node-opcua-server-configuration 2.170.1 → 2.172.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/install_certificate_file_watcher.d.ts +4 -4
- package/dist/server/install_certificate_file_watcher.js.map +1 -1
- package/dist/server/install_push_certificate_management.d.ts +4 -2
- package/dist/server/install_push_certificate_management.js +29 -21
- package/dist/server/install_push_certificate_management.js.map +1 -1
- package/package.json +25 -25
- package/source/server/install_certificate_file_watcher.ts +9 -5
- package/source/server/install_push_certificate_management.ts +36 -24
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { UAObject } from "node-opcua-address-space-base";
|
|
2
|
-
export interface
|
|
3
|
-
|
|
1
|
+
import type { ITypedEventEmitter, UAObject, UAObjectEvents } from "node-opcua-address-space-base";
|
|
2
|
+
export interface CertificateChangeEvents extends UAObjectEvents {
|
|
3
|
+
certificateChange: () => void;
|
|
4
4
|
}
|
|
5
|
-
export declare function installCertificateFileWatcher(node: UAObject
|
|
5
|
+
export declare function installCertificateFileWatcher(node: UAObject<CertificateChangeEvents>, certificateFile: string): ITypedEventEmitter<CertificateChangeEvents>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"install_certificate_file_watcher.js","sourceRoot":"","sources":["../../source/server/install_certificate_file_watcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"install_certificate_file_watcher.js","sourceRoot":"","sources":["../../source/server/install_certificate_file_watcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AAMtD,MAAM,UAAU,6BAA6B,CACzC,IAAuC,EACvC,eAAuB;IAEvB,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CACtB,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,EAC7B,EAAE,UAAU,EAAE,KAAK,EAAE,EACrB,CAAC,UAA+B,EAAE,QAAQ,EAAE,EAAE;QAC1C,MAAM;QACN,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC3B,QAAQ,CAAC,qBAAqB,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;YACvD,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QACnC,CAAC;IACL,CAAC,CACJ,CAAC;IACF,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;IACvC,YAAY,EAAE,oBAAoB,CAAC,GAAG,EAAE;QACpC,SAAS,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,OAAO,IAAI,CAAC;AAChB,CAAC"}
|
|
@@ -1,16 +1,18 @@
|
|
|
1
1
|
import type { AddressSpace } from "node-opcua-address-space";
|
|
2
|
-
import
|
|
2
|
+
import { OPCUACertificateManager } from "node-opcua-certificate-manager";
|
|
3
3
|
import { type ICertificateKeyPairProvider } from "node-opcua-common";
|
|
4
4
|
import { type OPCUAServer } from "node-opcua-server";
|
|
5
5
|
import { type ApplicationDescriptionOptions } from "node-opcua-types";
|
|
6
6
|
export interface OPCUAServerPartial extends ICertificateKeyPairProvider {
|
|
7
7
|
serverInfo?: ApplicationDescriptionOptions;
|
|
8
8
|
serverCertificateManager: OPCUACertificateManager;
|
|
9
|
-
privateKeyFile: string;
|
|
10
9
|
certificateFile: string;
|
|
10
|
+
privateKeyFile: string;
|
|
11
11
|
engine: {
|
|
12
12
|
addressSpace?: AddressSpace;
|
|
13
13
|
};
|
|
14
14
|
createDefaultCertificate(): Promise<void>;
|
|
15
|
+
setProvider(provider: ICertificateKeyPairProvider): void;
|
|
16
|
+
invalidateCachedCertificates(): void;
|
|
15
17
|
}
|
|
16
18
|
export declare function installPushCertificateManagementOnServer(server: OPCUAServer): Promise<void>;
|
|
@@ -4,7 +4,8 @@
|
|
|
4
4
|
import path from "node:path";
|
|
5
5
|
import chalk from "chalk";
|
|
6
6
|
import { assert } from "node-opcua-assert";
|
|
7
|
-
import {
|
|
7
|
+
import { OPCUACertificateManager } from "node-opcua-certificate-manager";
|
|
8
|
+
import { DiskCertificateKeyPairProvider } from "node-opcua-common";
|
|
8
9
|
import { split_der, exploreCertificateInfo } from "node-opcua-crypto/web";
|
|
9
10
|
import { checkDebugFlag, make_debugLog, make_errorLog, make_warningLog } from "node-opcua-debug";
|
|
10
11
|
import { invalidateServerCertificateCache } from "node-opcua-server";
|
|
@@ -53,29 +54,25 @@ async function onApplyChangesCompleted(server) {
|
|
|
53
54
|
debugLog(chalk.yellow("channels have been closed -> client should reconnect "));
|
|
54
55
|
}
|
|
55
56
|
/**
|
|
56
|
-
* Redirect the server's
|
|
57
|
-
*
|
|
58
|
-
*
|
|
57
|
+
* Redirect the server's certificate provider to the cert manager's
|
|
58
|
+
* paths, create a default certificate if none exists, and invalidate
|
|
59
|
+
* cached secrets.
