|
|
152
|
+
// Clear the write lock when closing
|
|
153
|
+
trustList.$$openedForWrite = false;
|
|
154
|
+
// Get the close method if not provided
|
|
155
|
+
if (!_close_method) {
|
|
156
|
+
const closeMethod = trustList.getChildByName("Close");
|
|
157
|
+
if (closeMethod) {
|
|
158
|
+
_close_method = closeMethod._asyncExecutionFunction;
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
if (!cm || !filename) {
|
|
162
|
+
return { statusCode: StatusCodes.BadInternalError };
|
|
163
|
+
}
|
|
164
|
+
let processStatusCode = StatusCodes.Good;
|
|
165
|
+
try {
|
|
166
|
+
if (MemFs.existsSync(filename)) {
|
|
167
|
+
const data = await new Promise((resolve, reject) => {
|
|
168
|
+
MemFs.readFile(filename, (err, data) => {
|
|
169
|
+
if (err)
|
|
170
|
+
reject(err);
|
|
171
|
+
else
|
|
172
|
+
resolve(data);
|
|
173
|
+
});
|
|
174
|
+
});
|
|
175
|
+
// Decode the TrustListDataType
|
|
176
|
+
const stream = new BinaryStream(data);
|
|
177
|
+
const trustListData = new TrustListDataType();
|
|
178
|
+
trustListData.decode(stream);
|
|
179
|
+
processStatusCode = await applyTrustListChanges(cm, trustListData);
|
|
180
|
+
if (processStatusCode === StatusCodes.Good) {
|
|
181
|
+
// OPC UA Spec: Update LastUpdateTime after successful trust list update
|
|
182
|
+
updateLastUpdateTime(trustList);
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
catch (err) {
|
|
187
|
+
errorLog("Error in _closeAndUpdate:", err);
|
|
188
|
+
processStatusCode = StatusCodes.BadInternalError;
|
|
189
|
+
}
|
|
190
|
+
// Close the underlying file to decrement openCount
|
|
191
|
+
// OPC UA spec: "This Method closes the file and applies the changes."
|
|
192
|
+
if (_close_method) {
|
|
193
|
+
return new Promise((resolve, reject) => {
|
|
194
|
+
_close_method.call(this, inputArguments, context, (err, result) => {
|
|
195
|
+
if (err) {
|
|
196
|
+
reject(err);
|
|
197
|
+
}
|
|
198
|
+
else {
|
|
199
|
+
// Override the output argument to match CloseAndUpdate signature
|
|
200
|
+
resolve({
|
|
201
|
+
statusCode: processStatusCode === StatusCodes.Good ? result?.statusCode || StatusCodes.Good : processStatusCode,
|
|
202
|
+
outputArguments: [new Variant({ dataType: DataType.Boolean, value: false })]
|
|
203
|
+
});
|
|
204
|
+
}
|
|
205
|
+
});
|
|
206
|
+
});
|
|
207
|
+
}
|
|
208
|
+
return {
|
|
209
|
+
statusCode: processStatusCode,
|
|
210
|
+
outputArguments: [new Variant({ dataType: DataType.Boolean, value: false })]
|
|
211
|
+
};
|
|
28
212
|
}
|
|
29
213
|
// in TrustList
|
|
30
214
|
async function _addCertificate(inputArguments, context) {
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
// the Server shall add the CA Certificates to the Issuers list in the Trust List.
|
|
34
|
-
// The leaf Certificate is added to the list specified by the isTrustedCertificate argument.
|
|
35
|
-
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
36
|
-
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
215
|
+
if (!hasEncryptedChannel(context)) {
|
|
216
|
+
return { statusCode: StatusCodes.BadSecurityModeInsufficient };
|
|
37
217
|
}
|
|
38
|
-
if (!
|
|
39
|
-
return { statusCode:
|
|
218
|
+
if (!hasExpectedUserAccess(context)) {
|
|
219
|
+
return { statusCode: StatusCodes.BadUserAccessDenied };
|
|
40
220
|
}
|
|
41
221
|
const trustList = context.object;
|
|
42
|
-
const cm = trustList.$$certificateManager
|
|
43
|
-
// The trust list must have been bound
|
|
222
|
+
const cm = trustList.$$certificateManager;
|
|
44
223
|
if (!cm) {
|
|
45
|
-
return { statusCode:
|
|
224
|
+
return { statusCode: StatusCodes.BadInternalError };
|
|
46
225
|
}
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState };
|
|
226
|
+
if (trustListIsAlreadyOpened(trustList) || trustList.$$openedForWrite) {
|
|
227
|
+
return { statusCode: StatusCodes.BadInvalidState };
|
|
50
228
|
}
|
|
51
|
-
const
|
|
229
|
+
const certificateBuffer = inputArguments[0].value;
|
|
52
230
|
const isTrustedCertificate = inputArguments[1].value;
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
if (i === certificates.length - 1 && isTrustedCertificate) {
|
|
63
|
-
await cm.trustCertificate(certificate);
|
|
231
|
+
// OPC UA Spec: "If FALSE Bad_CertificateInvalid is returned."
|
|
232
|
+
if (!isTrustedCertificate) {
|
|
233
|
+
return { statusCode: StatusCodes.BadCertificateInvalid };
|
|
234
|
+
}
|
|
235
|
+
try {
|
|
236
|
+
const certificates = split_der(certificateBuffer);
|
|
237
|
+
if (certificates.length > 1) {
|
|
238
|
+
warningLog("AddCertificate received a certificate chain. Only the leaf certificate will be added.");
|
|
239
|
+
warningLog("Issuer certificates must be added using the Write/CloseAndUpdate methods.");
|
|
64
240
|
}
|
|
65
|
-
|
|
66
|
-
|
|
241
|
+
const status = await cm.addTrustedCertificateFromChain(certificateBuffer);
|
|
242
|
+
if (status !== VerificationStatus.Good) {
|
|
243
|
+
warningLog("Certificate validation failed:", status);
|
|
244
|
+
return { statusCode: StatusCodes.BadCertificateInvalid };
|
|
67
245
|
}
|
|
246
|
+
updateLastUpdateTime(trustList);
|
|
247
|
+
doDebug && debugLog("_addCertificate - done, leaf certificate has been added to trustedCertificates");
|
|
248
|
+
return { statusCode: StatusCodes.Good };
|
|
249
|
+
}
|
|
250
|
+
catch (err) {
|
|
251
|
+
errorLog("Error in _addCertificate:", err);
|
|
252
|
+
return { statusCode: StatusCodes.BadCertificateInvalid };
|
|
68
253
|
}
|
|
69
|
-
debugLog("_addCertificate - done isTrustedCertificate= ", isTrustedCertificate);
|
|
70
|
-
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
71
254
|
}
|
|
72
255
|
async function _removeCertificate(inputArguments, context) {
|
|
73
|
-
if (!
