node-opcua-server-configuration 2.163.1 → 2.165.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/certificate_types.d.ts +15 -0
- package/dist/clientTools/certificate_types.js +19 -0
- package/dist/clientTools/certificate_types.js.map +1 -0
- package/dist/clientTools/get_certificate_key_type.d.ts +6 -0
- package/dist/clientTools/get_certificate_key_type.js +55 -0
- package/dist/clientTools/get_certificate_key_type.js.map +1 -0
- package/dist/clientTools/index.d.ts +2 -1
- package/dist/clientTools/index.js +2 -17
- package/dist/clientTools/index.js.map +1 -1
- package/dist/clientTools/push_certificate_management_client.d.ts +10 -10
- package/dist/clientTools/push_certificate_management_client.js +85 -89
- package/dist/clientTools/push_certificate_management_client.js.map +1 -1
- package/dist/index.d.ts +9 -7
- package/dist/index.js +9 -23
- package/dist/index.js.map +1 -1
- package/dist/push_certificate_manager.d.ts +6 -5
- package/dist/push_certificate_manager.js +1 -2
- package/dist/server/certificate_validation.d.ts +15 -0
- package/dist/server/certificate_validation.js +76 -0
- package/dist/server/certificate_validation.js.map +1 -0
- package/dist/server/file_transaction_manager.d.ts +30 -0
- package/dist/server/file_transaction_manager.js +223 -0
- package/dist/server/file_transaction_manager.js.map +1 -0
- package/dist/server/install_certificate_file_watcher.d.ts +1 -1
- package/dist/server/install_certificate_file_watcher.js +8 -14
- package/dist/server/install_certificate_file_watcher.js.map +1 -1
- package/dist/server/install_push_certitifate_management.d.ts +6 -6
- package/dist/server/install_push_certitifate_management.js +59 -81
- package/dist/server/install_push_certitifate_management.js.map +1 -1
- package/dist/server/promote_trust_list.d.ts +1 -1
- package/dist/server/promote_trust_list.js +348 -82
- package/dist/server/promote_trust_list.js.map +1 -1
- package/dist/server/push_certificate_manager/apply_changes.d.ts +4 -0
- package/dist/server/push_certificate_manager/apply_changes.js +65 -0
- package/dist/server/push_certificate_manager/apply_changes.js.map +1 -0
- package/dist/server/push_certificate_manager/create_signing_request.d.ts +5 -0
- package/dist/server/push_certificate_manager/create_signing_request.js +108 -0
- package/dist/server/push_certificate_manager/create_signing_request.js.map +1 -0
- package/dist/server/push_certificate_manager/get_rejected_list.d.ts +3 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js +46 -0
- package/dist/server/push_certificate_manager/get_rejected_list.js.map +1 -0
- package/dist/server/push_certificate_manager/internal_context.d.ts +35 -0
- package/dist/server/push_certificate_manager/internal_context.js +45 -0
- package/dist/server/push_certificate_manager/internal_context.js.map +1 -0
- package/dist/server/push_certificate_manager/subject_to_string.d.ts +3 -0
- package/dist/server/push_certificate_manager/subject_to_string.js +27 -0
- package/dist/server/push_certificate_manager/subject_to_string.js.map +1 -0
- package/dist/server/push_certificate_manager/update_certificate.d.ts +5 -0
- package/dist/server/push_certificate_manager/update_certificate.js +134 -0
- package/dist/server/push_certificate_manager/update_certificate.js.map +1 -0
- package/dist/server/push_certificate_manager/util.d.ts +29 -0
- package/dist/server/push_certificate_manager/util.js +117 -0
- package/dist/server/push_certificate_manager/util.js.map +1 -0
- package/dist/server/push_certificate_manager_helpers.d.ts +5 -2
- package/dist/server/push_certificate_manager_helpers.js +110 -113
- package/dist/server/push_certificate_manager_helpers.js.map +1 -1
- package/dist/server/push_certificate_manager_server_impl.d.ts +37 -30
- package/dist/server/push_certificate_manager_server_impl.js +58 -438
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -1
- package/dist/server/roles_and_permissions.d.ts +1 -1
- package/dist/server/roles_and_permissions.js +24 -27
- package/dist/server/roles_and_permissions.js.map +1 -1
- package/dist/server/tools.d.ts +1 -1
- package/dist/server/tools.js +7 -13
- package/dist/server/tools.js.map +1 -1
- package/dist/server/trust_list_server.d.ts +2 -2
- package/dist/server/trust_list_server.js +40 -29
- package/dist/server/trust_list_server.js.map +1 -1
- package/dist/standard_certificate_types.js +6 -9
- package/dist/standard_certificate_types.js.map +1 -1
- package/dist/trust_list.d.ts +2 -2
- package/dist/trust_list.js +1 -2
- package/dist/trust_list_impl.js +1 -2
- package/dist/trust_list_impl.js.map +1 -1
- package/package.json +30 -30
- package/source/clientTools/certificate_types.ts +21 -0
- package/source/clientTools/get_certificate_key_type.ts +73 -0
- package/source/clientTools/index.ts +2 -1
- package/source/clientTools/push_certificate_management_client.ts +49 -44
- package/source/index.ts +9 -7
- package/source/push_certificate_manager.ts +17 -18
- package/source/server/certificate_validation.ts +103 -0
- package/source/server/file_transaction_manager.ts +253 -0
- package/source/server/install_certificate_file_watcher.ts +15 -11
- package/source/server/install_push_certitifate_management.ts +52 -68
- package/source/server/promote_trust_list.ts +392 -73
- package/source/server/push_certificate_manager/apply_changes.ts +73 -0
- package/source/server/push_certificate_manager/create_signing_request.ts +137 -0
- package/source/server/push_certificate_manager/get_rejected_list.ts +63 -0
- package/source/server/push_certificate_manager/internal_context.ts +63 -0
- package/source/server/push_certificate_manager/subject_to_string.ts +25 -0
- package/source/server/push_certificate_manager/update_certificate.ts +203 -0
- package/source/server/push_certificate_manager/util.ts +145 -0
- package/source/server/push_certificate_manager_helpers.ts +62 -52
- package/source/server/push_certificate_manager_server_impl.ts +133 -552
- package/source/server/roles_and_permissions.ts +7 -8
- package/source/server/tools.ts +2 -5
- package/source/server/trust_list_server.ts +24 -9
- package/source/standard_certificate_types.ts +2 -3
- package/source/trust_list.ts +26 -33
|
@@ -1,140 +1,71 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.PushCertificateManagerServerImpl = void 0;
|
|
7
|
-
exports.copyFile = copyFile;
|
|
8
|
-
exports.deleteFile = deleteFile;
|
|
9
|
-
exports.moveFile = moveFile;
|
|
10
|
-
exports.moveFileWithBackup = moveFileWithBackup;
|
|
11
|
-
exports.subjectToString = subjectToString;
|
|
12
1
|
/**
|
|
13
2
|
* @module node-opcua-server-configuration-server
|
|
14
3
|
*/
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
const
|
|
26
|
-
|
|
27
|
-
const { readFile, writeFile, readdir } = fs_1.default.promises;
|
|
28
|
-
