node-opcua-server-configuration 2.97.0 → 2.98.1

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "node-opcua-server-configuration",
-    "version": "2.97.0",
-    "description": "pure nodejs OPCUA SDK - module -server",
+    "version": "2.98.1",
+    "description": "pure nodejs OPCUA SDK - module server-configuration",
     "scripts": {
         "build": "tsc -b",
         "lint": "eslint source/**/*.ts",
@@ -12,36 +12,36 @@
     "types": "./dist/index.d.ts",
     "dependencies": {
         "chalk": "4.1.2",
-        "memfs": "^3.4.13",
-        "node-opcua-address-space": "2.97.0",
-        "node-opcua-address-space-base": "2.97.0",
-        "node-opcua-assert": "2.88.0",
-        "node-opcua-basic-types": "2.97.0",
-        "node-opcua-binary-stream": "2.90.1",
-        "node-opcua-certificate-manager": "2.92.0",
-        "node-opcua-client": "2.97.0",
-        "node-opcua-common": "2.97.0",
-        "node-opcua-constants": "2.88.0",
+        "memfs": "^3.5.0",
+        "node-opcua-address-space": "2.98.1",
+        "node-opcua-address-space-base": "2.98.1",
+        "node-opcua-assert": "2.98.1",
+        "node-opcua-basic-types": "2.98.1",
+        "node-opcua-binary-stream": "2.98.1",
+        "node-opcua-certificate-manager": "2.98.1",
+        "node-opcua-client": "2.98.1",
+        "node-opcua-common": "2.98.1",
+        "node-opcua-constants": "2.98.1",
         "node-opcua-crypto": "^2.1.2",
-        "node-opcua-data-model": "2.97.0",
-        "node-opcua-debug": "2.90.1",
-        "node-opcua-file-transfer": "2.97.0",
-        "node-opcua-hostname": "2.88.0",
-        "node-opcua-nodeid": "2.97.0",
+        "node-opcua-data-model": "2.98.1",
+        "node-opcua-debug": "2.98.1",
+        "node-opcua-file-transfer": "2.98.1",
+        "node-opcua-hostname": "2.98.1",
+        "node-opcua-nodeid": "2.98.1",
         "node-opcua-pki": "^3.0.2",
-        "node-opcua-pseudo-session": "2.97.0",
-        "node-opcua-secure-channel": "2.97.0",
-        "node-opcua-server": "2.97.0",
-        "node-opcua-service-translate-browse-path": "2.97.0",
-        "node-opcua-status-code": "2.90.1",
-        "node-opcua-types": "2.97.0",
-        "node-opcua-variant": "2.97.0",
+        "node-opcua-pseudo-session": "2.98.1",
+        "node-opcua-secure-channel": "2.98.1",
+        "node-opcua-server": "2.98.1",
+        "node-opcua-service-translate-browse-path": "2.98.1",
+        "node-opcua-status-code": "2.98.1",
+        "node-opcua-types": "2.98.1",
+        "node-opcua-variant": "2.98.1",
         "rimraf": "3.0.2"
     },
     "devDependencies": {
-        "node-opcua-data-value": "2.97.0",
-        "node-opcua-leak-detector": "2.90.1",
-        "node-opcua-nodesets": "2.96.0",
+        "node-opcua-data-value": "2.98.1",
+        "node-opcua-leak-detector": "2.98.1",
+        "node-opcua-nodesets": "2.98.1",
         "should": "^13.2.3"
     },
     "author": "Etienne Rossignon",
@@ -59,5 +59,9 @@
         "internet of things"
     ],
     "homepage": "http://node-opcua.github.io/",
-    "gitHead": "19c96bda0810d2dec73dd1c2427546be40908646"
+    "gitHead": "07dcdd8e8c7f2b55544c6e23023093e35674829c",
+    "files": [
+        "dist",
+        "source"
+    ]
 }

package/bin/configurator.ts

@@ -1,304 +0,0 @@
-import * as path from "path";
-import * as fs from "fs";
-import * as util from "util";
-import * as os from "os";
-import {
-    AttributeIds,
-    ClientSession,
-    IBasicSession,
-    makeApplicationUrn,
-    MessageSecurityMode,
-    OPCUAClient,
-    resolveNodeId,
-    SecurityPolicy,
-    StatusCodes,
-    UserTokenType
-} from "node-opcua-client";
-import {
-    Certificate,
-    exploreCertificate,
-    exploreCertificateSigningRequest,
-    makeSHA1Thumbprint,
-    publicKeyAndPrivateKeyMatches,
-    readCertificate,
-    readCertificateRevocationList,
-    split_der,
-    toPem
-} from "node-opcua-crypto";