|
|
59
60
|
*/
|
|
60
61
|
async function install() {
|
|
61
62
|
doDebug && debugLog("install push certificate management", this.serverCertificateManager.rootDir);
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
get: () => path.join(this.serverCertificateManager.rootDir, CERT_PEM_RELATIVE_PATH),
|
|
69
|
-
configurable: true,
|
|
70
|
-
enumerable: true
|
|
71
|
-
});
|
|
63
|
+
const certFile = path.join(this.serverCertificateManager.rootDir, CERT_PEM_RELATIVE_PATH);
|
|
64
|
+
const keyFile = this.serverCertificateManager.privateKey;
|
|
65
|
+
// Inject a new disk provider pointing at the cert manager's
|
|
66
|
+
// paths. The server's certificateFile/privateKeyFile getters
|
|
67
|
+
// now automatically return the new paths.
|
|
68
|
+
this.setProvider(new DiskCertificateKeyPairProvider(certFile, keyFile));
|
|
72
69
|
// Delegate to the base server's createDefaultCertificate() which
|
|
73
70
|
// handles DNS (fqdn + hostname + configured), IPs (auto + configured),
|
|
74
71
|
// proper subject via makeSubject(), mutex locking, and file checks.
|
|
75
72
|
await this.createDefaultCertificate();
|
|
76
73
|
// Invalidate any previously cached secrets so that
|
|
77
74
|
// getCertificateChain() / getPrivateKey() will re-read from disk.
|
|
78
|
-
|
|
75
|
+
this.invalidateCachedCertificates();
|
|
79
76
|
}
|
|
80
77
|
export async function installPushCertificateManagementOnServer(server) {
|
|
81
78
|
if (!server.engine || !server.engine.addressSpace) {
|
|
@@ -83,13 +80,24 @@ export async function installPushCertificateManagementOnServer(server) {
|
|
|
83
80
|
"You need to call installPushCertificateManagementOnServer after server has been initialized");
|
|
84
81
|
}
|
|
85
82
|
await install.call(server);
|
|
86
|
-
// After install()
|
|
87
|
-
// the
|
|
88
|
-
//
|
|
89
|
-
//
|
|
90
|
-
|
|
83
|
+
// After install() injected a new DiskCertificateKeyPairProvider,
|
|
84
|
+
// set the same provider on each endpoint so they all read from
|
|
85
|
+
// the cert manager's paths.
|
|
86
|
+
// Push certificate management is inherently disk-based.
|
|
87
|
+
// Assert that the store is a disk-based OPCUACertificateManager.