const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
|
|
29
|
-
const errorLog = (0, node_opcua_debug_1.make_errorLog)("ServerConfiguration");
|
|
30
|
-
const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
|
|
31
|
-
const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
|
|
32
|
-
doDebug;
|
|
33
|
-
const defaultApplicationGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultApplicationGroup");
|
|
34
|
-
const defaultHttpsGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultHttpsGroup");
|
|
35
|
-
const defaultUserTokenGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultUserTokenGroup");
|
|
36
|
-
function findCertificateGroupName(certificateGroupNodeId) {
|
|
37
|
-
if (typeof certificateGroupNodeId === "string") {
|
|
38
|
-
return certificateGroupNodeId;
|
|
39
|
-
}
|
|
40
|
-
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, node_opcua_nodeid_1.NodeId.nullNodeId) || (0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultApplicationGroup)) {
|
|
41
|
-
return "DefaultApplicationGroup";
|
|
42
|
-
}
|
|
43
|
-
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultHttpsGroup)) {
|
|
44
|
-
return "DefaultHttpsGroup";
|
|
45
|
-
}
|
|
46
|
-
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultUserTokenGroup)) {
|
|
47
|
-
return "DefaultUserTokenGroup";
|
|
48
|
-
}
|
|
49
|
-
return "";
|
|
50
|
-
}
|
|
51
|
-
async function copyFile(source, dest) {
|
|
52
|
-
try {
|
|
53
|
-
debugLog("copying file \n source ", source, "\n =>\n dest ", dest);
|
|
54
|
-
const sourceExist = fs_1.default.existsSync(source);
|
|
55
|
-
if (sourceExist) {
|
|
56
|
-
await fs_1.default.promises.copyFile(source, dest);
|
|
57
|
-
}
|
|
58
|
-
}
|
|
59
|
-
catch (err) {
|
|
60
|
-
errorLog(err);
|
|
61
|
-
}
|
|
62
|
-
}
|
|
63
|
-
async function deleteFile(file) {
|
|
64
|
-
try {
|
|
65
|
-
const exists = await fs_1.default.existsSync(file);
|
|
66
|
-
if (exists) {
|
|
67
|
-
debugLog("deleting file ", file);
|
|
68
|
-
await fs_1.default.promises.unlink(file);
|
|
69
|
-
}
|
|
70
|
-
}
|
|
71
|
-
catch (err) {
|
|
72
|
-
errorLog(err);
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
async function moveFile(source, dest) {
|
|
76
|
-
debugLog("moving file file \n source ", source, "\n =>\n dest ", dest);
|
|
77
|
-
try {
|
|
78
|
-
await copyFile(source, dest);
|
|
79
|
-
await deleteFile(source);
|
|
80
|
-
}
|
|
81
|
-
catch (err) {
|
|
82
|
-
errorLog(err);
|
|
83
|
-
}
|
|
84
|
-
}
|
|
85
|
-
async function moveFileWithBackup(source, dest) {
|
|
86
|
-
// let make a copy of the destination file
|
|
87
|
-
debugLog("moveFileWithBackup file \n source ", source, "\n =>\n dest ", dest);
|
|
88
|
-
await copyFile(dest, dest + "_old");
|
|
89
|
-
await moveFile(source, dest);
|
|
90
|
-
}
|
|
91
|
-
function subjectToString(subject) {
|
|
92
|
-
let s = "";
|
|
93
|
-
subject.commonName && (s += `/CN=${subject.commonName}`);
|
|
94
|
-
subject.country && (s += `/C=${subject.country}`);
|
|
95
|
-
subject.countryName && (s += `/C=${subject.countryName}`);
|
|
96
|
-
subject.domainComponent && (s += `/DC=${subject.domainComponent}`);
|
|
97
|
-
subject.locality && (s += `/L=${subject.locality}`);
|
|
98
|
-
subject.localityName && (s += `/L=${subject.localityName}`);
|
|
99
|
-
subject.organization && (s += `/O=${subject.organization}`);
|
|
100
|
-
subject.organizationName && (s += `/O=${subject.organizationName}`);
|
|
101
|
-
subject.organizationUnitName && (s += `/OU=${subject.organizationUnitName}`);
|
|
102
|
-
subject.state && (s += `/ST=${subject.state}`);
|
|
103
|
-
subject.stateOrProvinceName && (s += `/ST=${subject.stateOrProvinceName}`);
|
|
104
|
-
return s;
|
|
105
|
-
}
|
|
106
|
-
let fileCounter = 0;
|
|
107
|
-
class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
4
|
+
import { EventEmitter } from "node:events";
|
|
5
|
+
import { assert } from "node-opcua-assert";
|
|
6
|
+
import { CertificateManager } from "node-opcua-certificate-manager";
|
|
7
|
+
import { make_errorLog } from "node-opcua-debug";
|
|
8
|
+
import { rsaCertificateTypesArray } from "../clientTools/certificate_types.js";
|
|
9
|
+
import { executeApplyChanges } from "./push_certificate_manager/apply_changes.js";
|
|
10
|
+
import { executeCreateSigningRequest } from "./push_certificate_manager/create_signing_request.js";
|
|
11
|
+
import { executeGetRejectedList } from "./push_certificate_manager/get_rejected_list.js";
|
|
12
|
+
import { PushCertificateManagerInternalContext } from "./push_certificate_manager/internal_context.js";
|
|
13
|
+
import { executeUpdateCertificate } from "./push_certificate_manager/update_certificate.js";
|
|
14
|
+
const errorLog = make_errorLog("ServerConfiguration");
|
|
15
|
+
export class PushCertificateManagerServerImpl extends EventEmitter {
|
|
108
16
|
applicationGroup;
|
|
109
17
|
userTokenGroup;
|
|
110
18
|
httpsGroup;
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
$$actionQueue = [];
|
|
19
|
+
// Use a true private reference (could be upgraded to #context in recent ES)
|
|
20
|
+
_context;
|
|
21
|
+
/** @hidden */
|
|
115
22
|
applicationUri;
|
|
23
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
24
|
+
on(event, listener) {
|
|
25
|
+
return super.on(event, listener);
|
|
26
|
+
}
|
|
27
|
+
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
|
28
|
+
once(event, listener) {
|
|
29
|
+
return super.once(event, listener);
|
|
30
|
+
}
|
|
116
31
|
constructor(options) {
|
|
117
32
|
super();
|
|
33
|
+
this._context = new PushCertificateManagerInternalContext(this);
|
|
118
34
|
this.applicationUri = options ? options.applicationUri : "";
|
|
119
35
|
if (options) {
|
|
120
36
|
this.applicationGroup = options.applicationGroup;
|
|
121
37
|
this.userTokenGroup = options.userTokenGroup;
|
|
122
38
|
this.httpsGroup = options.httpsGroup;
|
|
123
39
|
if (this.userTokenGroup) {
|
|
124
|
-
this.
|
|
125
|
-
//
|
|
126
|
-
|
|
40
|
+
this._context.map.DefaultUserTokenGroup = this.userTokenGroup;
|
|
41
|
+
// Store allowed certificate types, or use all known types as default
|
|
42
|
+
this._context.certificateTypes.DefaultUserTokenGroup = options.userTokenGroupCertificateTypes || [
|
|
43
|
+
// [...rsaCertificateTypes, ...eccCertificateTypes];
|
|
44
|
+
...rsaCertificateTypesArray
|
|
45
|
+
]; // FIXME: ECC is not yet supported
|
|
46
|
+
// c8 ignore next
|
|
47
|
+
if (!(this.userTokenGroup instanceof CertificateManager)) {
|
|
127
48
|
errorLog("Expecting this.userTokenGroup to be instanceof CertificateManager :", this.userTokenGroup.constructor.name);
|
|
128
49
|
throw new Error("Expecting this.userTokenGroup to be instanceof CertificateManager ");
|
|
129
50
|
}
|
|
130
51
|
}
|
|
131
52
|
if (this.applicationGroup) {
|
|
132
|
-
this.