|
|
74
|
-
return { statusCode:
|
|
256
|
+
if (!hasEncryptedChannel(context)) {
|
|
257
|
+
return { statusCode: StatusCodes.BadSecurityModeInsufficient };
|
|
75
258
|
}
|
|
76
|
-
if (!
|
|
77
|
-
return { statusCode:
|
|
259
|
+
if (!hasExpectedUserAccess(context)) {
|
|
260
|
+
return { statusCode: StatusCodes.BadUserAccessDenied };
|
|
261
|
+
}
|
|
262
|
+
const trustList = context.object;
|
|
263
|
+
const cm = trustList.$$certificateManager;
|
|
264
|
+
if (!cm) {
|
|
265
|
+
return { statusCode: StatusCodes.BadInternalError };
|
|
266
|
+
}
|
|
267
|
+
if (trustListIsAlreadyOpened(trustList) || trustList.$$openedForWrite) {
|
|
268
|
+
return { statusCode: StatusCodes.BadInvalidState };
|
|
269
|
+
}
|
|
270
|
+
const thumbprint = inputArguments[0].value;
|
|
271
|
+
const isTrustedCertificate = inputArguments[1].value;
|
|
272
|
+
try {
|
|
273
|
+
// Normalize thumbprint - remove "NodeOPCUA[" prefix if present
|
|
274
|
+
const normalizedThumbprint = thumbprint.replace(/^NodeOPCUA\[|\]$/g, "").toLowerCase();
|
|
275
|
+
if (isTrustedCertificate) {
|
|
276
|
+
// Remove from trusted store
|
|
277
|
+
const removed = await cm.removeTrustedCertificate(normalizedThumbprint);
|
|
278
|
+
if (!removed) {
|
|
279
|
+
return { statusCode: StatusCodes.BadInvalidArgument };
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
else {
|
|
283
|
+
// Removing an issuer certificate — first check if it's still
|
|
284
|
+
// needed by any trusted certificate
|
|
285
|
+
const issuerCert = await cm.removeIssuer(normalizedThumbprint);
|
|
286
|
+
if (!issuerCert) {
|
|
287
|
+
return { statusCode: StatusCodes.BadInvalidArgument };
|
|
288
|
+
}
|
|
289
|
+
// Check dependency: is any trusted cert signed by this issuer?
|
|
290
|
+
if (await cm.isIssuerInUseByTrustedCertificate(issuerCert)) {
|
|
291
|
+
// Re-add the issuer since we can't remove it
|
|
292
|
+
await cm.addIssuer(issuerCert);
|
|
293
|
+
warningLog("Certificate is needed for chain validation");
|
|
294
|
+
return { statusCode: StatusCodes.BadCertificateChainIncomplete };
|
|
295
|
+
}
|
|
296
|
+
// Also remove CRLs issued by this CA
|
|
297
|
+
await cm.removeRevocationListsForIssuer(issuerCert, "issuers");
|
|
298
|
+
}
|
|
299
|
+
updateLastUpdateTime(trustList);
|
|
300
|
+
doDebug && debugLog("_removeCertificate - done, isTrustedCertificate=", isTrustedCertificate);
|
|
301
|
+
return { statusCode: StatusCodes.Good };
|
|
302
|
+
}
|
|
303
|
+
catch (err) {
|
|
304
|
+
errorLog("Error in _removeCertificate:", err);
|
|
305
|
+
return { statusCode: StatusCodes.BadInternalError };
|
|
78
306
|
}
|
|
79
|
-
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
80
307
|
}
|
|
81
308
|
let counter = 0;
|
|
82
|
-
async function promoteTrustList(trustList) {
|
|
309
|
+
export async function promoteTrustList(trustList) {
|
|
83
310
|
const filename = `/tmpFile${counter}`;
|
|
84
311
|
counter += 1;
|
|
85
|
-
|
|
312
|
+
const trustListEx = trustList;
|
|
313
|
+
// Store filename for use in _closeAndUpdate
|
|
314
|
+
trustListEx.$$filename = filename;
|
|
315
|
+
// Initialize write lock flag
|
|
316
|
+
trustListEx.$$openedForWrite = false;
|
|
317
|
+
installFileType(trustList, { filename, fileSystem: MemFs });
|
|
86
318
|
// we need to change the default open method
|
|
87
319
|
const open = trustList.getChildByName("Open");
|
|
88
320
|
const _open_asyncExecutionFunction = open._asyncExecutionFunction;
|
|
89
321
|
// ... and bind the extended methods as well.
|
|
322
|
+
const close = trustList.getChildByName("Close");
|
|
323
|
+
const _close_asyncExecutionFunction = close._asyncExecutionFunction;
|
|
90
324
|
const closeAndUpdate = trustList.getChildByName("CloseAndUpdate");
|
|
91
325
|
const openWithMasks = trustList.getChildByName("OpenWithMasks");
|
|
92
326
|
const addCertificate = trustList.getChildByName("AddCertificate");
|
|
93
327
|
const removeCertificate = trustList.getChildByName("RemoveCertificate");
|
|
94
328
|
function _openTrustList(trustMask, inputArgs, context, callback) {
|
|
95
|
-
if (trustListIsAlreadyOpened(trustList)) {
|
|
96
|
-
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState });
|
|
97
|
-
}
|
|
98
|
-
// if (trustList.isOpened) {
|
|
99
|
-
// warningLog("TrustList is already opened")
|
|
100
|
-
// return { statusCode: StatusCodes.BadInvalidState};
|
|
101
|
-
// }
|
|
102
329
|
// The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
|
|
103
330
|
const openMask = inputArgs[0].value;
|
|
104
|
-
if (openMask !==
|
|
105
|
-
|
|
331
|
+
if (openMask !== OpenFileMode.Read && openMask !== OpenFileMode.WriteEraseExisting) {
|
|
332
|
+
// OPC UA Spec: "If other modes are requested the return code is Bad_NotSupported."