|
|
88
|
+
if (!(server.serverCertificateManager instanceof OPCUACertificateManager)) {
|
|
89
|
+
throw new Error("installPushCertificateManagementOnServer requires a" +
|
|
90
|
+
" disk-based OPCUACertificateManager as" +
|
|
91
|
+
" serverCertificateManager");
|
|
92
|
+
}
|
|
93
|
+
const cm = server.serverCertificateManager;
|
|
94
|
+
const certFile = path.join(cm.rootDir, CERT_PEM_RELATIVE_PATH);
|
|
95
|
+
const keyFile = cm.privateKey;
|
|
96
|
+
for (const endpoint of server.endpoints) {
|
|
97
|
+
endpoint.setCertificateProvider(new DiskCertificateKeyPairProvider(certFile, keyFile));
|
|
98
|
+
}
|
|
91
99
|
await installPushCertificateManagement(server.engine.addressSpace, {
|
|
92
|
-
applicationGroup:
|
|
100
|
+
applicationGroup: cm,
|
|
93
101
|
userTokenGroup: server.userCertificateManager,
|
|
94
102
|
applicationUri: server.serverInfo.applicationUri || "InvalidURI"
|
|
95
103
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"install_push_certificate_management.js","sourceRoot":"","sources":["../../source/server/install_push_certificate_management.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"install_push_certificate_management.js","sourceRoot":"","sources":["../../source/server/install_push_certificate_management.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,8BAA8B,EAAoC,MAAM,mBAAmB,CAAC;AACrG,OAAO,EAAoB,SAAS,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAC5F,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACjG,OAAO,EAAE,gCAAgC,EAA8C,MAAM,mBAAmB,CAAC;AACjH,OAAO,EAAmB,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAsC,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEnF,OAAO,EAAE,gCAAgC,EAAE,MAAM,uCAAuC,CAAC;AAGzF,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,cAAc,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,QAAQ,GAAG,aAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,eAAe,CAAC,qBAAqB,CAAC,CAAC;AAE1D,wEAAwE;AACxE,MAAM,sBAAsB,GAAG,2BAA2B,CAAC;AAa3D,KAAK,UAAU,0BAA0B,CAAC,MAAmB;IACzD,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,sDAAsD,CAAC,CAAC,CAAC;IAC1F,MAAM,MAAM,CAAC,gBAAgB,EAAE,CAAC;IAChC,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,qDAAqD,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,mBAAmB,CAAC,MAAmB;IAClD,OAAO,IAAI,QAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC7C,gCAAgC,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,uBAAuB,CAAC,MAAmB;IACtD,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,oDAAoD,CAAC,CAAC,CAAC;IACxF,MAAM,MAAM,CAAC,gBAAgB,EAAE,CAAC;IAChC,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,gDAAgD,CAAC,CAAC,CAAC;IAEpF,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,iDAAiD,CAAC,CAAC,CAAC;IACrF,MAAM,MAAM,CAAC,eAAe,EAAE,CAAC;IAC/B,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,gDAAgD,CAAC,CAAC,CAAC;IAEpF,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,uDAAuD,CAAC,CAAC,CAAC;AACpF,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,OAAO;IAClB,OAAO,IAAI,QAAQ,CAAC,qCAAqC,EAAE,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;IAElG,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;IAC1F,MAAM,OAAO,GAAG,IAAI,CAAC,wBAAwB,CAAC,UAAU,CAAC;IAEzD,4DAA4D;IAC5D,6DAA6D;IAC7D,0CAA0C;IAC1C,IAAI,CAAC,WAAW,CAAC,IAAI,8BAA8B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAExE,iEAAiE;IACjE,uEAAuE;IACvE,oEAAoE;IACpE,MAAM,IAAI,CAAC,wBAAwB,EAAE,CAAC;IAEtC,mDAAmD;IACnD,kEAAkE;IAClE,IAAI,CAAC,4BAA4B,EAAE,CAAC;AACxC,CAAC;AAMD,MAAM,CAAC,KAAK,UAAU,wCAAwC,CAAC,MAAmB;IAC9E,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CACX,0CAA0C;YAC1C,6FAA6F,CAChG,CAAC;IACN,CAAC;IACD,MAAM,OAAO,CAAC,IAAI,CAAC,MAAuC,CAAC,CAAC;IAE5D,iEAAiE;IACjE,+DAA+D;IAC/D,4BAA4B;IAC5B,wDAAwD;IACxD,iEAAiE;IACjE,IAAI,CAAC,CAAC,MAAM,CAAC,wBAAwB,YAAY,uBAAuB,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,KAAK,CACX,qDAAqD;YACrD,wCAAwC;YACxC,2BAA2B,CAC9B,CAAC;IACN,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,CAAC,wBAAwB,CAAC;IAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,EAAE,CAAC,UAAU,CAAC;IAC9B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACtC,QAAQ,CAAC,sBAAsB,CAAC,IAAI,8BAA8B,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,gCAAgC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE;QAC/D,gBAAgB,EAAE,EAAE;QACpB,cAAc,EAAE,MAAM,CAAC,sBAAsB;QAE7C,cAAc,EAAE,MAAM,CAAC,UAAU,CAAC,cAAc,IAAI,YAAY;KACnE,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;IACvH,MAAM,uBAAuB,GAAG,mBAA8C,CAAC;IAC/E,MAAM,CAAC,uBAAuB,CAAC,uBAAuB,CAAC,CAAC;IAExD,uBAAuB,CAAC,uBAAuB,CAAC,EAAE,CAAC,0BAA0B,EAAE,CAAC,WAAwB,EAAE,EAAE;QACxG,WAAW,CAAC,IAAI,CAAC,KAAK,IAAmB,EAAE;YACvC,OAAO,IAAI,QAAQ,CAAC,yCAAyC,CAAC,CAAC;YAC/D,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAC;YACzC,OAAO,IAAI,QAAQ,CAAC,0CAA0C,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IACH,uBAAuB,CAAC,uBAAuB,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,WAAwB,EAAE,EAAE;QAClG,WAAW,CAAC,IAAI,CAAC,KAAK,IAAmB,EAAE;YACvC,OAAO,IAAI,QAAQ,CAAC,mCAAmC,CAAC,CAAC;YACzD,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,IAAI,QAAQ,CAAC,oCAAoC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,uBAAuB,CAAC,uBAAuB,CAAC,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC7E,wDAAwD;QACxD,gDAAgD;QAChD,YAAY,CAAC,KAAK,IAAI,EAAE;YACpB,IAAI,CAAC;gBACD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;YAC1C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,QAAQ,CAAC,gCAAgC,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YACvE,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,EAAE;IACF,4DAA4D;IAC5D,4DAA4D;IAC5D,+DAA+D;IAC/D,EAAE;IACF,+DAA+D;IAC/D,sDAAsD;IACtD,gCAAgC,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,iEAAiE;AAEjE;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,SAAS,2BAA2B,CAAC,UAAsB;IACvD,OAAO,CACH,WAAW,CAAC,uBAAuB,CAAC,MAAM,CAAC,UAAU,CAAC;QACtD,WAAW,CAAC,+BAA+B,CAAC,MAAM,CAAC,UAAU,CAAC;QAC9D,WAAW,CAAC,qCAAqC,CAAC,MAAM,CAAC,UAAU,CAAC;QACpE,WAAW,CAAC,6BAA6B,CAAC,MAAM,CAAC,UAAU,CAAC,CAC/D,CAAC;AACN,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,yBAAyB,CACpC,MAAmB,EACnB,WAAwB;IAExB,IAAI,KAAoB,CAAC;IACzB,IAAI,CAAC;QACD,KAAK,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,UAAU,CACN,kEAAkE,EACjE,GAAa,CAAC,OAAO,CACzB,CAAC;QACF,OAAO;IACX,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,CAAC,wBAA8D,CAAC;IAEjF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,gDAAgD;QAChD,iEAAiE;QACjE,yCAAyC;QACzC,IAAI,CAAC;YACD,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,UAAU,CACN,yEAAyE,EACxE,GAAa,CAAC,OAAO,CACzB,CAAC;YACF,SAAS;QACb,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACV,sCAAsC;YACtC,IAAI,CAAC;gBACD,MAAM,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,uDAAuD;gBACvD,2CAA2C;gBAC3C,IAAK,GAAiC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACvD,UAAU,CACN,0DAA0D,EACzD,GAAa,CAAC,OAAO,CACzB,CAAC;gBACN,CAAC;YACL,CAAC;QACL,CAAC;aAAM,CAAC;YACJ,0DAA0D;YAC1D,2CAA2C;YAC3C,IAAI,CAAC;gBACD,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,UAAU,CACN,qDAAqD,EACpD,GAAa,CAAC,OAAO,CACzB,CAAC;YACN,CAAC;QACL,CAAC;IACL,CAAC;AACL,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,gCAAgC,CAAC,MAAmB;IACzD,MAAM,uBAAuB,GAAG,KAAK,EACjC,UAAsB,EACtB,WAAwB,EACL,EAAE;QACrB,sCAAsC;QACtC,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,KAAK,WAAW,CAAC,eAAe,EAAE,CAAC;YACjE,OAAO,UAAU,CAAC;QACtB,CAAC;QAED,8DAA8D;QAC9D,IAAI,CAAC,2BAA2B,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,OAAO,UAAU,CAAC;QACtB,CAAC;QAED,OAAO,IAAI,UAAU,CACjB,+CAA+C,EAC/C,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,EACjC,uCAAuC,CAC1C,CAAC;QAEF,6DAA6D;QAC7D,MAAM,yBAAyB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAErD,OAAO,WAAW,CAAC,IAAI,CAAC;IAC5B,CAAC,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrC,QAAgC,CAAC,yBAAyB,GAAG,uBAAuB,CAAC;IAC1F,CAAC;AACL,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "node-opcua-server-configuration",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.172.0",
|
|
4
4
|
"description": "pure nodejs OPCUA SDK - module server-configuration",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "tsc -b",
|
|
@@ -14,35 +14,35 @@
|
|
|
14
14
|
"type": "module",
|
|
15
15
|
"dependencies": {
|
|
16
16
|
"chalk": "4.1.2",
|
|
17
|
-
"memfs": "^4.57.
