npm - node-opcua-server-configuration - Versions diffs - 2.70.3 → 2.71.0 - Mend

node-opcua-server-configuration 2.70.3 → 2.71.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/dist/clientTools/index.d.ts +1 -1
package/dist/clientTools/index.js +17 -17
package/dist/clientTools/push_certificate_management_client.d.ts +176 -176
package/dist/clientTools/push_certificate_management_client.js +465 -465
package/dist/index.d.ts +10 -10
package/dist/index.js +27 -27
package/dist/push_certificate_manager.d.ts +141 -141
package/dist/push_certificate_manager.js +2 -2
package/dist/push_certificate_manager_helpers.d.ts +6 -0
package/dist/push_certificate_manager_helpers.js +221 -0
package/dist/push_certificate_manager_helpers.js.map +1 -0
package/dist/server/install_CertificateAlarm.d.ts +5 -5
package/dist/server/install_CertificateAlarm.js +37 -37
package/dist/server/install_push_certitifate_management.d.ts +15 -15
package/dist/server/install_push_certitifate_management.js +214 -214
package/dist/server/promote_trust_list.d.ts +6 -6
package/dist/server/promote_trust_list.js +175 -175
package/dist/server/push_certificate_manager_helpers.d.ts +7 -7
package/dist/server/push_certificate_manager_helpers.js +306 -306
package/dist/server/push_certificate_manager_server_impl.d.ts +49 -49
package/dist/server/push_certificate_manager_server_impl.js +522 -522
package/dist/server/roles_and_permissions.d.ts +3 -3
package/dist/server/roles_and_permissions.js +40 -40
package/dist/server/tools.d.ts +3 -3
package/dist/server/tools.js +19 -19
package/dist/server/trust_list_server.d.ts +13 -13
package/dist/server/trust_list_server.js +89 -89
package/dist/standard_certificate_types.d.ts +6 -6
package/dist/standard_certificate_types.js +13 -13
package/dist/trust_list.d.ts +79 -79
package/dist/trust_list.js +2 -2
package/dist/trust_list_impl.js +25 -25
package/package.json +24 -24

package/dist/server/push_certificate_manager_helpers.js CHANGED Viewed

@@ -1,307 +1,307 @@
-"use strict";
-/**
- * @module node-opcua-server-configuration
- */
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.installPushCertificateManagement = exports.promoteCertificateGroup = void 0;
-const node_opcua_debug_1 = require("node-opcua-debug");
-const node_opcua_nodeid_1 = require("node-opcua-nodeid");
-const node_opcua_status_code_1 = require("node-opcua-status-code");
-const node_opcua_variant_1 = require("node-opcua-variant");
-const node_opcua_data_model_1 = require("node-opcua-data-model");
-const node_opcua_constants_1 = require("node-opcua-constants");
-const install_CertificateAlarm_1 = require("./install_CertificateAlarm");
-const push_certificate_manager_server_impl_1 = require("./push_certificate_manager_server_impl");
-const promote_trust_list_1 = require("./promote_trust_list");
-const tools_1 = require("./tools");
-const roles_and_permissions_1 = require("./roles_and_permissions");
-const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
-const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
-const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
-const errorLog = debugLog;
-function expected(variant, dataType, variantArrayType) {
-    if (!variant) {
-        return false;
-    }
-    if (variant.dataType !== dataType) {
-        return false;
-    }
-    if (variant.arrayType !== variantArrayType) {
-        return false;
-    }
-    return true;
-}
-function getPushCertificateManager(method) {
-    const serverConfiguration = method.addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
-    const serverConfigurationPriv = serverConfiguration;
-    if (serverConfigurationPriv.$pushCertificateManager) {
-        return serverConfigurationPriv.$pushCertificateManager;
-    }
-    // throw new Error("Cannot find pushCertificateManager object");
-    return null;
-}
-function _createSigningRequest(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const certificateGroupIdVariant = inputArguments[0];
-        const certificateTypeIdVariant = inputArguments[1];
-        const subjectNameVariant = inputArguments[2];
-        const regeneratePrivateKeyVariant = inputArguments[3];
-        const nonceVariant = inputArguments[4];
-        if (!expected(certificateGroupIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            warningLog("expecting an NodeId for certificateGroupId - 0");