-import { CertificateAuthority } from "node-opcua-pki";
-import { OPCUACertificateManager } from "node-opcua-certificate-manager";
-import { TrustListDataType } from "node-opcua-types";
-
-import { CertificateType } from "../source";
-import { ClientPushCertificateManagement } from "../source/clientTools";
-
-const endpointUrl = "opc.tcp://localhost:48010";
-
-function dumpCertificateInfo(certificate: Certificate) {
-    console.log("thumbprint ", makeSHA1Thumbprint(certificate).toString("hex").toUpperCase());
-    const i = exploreCertificate(certificate);
-    console.log(" serial number       : ", i.tbsCertificate.serialNumber);
-    console.log(" subject             : ");
-    for (const [k, v] of Object.entries(i.tbsCertificate.subject)) {
-        console.log(`   ${k.padEnd(18)}: ${v}`);
-    }
-    console.log(" notBefore           : ", i.tbsCertificate.validity.notBefore);
-    console.log(" notAfter            : ", i.tbsCertificate.validity.notAfter);
-    console.log(" issuer              : ");
-    for (const [k, v] of Object.entries(i.tbsCertificate.issuer)) {
-        console.log(`   ${k.padEnd(18)}: ${v}`);
-    }
-    console.log(" signature algo      : ", i.signatureAlgorithm);
-}
-
-async function dumpTrustedList(trustList: TrustListDataType) {
-    if (trustList.trustedCertificates && trustList.trustedCertificates.length) {
-        console.log("number of trusted certificates", trustList.trustedCertificates.length);
-        for (const certificate of trustList.trustedCertificates) {
-            dumpCertificateInfo(certificate);
-        }
-    }
-    if (trustList.issuerCertificates && trustList.issuerCertificates.length) {
-        console.log("number of issuers certificates", trustList.issuerCertificates.length);
-        for (const certificate of trustList.issuerCertificates) {
-            dumpCertificateInfo(certificate);
-        }
-    }
-}
-async function dumpApplicationTrustedCertificates(session: IBasicSession) {
-    const s = new ClientPushCertificateManagement(session);
-    const applicationGroup = await s.getCertificateGroup("DefaultApplicationGroup");
-
-    const trustList = await applicationGroup.getTrustList();
-    const tl = await trustList.readTrustedCertificateList();
-    dumpTrustedList(tl);
-}
-
-async function dumpUserTokenTrustedCertificates(session: IBasicSession) {
-    const s = new ClientPushCertificateManagement(session);
-    const applicationGroup = await s.getCertificateGroup("DefaultUserTokenGroup");
-
-    const trustList = await applicationGroup.getTrustList();
-    const tl = await trustList.readTrustedCertificateList();
-    dumpTrustedList(tl);
-}
-
-async function getRejectedList(session: IBasicSession) {
-    const s = new ClientPushCertificateManagement(session);
-    const rejectedList = await s.getRejectedList();
-    if (rejectedList.statusCode.isNotGood()) {
-        throw new Error(rejectedList.statusCode.name);
-    }
-
-    console.log("number of rejected certificates ", rejectedList.certificates?.length);
-    for (const certificate of rejectedList.certificates || []) {
-        dumpCertificateInfo(certificate);
-    }
-}
-
-async function dumpServerConfiguration(session: IBasicSession) {
-    const capabilitiesDataValue = await session.read({
-        nodeId: resolveNodeId("ServerConfiguration_ServerCapabilities"),
-        attributeId: AttributeIds.Value
-    });
-    const capabilities = capabilitiesDataValue.value.value as string[];
-    console.log(" server capabilities  : ", capabilities.join(","));
-
-    const multicastDnsEnabledDataValue = await session.read({
-        nodeId: resolveNodeId("ServerConfiguration_MulticastDnsEnabled"),
-        attributeId: AttributeIds.Value
-    });
-    const multicastDnsEnabled = multicastDnsEnabledDataValue.value.value as boolean;
-    console.log(" multicastDns enabled : ", multicastDnsEnabled);
-