|
|
18
|
-
"node-opcua-address-space": "2.
|
|
19
|
-
"node-opcua-address-space-base": "2.
|
|
17
|
+
"memfs": "^4.57.2",
|
|
18
|
+
"node-opcua-address-space": "2.172.0",
|
|
19
|
+
"node-opcua-address-space-base": "2.172.0",
|
|
20
20
|
"node-opcua-assert": "2.164.0",
|
|
21
|
-
"node-opcua-basic-types": "2.
|
|
22
|
-
"node-opcua-binary-stream": "2.
|
|
23
|
-
"node-opcua-certificate-manager": "2.
|
|
24
|
-
"node-opcua-common": "2.
|
|
21
|
+
"node-opcua-basic-types": "2.172.0",
|
|
22
|
+
"node-opcua-binary-stream": "2.172.0",
|
|
23
|
+
"node-opcua-certificate-manager": "2.172.0",
|
|
24
|
+
"node-opcua-common": "2.172.0",
|
|
25
25
|
"node-opcua-constants": "2.157.0",
|
|
26
|
-
"node-opcua-crypto": "5.3.
|
|
27
|
-
"node-opcua-data-model": "2.
|
|
28
|
-
"node-opcua-debug": "2.
|
|
29
|
-
"node-opcua-file-transfer": "2.
|
|
26
|
+
"node-opcua-crypto": "5.3.6",
|
|
27
|
+
"node-opcua-data-model": "2.172.0",
|
|
28
|
+
"node-opcua-debug": "2.172.0",
|
|
29
|
+
"node-opcua-file-transfer": "2.172.0",
|
|
30
30
|
"node-opcua-hostname": "2.167.0",
|
|
31
|
-
"node-opcua-nodeid": "2.
|
|
32
|
-
"node-opcua-pki": "6.
|
|
33
|
-
"node-opcua-pseudo-session": "2.
|
|
34
|
-
"node-opcua-secure-channel": "2.
|
|
35
|
-
"node-opcua-server": "2.
|
|
36
|
-
"node-opcua-service-translate-browse-path": "2.
|
|
37
|
-
"node-opcua-status-code": "2.
|
|
38
|
-
"node-opcua-types": "2.
|
|
39
|
-
"node-opcua-variant": "2.
|
|
31
|
+
"node-opcua-nodeid": "2.172.0",
|
|
32
|
+
"node-opcua-pki": "6.17.0",
|
|
33
|
+
"node-opcua-pseudo-session": "2.172.0",
|
|
34
|
+
"node-opcua-secure-channel": "2.172.0",
|
|
35
|
+
"node-opcua-server": "2.172.0",
|
|
36
|
+
"node-opcua-service-translate-browse-path": "2.172.0",
|
|
37
|
+
"node-opcua-status-code": "2.172.0",
|
|
38
|
+
"node-opcua-types": "2.172.0",
|
|
39
|
+
"node-opcua-variant": "2.172.0"
|
|
40
40
|
},
|
|
41
41
|
"devDependencies": {
|
|
42
42
|
"bcryptjs": "3.0.3",
|
|
43
|
-
"node-opcua-client": "2.
|
|
44
|
-
"node-opcua-data-value": "2.
|
|
45
|
-
"node-opcua-leak-detector": "2.