|
|
133
|
-
|
|
53
|
+
this._context.map.DefaultApplicationGroup = this.applicationGroup;
|
|
54
|
+
// Store allowed certificate types, or use all known types as default
|
|
55
|
+
this._context.certificateTypes.DefaultApplicationGroup = options.applicationGroupCertificateTypes || [
|
|
56
|
+
// [...rsaCertificateTypes, ...eccCertificateTypes];
|
|
57
|
+
...rsaCertificateTypesArray
|
|
58
|
+
]; // FIXME: ECC is not yet supported
|
|
59
|
+
assert(this.applicationGroup instanceof CertificateManager);
|
|
134
60
|
}
|
|
135
61
|
if (this.httpsGroup) {
|
|
136
|
-
this.
|
|
137
|
-
|
|
62
|
+
this._context.map.DefaultHttpsGroup = this.httpsGroup;
|
|
63
|
+
// Store allowed certificate types, or use all known types as default
|
|
64
|
+
this._context.certificateTypes.DefaultHttpsGroup = options.httpsGroupCertificateTypes || [
|
|
65
|
+
// [...rsaCertificateTypes, ...eccCertificateTypes];
|
|
66
|
+
...rsaCertificateTypesArray
|
|
67
|
+
]; // FIXME: ECC is not yet supported
|
|
68
|
+
assert(this.httpsGroup instanceof CertificateManager);
|
|
138
69
|
}
|
|
139
70
|
}
|
|
140
71
|
}
|
|
@@ -153,277 +84,17 @@ class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
|
153
84
|
return ["PEM"];
|
|
154
85
|
}
|
|
155
86
|
async getSupportedPrivateKeyFormats() {
|
|
156
|
-
return
|
|
87
|
+
return ["PEM"];
|
|
157
88
|
}
|
|
158
89
|
async createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce) {
|
|
159
|
-
|
|
160
|
-
if (!certificateManager) {
|
|
161
|
-
debugLog(" cannot find group ", certificateGroupId);
|
|
162
|
-
return {
|
|
163
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
164
|
-
};
|
|
165
|
-
}
|
|
166
|
-
if (!subjectName) {
|
|
167
|
-
// reuse existing subjectName
|
|
168
|
-
const currentCertificateFilename = path_1.default.join(certificateManager.rootDir, "own/certs/certificate.pem");
|
|
169
|
-
if (!fs_1.default.existsSync(currentCertificateFilename)) {
|
|
170
|
-
errorLog("Cannot find existing certificate to extract subjectName", currentCertificateFilename);
|
|
171
|
-
return {
|
|
172
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidState
|
|
173
|
-
};
|
|
174
|
-
}
|
|
175
|
-
const certificate = (0, node_opcua_crypto_1.readCertificate)(currentCertificateFilename);
|
|
176
|
-
const e = (0, web_1.exploreCertificate)(certificate);
|
|
177
|
-
subjectName = subjectToString(e.tbsCertificate.subject);
|
|
178
|
-
warningLog("reusing existing certificate subjectAltName = ", subjectName);
|
|
179
|
-
}
|
|
180
|
-
// todo : at this time regenerate private key is not supported
|
|
181
|
-
if (regeneratePrivateKey) {
|
|
182
|
-
// The Server shall create a new Private Key which it stores until the
|
|
183
|
-
// matching signed Certificate is uploaded with the UpdateCertificate Method.
|
|
184
|
-
// Previously created Private Keys may be discarded if UpdateCertificate was not
|
|
185
|
-
// called before calling this method again.
|
|
186
|
-
// Additional entropy which the caller shall provide if regeneratePrivateKey is TRUE.
|
|
187
|
-
// It shall be at least 32 bytes long
|
|
188
|
-
if (!nonce || nonce.length < 32) {
|
|
189
|
-
(0, node_opcua_debug_1.make_warningLog)(" nonce should be provided when regeneratePrivateKey is set, and length shall be greater than 32 bytes");
|
|
190
|
-
return {
|
|
191
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
192
|
-
};
|
|
193
|
-
}
|
|
194
|
-
const location = path_1.default.join(certificateManager.rootDir, "tmp");
|
|
195
|
-
if (fs_1.default.existsSync(location)) {
|
|
196
|
-
await rimraf_1.rimraf.rimraf(path_1.default.join(location));
|
|
197
|
-
}
|
|
198
|
-
if (!fs_1.default.existsSync(location)) {
|
|
199
|
-
await fs_1.default.promises.mkdir(location);
|
|
200
|
-
}
|
|
201
|
-
const destCertificateManager = certificateManager;
|
|
202
|
-
const keySize = certificateManager.keySize; // because keySize is private !
|
|
203
|
-
certificateManager = new node_opcua_certificate_manager_1.CertificateManager({
|
|
204
|
-
keySize,
|
|
205
|
-
location
|
|
206
|
-
});
|
|
207
|
-
debugLog("generating a new private key ...");
|
|
208
|
-
await certificateManager.initialize();
|
|
209
|
-
this._tmpCertificateManager = certificateManager;
|
|
210
|
-
this.addPendingTask(async () => {
|
|
211
|
-
await moveFileWithBackup(certificateManager.privateKey, destCertificateManager.privateKey);
|
|
212
|
-
});
|
|
213
|
-
this.addPendingTask(async () => {
|
|
214
|
-
await rimraf_1.rimraf.rimraf(path_1.default.join(location));
|
|
215
|
-
});
|
|
216
|
-
}
|
|
217
|
-
else {
|
|
218
|
-
// The Server uses its existing Private Key
|
|
219
|
-
}
|
|
220
|
-
if (typeof subjectName !== "string") {
|
|
221
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadInternalError };
|
|
222
|
-
}
|
|
223
|
-
const options = {
|
|
224
|
-
applicationUri: this.applicationUri,
|
|
225
|
-
subject: subjectName
|
|
226
|
-
};
|
|
227
|
-
await certificateManager.initialize();
|
|
228
|
-
const csrFile = await certificateManager.createCertificateRequest(options);
|
|
229
|
-
const csrPEM = await readFile(csrFile, "utf8");
|
|
230
|
-
const certificateSigningRequest = (0, web_1.convertPEMtoDER)(csrPEM);
|
|
231
|
-
this.addPendingTask(() => deleteFile(csrFile));
|
|
232
|
-
return {
|
|
233
|
-
certificateSigningRequest,
|
|
234
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
235
|
-
};
|
|
90
|
+
return await executeCreateSigningRequest(this._context, certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
|
|
236
91
|
}
|
|
237
92
|
async getRejectedList() {
|
|
238
|
-
|
|
239
|
-
async function extractRejectedList(group, certificateList) {
|
|
240
|
-
if (!group) {
|
|
241
|
-
return;
|
|
242
|
-
}
|
|
243
|
-
const rejectedFolder = path_1.default.join(group.rootDir, "rejected");
|
|
244
|
-
const files = await readdir(rejectedFolder);
|
|
245
|
-
const stat = fs_1.default.promises.stat;
|
|
246
|
-
const promises1 = [];
|
|
247
|
-
for (const certFile of files) {
|
|
248
|
-
// read date
|
|
249
|
-
promises1.push(stat(path_1.default.join(rejectedFolder, certFile)));
|
|
250
|
-
}
|
|
251
|
-
const stats = await Promise.all(promises1);
|
|
252
|
-
for (let i = 0; i < stats.length; i++) {
|
|
253
|
-
certificateList.push({
|
|
254
|
-
filename: path_1.default.join(rejectedFolder, files[i]),
|
|
255
|
-
stat: stats[i]
|
|
256
|
-
});
|
|
257
|
-
}
|
|
258
|
-
}
|
|
259
|
-
const list = [];
|
|
260
|
-
await extractRejectedList(this.applicationGroup, list);
|
|
261
|
-
await extractRejectedList(this.userTokenGroup, list);
|
|
262
|
-
await extractRejectedList(this.httpsGroup, list);
|
|
263
|
-
// now sort list from newer file to older file
|
|
264
|
-
list.sort((a, b) => b.stat.mtime.getTime() - a.stat.mtime.getTime());
|
|
265
|
-
const promises = [];
|
|
266
|
-
for (const item of list) {
|
|
267
|
-
promises.push(readFile(item.filename, "utf8"));
|
|
268
|
-
}
|
|
269
|
-
const certificatesPEM = await Promise.all(promises);
|
|
270
|
-
const certificates = certificatesPEM.map(web_1.convertPEMtoDER);
|
|
271
|
-
return {
|
|
272
|
-
certificates,
|
|
273
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
274
|
-
};
|
|
93
|
+
return await executeGetRejectedList(this._context);
|
|
275
94
|
}
|
|
276
95
|
// eslint-disable-next-line max-statements
|
|
277
96
|
async updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey) {
|
|
278
|
-
|
|
279
|
-
// BadInvalidArgument The certificateTypeId or certificateGroupId is not valid.