|
|
333
|
+
return callback(null, { statusCode: StatusCodes.BadNotSupported });
|
|
334
|
+
}
|
|
335
|
+
// OPC UA Spec: BadInvalidState - The Open Method was called with write access
|
|
336
|
+
// and the CloseAndUpdate Method has not been called.
|
|
337
|
+
// If already opened for write, no subsequent opens (read or write) are allowed.
|
|
338
|
+
const isOpenedForWrite = trustListEx.$$openedForWrite;
|
|
339
|
+
if (isOpenedForWrite) {
|
|
340
|
+
return callback(null, { statusCode: StatusCodes.BadInvalidState });
|
|
106
341
|
}
|
|
107
342
|
// possible statusCode: Bad_UserAccessDenied The current user does not have the rights required.
|
|
108
|
-
const certificateManager =
|
|
343
|
+
const certificateManager = trustListEx.$$certificateManager;
|
|
109
344
|
if (certificateManager) {
|
|
110
|
-
|
|
345
|
+
writeTrustList(MemFs, filename, trustMask, certificateManager)
|
|
111
346
|
.then(() => {
|
|
112
|
-
//
|
|
347
|
+
// Track if opened for write to enforce BadInvalidState on subsequent opens
|
|
348
|
+
if (openMask === OpenFileMode.WriteEraseExisting) {
|
|
349
|
+
trustListEx.$$openedForWrite = true;
|
|
350
|
+
}
|
|
113
351
|
_open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
114
352
|
})
|
|
115
353
|
.catch((err) => {
|
|
116
|
-
errorLog(err);
|
|
117
|
-
callback(err, { statusCode:
|
|
354
|
+
errorLog(err.message);
|
|
355
|
+
callback(err, { statusCode: StatusCodes.BadInternalError });
|
|
118
356
|
});
|
|
119
357
|
}
|
|
120
358
|
else {
|
|
@@ -123,12 +361,12 @@ async function promoteTrustList(trustList) {
|
|
|
123
361
|
}
|
|
124
362
|
}
|
|
125
363
|
function _openCallback(inputArgs, context, callback) {
|
|
126
|
-
_openTrustList.call(this,
|
|
364
|
+
_openTrustList.call(this, TrustListMasks.All, inputArgs, context, callback);
|
|
127
365
|
}
|
|
128
366
|
open.bindMethod(_openCallback);
|
|
129
367
|
function _openWithMaskCallback(inputArgs, context, callback) {
|
|
130
368
|
const trustListMask = inputArgs[0].value;
|
|
131
|
-
inputArgs[0] = new
|
|
369
|
+
inputArgs[0] = new Variant({ dataType: DataType.Byte, value: OpenFileMode.Read });
|
|
132
370
|
_openTrustList.call(this, trustListMask, inputArgs, context, callback);
|
|
133
371
|
}
|
|
134
372
|
// The OpenWithMasks Method allows a Client to read only the portion of the Trust List.
|
|
@@ -136,24 +374,27 @@ async function promoteTrustList(trustList) {
|
|
|
136
374
|
openWithMasks.bindMethod(_openWithMaskCallback);
|
|
137
375
|
addCertificate.bindMethod(_addCertificate);
|
|
138
376
|
removeCertificate.bindMethod(_removeCertificate);
|
|
139
|
-
|
|
377
|
+
// Wrapper to pass the underlying close method to _closeAndUpdate
|
|
378
|
+
closeAndUpdate?.bindMethod(async function (inputArguments, context) {
|
|
379
|
+
return _closeAndUpdate.call(this, inputArguments, context, _close_asyncExecutionFunction);
|
|
380
|
+
});
|
|
140
381
|
function install_method_handle_on_TrustListType(addressSpace) {
|
|
141
382
|
const fileType = addressSpace.findObjectType("TrustListType");
|
|
142
383
|
if (!fileType || fileType.addCertificate.isBound()) {
|
|
143
384
|
return;
|
|
144
385
|
}
|
|
145
|
-
fileType.open
|
|
386
|
+
fileType.open?.bindMethod(_openCallback);
|
|
146
387
|
fileType.addCertificate.bindMethod(_addCertificate);
|
|
147
388
|
fileType.removeCertificate.bindMethod(_removeCertificate);
|
|
148
|
-
fileType.openWithMasks
|
|
149
|
-
fileType.closeAndUpdate
|
|
389
|
+
fileType.openWithMasks?.bindMethod(_openWithMaskCallback);
|
|
390
|
+
fileType.closeAndUpdate?.bindMethod(_closeAndUpdate);
|
|
150
391
|
}
|
|
151
392
|
install_method_handle_on_TrustListType(trustList.addressSpace);
|
|
152
393
|
}
|
|
153
|
-
function installAccessRestrictionOnTrustList(trustList) {
|
|
394
|
+
export function installAccessRestrictionOnTrustList(trustList) {
|
|
154
395
|
for (const m of trustList.getComponents()) {
|
|
155
|
-
m?.setRolePermissions(
|
|
156
|
-
m?.setAccessRestrictions(
|
|
396
|
+
m?.setRolePermissions(rolePermissionAdminOnly);
|
|
397
|
+
m?.setAccessRestrictions(AccessRestrictionsFlag.SigningRequired | AccessRestrictionsFlag.EncryptionRequired);
|
|
157
398
|
}
|
|
158
399
|
}
|
|
159
400
|
