node-opcua-server-configuration 2.98.0 → 2.98.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/index.d.ts +1 -0
- package/dist/clientTools/index.js +18 -0
- package/dist/clientTools/index.js.map +1 -0
- package/dist/clientTools/push_certificate_management_client.d.ts +176 -0
- package/dist/clientTools/push_certificate_management_client.js +464 -0
- package/dist/clientTools/push_certificate_management_client.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +28 -0
- package/dist/index.js.map +1 -0
- package/dist/push_certificate_manager.d.ts +141 -0
- package/dist/push_certificate_manager.js +3 -0
- package/dist/push_certificate_manager.js.map +1 -0
- package/dist/server/install_certificate_file_watcher.d.ts +5 -0
- package/dist/server/install_certificate_file_watcher.js +24 -0
- package/dist/server/install_certificate_file_watcher.js.map +1 -0
- package/dist/server/install_push_certitifate_management.d.ts +19 -0
- package/dist/server/install_push_certitifate_management.js +216 -0
- package/dist/server/install_push_certitifate_management.js.map +1 -0
- package/dist/server/promote_trust_list.d.ts +6 -0
- package/dist/server/promote_trust_list.js +176 -0
- package/dist/server/promote_trust_list.js.map +1 -0
- package/dist/server/push_certificate_manager_helpers.d.ts +4 -0
- package/dist/server/push_certificate_manager_helpers.js +412 -0
- package/dist/server/push_certificate_manager_helpers.js.map +1 -0
- package/dist/server/push_certificate_manager_server_impl.d.ts +47 -0
- package/dist/server/push_certificate_manager_server_impl.js +526 -0
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -0
- package/dist/server/roles_and_permissions.d.ts +3 -0
- package/dist/server/roles_and_permissions.js +39 -0
- package/dist/server/roles_and_permissions.js.map +1 -0
- package/dist/server/tools.d.ts +3 -0
- package/dist/server/tools.js +20 -0
- package/dist/server/tools.js.map +1 -0
- package/dist/server/trust_list_server.d.ts +13 -0
- package/dist/server/trust_list_server.js +90 -0
- package/dist/server/trust_list_server.js.map +1 -0
- package/dist/standard_certificate_types.d.ts +6 -0
- package/dist/standard_certificate_types.js +14 -0
- package/dist/standard_certificate_types.js.map +1 -0
- package/dist/trust_list.d.ts +79 -0
- package/dist/trust_list.js +3 -0
- package/dist/trust_list.js.map +1 -0
- package/dist/trust_list_impl.d.ts +0 -0
- package/dist/trust_list_impl.js +26 -0
- package/dist/trust_list_impl.js.map +1 -0
- package/package.json +31 -27
- package/bin/configurator.ts +0 -304
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* @module node-opcua-server-configuration
|
|
4
|
+
*/
|
|
5
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
6
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
7
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
8
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
9
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
10
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
11
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
12
|
+
});
|
|
13
|
+
};
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.installAccessRestrictionOnTrustList = exports.promoteTrustList = void 0;
|
|
16
|
+
const memfs_1 = require("memfs");
|
|
17
|
+
const node_opcua_debug_1 = require("node-opcua-debug");
|
|
18
|
+
const node_opcua_status_code_1 = require("node-opcua-status-code");
|
|
19
|
+
const node_opcua_variant_1 = require("node-opcua-variant");
|
|
20
|
+
const node_opcua_data_model_1 = require("node-opcua-data-model");
|
|
21
|
+
const node_opcua_file_transfer_1 = require("node-opcua-file-transfer");
|
|
22
|
+
const node_opcua_crypto_1 = require("node-opcua-crypto");
|
|
23
|
+
const trust_list_server_1 = require("./trust_list_server");
|
|
24
|
+
const tools_1 = require("./tools");
|
|
25
|
+
const roles_and_permissions_1 = require("./roles_and_permissions");
|
|
26
|
+
const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
|
|
27
|
+
const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
|
|
28
|
+
const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
|
|
29
|
+
const errorLog = debugLog;
|
|
30
|
+
function trustListIsAlreadyOpened(trustList) {
|
|
31
|
+
return false; // to do...
|
|
32
|
+
}
|
|
33
|
+
function _closeAndUpdate(inputArguments, context) {
|
|
34
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
35
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
36
|
+
});
|
|
37
|
+
}
|
|
38
|
+
// in TrustList
|
|
39
|
+
function _addCertificate(inputArguments, context) {
|
|
40
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
41
|
+
// If the Certificate is issued by a CA then the Client shall provide the entire
|
|
42
|
+
// chain in the certificate argument (see OPC 10000-6). After validating the Certificate,
|
|
43
|
+
// the Server shall add the CA Certificates to the Issuers list in the Trust List.
|
|
44
|
+
// The leaf Certificate is added to the list specified by the isTrustedCertificate argument.
|
|
45
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
46
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
47
|
+
}
|
|
48
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
49
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
50
|
+
}
|
|
51
|
+
const trustList = context.object;
|
|
52
|
+
const cm = trustList.$$certificateManager || null;
|
|
53
|
+
// The trust list must have been bound
|
|
54
|
+
if (!cm) {
|
|
55
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInternalError };
|
|
56
|
+
}
|
|
57
|
+
// This method cannot be called if the file object is open.