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(certificateTypeIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            warningLog("expecting an NodeId for certificateTypeId - 1");
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(subjectNameVariant, node_opcua_variant_1.DataType.String, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            warningLog("expecting an String for subjectName - 2");
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            warningLog("expecting an Boolean for regeneratePrivateKey - 3");
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(nonceVariant, node_opcua_variant_1.DataType.ByteString, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            warningLog("expecting an ByteString for nonceVariant - 4");
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!(0, tools_1.hasEncryptedChannel)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        const certificateGroupId = certificateGroupIdVariant.value;
-        const certificateTypeId = certificateTypeIdVariant.value;
-        const subjectName = subjectNameVariant.value;
-        const regeneratePrivateKey = regeneratePrivateKeyVariant.value;
-        const nonce = nonceVariant.value;
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const result = yield pushCertificateManager.createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
-        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
-            return { statusCode: result.statusCode };
-        }
-        const callMethodResult = {
-            outputArguments: [
-                {
-                    dataType: node_opcua_variant_1.DataType.ByteString,
-                    value: result.certificateSigningRequest
-                }
-            ],
-            statusCode: result.statusCode
-        };
-        return callMethodResult;
-    });
-}
-function _updateCertificate(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const certificateGroupId = inputArguments[0].value;
-        const certificateTypeId = inputArguments[1].value;
-        const certificate = inputArguments[2].value;
-        const issuerCertificates = inputArguments[3].value;
-        const privateKeyFormat = inputArguments[4].value;
-        const privateKey = inputArguments[5].value;
-        // This Method requires an encrypted channel and that the Client provides credentials with
-        // administrative rights on the Server
-        if (!(0, tools_1.hasEncryptedChannel)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        if (privateKeyFormat && privateKeyFormat !== "" && privateKeyFormat.toLowerCase() !== "pem") {
-            errorLog("_updateCertificate: Invalid PEM format requested " + privateKeyFormat);
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const result = yield pushCertificateManager.updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
-        // todo   raise a CertificateUpdatedAuditEventType
-        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
-            return { statusCode: result.statusCode };
-        }
-        const callMethodResult = {
-            outputArguments: [
-                {
-                    dataType: node_opcua_variant_1.DataType.Boolean,
-                    value: !!result.applyChangesRequired
-                }
-            ],
-            statusCode: result.statusCode
-        };
-        return callMethodResult;
-    });
-}
-function _getRejectedList(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (!(0, tools_1.hasEncryptedChannel)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const result = yield pushCertificateManager.getRejectedList();
-        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
-            return { statusCode: result.statusCode };
-        }
-        return {
-            outputArguments: [
-                {
-                    arrayType: node_opcua_variant_1.VariantArrayType.Array,
-                    dataType: node_opcua_variant_1.DataType.ByteString,
-                    value: result.certificates
-                }
-            ],
-            statusCode: node_opcua_status_code_1.StatusCodes.Good
-        };
-    });
-}
-function _applyChanges(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        // This Method requires an encrypted channel and that the Client provide credentials with
-        // administrative rights on the Server.