//# sourceMappingURL=promote_trust_list.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"promote_trust_list.js","sourceRoot":"","sources":["../../source/server/promote_trust_list.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAoHH,4CA+FC;AAED,kFAKC;AAxND,iCAAoC;AAWpC,uDAAkF;AAClF,mEAAgE;AAEhE,2DAAuD;AACvD,iEAA+D;AAE/D,uEAAqF;AAErF,+CAA0E;AAE1E,2DAAqE;AAErE,mCAAqE;AACrE,mEAAkE;AAElE,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AACtD,OAAO,CAAC;AACR,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,QAAQ,CAAC;AAE1B,SAAS,wBAAwB,CAAC,SAAsB;IACpD,OAAO,KAAK,CAAC,CAAC,WAAW;AAC7B,CAAC;AAED,KAAK,UAAU,eAAe,CAE1B,cAAyB,EACzB,OAAwB;IAExB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,eAAe;AACf,KAAK,UAAU,eAAe,CAE1B,cAAyB,EACzB,OAAwB;IAExB,gFAAgF;IAChF,yFAAyF;IACzF,kFAAkF;IAClF,4FAA4F;IAC5F,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;IAC3D,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAqB,CAAC;IAChD,MAAM,EAAE,GAAK,SAAiB,CAAC,oBAA2C,IAAI,IAAI,CAAC;IAEnF,sCAAsC;IACtC,IAAI,CAAC,EAAE,EAAE,CAAC;QACN,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC;IACxD,CAAC;IACD,2DAA2D;IAC3D,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,gBAAgB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;IACnE,MAAM,oBAAoB,GAAY,cAAc,CAAC,CAAC,CAAC,CAAC,KAAgB,CAAC;IAEzE,MAAM,YAAY,GAAG,IAAA,eAAS,EAAC,gBAAgB,CAAC,CAAC;IAEjD,6BAA6B;IAC7B,MAAM,CAAC,GAAG,MAAM,IAAA,4BAAsB,EAAC,YAAY,CAAC,CAAC;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,UAAU,CAAC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACvD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,qBAAqB,EAAE,CAAC;IAC7D,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,oBAAoB,EAAE,CAAC;YACxD,MAAM,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACJ,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;IACL,CAAC;IACD,QAAQ,CAAC,+CAA+C,EAAE,oBAAoB,CAAC,CAAC;IAChF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AACD,KAAK,UAAU,kBAAkB,CAE7B,cAAyB,EACzB,OAAwB;IAExB,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;IAC3D,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,IAAI,OAAO,GAAG,CAAC,CAAC;AAET,KAAK,UAAU,gBAAgB,CAAC,SAAsB;IACzD,MAAM,QAAQ,GAAG,WAAW,OAAO,EAAE,CAAC;IACtC,OAAO,IAAI,CAAC,CAAC;IAEb,IAAA,0CAAe,EAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAmB,EAAE,CAAC,CAAC;IAE1E,4CAA4C;IAC5C,MAAM,IAAI,GAAG,SAAS,CAAC,cAAc,CAAC,MAAM,CAAa,CAAC;IAC1D,MAAM,4BAA4B,GAAI,IAAY,CAAC,uBAAwC,CAAC;IAE5F,6CAA6C;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAa,CAAC;IAC9E,MAAM,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC,eAAe,CAAa,CAAC;IAC5E,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAa,CAAC;IAC9E,MAAM,iBAAiB,GAAG,SAAS,CAAC,cAAc,CAAC,mBAAmB,CAAa,CAAC;IAEpF,SAAS,cAAc,CAEnB,SAAyB,EACzB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,4BAA4B;QAC5B,gDAAgD;QAChD,yDAAyD;QACzD,IAAI;QAEJ,uGAAuG;QACvG,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QAC9C,IAAI,QAAQ,KAAK,uCAAY,CAAC,IAAI,IAAI,QAAQ,KAAK,uCAAY,CAAC,kBAAkB,EAAE,CAAC;YACjF,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAC1E,CAAC;QACD,gGAAgG;QAChG,MAAM,kBAAkB,GAAK,SAAiB,CAAC,oBAAgD,IAAI,SAAS,CAAC;QAC7G,IAAI,kBAAkB,EAAE,CAAC;YACrB,IAAA,kCAAc,EAAC,UAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE,kBAAkB,CAAC;iBACvE,IAAI,CAAC,GAAG,EAAE;gBACP,8BAA8B;gBAE9B,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACd,QAAQ,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;QACX,CAAC;aAAM,CAAC;YACJ,UAAU,CAAC,sGAAsG,CAAC,CAAC;YACnH,OAAO,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjF,CAAC;IACL,CAAC;IAED,SAAS,aAAa,CAElB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,kCAAc,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IAE/B,SAAS,qBAAqB,CAE1B,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACnD,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,4BAAO,CAAC,EAAE,QAAQ,EAAE,6BAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,uCAAY,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IACD,uFAAuF;IACvF,uDAAuD;IACvD,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAChD,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC3C,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;IACjD,cAAc,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC;IAE5C,SAAS,sCAAsC,CAAC,YAA2B;QACvE,MAAM,QAAQ,GAAG,YAAY,CAAC,cAAc,CAAC,eAAe,CAAQ,CAAC;QACrE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC;YACjD,OAAO;QACX,CAAC;QACD,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QACzD,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QACpD,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QAC1D,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACnF,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IACnF,CAAC;IACD,sCAAsC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;AACnE,CAAC;AAED,SAAgB,mCAAmC,CAAC,SAAgC;IAChF,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;QACxC,CAAC,EAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;QAC/C,CAAC,EAAE,qBAAqB,CAAC,8CAAsB,CAAC,eAAe,GAAG,8CAAsB,CAAC,kBAAkB,CAAC,CAAC;IACjH,CAAC;AACL,CAAC"}
|
|
1
|
+