-    const maxTrustListSizeDataValue = await session.read({
-        nodeId: resolveNodeId("ServerConfiguration_MaxTrustListSize"),
-        attributeId: AttributeIds.Value
-    });
-    const maxTrustListSize = maxTrustListSizeDataValue.value.value as number;
-    console.log(" max trust list size  : ", maxTrustListSize);
-
-    const supportedPrivateKeyFormatsDataValue = await session.read({
-        nodeId: resolveNodeId("ServerConfiguration_SupportedPrivateKeyFormats"),
-        attributeId: AttributeIds.Value
-    });
-    const supportedPrivateKeyFormats = supportedPrivateKeyFormatsDataValue.value.value as string[];
-    console.log(" key format           : ", supportedPrivateKeyFormats.join(","));
-    //
-    await dumpApplicationTrustedCertificates(session);
-    //
-    await dumpUserTokenTrustedCertificates(session);
-    //
-    await getRejectedList(session);
-}
-
-async function addApplicationCertificate(session: IBasicSession) {
-    const s = new ClientPushCertificateManagement(session);
-    const ag = await s.getApplicationGroup();
-    const trustList = await ag.getTrustList();
-
-    const certificateFile = path.join(__dirname, "../../node-opcua-samples/certificates/client_cert_2048.pem");
-
-    const certificate = await readCertificate(certificateFile);
-    await trustList.addCertificate(certificate, true);
-}
-
-async function addApplicationIssuerCertificateAndCRL(session: IBasicSession) {
-    /**
-     */
-}
-async function replaceServerCertificate(session: IBasicSession, caAuthority: CertificateAuthority) {
-    const certificateAutorityhPath = path.join(caAuthority.location);
-    const caCertificate = await readCertificate(caAuthority.caCertificate);
-    // also get crl
-    const crl = await readCertificateRevocationList(caAuthority.revocationList);
-
-    // get signing request
-    const s = new ClientPushCertificateManagement(session);
-    const ag = await s.getApplicationGroup();
-    const csr = await s.createSigningRequest("DefaultApplicationGroup", CertificateType.RsaSha256Application, "CN=toto", false);
-    if (csr.statusCode.isNotGood()) {
-        console.log("Signing Request = ", csr.statusCode.toString());
-        throw new Error(csr.statusCode.name);
-    }
-
-    console.log(csr.certificateSigningRequest?.toString("base64"));
-
-    const certificateFile = path.join(certificateAutorityhPath, "demo.pem");
-    const csrFilename = path.join(certificateAutorityhPath, "csr.pem");
-    fs.writeFileSync(csrFilename, toPem(csr.certificateSigningRequest!, "CERTIFICATE REQUEST"));
-
-    const certificateRequestInfo = exploreCertificateSigningRequest(csr.certificateSigningRequest!);
-    console.log(util.inspect(certificateRequestInfo, { depth: 10 }));
-
-    const applicationUri = certificateRequestInfo.extensionRequest.subjectAltName.uniformResourceIdentifier[0];
-    console.log("applicationUri = ", applicationUri);
-    await caAuthority.signCertificateRequest(certificateFile, csrFilename, {
-        startDate: new Date(),
-        endDate: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365 * 10),
-        reason: "Signature by me",
-        applicationUri
-    });
-
-    const certificateChain = readCertificate(certificateFile);
-    dumpCertificateInfo(certificateChain);
-
-    // now publish certificate
-
-    const certificates = split_der(certificateChain);
-
-    const a = await s.getApplicationGroup();
-    const tl = await a.getTrustList();
-    tl.addCertificate(caCertificate, false);
-
-    const result = await s.updateCertificate("DefaultApplicationGroup", CertificateType.RsaSha256Application, certificates[0], [
-        certificates[1],
-        crl
-    ]);
-    if (result.statusCode.isNotGood()) {
-        throw new Error("updateCertificate failed " + csr.statusCode.name);
-    }
-    if (result.applyChangesRequired) {
-        console.log("Applying changes");
-        const statusCode = await s.applyChanges();