|
|
43
|
+
"node-opcua-client": "2.172.0",
|
|
44
|
+
"node-opcua-data-value": "2.172.0",
|
|
45
|
+
"node-opcua-leak-detector": "2.172.0",
|
|
46
46
|
"node-opcua-nodesets": "2.163.1"
|
|
47
47
|
},
|
|
48
48
|
"author": "Etienne Rossignon",
|
|
@@ -60,7 +60,7 @@
|
|
|
60
60
|
"internet of things"
|
|
61
61
|
],
|
|
62
62
|
"homepage": "http://node-opcua.github.io/",
|
|
63
|
-
"gitHead": "
|
|
63
|
+
"gitHead": "dfe9993a93b5c3897825e898b5f07b25952c7f45",
|
|
64
64
|
"files": [
|
|
65
65
|
"dist",
|
|
66
66
|
"source"
|
|
@@ -1,14 +1,18 @@
|
|
|
1
1
|
import fs from "node:fs";
|
|
2
2
|
import path from "node:path";
|
|
3
|
-
import type { UAObject } from "node-opcua-address-space-base";
|
|
3
|
+
import type { ITypedEventEmitter, UAObject, UAObjectEvents } from "node-opcua-address-space-base";
|
|
4
4
|
import { make_debugLog } from "node-opcua-debug";
|
|
5
5
|
|
|
6
6
|
const debugLog = make_debugLog("ServerConfiguration");
|
|
7
7
|
|
|
8
|
-
|
|
9
|
-
|
|
8
|
+
|
|
9
|
+
export interface CertificateChangeEvents extends UAObjectEvents {
|
|
10
|
+
certificateChange: () => void;
|
|
10
11
|
}
|
|
11
|
-
export function installCertificateFileWatcher(
|
|
12
|
+
export function installCertificateFileWatcher(
|
|
13
|
+
node: UAObject<CertificateChangeEvents>,
|
|
14
|
+
certificateFile: string
|
|
15
|
+
): ITypedEventEmitter<CertificateChangeEvents> {
|
|
12
16
|
const fileToWatch = path.basename(certificateFile);
|
|
13
17
|
const fsWatcher = fs.watch(
|
|
14
18
|
path.dirname(certificateFile),
|
|
@@ -25,5 +29,5 @@ export function installCertificateFileWatcher(node: UAObject, certificateFile: s
|
|
|
25
29
|
addressSpace?.registerShutdownTask(() => {
|
|
26
30
|
fsWatcher.close();
|
|
27
31
|
});
|
|
28
|
-
return node
|
|
32
|
+
return node;
|
|
29
33
|
}
|
|
@@ -7,8 +7,8 @@ import chalk from "chalk";
|
|
|
7
7
|
|
|
8
8
|
import type { AddressSpace, UAServerConfiguration } from "node-opcua-address-space";
|
|
9
9
|
import { assert } from "node-opcua-assert";
|
|
10
|
-
import
|
|
11
|
-
import { type ICertificateKeyPairProvider
|
|
10
|
+
import { OPCUACertificateManager } from "node-opcua-certificate-manager";
|
|
11
|
+
import { DiskCertificateKeyPairProvider, type ICertificateKeyPairProvider } from "node-opcua-common";
|
|
12
12
|
import { type Certificate, split_der, exploreCertificateInfo } from "node-opcua-crypto/web";
|
|
13
13
|
import { checkDebugFlag, make_debugLog, make_errorLog, make_warningLog } from "node-opcua-debug";
|
|
14
14
|
import { invalidateServerCertificateCache, type OPCUAServer, type OPCUAServerEndPoint } from "node-opcua-server";
|
|
@@ -29,10 +29,12 @@ const CERT_PEM_RELATIVE_PATH = "own/certs/certificate.pem";
|
|
|
29
29
|
export interface OPCUAServerPartial extends ICertificateKeyPairProvider {
|
|
30
30
|
serverInfo?: ApplicationDescriptionOptions;
|
|
31
31
|
serverCertificateManager: OPCUACertificateManager;
|
|
32
|
-
privateKeyFile: string;
|
|
33
32
|
certificateFile: string;
|
|
33
|
+
privateKeyFile: string;
|
|
34
34
|
engine: { addressSpace?: AddressSpace };
|
|
35
35
|
createDefaultCertificate(): Promise<void>;
|
|
36
|
+
setProvider(provider: ICertificateKeyPairProvider): void;
|
|
37
|
+
invalidateCachedCertificates(): void;
|
|
36
38
|
}
|
|
37
39
|
|
|
38
40
|
async function onCertificateAboutToChange(server: OPCUAServer) {
|
|
@@ -76,23 +78,20 @@ async function onApplyChangesCompleted(server: OPCUAServer) {
|
|
|
76
78
|
}
|
|
77
79
|
|
|
78
80
|
/**
|
|
79
|
-
* Redirect the server's
|
|
80
|
-
*
|
|
81
|
-
*
|
|
81
|
+
* Redirect the server's certificate provider to the cert manager's
|
|
82
|
+
* paths, create a default certificate if none exists, and invalidate
|
|
83
|
+
* cached secrets.