{"version":3,"file":"promote_trust_list.js","sourceRoot":"","sources":["../../source/server/promote_trust_list.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,EAAE,IAAI,KAAK,EAAE,MAAM,OAAO,CAAC;AAapC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,OAAO,EAAE,SAAS,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC1E,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACjG,OAAO,EAAmB,eAAe,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAC1F,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAmC,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACtF,OAAO,EAAgC,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACnF,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAErE,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAExE,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,eAAe,CAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AAEtD,SAAS,wBAAwB,CAAC,SAAsB;IACpD,iGAAiG;IACjG,MAAM,aAAa,GAAG,SAAS,CAAC,SAAS,CAAC;IAC1C,IAAI,CAAC,aAAa,EAAE,CAAC;QACjB,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,MAAM,SAAS,GAAG,aAAa,CAAC,SAAS,EAAE,CAAC;IAC5C,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACjB,CAAC;IACD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,KAAe,CAAC;IAClD,OAAO,SAAS,GAAG,CAAC,CAAC;AACzB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,SAAsB;IAChD,IAAI,CAAC;QACD,MAAM,kBAAkB,GAAG,SAAS,CAAC,cAAc,CAAC;QACpD,IAAI,kBAAkB,EAAE,CAAC;YACrB,kBAAkB,CAAC,kBAAkB,CAAC;gBAClC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,KAAK,EAAE,IAAI,IAAI,EAAE;aACpB,CAAC,CAAC;YACH,OAAO,IAAI,QAAQ,CAAC,2BAA2B,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/E,CAAC;aAAM,CAAC;YACJ,UAAU,CAAC,gDAAgD,CAAC,CAAC;QACjE,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAC;IACpD,CAAC;AACL,CAAC;AAWD,KAAK,UAAU,qBAAqB,CAAC,EAA2B,EAAE,aAAgC;IAC9F,IAAI,CAAC;QACD,2CAA2C;QAC3C,IAAI,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClE,aAAa,CAAC,cAAc,IAAI,cAAc,CAAC,UAAU,CAAC;QAC9D,CAAC;QACD,IAAI,aAAa,CAAC,WAAW,IAAI,aAAa,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpE,aAAa,CAAC,cAAc,IAAI,cAAc,CAAC,WAAW,CAAC;QAC/D,CAAC;QACD,IAAI,aAAa,CAAC,mBAAmB,IAAI,aAAa,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpF,aAAa,CAAC,cAAc,IAAI,cAAc,CAAC,mBAAmB,CAAC;QACvE,CAAC;QACD,IAAI,aAAa,CAAC,kBAAkB,IAAI,aAAa,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClF,aAAa,CAAC,cAAc,IAAI,cAAc,CAAC,kBAAkB,CAAC;QACtE,CAAC;QAED,eAAe;QACf,IAAI,CAAC,aAAa,CAAC,cAAc,GAAG,cAAc,CAAC,UAAU,CAAC,KAAK,cAAc,CAAC,UAAU,EAAE,CAAC;YAC3F,OAAO,IAAI,QAAQ,CAAC,wBAAwB,CAAC,CAAC;YAC9C,MAAM,EAAE,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,aAAa,CAAC,UAAU,IAAI,aAAa,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClE,OAAO,IAAI,QAAQ,CAAC,YAAY,aAAa,CAAC,UAAU,CAAC,MAAM,cAAc,CAAC,CAAC;gBAC/E,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,UAAU,EAAE,CAAC;oBACzC,MAAM,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBAC/C,CAAC;YACL,CAAC;QACL,CAAC;QAED,IAAI,CAAC,aAAa,CAAC,cAAc,GAAG,cAAc,CAAC,WAAW,CAAC,KAAK,cAAc,CAAC,WAAW,EAAE,CAAC;YAC7F,OAAO,IAAI,QAAQ,CAAC,yBAAyB,CAAC,CAAC;YAC/C,MAAM,EAAE,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YACzC,IAAI,aAAa,CAAC,WAAW,IAAI,aAAa,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpE,OAAO,IAAI,QAAQ,CAAC,YAAY,aAAa,CAAC,WAAW,CAAC,MAAM,eAAe,CAAC,CAAC;gBACjF,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;oBAC1C,MAAM,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;gBAC/C,CAAC;YACL,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,IACI,CAAC,aAAa,CAAC,cAAc,GAAG,cAAc,CAAC,mBAAmB,CAAC,KAAK,cAAc,CAAC,mBAAmB;YAC1G,aAAa,CAAC,mBAAmB,EACnC,CAAC;YACC,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,mBAAmB,EAAE,CAAC;gBACnD,IAAI,CAAC;oBACD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;oBAC9B,MAAM,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClE,IAAI,gBAAgB,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;wBACrC,UAAU,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;wBACnG,OAAO,WAAW,CAAC,qBAAqB,CAAC;oBAC7C,CAAC;gBACL,CAAC;gBAAC,OAAO,aAAa,EAAE,CAAC;oBACrB,QAAQ,CAAC,gCAAgC,EAAE,aAAa,CAAC,CAAC;oBAC1D,OAAO,WAAW,CAAC,qBAAqB,CAAC;gBAC7C,CAAC;YACL,CAAC;QACL,CAAC;QAED,mCAAmC;QACnC,IACI,CAAC,aAAa,CAAC,cAAc,GAAG,cAAc,CAAC,kBAAkB,CAAC,KAAK,cAAc,CAAC,kBAAkB;YACxG,aAAa,CAAC,kBAAkB,EAClC,CAAC;YACC,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,kBAAkB,EAAE,CAAC;gBAClD,IAAI,CAAC;oBACD,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;oBAC9B,MAAM,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAClE,IAAI,gBAAgB,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;wBACrC,UAAU,CAAC,2CAA2C,EAAE,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC;wBAC1G,OAAO,WAAW,CAAC,qBAAqB,CAAC;oBAC7C,CAAC;gBACL,CAAC;gBAAC,OAAO,aAAa,EAAE,CAAC;oBACrB,QAAQ,CAAC,uCAAuC,EAAE,aAAa,CAAC,CAAC;oBACjE,OAAO,WAAW,CAAC,qBAAqB,CAAC;gBAC7C,CAAC;YACL,CAAC;QACL,CAAC;QAED,sBAAsB;QACtB,IACI,CAAC,aAAa,CAAC,cAAc,GAAG,cAAc,CAAC,mBAAmB,CAAC,KAAK,cAAc,CAAC,mBAAmB;YAC1G,aAAa,CAAC,mBAAmB,EACnC,CAAC;YACC,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,mBAAmB,EAAE,CAAC;gBACnD,MAAM,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;QACL,CAAC;QACD,IACI,CAAC,aAAa,CAAC,cAAc,GAAG,cAAc,CAAC,kBAAkB,CAAC,KAAK,cAAc,CAAC,kBAAkB;YACxG,aAAa,CAAC,kBAAkB,EAClC,CAAC;YACC,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,kBAAkB,EAAE,CAAC;gBAClD,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACL,CAAC;QAED,OAAO,WAAW,CAAC,IAAI,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;QACjD,OAAO,WAAW,CAAC,gBAAgB,CAAC;IACxC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