-        if (!(0, tools_1.hasEncryptedChannel)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const statusCode = yield pushCertificateManager.applyChanges();
-        return { statusCode };
-    });
-}
-function bindCertificateManager(addressSpace, options) {
-    const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
-    const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
-    if (defaultApplicationGroup) {
-        const trustList = defaultApplicationGroup.getComponentByName("TrustList");
-        if (trustList) {
-            trustList.$$certificateManager = options.applicationGroup;
-        }
-    }
-    const defaultTokenGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultUserTokenGroup");
-    if (defaultTokenGroup) {
-        const trustList = defaultTokenGroup.getComponentByName("TrustList");
-        if (trustList) {
-            trustList.$$certificateManager = options.userTokenGroup;
-        }
-    }
-}
-function promoteCertificateGroup(certificateGroup) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const trustList = certificateGroup.getChildByName("TrustList");
-        if (trustList) {
-            (0, promote_trust_list_1.promoteTrustList)(trustList);
-        }
-    });
-}
-exports.promoteCertificateGroup = promoteCertificateGroup;
-function installPushCertificateManagement(addressSpace, options) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
-        const serverConfigurationPriv = serverConfiguration;
-        if (serverConfigurationPriv.$pushCertificateManager) {
-            warningLog("PushCertificateManagement has already been installed");
-            return;
-        }
-        const accessRestrictionFlag = node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired;
-        function installAccessRestrictions(serverConfiguration) {
-            serverConfiguration.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
-            serverConfiguration.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
-            const applyName = serverConfiguration.getMethodByName("ApplyChanges");
-            applyName === null || applyName === void 0 ? void 0 : applyName.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
-            applyName === null || applyName === void 0 ? void 0 : applyName.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
-            const createSigningRequest = serverConfiguration.getMethodByName("CreateSigningRequest");
-            createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
-            createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setAccessRestrictions(accessRestrictionFlag);
-            const getRejectedList = serverConfiguration.getMethodByName("GetRejectedList");
-            getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
-            getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setAccessRestrictions(accessRestrictionFlag);
-            const updateCertificate = serverConfiguration.getMethodByName("UpdateCertificate");
-            updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
-            updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setAccessRestrictions(accessRestrictionFlag);
-            const certificateGroups = serverConfiguration.getComponentByName("CertificateGroups");
-            certificateGroups.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
-            certificateGroups.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
-            function installAccessRestrictionOnGroup(group) {
-                const trustList = group.getComponentByName("TrustList");
-                if (trustList) {
-                    (0, promote_trust_list_1.installAccessRestrictionOnTrustList)(trustList);
-                }
-            }
-            for (const group of certificateGroups.getComponents()) {
-                group === null || group === void 0 ? void 0 : group.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
-                group === null || group === void 0 ? void 0 : group.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
-                if (group.nodeClass === node_opcua_data_model_1.NodeClass.Object) {
-                    installAccessRestrictionOnGroup(group);
-                }
-            }
-        }
-        installAccessRestrictions(serverConfiguration);
-        serverConfigurationPriv.$pushCertificateManager = new push_certificate_manager_server_impl_1.PushCertificateManagerServerImpl(options);
-        serverConfiguration.supportedPrivateKeyFormats.setValueFromSource({
-            arrayType: node_opcua_variant_1.VariantArrayType.Array,
-            dataType: node_opcua_variant_1.DataType.String,
-            value: ["PEM"]
-        });
-        function install_method_handle_on_type(addressSpace) {
-            const serverConfigurationType = addressSpace.findObjectType("ServerConfigurationType");
-            if (serverConfigurationType.createSigningRequest.isBound()) {
-                return;
-            }
-            serverConfigurationType.createSigningRequest.bindMethod(_createSigningRequest);
-            serverConfigurationType.getRejectedList.bindMethod(_getRejectedList);
-            serverConfigurationType.updateCertificate.bindMethod(_updateCertificate);
-            serverConfigurationType.applyChanges.bindMethod(_applyChanges);
-        }
-        install_method_handle_on_type(addressSpace);
-        serverConfiguration.createSigningRequest.bindMethod(_createSigningRequest);