|
|
82
84
|
*/
|
|
83
85
|
async function install(this: OPCUAServerPartial): Promise<void> {
|
|
84
86
|
doDebug && debugLog("install push certificate management", this.serverCertificateManager.rootDir);
|
|
85
87
|
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
configurable: true,
|
|
94
|
-
enumerable: true
|
|
95
|
-
});
|
|
88
|
+
const certFile = path.join(this.serverCertificateManager.rootDir, CERT_PEM_RELATIVE_PATH);
|
|
89
|
+
const keyFile = this.serverCertificateManager.privateKey;
|
|
90
|
+
|
|
91
|
+
// Inject a new disk provider pointing at the cert manager's
|
|
92
|
+
// paths. The server's certificateFile/privateKeyFile getters
|
|
93
|
+
// now automatically return the new paths.
|
|
94
|
+
this.setProvider(new DiskCertificateKeyPairProvider(certFile, keyFile));
|
|
96
95
|
|
|
97
96
|
// Delegate to the base server's createDefaultCertificate() which
|
|
98
97
|
// handles DNS (fqdn + hostname + configured), IPs (auto + configured),
|
|
@@ -101,7 +100,7 @@ async function install(this: OPCUAServerPartial): Promise<void> {
|
|
|
101
100
|
|
|
102
101
|
// Invalidate any previously cached secrets so that
|
|
103
102
|
// getCertificateChain() / getPrivateKey() will re-read from disk.
|
|
104
|
-
|
|
103
|
+
this.invalidateCachedCertificates();
|
|
105
104
|
}
|
|
106
105
|
|
|
107
106
|
interface UAServerConfigurationEx extends UAServerConfiguration {
|
|
@@ -117,14 +116,27 @@ export async function installPushCertificateManagementOnServer(server: OPCUAServ
|
|
|
117
116
|
}
|
|
118
117
|
await install.call(server as unknown as OPCUAServerPartial);
|
|
119
118
|
|
|
120
|
-
// After install()
|
|
121
|
-
// the
|
|
122
|
-
//
|
|
123
|
-
//
|
|
124
|
-
|
|
119
|
+
// After install() injected a new DiskCertificateKeyPairProvider,
|
|
120
|
+
// set the same provider on each endpoint so they all read from
|
|
121
|
+
// the cert manager's paths.
|
|
122
|
+
// Push certificate management is inherently disk-based.
|
|
123
|
+
// Assert that the store is a disk-based OPCUACertificateManager.
|
|
124
|
+
if (!(server.serverCertificateManager instanceof OPCUACertificateManager)) {
|
|
125
|
+
throw new Error(
|
|
126
|
+
"installPushCertificateManagementOnServer requires a" +
|
|
127
|
+
" disk-based OPCUACertificateManager as" +
|
|
128
|
+
" serverCertificateManager"
|
|
129
|
+
);
|
|
130
|
+
}
|
|
131
|
+
const cm = server.serverCertificateManager;
|
|
132
|
+
const certFile = path.join(cm.rootDir, CERT_PEM_RELATIVE_PATH);
|
|
133
|
+
const keyFile = cm.privateKey;
|
|
134
|
+
for (const endpoint of server.endpoints) {
|
|
135
|
+
endpoint.setCertificateProvider(new DiskCertificateKeyPairProvider(certFile, keyFile));
|
|
136
|
+
}
|
|
125
137
|
|
|
126
138
|
await installPushCertificateManagement(server.engine.addressSpace, {
|
|
127
|
-
applicationGroup:
|
|
139
|
+
applicationGroup: cm,
|
|
128
140
|
userTokenGroup: server.userCertificateManager,
|
|
129
141
|
|
|
130
142
|
applicationUri: server.serverInfo.applicationUri || "InvalidURI"
|
|
@@ -241,7 +253,7 @@ async function autoTrustCertificateChain(
|
|
|
241
253
|
return;
|
|
242
254
|
}
|
|
243
255
|
|
|
244
|
-
const cm = server.serverCertificateManager;
|
|
256
|
+
const cm = server.serverCertificateManager as unknown as OPCUACertificateManager;
|
|
245
257
|
|
|
246
258
|
for (let i = 0; i < chain.length; i++) {
|
|
247
259
|
const cert = chain[i];
|