,eAAe,CAE1B,cAAyB,EACzB,OAAwB,EACxB,aAA6B;IAE7B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAuB,CAAC;IAClD,MAAM,EAAE,GAAG,SAAS,CAAC,oBAAoB,CAAC;IAC1C,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC;IAEtC,oCAAoC;IACpC,SAAS,CAAC,gBAAgB,GAAG,KAAK,CAAC;IAEnC,uCAAuC;IACvC,IAAI,CAAC,aAAa,EAAE,CAAC;QACjB,MAAM,WAAW,GAAG,SAAS,CAAC,cAAc,CAAC,OAAO,CAAe,CAAC;QACpE,IAAI,WAAW,EAAE,CAAC;YACd,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC;QACxD,CAAC;IACL,CAAC;IAED,IAAI,CAAC,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnB,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,gBAAgB,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,iBAAiB,GAAe,WAAW,CAAC,IAAI,CAAC;IAErD,IAAI,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACvD,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;oBACnC,IAAI,GAAG;wBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;wBAChB,OAAO,CAAC,IAAc,CAAC,CAAC;gBACjC,CAAC,CAAC,CAAC;YACP,CAAC,CAAC,CAAC;YAEH,+BAA+B;YAC/B,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;YACtC,MAAM,aAAa,GAAG,IAAI,iBAAiB,EAAE,CAAC;YAC9C,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAE7B,iBAAiB,GAAG,MAAM,qBAAqB,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;YAEnE,IAAI,iBAAiB,KAAK,WAAW,CAAC,IAAI,EAAE,CAAC;gBACzC,wEAAwE;gBACxE,oBAAoB,CAAC,SAAS,CAAC,CAAC;YACpC,CAAC;QACL,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;QAC3C,iBAAiB,GAAG,WAAW,CAAC,gBAAgB,CAAC;IACrD,CAAC;IAED,mDAAmD;IACnD,sEAAsE;IACtE,IAAI,aAAa,EAAE,CAAC;QAChB,OAAO,IAAI,OAAO,CAA0B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC5D,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE;gBAC9D,IAAI,GAAG,EAAE,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACJ,iEAAiE;oBACjE,OAAO,CAAC;wBACJ,UAAU,EACN,iBAAiB,KAAK,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,iBAAiB;wBACvG,eAAe,EAAE,CAAC,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;qBAC/E,CAAC,CAAC;gBACP,CAAC;YACL,CAAC,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO;QACH,UAAU,EAAE,iBAAiB;QAC7B,eAAe,EAAE,CAAC,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;KAC/E,CAAC;AACN,CAAC;AAED,eAAe;AACf,KAAK,UAAU,eAAe,CAE1B,cAAyB,EACzB,OAAwB;IAExB,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,2BAA2B,EAAE,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,mBAAmB,EAAE,CAAC;IAC3D,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAuB,CAAC;IAClD,MAAM,EAAE,GAAG,SAAS,CAAC,oBAAoB,CAAC;IAE1C,IAAI,CAAC,EAAE,EAAE,CAAC;QACN,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,gBAAgB,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,wBAAwB,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACpE,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,eAAe,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,iBAAiB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;IACpE,MAAM,oBAAoB,GAAY,cAAc,CAAC,CAAC,CAAC,CAAC,KAAgB,CAAC;IAEzE,8DAA8D;IAC9D,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACxB,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAC7D,CAAC;IAED,IAAI,CAAC;QACD,MAAM,YAAY,GAAG,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAClD,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1B,UAAU,CAAC,uFAAuF,CAAC,CAAC;YACpG,UAAU,CAAC,2EAA2E,CAAC,CAAC;QAC5F,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,8BAA8B,CAAC,iBAAiB,CAAC,CAAC;QAE1E,IAAI,MAAM,KAAK,kBAAkB,CAAC,IAAI,EAAE,CAAC;YACrC,UAAU,CAAC,gCAAgC,EAAE,MAAM,CAAC,CAAC;YACrD,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,qBAAqB,EAAE,CAAC;QAC7D,CAAC;QAED,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,IAAI,QAAQ,CAAC,iFAAiF,CAAC,CAAC;QACvG,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,qBAAqB,EAAE,CAAC;IAC7D,CAAC;AACL,CAAC;AACD,KAAK,UAAU,kBAAkB,CAE7B,cAAyB,EACzB,OAAwB;IAExB,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,2BAA2B,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,mBAAmB,EAAE,CAAC;IAC3D,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAuB,CAAC;IAClD,MAAM,EAAE,GAAG,SAAS,CAAC,oBAAoB,CAAC;IAE1C,IAAI,CAAC,EAAE,EAAE,CAAC;QACN,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,gBAAgB,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,wBAAwB,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,gBAAgB,EAAE,CAAC;QACpE,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,eAAe,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,UAAU,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;IAC7D,MAAM,oBAAoB,GAAY,cAAc,CAAC,CAAC,CAAC,CAAC,KAAgB,CAAC;IAEzE,IAAI,CAAC;QACD,+DAA+D;QAC/D,MAAM,oBAAoB,GAAG,UAAU,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAEvF,IAAI,oBAAoB,EAAE,CAAC;YACvB,4BAA4B;YAC5B,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,wBAAwB,CAAC,oBAAoB,CAAC,CAAC;YACxE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,kBAAkB,EAAE,CAAC;YAC1D,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,6DAA6D;YAC7D,oCAAoC;YACpC,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;YAC/