-        serverConfiguration.updateCertificate.bindMethod(_updateCertificate);
-        serverConfiguration.getRejectedList.bindMethod(_getRejectedList);
-        if (serverConfiguration.applyChanges) {
-            serverConfiguration.applyChanges.bindMethod(_applyChanges);
-        }
-        (0, install_CertificateAlarm_1.installCertificateExpirationAlarm)(addressSpace);
-        const cg = serverConfiguration.certificateGroups.getComponents();
-        const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
-        const certificateTypes = defaultApplicationGroup.getPropertyByName("CertificateTypes");
-        certificateTypes.setValueFromSource({
-            dataType: node_opcua_variant_1.DataType.NodeId,
-            arrayType: node_opcua_variant_1.VariantArrayType.Array,
-            value: [(0, node_opcua_nodeid_1.resolveNodeId)(node_opcua_constants_1.ObjectTypeIds.RsaSha256ApplicationCertificateType)]
-        });
-        for (const certificateGroup of cg) {
-            if (certificateGroup.nodeClass !== node_opcua_data_model_1.NodeClass.Object) {
-                continue;
-            }
-            yield promoteCertificateGroup(certificateGroup);
-        }
-        yield bindCertificateManager(addressSpace, options);
-    });
-}
-exports.installPushCertificateManagement = installPushCertificateManagement;
+"use strict";
+/**
+ * @module node-opcua-server-configuration
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.installPushCertificateManagement = exports.promoteCertificateGroup = void 0;
+const node_opcua_debug_1 = require("node-opcua-debug");
+const node_opcua_nodeid_1 = require("node-opcua-nodeid");
+const node_opcua_status_code_1 = require("node-opcua-status-code");
+const node_opcua_variant_1 = require("node-opcua-variant");
+const node_opcua_data_model_1 = require("node-opcua-data-model");
+const node_opcua_constants_1 = require("node-opcua-constants");
+const install_CertificateAlarm_1 = require("./install_CertificateAlarm");
+const push_certificate_manager_server_impl_1 = require("./push_certificate_manager_server_impl");
+const promote_trust_list_1 = require("./promote_trust_list");
+const tools_1 = require("./tools");
+const roles_and_permissions_1 = require("./roles_and_permissions");
+const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
+const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
+const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
+const errorLog = debugLog;
+function expected(variant, dataType, variantArrayType) {
+    if (!variant) {
+        return false;
+    }
+    if (variant.dataType !== dataType) {
+        return false;
+    }
+    if (variant.arrayType !== variantArrayType) {
+        return false;
+    }
+    return true;
+}
+function getPushCertificateManager(method) {
+    const serverConfiguration = method.addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
+    const serverConfigurationPriv = serverConfiguration;
+    if (serverConfigurationPriv.$pushCertificateManager) {
+        return serverConfigurationPriv.$pushCertificateManager;
+    }
+    // throw new Error("Cannot find pushCertificateManager object");
+    return null;
+}
+function _createSigningRequest(inputArguments, context) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const certificateGroupIdVariant = inputArguments[0];
+        const certificateTypeIdVariant = inputArguments[1];
+        const subjectNameVariant = inputArguments[2];
+        const regeneratePrivateKeyVariant = inputArguments[3];
+        const nonceVariant = inputArguments[4];
+        if (!expected(certificateGroupIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
+            warningLog("expecting an NodeId for certificateGroupId - 0");
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
+        }
+        if (!expected(certificateTypeIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
+            warningLog("expecting an NodeId for certificateTypeId - 1");
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
+        }
+        if (!expected(subjectNameVariant, node_opcua_variant_1.DataType.String, node_opcua_variant_1.VariantArrayType.Scalar)) {
+            warningLog("expecting an String for subjectName - 2");
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
+        }
+        if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
+            warningLog("expecting an Boolean for regeneratePrivateKey - 3");
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
+        }
+        if (!expected(nonceVariant, node_opcua_variant_1.DataType.ByteString, node_opcua_variant_1.VariantArrayType.Scalar)) {
+            warningLog("expecting an ByteString for nonceVariant - 4");
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
+        }
+        if (!(0, tools_1.hasEncryptedChannel)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
+        }
+        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
+        }
+        const certificateGroupId = certificateGroupIdVariant.value;
+        const certificateTypeId = certificateTypeIdVariant.value;
+        const subjectName = subjectNameVariant.value;
+        const regeneratePrivateKey = regeneratePrivateKeyVariant.value;
+        const nonce = nonceVariant.value;
+        const pushCertificateManager = getPushCertificateManager(this);
+        if (!pushCertificateManager) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
+        }