|
|
58
|
+
if (trustListIsAlreadyOpened(trustList)) {
|
|
59
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState };
|
|
60
|
+
}
|
|
61
|
+
const certificateChain = inputArguments[0].value;
|
|
62
|
+
const isTrustedCertificate = inputArguments[1].value;
|
|
63
|
+
const certificates = (0, node_opcua_crypto_1.split_der)(certificateChain);
|
|
64
|
+
// validate certificate first
|
|
65
|
+
const r = yield (0, node_opcua_crypto_1.verifyCertificateChain)(certificates);
|
|
66
|
+
if (r.status !== "Good") {
|
|
67
|
+
warningLog("Invalid certificate ", r.status, r.reason);
|
|
68
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadCertificateInvalid };
|
|
69
|
+
}
|
|
70
|
+
for (let i = 0; i < certificates.length; i++) {
|
|
71
|
+
const certificate = certificates[i];
|
|
72
|
+
if (i === certificates.length - 1 && isTrustedCertificate) {
|
|
73
|
+
yield cm.trustCertificate(certificate);
|
|
74
|
+
}
|
|
75
|
+
else {
|
|
76
|
+
yield cm.addIssuer(certificate);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
debugLog("_addCertificate - done isTrustedCertificate= ", isTrustedCertificate);
|
|
80
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
81
|
+
});
|
|
82
|
+
}
|
|
83
|
+
function _removeCertificate(inputArguments, context) {
|
|
84
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
85
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
86
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
87
|
+
}
|
|
88
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
89
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
90
|
+
}
|
|
91
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
let counter = 0;
|
|
95
|
+
function promoteTrustList(trustList) {
|
|
96
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
97
|
+
const filename = `/tmpFile${counter}`;
|
|
98
|
+
counter += 1;
|
|
99
|
+
(0, node_opcua_file_transfer_1.installFileType)(trustList, { filename, fileSystem: memfs_1.fs });
|
|
100
|
+
// we need to change the default open method
|
|
101
|
+
const open = trustList.getChildByName("Open");
|
|
102
|
+
const _open_asyncExecutionFunction = open._asyncExecutionFunction;
|
|
103
|
+
// ... and bind the extended methods as well.
|
|
104
|
+
const closeAndUpdate = trustList.getChildByName("CloseAndUpdate");
|
|
105
|
+
const openWithMasks = trustList.getChildByName("OpenWithMasks");
|
|
106
|
+
const addCertificate = trustList.getChildByName("AddCertificate");
|
|
107
|
+
const removeCertificate = trustList.getChildByName("RemoveCertificate");
|
|
108
|
+
function _openTrustList(trustMask, inputArgs, context, callback) {
|
|
109
|
+
if (trustListIsAlreadyOpened(trustList)) {
|
|
110
|
+
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState });
|
|
111
|
+
}
|
|
112
|
+
// if (trustList.isOpened) {
|
|
113
|
+
// warningLog("TrustList is already opened")
|
|
114
|
+
// return { statusCode: StatusCodes.BadInvalidState};
|
|
115
|
+
// }
|
|
116
|
+
// The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
|
|
117
|
+
const openMask = inputArgs[0].value;
|
|
118
|
+
if (openMask !== node_opcua_file_transfer_1.OpenFileMode.Read && openMask !== node_opcua_file_transfer_1.OpenFileMode.WriteEraseExisting) {
|
|
119
|
+
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument });
|
|
120
|
+
}
|
|
121
|
+
// possible statusCode: Bad_UserAccessDenied The current user does not have the rights required.
|
|
122
|
+
const certificateManager = trustList.$$certificateManager || undefined;
|
|
123
|
+
if (certificateManager) {
|
|
124
|
+
(0, trust_list_server_1.writeTrustList)(memfs_1.fs, filename, trustMask, certificateManager)
|
|
125
|
+
.then(() => {
|
|
126
|
+
// trustList.isOpened = true;
|
|
127
|
+
_open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
128
|
+
})
|
|
129
|
+
.catch((err) => {
|
|
130
|
+
errorLog(err);
|
|
131
|
+
callback(err, { statusCode: node_opcua_status_code_1.StatusCodes.BadInternalError });
|
|
132
|
+
});
|
|
133
|
+
}
|
|
134
|
+
else {
|
|
135
|
+
warningLog("certificateManager is not defined on trustlist do something to update the document before we open it");
|
|
136
|
+
return _open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
function _openCallback(inputArgs, context, callback) {
|
|
140
|
+
_openTrustList.call(this, trust_list_server_1.TrustListMasks.All, inputArgs, context, callback);
|
|
141
|
+
}
|
|
142
|
+
open.bindMethod(_openCallback);
|
|
143
|
+
function _openWithMaskCallback(inputArgs, context, callback) {
|
|
144
|
+
const trustListMask = inputArgs[0].value;
|
|
145
|
+
inputArgs[0] = new node_opcua_variant_1.Variant({ dataType: node_opcua_variant_1.DataType.Byte, value: node_opcua_file_transfer_1.OpenFileMode.Read });
|
|
146
|
+
_openTrustList.call(this, trustListMask, inputArgs, context, callback);
|
|
147
|
+
}
|
|
148
|
+
// The OpenWithMasks Method allows a Client to read only the portion of the Trust List.