D,IAAI,CAAC,UAAU,EAAE,CAAC;gBACd,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,kBAAkB,EAAE,CAAC;YAC1D,CAAC;YAED,+DAA+D;YAC/D,IAAI,MAAM,EAAE,CAAC,iCAAiC,CAAC,UAAU,CAAC,EAAE,CAAC;gBACzD,6CAA6C;gBAC7C,MAAM,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;gBAC/B,UAAU,CAAC,4CAA4C,CAAC,CAAC;gBACzD,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,6BAA6B,EAAE,CAAC;YACrE,CAAC;YAED,qCAAqC;YACrC,MAAM,EAAE,CAAC,8BAA8B,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;QAED,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAEhC,OAAO,IAAI,QAAQ,CAAC,kDAAkD,EAAE,oBAAoB,CAAC,CAAC;QAC9F,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;QAC9C,OAAO,EAAE,UAAU,EAAE,WAAW,CAAC,gBAAgB,EAAE,CAAC;IACxD,CAAC;AACL,CAAC;AAED,IAAI,OAAO,GAAG,CAAC,CAAC;AAEhB,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,SAAsB;IACzD,MAAM,QAAQ,GAAG,WAAW,OAAO,EAAE,CAAC;IACtC,OAAO,IAAI,CAAC,CAAC;IAEb,MAAM,WAAW,GAAG,SAA0B,CAAC;IAC/C,4CAA4C;IAC5C,WAAW,CAAC,UAAU,GAAG,QAAQ,CAAC;IAClC,6BAA6B;IAC7B,WAAW,CAAC,gBAAgB,GAAG,KAAK,CAAC;IAErC,eAAe,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAmB,EAAE,CAAC,CAAC;IAE1E,4CAA4C;IAC5C,MAAM,IAAI,GAAG,SAAS,CAAC,cAAc,CAAC,MAAM,CAAe,CAAC;IAC5D,MAAM,4BAA4B,GAAG,IAAI,CAAC,uBAAwC,CAAC;IAEnF,6CAA6C;IAC7C,MAAM,KAAK,GAAG,SAAS,CAAC,cAAc,CAAC,OAAO,CAAe,CAAC;IAC9D,MAAM,6BAA6B,GAAG,KAAK,CAAC,uBAAwC,CAAC;IAErF,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAe,CAAC;IAChF,MAAM,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC,eAAe,CAAe,CAAC;IAC9E,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAe,CAAC;IAChF,MAAM,iBAAiB,GAAG,SAAS,CAAC,cAAc,CAAC,mBAAmB,CAAe,CAAC;IAEtF,SAAS,cAAc,CAEnB,SAAyB,EACzB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,uGAAuG;QACvG,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QAC9C,IAAI,QAAQ,KAAK,YAAY,CAAC,IAAI,IAAI,QAAQ,KAAK,YAAY,CAAC,kBAAkB,EAAE,CAAC;YACjF,mFAAmF;YACnF,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,WAAW,CAAC,eAAe,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,8EAA8E;QAC9E,qDAAqD;QACrD,gFAAgF;QAChF,MAAM,gBAAgB,GAAG,WAAW,CAAC,gBAAgB,CAAC;QACtD,IAAI,gBAAgB,EAAE,CAAC;YACnB,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,WAAW,CAAC,eAAe,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,gGAAgG;QAChG,MAAM,kBAAkB,GAAG,WAAW,CAAC,oBAAoB,CAAC;QAC5D,IAAI,kBAAkB,EAAE,CAAC;YACrB,cAAc,CAAC,KAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE,kBAAkB,CAAC;iBACvE,IAAI,CAAC,GAAG,EAAE;gBACP,2EAA2E;gBAC3E,IAAI,QAAQ,KAAK,YAAY,CAAC,kBAAkB,EAAE,CAAC;oBAC/C,WAAW,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBACxC,CAAC;gBAED,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC;gBACjC,QAAQ,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;QACX,CAAC;aAAM,CAAC;YACJ,UAAU,CAAC,sGAAsG,CAAC,CAAC;YACnH,OAAO,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjF,CAAC;IACL,CAAC;IAED,SAAS,aAAa,CAElB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IAE/B,SAAS,qBAAqB,CAE1B,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACnD,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IACD,uFAAuF;IACvF,uDAAuD;IACvD,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAChD,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC3C,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;IAEjD,iEAAiE;IACjE,cAAc,EAAE,UAAU,CAAC,KAAK,WAE5B,cAAyB,EACzB,OAAwB;QAExB,OAAO,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,6BAA6B,CAAC,CAAC;IAC9F,CAAC,CAAC,CAAC;IAEH,SAAS,sCAAsC,CAAC,YAA2B;QACvE,MAAM,QAAQ,GAAG,YAAY,CAAC,cAAc,CAAC,eAAe,CAA6C,CAAC;QAC1G,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC;YACjD,OAAO;QACX,CAAC;QACD,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,aAAa,CAAC,CAAC;QACzC,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QACpD,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QAC1D,QAAQ,CAAC,aAAa,EAAE,UAAU,CAAC,qBAAqB,CAAC,CAAC;QAC1D,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC;IACzD,CAAC;IACD,sCAAsC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,mCAAmC,CAAC,SAAgC;IAChF,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;QACxC,CAAC,EAAE,kBAAkB,CAAC,uBAAuB,CAAC,CAAC;QAC/C,CAAC,EAAE,qBAAqB,CAAC,sBAAsB,CAAC,eAAe,GAAG,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;IACjH,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { make_errorLog, make_warningLog } from "node-opcua-debug";
|
|
2
|
+
import { StatusCodes } from "node-opcua-status-code";
|
|
3
|
+
const errorLog = make_errorLog("ServerConfiguration");
|
|
4
|
+
const warningLog = make_warningLog("ServerConfiguration");
|
|
5
|
+
// Helper: Flush action queue
|
|
6
|
+
async function flushActionQueue(serverImpl) {
|
|
7
|
+
while (serverImpl.actionQueue.length) {
|
|
8
|
+
const first = serverImpl.actionQueue.pop();
|
|
9
|
+
await first?.();
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
export async function executeApplyChanges(serverImpl) {
|
|
13
|
+
// ApplyChanges is used to tell the Server to apply any security changes.