+        const result = yield pushCertificateManager.createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
+        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
+            return { statusCode: result.statusCode };
+        }
+        const callMethodResult = {
+            outputArguments: [
+                {
+                    dataType: node_opcua_variant_1.DataType.ByteString,
+                    value: result.certificateSigningRequest
+                }
+            ],
+            statusCode: result.statusCode
+        };
+        return callMethodResult;
+    });
+}
+function _updateCertificate(inputArguments, context) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const certificateGroupId = inputArguments[0].value;
+        const certificateTypeId = inputArguments[1].value;
+        const certificate = inputArguments[2].value;
+        const issuerCertificates = inputArguments[3].value;
+        const privateKeyFormat = inputArguments[4].value;
+        const privateKey = inputArguments[5].value;
+        // This Method requires an encrypted channel and that the Client provides credentials with
+        // administrative rights on the Server
+        if (!(0, tools_1.hasEncryptedChannel)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
+        }
+        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
+        }
+        if (privateKeyFormat && privateKeyFormat !== "" && privateKeyFormat.toLowerCase() !== "pem") {
+            errorLog("_updateCertificate: Invalid PEM format requested " + privateKeyFormat);
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
+        }
+        const pushCertificateManager = getPushCertificateManager(this);
+        if (!pushCertificateManager) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
+        }
+        const result = yield pushCertificateManager.updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
+        // todo   raise a CertificateUpdatedAuditEventType
+        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
+            return { statusCode: result.statusCode };
+        }
+        const callMethodResult = {
+            outputArguments: [
+                {
+                    dataType: node_opcua_variant_1.DataType.Boolean,
+                    value: !!result.applyChangesRequired
+                }
+            ],
+            statusCode: result.statusCode
+        };
+        return callMethodResult;
+    });
+}
+function _getRejectedList(inputArguments, context) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (!(0, tools_1.hasEncryptedChannel)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
+        }
+        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
+        }
+        const pushCertificateManager = getPushCertificateManager(this);
+        if (!pushCertificateManager) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
+        }
+        const result = yield pushCertificateManager.getRejectedList();
+        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
+            return { statusCode: result.statusCode };
+        }
+        return {
+            outputArguments: [
+                {
+                    arrayType: node_opcua_variant_1.VariantArrayType.Array,
+                    dataType: node_opcua_variant_1.DataType.ByteString,
+                    value: result.certificates
+                }
+            ],
+            statusCode: node_opcua_status_code_1.StatusCodes.Good
+        };
+    });
+}
+function _applyChanges(inputArguments, context) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // This Method requires an encrypted channel and that the Client provide credentials with
+        // administrative rights on the Server.
+        if (!(0, tools_1.hasEncryptedChannel)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
+        }
+        if (!(0, tools_1.hasExpectedUserAccess)(context)) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
+        }
+        const pushCertificateManager = getPushCertificateManager(this);
+        if (!pushCertificateManager) {
+            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
+        }
+        const statusCode = yield pushCertificateManager.applyChanges();
+        return { statusCode };
+    });
+}
+function bindCertificateManager(addressSpace, options) {
+    const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
+    const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
+    if (defaultApplicationGroup) {
+        const trustList = defaultApplicationGroup.getComponentByName("TrustList");
+        if (trustList) {
+            trustList.$$certificateManager = options.applicationGroup;
+        }
+    }
+    const defaultTokenGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultUserTokenGroup");
+    if (defaultTokenGroup) {
+        const trustList = defaultTokenGroup.getComponentByName("TrustList");
+        if (trustList) {
+            trustList.$$certificateManager = options.userTokenGroup;
+        }
+    }
+}
+function promoteCertificateGroup(certificateGroup) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const trustList = certificateGroup.getChildByName("TrustList");
+        if (trustList) {
+            (0, promote_trust_list_1.promoteTrustList)(trustList);
+        }
+    });
+}
+exports.promoteCertificateGroup = promoteCertificateGroup;
+function installPushCertificateManagement(addressSpace, options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