-        if (statusCode.isNotGood()) {
-            throw new Error("applyChanged failed " + csr.statusCode.name);
-        }
-    }
-}
-(async () => {
-    try {
-        const configFolder = path.join(__dirname, "../temp/aa");
-        if (!fs.existsSync(configFolder)) {
-            fs.mkdirSync(configFolder);
-        }
-
-        // --------------------------------------------------------------- CA Authority
-        const certificateAutorityhPath = path.join(configFolder, "CA");
-        const caAuthority = new CertificateAuthority({
-            location: certificateAutorityhPath,
-            keySize: 4096
-        });
-        await caAuthority.initialize();
-        await caAuthority.constructCACertificateWithCRL();
-        const caCertificate = await readCertificate(caAuthority.caCertificate);
-        const crl = await readCertificateRevocationList(caAuthority.revocationList);
-
-        // --------------------------------------------------------------- Client PKI
-        const hostname = os.hostname();
-        const applicationUri = makeApplicationUrn(hostname, "Client");
-
-        const pkiPath = path.join(configFolder, "PKI");
-        const clientCertificateManager = new OPCUACertificateManager({
-            automaticallyAcceptUnknownCertificate: true,
-            rootFolder: pkiPath,
-            keySize: 4096
-        });
-        await clientCertificateManager.initialize();
-        const certificateFile = path.join(clientCertificateManager.rootDir, "own/certs/client_certificate.pem");
-        if (!fs.existsSync(certificateFile)) {
-            await clientCertificateManager.createSelfSignedCertificate({
-                applicationUri,
-                startDate: new Date(),
-                endDate: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365),
-                validity: 365,
-                subject: "CN=Sterfive",
-                dns: [hostname],
-                outputFile: certificateFile
-            });
-        }
-
-        // ------------------------------------------------------------------- Add CA Certificate to Client PKI
-        console.log(caCertificate.toString("base64"));
-        await clientCertificateManager.addIssuer(caCertificate, false, true);
-        await clientCertificateManager.addRevocationList(crl);
-
-        const client = OPCUAClient.create({
-            applicationUri,
-            endpointMustExist: false,
-            connectionStrategy: {
-                maxRetry: 1
-            },
-            securityMode: MessageSecurityMode.SignAndEncrypt,
-            securityPolicy: SecurityPolicy.Basic256Sha256,
-
-            clientCertificateManager,
-            certificateFile
-        });
-
-        await client.withSessionAsync(
-            {
-                endpointUrl,
-                userIdentity: { type: UserTokenType.UserName, userName: "root", password: "secret" }
-            },
-            async (session) => {
-                try {
-                    await dumpServerConfiguration(session);
-
-                    // add application certificate
-
-                    await addApplicationCertificate(session);
-
-                    await dumpServerConfiguration(session);
-
-                    // add issuer certificate + crl
-                    await addApplicationIssuerCertificateAndCRL(session);
-
-                    // await replaceServerCertificate(session, caAuthority);
-
-                    console.log("done");
-                } catch (err) {
-                    if (err instanceof Error) {
-                        console.log("Error ", err.message);
-                    }
-                    console.log(err);
-                }
-            }
-        );
-    } catch (err) {
-        if (err instanceof Error) {
-            console.log("Error ", err.message);
-        }
-        console.log(err);
-    }
-})();