|
|
280
|
-
// BadCertificateInvalid The Certificate is invalid or the format is not supported.
|
|
281
|
-
// BadNotSupported The Private Key is invalid or the format is not supported.
|
|
282
|
-
// BadUserAccessDenied The current user does not have the rights required.
|
|
283
|
-
// BadSecurityChecksFailed Some failure occurred verifying the integrity of the Certificate.
|
|
284
|
-
const certificateManager = this.getCertificateManager(certificateGroupId);
|
|
285
|
-
if (!certificateManager) {
|
|
286
|
-
debugLog(" cannot find group ", certificateGroupId);
|
|
287
|
-
return {
|
|
288
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument,
|
|
289
|
-
applyChangesRequired: false
|
|
290
|
-
};
|
|
291
|
-
}
|
|
292
|
-
async function preInstallCertificate(self) {
|
|
293
|
-
const certFolder = path_1.default.join(certificateManager.rootDir, "own/certs");
|
|
294
|
-
const certificateFileDER = path_1.default.join(certFolder, `_pending_certificate${fileCounter++}.der`);
|
|
295
|
-
const certificateFilePEM = path_1.default.join(certFolder, `_pending_certificate${fileCounter++}.pem`);
|
|
296
|
-
await writeFile(certificateFileDER, certificate, "binary");
|
|
297
|
-
await writeFile(certificateFilePEM, (0, web_1.toPem)(certificate, "CERTIFICATE"));
|
|
298
|
-
const destDER = path_1.default.join(certFolder, "certificate.der");
|
|
299
|
-
const destPEM = path_1.default.join(certFolder, "certificate.pem");
|
|
300
|
-
// put existing file in security by backing them up
|
|
301
|
-
self.addPendingTask(() => moveFileWithBackup(certificateFileDER, destDER));
|
|
302
|
-
self.addPendingTask(() => moveFileWithBackup(certificateFilePEM, destPEM));
|
|
303
|
-
}
|
|
304
|
-
async function preInstallPrivateKey(self) {
|
|
305
|
-
(0, node_opcua_assert_1.assert)(privateKeyFormat.toUpperCase() === "PEM");
|
|
306
|
-
const ownPrivateFolder = path_1.default.join(certificateManager.rootDir, "own/private");
|
|
307
|
-
const privateKeyFilePEM = path_1.default.join(ownPrivateFolder, `_pending_private_key${fileCounter++}.pem`);
|
|
308
|
-
if (privateKey) {
|
|
309
|
-
const privateKey1 = (0, web_1.coercePEMorDerToPrivateKey)(privateKey);
|
|
310
|
-
const privateKeyPEM = await (0, web_1.coercePrivateKeyPem)(privateKey1);
|
|
311
|
-
await writeFile(privateKeyFilePEM, privateKeyPEM, "utf-8");
|
|
312
|
-
self.addPendingTask(() => moveFileWithBackup(privateKeyFilePEM, certificateManager.privateKey));
|
|
313
|
-
}
|
|
314
|
-
}
|
|
315
|
-
// OPC Unified Architecture, Part 12 42 Release 1.04:
|
|
316
|
-
//
|
|
317
|
-
// UpdateCertificate is used to update a Certificate for a Server.
|
|
318
|
-
// There are the following three use cases for this Method:
|
|
319
|
-
//
|
|
320
|
-
// - The new Certificate was created based on a signing request created with the Method
|
|
321
|
-
// In this case there is no privateKey provided.
|
|
322
|
-
// - A new privateKey and Certificate was created outside the Server and both are updated
|
|
323
|
-
// with this Method.
|
|
324
|
-
// - A new Certificate was created and signed with the information from the old Certificate.
|
|
325
|
-
// In this case there is no privateKey provided.
|
|
326
|
-
// The Server shall do all normal integrity checks on the Certificate and all of the issuer
|
|
327
|
-
// Certificates. If errors occur the BadSecurityChecksFailed error is returned.
|
|
328
|
-
// todo : all normal integrity check on the certificate
|
|
329
|
-
const certInfo = (0, web_1.exploreCertificate)(certificate);
|
|
330
|
-
const now = new Date();
|
|
331
|
-
if (certInfo.tbsCertificate.validity.notBefore.getTime() > now.getTime()) {
|
|
332
|
-
// certificate is not yet valid
|
|
333
|
-
warningLog("Certificate is not yet valid : not before ", certInfo.tbsCertificate.validity.notBefore.toISOString(), "now = ", now.toISOString());
|
|
334
|
-
return {
|
|
335
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed,
|
|
336
|
-
applyChangesRequired: false
|
|
337
|
-
};
|
|
338
|
-
}
|
|
339
|
-
if (certInfo.tbsCertificate.validity.notAfter.getTime() < now.getTime()) {
|
|
340
|
-
// certificate is already out of date
|
|
341
|
-
warningLog("Certificate is already out of date : not after ", certInfo.tbsCertificate.validity.notAfter.toISOString(), "now = ", now.toISOString());
|
|
342
|
-
return {
|
|
343
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed,
|
|
344
|
-
applyChangesRequired: false
|
|
345
|
-
};
|
|
346
|
-
}
|
|
347
|
-
// If the Server returns applyChangesRequired=FALSE then it is indicating that it is able to
|
|
348
|
-
// satisfy the requirements specified for the ApplyChanges Method.
|
|
349
|
-
debugLog(" updateCertificate ", (0, web_1.makeSHA1Thumbprint)(certificate).toString("hex"));
|
|
350
|
-
if (!privateKeyFormat || !privateKey) {
|
|
351
|
-
// first of all we need to find the future private key;
|
|
352
|
-
// this one may have been created during the creation of the certificate signing request
|
|
353
|
-
// but is not active yet
|
|
354
|
-
const privateKey1 = (0, node_opcua_crypto_1.readPrivateKey)(this._tmpCertificateManager ? this._tmpCertificateManager.privateKey : certificateManager.privateKey);
|
|
355
|
-
// The Server shall report an error if the public key does not match the existing Certificate and
|
|
356
|
-
// the privateKey was not provided.