+        const serverConfigurationPriv = serverConfiguration;
+        if (serverConfigurationPriv.$pushCertificateManager) {
+            warningLog("PushCertificateManagement has already been installed");
+            return;
+        }
+        const accessRestrictionFlag = node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired;
+        function installAccessRestrictions(serverConfiguration) {
+            serverConfiguration.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
+            serverConfiguration.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
+            const applyName = serverConfiguration.getMethodByName("ApplyChanges");
+            applyName === null || applyName === void 0 ? void 0 : applyName.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
+            applyName === null || applyName === void 0 ? void 0 : applyName.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
+            const createSigningRequest = serverConfiguration.getMethodByName("CreateSigningRequest");
+            createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
+            createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setAccessRestrictions(accessRestrictionFlag);
+            const getRejectedList = serverConfiguration.getMethodByName("GetRejectedList");
+            getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
+            getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setAccessRestrictions(accessRestrictionFlag);
+            const updateCertificate = serverConfiguration.getMethodByName("UpdateCertificate");
+            updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
+            updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setAccessRestrictions(accessRestrictionFlag);
+            const certificateGroups = serverConfiguration.getComponentByName("CertificateGroups");
+            certificateGroups.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
+            certificateGroups.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
+            function installAccessRestrictionOnGroup(group) {
+                const trustList = group.getComponentByName("TrustList");
+                if (trustList) {
+                    (0, promote_trust_list_1.installAccessRestrictionOnTrustList)(trustList);
+                }
+            }
+            for (const group of certificateGroups.getComponents()) {
+                group === null || group === void 0 ? void 0 : group.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
+                group === null || group === void 0 ? void 0 : group.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
+                if (group.nodeClass === node_opcua_data_model_1.NodeClass.Object) {
+                    installAccessRestrictionOnGroup(group);
+                }
+            }
+        }
+        installAccessRestrictions(serverConfiguration);
+        serverConfigurationPriv.$pushCertificateManager = new push_certificate_manager_server_impl_1.PushCertificateManagerServerImpl(options);
+        serverConfiguration.supportedPrivateKeyFormats.setValueFromSource({
+            arrayType: node_opcua_variant_1.VariantArrayType.Array,
+            dataType: node_opcua_variant_1.DataType.String,
+            value: ["PEM"]
+        });
+        function install_method_handle_on_type(addressSpace) {
+            const serverConfigurationType = addressSpace.findObjectType("ServerConfigurationType");
+            if (serverConfigurationType.createSigningRequest.isBound()) {
+                return;
+            }
+            serverConfigurationType.createSigningRequest.bindMethod(_createSigningRequest);
+            serverConfigurationType.getRejectedList.bindMethod(_getRejectedList);
+            serverConfigurationType.updateCertificate.bindMethod(_updateCertificate);
+            serverConfigurationType.applyChanges.bindMethod(_applyChanges);
+        }
+        install_method_handle_on_type(addressSpace);
+        serverConfiguration.createSigningRequest.bindMethod(_createSigningRequest);
+        serverConfiguration.updateCertificate.bindMethod(_updateCertificate);
+        serverConfiguration.getRejectedList.bindMethod(_getRejectedList);
+        if (serverConfiguration.applyChanges) {
+            serverConfiguration.applyChanges.bindMethod(_applyChanges);
+        }
+        (0, install_CertificateAlarm_1.installCertificateExpirationAlarm)(addressSpace);
+        const cg = serverConfiguration.certificateGroups.getComponents();
+        const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
+        const certificateTypes = defaultApplicationGroup.getPropertyByName("CertificateTypes");
+        certificateTypes.setValueFromSource({
+            dataType: node_opcua_variant_1.DataType.NodeId,
+            arrayType: node_opcua_variant_1.VariantArrayType.Array,
+            value: [(0, node_opcua_nodeid_1.resolveNodeId)(node_opcua_constants_1.ObjectTypeIds.RsaSha256ApplicationCertificateType)]
+        });
+        for (const certificateGroup of cg) {
+            if (certificateGroup.nodeClass !== node_opcua_data_model_1.NodeClass.Object) {
+                continue;
+            }
+            yield promoteCertificateGroup(certificateGroup);
+        }
+        yield bindCertificateManager(addressSpace, options);
+    });
+}
+exports.installPushCertificateManagement = installPushCertificateManagement;
 //# sourceMappingURL=push_certificate_manager_helpers.js.map