|
|
14
|
+
// This Method should only be called if a previous call to a Method that changed the
|
|
15
|
+
// configuration returns applyChangesRequired=true.
|
|
16
|
+
if (serverImpl.operationInProgress) {
|
|
17
|
+
return StatusCodes.BadTooManyOperations;
|
|
18
|
+
}
|
|
19
|
+
// Check if there are any pending tasks
|
|
20
|
+
if (serverImpl.fileTransactionManager.pendingTasksCount === 0 && serverImpl.actionQueue.length === 0) {
|
|
21
|
+
// If ApplyChanges is called and there is no active transaction then return Bad_NothingToDo
|
|
22
|
+
return StatusCodes.BadNothingToDo;
|
|
23
|
+
}
|
|
24
|
+
serverImpl.operationInProgress = true;
|
|
25
|
+
try {
|
|
26
|
+
try {
|
|
27
|
+
serverImpl.emit("CertificateAboutToChange", serverImpl.actionQueue);
|
|
28
|
+
}
|
|
29
|
+
catch (err) {
|
|
30
|
+
errorLog("Event listener error:", err.message);
|
|
31
|
+
}
|
|
32
|
+
await flushActionQueue(serverImpl);
|
|
33
|
+
try {
|
|
34
|
+
await serverImpl.fileTransactionManager.applyFileOps();
|
|
35
|
+
}
|
|
36
|
+
catch (err) {
|
|
37
|
+
await serverImpl.fileTransactionManager.abortTransaction();
|
|
38
|
+
warningLog("err ", err.message);
|
|
39
|
+
return StatusCodes.BadInternalError;
|
|
40
|
+
}
|
|
41
|
+
try {
|
|
42
|
+
serverImpl.emit("CertificateChanged", serverImpl.actionQueue);
|
|
43
|
+
}
|
|
44
|
+
catch (err) {
|
|
45
|
+
errorLog("Event listener error:", err.message);
|
|
46
|
+
}
|
|
47
|
+
await flushActionQueue(serverImpl);
|
|
48
|
+
// Dispose and clear temporary certificate manager after applying changes
|
|
49
|
+
if (serverImpl.tmpCertificateManager) {
|
|
50
|
+
await serverImpl.tmpCertificateManager.dispose();
|
|
51
|
+
}
|
|
52
|
+
serverImpl.tmpCertificateManager = undefined;
|
|
53
|
+
return StatusCodes.Good;
|
|
54
|
+
}
|
|
55
|
+
finally {
|
|
56
|
+
serverImpl.operationInProgress = false;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=apply_changes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"apply_changes.js","sourceRoot":"","sources":["../../../source/server/push_certificate_manager/apply_changes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAmB,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAGtE,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,eAAe,CAAC,qBAAqB,CAAC,CAAC;AAE1D,6BAA6B;AAC7B,KAAK,UAAU,gBAAgB,CAAC,UAAiD;IAC7E,OAAO,UAAU,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC;QAC3C,MAAM,KAAK,EAAE,EAAE,CAAC;IACpB,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAiD;IACvF,yEAAyE;IACzE,oFAAoF;IACpF,mDAAmD;IAEnD,IAAI,UAAU,CAAC,mBAAmB,EAAE,CAAC;QACjC,OAAO,WAAW,CAAC,oBAAoB,CAAC;IAC5C,CAAC;IAED,uCAAuC;IACvC,IAAI,UAAU,CAAC,sBAAsB,CAAC,iBAAiB,KAAK,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnG,2FAA2F;QAC3F,OAAO,WAAW,CAAC,cAAc,CAAC;IACtC,CAAC;IAED,UAAU,CAAC,mBAAmB,GAAG,IAAI,CAAC;IACtC,IAAI,CAAC;QACD,IAAI,CAAC;YACD,UAAU,CAAC,IAAI,CAAC,0BAA0B,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,uBAAuB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAEnC,IAAI,CAAC;YACD,MAAM,UAAU,CAAC,sBAAsB,CAAC,YAAY,EAAE,CAAC;QAC3D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,MAAM,UAAU,CAAC,sBAAsB,CAAC,gBAAgB,EAAE,CAAC;YAC3D,UAAU,CAAC,MAAM,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,OAAO,WAAW,CAAC,gBAAgB,CAAC;QACxC,CAAC;QACD,IAAI,CAAC;YACD,UAAU,CAAC,IAAI,CAAC,oBAAoB,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,uBAAuB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,gBAAgB,CAAC,UAAU,CAAC,CAAC;QAEnC,yEAAyE;QACzE,IAAI,UAAU,CAAC,qBAAqB,EAAE,CAAC;YACnC,MAAM,UAAU,CAAC,qBAAqB,CAAC,OAAO,EAAE,CAAC;QACrD,CAAC;QACD,UAAU,CAAC,qBAAqB,GAAG,SAAS,CAAC;QAC7C,OAAO,WAAW,CAAC,IAAI,CAAC;IAC5B,CAAC;YAAS,CAAC;QACP,UAAU,CAAC,mBAAmB,GAAG,KAAK,CAAC;IAC3C,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import { NodeId } from "node-opcua-nodeid";
|
|
2
|
+
import type { SubjectOptions } from "node-opcua-pki";
|
|
3
|
+
import type { CreateSigningRequestResult } from "../../push_certificate_manager.js";
|
|
4
|
+
import type { PushCertificateManagerInternalContext } from "./internal_context.js";
|
|
5
|
+
export declare function executeCreateSigningRequest(serverImpl: PushCertificateManagerInternalContext, certificateGroupId: NodeId | string, certificateTypeId: NodeId | string, subjectName: string | SubjectOptions | null, regeneratePrivateKey?: boolean, nonce?: Buffer): Promise<CreateSigningRequestResult>;
|