|
|
357
|
-
// privateKey is not provided, so check that the public key matches the existing certificate
|
|
358
|
-
if (!(0, web_1.certificateMatchesPrivateKey)(certificate, privateKey1)) {
|
|
359
|
-
// certificate doesn't match privateKey
|
|
360
|
-
warningLog("certificate doesn't match privateKey");
|
|
361
|
-
/* debug code */
|
|
362
|
-
const certificatePEM = (0, web_1.toPem)(certificate, "CERTIFICATE");
|
|
363
|
-
certificatePEM;
|
|
364
|
-
//xx const privateKeyPEM = toPem(privateKeyDER, "RSA PRIVATE KEY");
|
|
365
|
-
//xx const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
366
|
-
//xx const encryptedBuffer = publicEncrypt_long(initialBuffer, certificatePEM, 256, 11);
|
|
367
|
-
//xx const decryptedBuffer = privateDecrypt_long(encryptedBuffer, privateKeyPEM, 256);
|
|
368
|
-
return {
|
|
369
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed,
|
|
370
|
-
applyChangesRequired: false,
|
|
371
|
-
};
|
|
372
|
-
}
|
|
373
|
-
// a new certificate is provided for us,
|
|
374
|
-
// we keep our private key
|
|
375
|
-
// we do this in two stages
|
|
376
|
-
await preInstallCertificate(this);
|
|
377
|
-
return {
|
|
378
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good,
|
|
379
|
-
applyChangesRequired: true,
|
|
380
|
-
};
|
|
381
|
-
}
|
|
382
|
-
else if (privateKey) {
|
|
383
|
-
// a private key has been provided by the caller !
|
|
384
|
-
if (!privateKeyFormat) {
|
|
385
|
-
warningLog("the privateKeyFormat must be specified " + privateKeyFormat);
|
|
386
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
387
|
-
}
|
|
388
|
-
if (privateKeyFormat !== "PEM" && privateKeyFormat !== "PFX") {
|
|
389
|
-
warningLog(" the private key format is invalid privateKeyFormat =" + privateKeyFormat);
|
|
390
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
391
|
-
}
|
|
392
|
-
if (privateKeyFormat !== "PEM") {
|
|
393
|
-
warningLog("in NodeOPCUA we only support PEM for the moment privateKeyFormat =" + privateKeyFormat);
|
|
394
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
395
|
-
}
|
|
396
|
-
let privateKey1;
|
|
397
|
-
if (privateKey && (privateKey instanceof Buffer || typeof privateKey === "string")) {
|
|
398
|
-
if (privateKey instanceof Buffer) {
|
|
399
|
-
(0, node_opcua_assert_1.assert)(privateKeyFormat === "PEM");
|
|
400
|
-
privateKey = privateKey.toString("utf-8");
|
|
401
|
-
}
|
|
402
|
-
privateKey1 = (0, web_1.coercePEMorDerToPrivateKey)(privateKey);
|
|
403
|
-
}
|
|
404
|
-
if (!privateKey1) {
|
|
405
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported, applyChangesRequired: false };
|
|
406
|
-
}
|
|
407
|
-
// privateKey is provided, so check that the public key matches provided private key
|
|
408
|
-
if (!(0, web_1.certificateMatchesPrivateKey)(certificate, privateKey1)) {
|
|
409
|
-
// certificate doesn't match privateKey
|
|
410
|
-
warningLog("certificate doesn't match privateKey");
|
|
411
|
-
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed, applyChangesRequired: false };
|
|
412
|
-
}
|
|
413
|
-
await preInstallPrivateKey(this);
|
|
414
|
-
await preInstallCertificate(this);
|
|
415
|
-
return {
|
|
416
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.Good,
|
|
417
|
-
applyChangesRequired: true
|
|
418
|
-
};
|
|
419
|
-
}
|
|
420
|
-
else {
|
|
421
|
-
// todo !
|
|
422
|
-
return {
|
|
423
|
-
statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported,
|
|
424
|
-
applyChangesRequired: true
|
|
425
|
-
};
|
|
426
|
-
}
|
|
97
|
+
return await executeUpdateCertificate(this._context, certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
|
|
427
98
|
}
|
|
428
99
|
/**
|
|
429
100
|
*
|
|
@@ -461,68 +132,17 @@ class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
|
461
132
|
* created the transaction and has access to the SecurityAdmin Role (see 7.2).
|
|
462
133
|
*
|
|
463
134
|
*/
|
|
464
|
-
async applyChanges() {
|
|
465
|
-
|
|
466
|
-
// This Method should only be called if a previous call to a Method that changed the
|
|
467
|
-
// configuration returns applyChangesRequired=true.
|
|
468
|
-
//
|
|
469
|
-
// If the Server Certificate has changed, Secure Channels using the old Certificate will
|
|
470
|
-
// eventually be interrupted.
|
|
471
|
-
this.emit("CertificateAboutToChange", this.$$actionQueue);
|
|
472
|
-
await this.flushActionQueue();
|
|
473
|
-
try {
|
|
474
|
-
await this.applyPendingTasks();
|
|
475
|
-
}
|
|
476
|
-
catch (err) {
|
|
477
|
-
debugLog("err ", err);
|
|
478
|
-
return node_opcua_basic_types_1.StatusCodes.BadInternalError;
|
|
479
|
-
}
|
|
480
|
-
this.emit("CertificateChanged", this.$$actionQueue);
|
|
481
|
-
await this.flushActionQueue();
|
|
482
|
-
// The only leeway the Server has is with the timing.
|
|
483
|
-
// In the best case, the Server can close the TransportConnections for the affected Endpoints and leave any
|
|
484
|
-
// Subscriptions intact. This should appear no different than a network interruption from the
|
|
485
|
-
// perspective of the Client. The Client should be prepared to deal with Certificate changes
|
|
486
|
-
// during its reconnect logic. In the worst case, a full shutdown which affects all connected
|
|
487
|
-
// Clients will be necessary. In the latter case, the Server shall advertise its intent to interrupt
|
|
488
|
-
// connections by setting the SecondsTillShutdown and ShutdownReason Properties in the
|
|
489
|
-
// ServerStatus Variable.
|
|
490
|
-
// If the Secure Channel being used to call this Method will be affected by the Certificate change
|
|
491
|
-
// then the Server shall introduce a delay long enough to allow the caller to receive a reply.
|
|
492
|
-
return node_opcua_basic_types_1.StatusCodes.Good;
|
|
135
|
+
async applyChanges(context) {
|
|
136
|
+
return await executeApplyChanges(this._context, context);
|
|
493
137
|
}
|
|
494
|
-
getCertificateManager(
|
|
495
|
-
|
|
496
|
-
return this._map[groupName] || null;
|
|
138
|
+
getCertificateManager(groupName) {
|
|
139
|
+
return this._context.map[groupName] || null;
|
|
497
140
|
}
|
|
498
|
-
|
|
499
|
-
this.
|
|
141
|
+
getCertificateTypes(groupName) {
|
|
142
|
+
return this._context.certificateTypes[groupName];
|
|
500
143
|
}
|
|
501
|
-
async
|
|
502
|
-
|
|
503
|
-
const promises = [];
|
|
504
|
-
const t = this._pendingTasks.splice(0);
|
|
505
|
-
if (false) {
|
|
506
|
-
// node 10.2 and above
|
|
507
|
-
for await (const task of t) {
|
|
508
|
-
await task();
|
|
509
|
-
}
|
|
510
|
-
}
|
|
511
|
-
else {
|
|
512
|
-
while (t.length) {
|
|
513
|
-
const task = t.shift();
|
|
514
|
-
await task();
|
|
515
|
-
}
|
|
516
|
-
}
|
|
517
|
-
await Promise.all(promises);
|
|
518
|
-
debugLog("end applyPendingTasks");
|
|
519
|
-
}
|
|
520
|
-
async flushActionQueue() {
|
|
521
|
-
while (this.$$actionQueue.length) {
|
|
522
|
-
const first = this.$$actionQueue.pop();
|
|
523
|
-
await first();
|
|
524
|
-
}
|
|
144
|
+
async dispose() {
|
|
145
|
+
await this._context.dispose();
|
|
525
146
|
}
|
|
526
147
|
}
|
|
527
|
-
exports.PushCertificateManagerServerImpl = PushCertificateManagerServerImpl;
|
|
528
148
|
//# sourceMappingURL=push_certificate_manager_server_impl.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"push_certificate_manager_server_impl.js","sourceRoot":"","sources":["../../source/server/push_certificate_manager_server_impl.ts"],"names":[],"mappings":";;;;;;AAsFA,4BAUC;AAED,gCAUC;AAED,4BAQC;AAED,gDAKC;AAGD,0CAqBC;AArJD;;GAEG;AACH,mCAAsC;AACtC,4CAAoB;AACpB,gDAAwB;AACxB,mCAAgC;AAEhC,yDAA2C;AAC3C,mEAAiE;AACjE,+CAS+B;AAE/B,yDAAoE;AAYpE,uDAAiG;AACjG,yDAAsE;AACtE,mFAAoE;AAUpE,gFAAgF;AAChF,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,YAAE,CAAC,QAAQ,CAAC;AAErD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AACtD,OAAO,CAAC;AAER,MAAM,uBAAuB,GAAG,IAAA,iCAAa,EAAC,+DAA+D,CAAC,CAAC;AAC/G,MAAM,iBAAiB,GAAG,IAAA,iCAAa,EAAC,yDAAyD,CAAC,CAAC;AACnG,MAAM,qBAAqB,GAAG,IAAA,iCAAa,EAAC,6DAA6D,CAAC,CAAC;AAI3G,SAAS,wBAAwB,CAAC,sBAAuC;IACrE,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE,CAAC;QAC7C,OAAO,sBAAsB,CAAC;IAClC,CAAC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,0BAAM,CAAC,UAAU,CAAC,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,uBAAuB,CAAC,EAAE,CAAC;QACvH,OAAO,yBAAyB,CAAC;IACrC,CAAC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,iBAAiB,CAAC,EAAE,CAAC;QACxD,OAAO,mBAAmB,CAAC;IAC/B,CAAC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,qBAAqB,CAAC,EAAE,CAAC;QAC5D,OAAO,uBAAuB,CAAC;IACnC,CAAC;IACD,OAAO,EAAE,CAAC;AACd,CAAC;AAYM,KAAK,UAAU,QAAQ,CAAC,MAAc,EAAE,IAAY;IACvD,IAAI,CAAC;QACD,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,WAAW,GAAG,YAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,WAAW,EAAE,CAAC;YACd,MAAM,YAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,UAAU,CAAC,IAAY;IACzC,IAAI,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,MAAM,EAAE,CAAC;YACT,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACjC,MAAM,YAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,QAAQ,CAAC,MAAc,EAAE,IAAY;IACvD,QAAQ,CAAC,6BAA6B,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IACvE,IAAI,CAAC;QACD,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7B,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,kBAAkB,CAAC,MAAc,EAAE,IAAY;IACjE,0CAA0C;IAC1C,QAAQ,CAAC,oCAAoC,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;IAC9E,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAAC,CAAC;IACpC,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;AACjC,CAAC;AAGD,SAAgB,eAAe,CAAC,OAAuC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEzD,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAE1D,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAEnE,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAE5D,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAEpE,OAAO,CAAC,oBAAoB,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAE7E,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAE3E,OAAO,CAAC,CAAC;AACb,CAAC;AACD,IAAI,WAAW,GAAG,CAAC,CAAC;AAIpB,MAAa,gCAAiC,SAAQ,qBAAY;IACvD,gBAAgB,CAAsB;IACtC,cAAc,CAAsB;IACpC,UAAU,CAAsB;IAEtB,IAAI,GAA0C,EAAE,CAAC;IACjD,aAAa,GAAc,EAAE,CAAC;IACvC,sBAAsB,CAAsB;IAC5C,aAAa,GAAgB,EAAE,CAAC;IAEhC,cAAc,CAAS;IAE/B,YAAY,OAA4C;QACpD,KAAK,EAAE,CAAC;QAER,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,IAAI,OAAO,EAAE,CAAC;YACV,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YACjD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YACrC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;gBAEtD,uBAAuB;gBACvB,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,YAAY,mDAAkB,CAAC,EAAE,CAAC;oBACvD,QAAQ,CACJ,qEAAqE,EACpE,IAAI,CAAC,cAAsB,CAAC,WAAW,CAAC,IAAI,CAChD,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;gBAC1F,CAAC;YACL,CAAC;YACD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC;gBAC1D,IAAA,0BAAM,EAAC,IAAI,CAAC,gBAAgB,YAAY,mDAAkB,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC9C,IAAA,0BAAM,EAAC,IAAI,CAAC,UAAU,YAAY,mDAAkB,CAAC,CAAC;YAC1D,CAAC;QACL,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU;QACnB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;IAED,IAAW,0BAA0B;QACjC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,6BAA6B;QACtC,OAAO,IAAI,CAAC,0BAA0B,CAAC;IAC3C,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC7B,kBAAmC,EACnC,iBAAkC,EAClC,WAA2C,EAC3C,oBAA8B,EAC9B,KAAc;QAEd,IAAI,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QAExE,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACtB,QAAQ,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;YACpD,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;aAC7C,CAAC;QACN,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACf,6BAA6B;YAC7B,MAAM,0BAA0B,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;YACtG,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,QAAQ,CAAC,yDAAyD,EAAE,0BAA0B,CAAC,CAAC;gBAChG,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,eAAe;iBAC1C,CAAC;YACN,CAAC;YACD,MAAM,WAAW,GAAG,IAAA,mCAAe,EAAC,0BAA0B,CAAC,CAAC;YAChE,MAAM,CAAC,GAAG,IAAA,wBAAkB,EAAC,WAAW,CAAC,CAAC;YAC1C,WAAW,GAAG,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;YACxD,UAAU,CAAC,gDAAgD,EAAE,WAAW,CAAC,CAAC;QAC9E,CAAC;QAED,8DAA8D;QAC9D,IAAI,oBAAoB,EAAE,CAAC;YACvB,sEAAsE;YACtE,6EAA6E;YAC7E,gFAAgF;YAChF,2CAA2C;YAE3C,qFAAqF;YACrF,qCAAqC;YACrC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBAC9B,IAAA,kCAAe,EACX,uGAAuG,CAC1G,CAAC;gBACF,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;iBAC7C,CAAC;YACN,CAAC;YAED,MAAM,QAAQ,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YAC9D,IAAI,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,MAAM,eAAM,CAAC,MAAM,CAAC,cAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC;YACD,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,MAAM,YAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,sBAAsB,GAAG,kBAAkB,CAAC;YAClD,MAAM,OAAO,GAAI,kBAA0B,CAAC,OAAO,CAAC,CAAC,+BAA+B;YACpF,kBAAkB,GAAG,IAAI,mDAAkB,CAAC;gBACxC,OAAO;gBACP,QAAQ;aACX,CAAC,CAAC;YACH,QAAQ,CAAC,kCAAkC,CAAC,CAAC;YAC7C,MAAM,kBAAkB,CAAC,UAAU,EAAE,CAAC;YAEtC,IAAI,CAAC,sBAAsB,GAAG,kBAAkB,CAAC;YAEjD,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;gBAC3B,MAAM,kBAAkB,CAAC,kBAAmB,CAAC,UAAU,EAAE,sBAAsB,CAAC,UAAU,CAAC,CAAC;YAChG,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;gBAC3B,MAAM,eAAM,CAAC,MAAM,CAAC,cAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC7C,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,CAAC;YACJ,2CAA2C;QAC/C,CAAC;QAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC;QACxD,CAAC;QACD,MAAM,OAAO,GAAG;YACZ,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,OAAO,EAAE,WAAY;SACxB,CAAC;QACF,MAAM,kBAAkB,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;QAC3E,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,yBAAyB,GAAG,IAAA,qBAAe,EAAC,MAAM,CAAC,CAAC;QAE1D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QAE/C,OAAO;YACH,yBAAyB;YACzB,UAAU,EAAE,oCAAW,CAAC,IAAI;SAC/B,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,eAAe;QAQxB,qCAAqC;QACrC,KAAK,UAAU,mBAAmB,CAAC,KAAqC,EAAE,eAA2B;YACjG,IAAI,CAAC,KAAK,EAAE,CAAC;gBACT,OAAO;YACX,CAAC;YACD,MAAM,cAAc,GAAG,cAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAC5D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC;YAE5C,MAAM,IAAI,GAAG,YAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;YAE9B,MAAM,SAAS,GAAwB,EAAE,CAAC;YAC1C,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE,CAAC;gBAC3B,YAAY;gBACZ,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,cAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,eAAe,CAAC,IAAI,CAAC;oBACjB,QAAQ,EAAE,cAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7C,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;iBACjB,CAAC,CAAC;YACP,CAAC;QACL,CAAC;QAED,MAAM,IAAI,GAAe,EAAE,CAAC;QAC5B,MAAM,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QACvD,MAAM,mBAAmB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QACrD,MAAM,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QAEjD,8CAA8C;QAC9C,IAAI,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,CAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAEzF,MAAM,QAAQ,GAAsB,EAAE,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,eAAe,GAAa,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE9D,MAAM,YAAY,GAAa,eAAe,CAAC,GAAG,CAAC,qBAAe,CAAC,CAAC;QACpE,OAAO;YACH,YAAY;YACZ,UAAU,EAAE,oCAAW,CAAC,IAAI;SAC/B,CAAC;IACN,CAAC;IAQD,0CAA0C;IACnC,KAAK,CAAC,iBAAiB,CAC1B,kBAAmC,EACnC,iBAAkC,EAClC,WAAmB,EACnB,kBAAgC,EAChC,gBAAyB,EACzB,UAA4B;QAE5B,yCAAyC;QACzC,sFAAsF;QACtF,uFAAuF;QACvF,uFAAuF;QACvF,gFAAgF;QAChF,8FAA8F;QAC9F,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAE,CAAC;QAE3E,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACtB,QAAQ,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;YACpD,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;gBAC1C,oBAAoB,EAAE,KAAK;aAC9B,CAAC;QACN,CAAC;QAED,KAAK,UAAU,qBAAqB,CAAC,IAAsC;YACvE,MAAM,UAAU,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACtE,MAAM,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;YAC7F,MAAM,kBAAkB,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;YAE7F,MAAM,SAAS,CAAC,kBAAkB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;YAC3D,MAAM,SAAS,CAAC,kBAAkB,EAAE,IAAA,WAAK,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;YAEvE,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,cAAI,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;YAEzD,mDAAmD;YACnD,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;YAC3E,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,KAAK,UAAU,oBAAoB,CAAC,IAAsC;YACtE,IAAA,0BAAM,EAAC,gBAAiB,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;YAElD,MAAM,gBAAgB,GAAG,cAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;YAC9E,MAAM,iBAAiB,GAAG,cAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;YAElG,IAAI,UAAU,EAAE,CAAC;gBACb,MAAM,WAAW,GAAG,IAAA,gCAA0B,EAAC,UAAU,CAAC,CAAC;gBAC3D,MAAM,aAAa,GAAG,MAAM,IAAA,yBAAmB,EAAC,WAAW,CAAC,CAAC;gBAC7D,MAAM,SAAS,CAAC,iBAAiB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;gBAC3D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;YACpG,CAAC;QACL,CAAC;QAED,qDAAqD;QACrD,EAAE;QACF,kEAAkE;QAClE,2DAA2D;QAC3D,EAAE;QACF,wFAAwF;QACxF,mDAAmD;QACnD,0FAA0F;QAC1F,uBAAuB;QACvB,6FAA6F;QAC7F,mDAAmD;QAEnD,2FAA2F;QAC3F,+EAA+E;QAC/E,uDAAuD;QACvD,MAAM,QAAQ,GAAG,IAAA,wBAAkB,EAAC,WAAW,CAAC,CAAC;QAEjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACvE,+BAA+B;YAC/B,UAAU,CACN,4CAA4C,EAC5C,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,EACxD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;YACF,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,uBAAuB;gBAC/C,oBAAoB,EAAE,KAAK;aAC9B,CAAC;QACN,CAAC;QACD,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACtE,qCAAqC;YACrC,UAAU,CACN,iDAAiD,EACjD,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,EACvD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;YACF,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,uBAAuB;gBAC/C,oBAAoB,EAAE,KAAK;aAC9B,CAAC;QACN,CAAC;QAED,4FAA4F;QAC5F,kEAAkE;QAElE,QAAQ,CAAC,qBAAqB,EAAE,IAAA,wBAAkB,EAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;QAEjF,IAAI,CAAC,gBAAgB,IAAI,CAAC,UAAU,EAAE,CAAC;YACnC,uDAAuD;YACvD,wFAAwF;YACxF,wBAAwB;YACxB,MAAM,WAAW,GAAG,IAAA,kCAAc,EAC9B,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,UAAU,CACvG,CAAC;YAEF,iGAAiG;YACjG,mCAAmC;YACnC,4FAA4F;YAC5F,IAAI,CAAC,IAAA,kCAA4B,EAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC1D,uCAAuC;gBACvC,UAAU,CAAC,sCAAsC,CAAC,CAAC;gBACnD,gBAAgB;gBAChB,MAAM,cAAc,GAAG,IAAA,WAAK,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC;gBACzD,cAAc,CAAC;gBACf,mEAAmE;gBACnE,sDAAsD;gBACtD,wFAAwF;gBACxF,sFAAsF;gBACtF,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,uBAAuB;oBAC/C,oBAAoB,EAAE,KAAK;iBAC9B,CAAC;YACN,CAAC;YACD,wCAAwC;YACxC,0BAA0B;YAC1B,2BAA2B;YAC3B,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAElC,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,IAAI;gBAC5B,oBAAoB,EAAE,IAAI;aAC7B,CAAC;QACN,CAAC;aAAM,IAAI,UAAU,EAAE,CAAC;YACpB,kDAAkD;YAClD,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACpB,UAAU,CAAC,yCAAyC,GAAG,gBAAgB,CAAC,CAAC;gBACzE,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,oBAAoB,EAAE,KAAK,EAAC,CAAC;YACnF,CAAC;YACD,IAAI,gBAAgB,KAAK,KAAK,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;gBAC3D,UAAU,CAAC,uDAAuD,GAAG,gBAAgB,CAAC,CAAC;gBACvF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;YACpF,CAAC;YACD,IAAI,gBAAgB,KAAK,KAAK,EAAE,CAAC;gBAC7B,UAAU,CAAC,oEAAoE,GAAG,gBAAgB,CAAC,CAAC;gBACpG,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAG,oBAAoB,EAAE,KAAK,EAAE,CAAC;YACrF,CAAC;YAED,IAAI,WAAmC,CAAC;YACxC,IAAI,UAAU,IAAI,CAAC,UAAU,YAAY,MAAM,IAAI,OAAO,UAAU,KAAK,QAAQ,CAAC,EAAE,CAAC;gBACjF,IAAI,UAAU,YAAY,MAAM,EAAE,CAAC;oBAC/B,IAAA,0BAAM,EAAC,gBAAgB,KAAK,KAAK,CAAC,CAAC;oBACnC,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC9C,CAAC;gBACD,WAAW,GAAG,IAAA,gCAA0B,EAAC,UAAU,CAAC,CAAC;YACzD,CAAC;YACD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACf,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;YACpF,CAAC;YACD,qFAAqF;YACrF,IAAI,CAAC,IAAA,kCAA4B,EAAC,WAAW,EAAE,WAAY,CAAC,EAAE,CAAC;gBAC3D,uCAAuC;gBACvC,UAAU,CAAC,sCAAsC,CAAC,CAAC;gBACnD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,uBAAuB,EAAE,oBAAoB,EAAE,KAAK,EAAE,CAAC;YAC5F,CAAC;YAED,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAEjC,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAIlC,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,IAAI;gBAC5B,oBAAoB,EAAE,IAAI;aAC7B,CAAC;QACN,CAAC;aAAM,CAAC;YACJ,SAAS;YACT,OAAO;gBACH,UAAU,EAAE,oCAAW,CAAC,eAAe;gBACvC,oBAAoB,EAAE,IAAI;aAC7B,CAAC;QACN,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACI,KAAK,CAAC,YAAY;QACrB,yEAAyE;QACzE,oFAAoF;QACpF,mDAAmD;QACnD,EAAE;QACF,wFAAwF;QACxF,6BAA6B;QAE7B,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE9B,IAAI,CAAC;YACD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACtB,OAAO,oCAAW,CAAC,gBAAgB,CAAC;QACxC,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE9B,qDAAqD;QACrD,2GAA2G;QAC3G,6FAA6F;QAC7F,4FAA4F;QAC5F,6FAA6F;QAC7F,oGAAoG;QACpG,sFAAsF;QACtF,yBAAyB;QAEzB,kGAAkG;QAClG,8FAA8F;QAC9F,OAAO,oCAAW,CAAC,IAAI,CAAC;IAC5B,CAAC;IAEO,qBAAqB,CAAC,kBAAmC;QAC7D,MAAM,SAAS,GAAG,wBAAwB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IACxC,CAAC;IAEO,cAAc,CAAC,OAA4B;QAC/C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAEO,KAAK,CAAC,iBAAiB;QAC3B,QAAQ,CAAC,yBAAyB,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,KAAK,EAAE,CAAC;YACR,sBAAsB;YACtB,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,EAAE,CAAC;YACjB,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,OAAO,CAAC,CAAC,MAAM,EAAE,CAAC;gBACd,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,EAAG,CAAC;gBACxB,MAAM,IAAI,EAAE,CAAC;YACjB,CAAC;QACL,CAAC;QACD,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC5B,QAAQ,CAAC,uBAAuB,CAAC,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAG,CAAC;YACxC,MAAM,KAAM,EAAE,CAAC;QACnB,CAAC;IACL,CAAC;CACJ;AAvgBD,4EAugBC"}
|
|
1
|
+
{"version":3,"file":"push_certificate_manager_server_impl.js","sourceRoot":"","sources":["../../source/server/push_certificate_manager_server_impl.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAG3C,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAIjD,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAO/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,EAAE,2BAA2B,EAAE,MAAM,sDAAsD,CAAC;AACnG,OAAO,EAAE,sBAAsB,EAAE,MAAM,iDAAiD,CAAC;AACzF,OAAO,EAAE,qCAAqC,EAAE,MAAM,gDAAgD,CAAC;AACvG,OAAO,EAAE,wBAAwB,EAAE,MAAM,kDAAkD,CAAC;AAE5F,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AAmCtD,MAAM,OAAO,gCAAiC,SAAQ,YAAY;IACvD,gBAAgB,CAAsB;IACtC,cAAc,CAAsB;IACpC,UAAU,CAAsB;IAEvC,4EAA4E;IAC3D,QAAQ,CAAwC;IAEjE,cAAc;IACP,cAAc,CAAS;IAS9B,8DAA8D;IACvD,EAAE,CAAC,KAAsB,EAAE,QAAkC;QAChE,OAAO,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACrC,CAAC;IAQD,8DAA8D;IACvD,IAAI,CAAC,KAAsB,EAAE,QAAkC;QAClE,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,YAAY,OAA4C;QACpD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,QAAQ,GAAG,IAAI,qCAAqC,CAAC,IAAI,CAAC,CAAC;QAEhE,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,IAAI,OAAO,EAAE,CAAC;YACV,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YACjD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YACrC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;gBAC9D,qEAAqE;gBACrE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,qBAAqB,GAAG,OAAO,CAAC,8BAA8B,IAAI;oBAC7F,oDAAoD;oBACpD,GAAG,wBAAwB;iBAC9B,CAAC,CAAC,kCAAkC;gBAErC,iBAAiB;gBACjB,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,YAAY,kBAAkB,CAAC,EAAE,CAAC;oBACvD,QAAQ,CACJ,qEAAqE,EACpE,IAAI,CAAC,cAA+D,CAAC,WAAW,CAAC,IAAI,CACzF,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;gBAC1F,CAAC;YACL,CAAC;YACD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC;gBAClE,qEAAqE;gBACrE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,uBAAuB,GAAG,OAAO,CAAC,gCAAgC,IAAI;oBACjG,oDAAoD;oBACpD,GAAG,wBAAwB;iBAC9B,CAAC,CAAC,kCAAkC;gBACrC,MAAM,CAAC,IAAI,CAAC,gBAAgB,YAAY,kBAAkB,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBAClB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC;gBACtD,qEAAqE;gBACrE,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,iBAAiB,GAAG,OAAO,CAAC,0BAA0B,IAAI;oBACrF,oDAAoD;oBACpD,GAAG,wBAAwB;iBAC9B,CAAC,CAAC,kCAAkC;gBACrC,MAAM,CAAC,IAAI,CAAC,UAAU,YAAY,kBAAkB,CAAC,CAAC;YAC1D,CAAC;QACL,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,UAAU;QACnB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;QAC3C,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QACvC,CAAC;IACL,CAAC;IAED,IAAW,0BAA0B;QACjC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,6BAA6B;QACtC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,oBAAoB,CAC7B,kBAAmC,EACnC,iBAAkC,EAClC,WAA2C,EAC3C,oBAA8B,EAC9B,KAAc;QAEd,OAAO,MAAM,2BAA2B,CACpC,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,KAAK,CACR,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,eAAe;QACxB,OAAO,MAAM,sBAAsB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAED,0CAA0C;IACnC,KAAK,CAAC,iBAAiB,CAC1B,kBAAmC,EACnC,iBAAkC,EAClC,WAAmB,EACnB,kBAAgC,EAChC,gBAAyB,EACzB,UAA4B;QAE5B,OAAO,MAAM,wBAAwB,CACjC,IAAI,CAAC,QAAQ,EACb,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,CACb,CAAC;IACN,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAmCG;IACI,KAAK,CAAC,YAAY,CAAC,OAAyB;QAC/C,OAAO,MAAM,mBAAmB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAEM,qBAAqB,CAAC,SAAiB;QAC1C,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IAChD,CAAC;IAEM,mBAAmB,CAAC,SAAiB;QACxC,OAAO,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACrD,CAAC;IAEM,KAAK,CAAC,OAAO;QAChB,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;IAClC,CAAC;CACJ"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import { RolePermissionTypeOptions } from "node-opcua-address-space";
|
|
1
|
+
import { type RolePermissionTypeOptions } from "node-opcua-address-space";
|
|
2
2
|
export declare const rolePermissionRestricted: RolePermissionTypeOptions[];
|
|
3
3
|
export declare const rolePermissionAdminOnly: RolePermissionTypeOptions[];
|