|
|
149
|
+
// This Method can only be used to read the Trust List.
|
|
150
|
+
openWithMasks.bindMethod(_openWithMaskCallback);
|
|
151
|
+
addCertificate.bindMethod(_addCertificate);
|
|
152
|
+
removeCertificate.bindMethod(_removeCertificate);
|
|
153
|
+
closeAndUpdate === null || closeAndUpdate === void 0 ? void 0 : closeAndUpdate.bindMethod(_closeAndUpdate);
|
|
154
|
+
function install_method_handle_on_TrustListType(addressSpace) {
|
|
155
|
+
const fileType = addressSpace.findObjectType("TrustListType");
|
|
156
|
+
if (!fileType || fileType.addCertificate.isBound()) {
|
|
157
|
+
return;
|
|
158
|
+
}
|
|
159
|
+
fileType.open && fileType.open.bindMethod(_openCallback);
|
|
160
|
+
fileType.addCertificate.bindMethod(_addCertificate);
|
|
161
|
+
fileType.removeCertificate.bindMethod(_removeCertificate);
|
|
162
|
+
fileType.openWithMasks && fileType.openWithMasks.bindMethod(_openWithMaskCallback);
|
|
163
|
+
fileType.closeAndUpdate && fileType.closeAndUpdate.bindMethod(_closeAndUpdate);
|
|
164
|
+
}
|
|
165
|
+
install_method_handle_on_TrustListType(trustList.addressSpace);
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
exports.promoteTrustList = promoteTrustList;
|
|
169
|
+
function installAccessRestrictionOnTrustList(trustList) {
|
|
170
|
+
for (const m of trustList.getComponents()) {
|
|
171
|
+
m === null || m === void 0 ? void 0 : m.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
172
|
+
m === null || m === void 0 ? void 0 : m.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
exports.installAccessRestrictionOnTrustList = installAccessRestrictionOnTrustList;
|
|
176
|
+
//# sourceMappingURL=promote_trust_list.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"promote_trust_list.js","sourceRoot":"","sources":["../../source/server/promote_trust_list.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;AAEH,iCAAoC;AAWpC,uDAAkF;AAClF,mEAAgE;AAEhE,2DAAuD;AACvD,iEAA+D;AAE/D,uEAAqF;AAErF,yDAAsE;AAEtE,2DAAqE;AAErE,mCAAqE;AACrE,mEAAkE;AAElE,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,QAAQ,CAAC;AAE1B,SAAS,wBAAwB,CAAC,SAAsB;IACpD,OAAO,KAAK,CAAC,CAAC,WAAW;AAC7B,CAAC;AAED,SAAe,eAAe,CAE1B,cAAyB,EACzB,OAAwB;;QAExB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;CAAA;AAED,eAAe;AACf,SAAe,eAAe,CAE1B,cAAyB,EACzB,OAAwB;;QAExB,gFAAgF;QAChF,yFAAyF;QACzF,kFAAkF;QAClF,4FAA4F;QAC5F,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAqB,CAAC;QAChD,MAAM,EAAE,GAAK,SAAiB,CAAC,oBAA2C,IAAI,IAAI,CAAC;QAEnF,sCAAsC;QACtC,IAAI,CAAC,EAAE,EAAE;YACL,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC;SACvD;QACD,2DAA2D;QAC3D,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE;YACrC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC;SACtD;QAED,MAAM,gBAAgB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACnE,MAAM,oBAAoB,GAAY,cAAc,CAAC,CAAC,CAAC,CAAC,KAAgB,CAAC;QAEzE,MAAM,YAAY,GAAG,IAAA,6BAAS,EAAC,gBAAgB,CAAC,CAAC;QAEjD,6BAA6B;QAC7B,MAAM,CAAC,GAAG,MAAM,IAAA,0CAAsB,EAAC,YAAY,CAAC,CAAC;QACrD,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE;YACrB,UAAU,CAAC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;YACvD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,qBAAqB,EAAE,CAAC;SAC5D;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YAC1C,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YACpC,IAAI,CAAC,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,oBAAoB,EAAE;gBACvD,MAAM,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;aAC1C;iBAAM;gBACH,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;aACnC;SACJ;QACD,QAAQ,CAAC,+CAA+C,EAAE,oBAAoB,CAAC,CAAC;QAChF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;CAAA;AACD,SAAe,kBAAkB,CAE7B,cAAyB,EACzB,OAAwB;;QAExB,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QAED,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;CAAA;AAED,IAAI,OAAO,GAAG,CAAC,CAAC;AAEhB,SAAsB,gBAAgB,CAAC,SAAsB;;QACzD,MAAM,QAAQ,GAAG,WAAW,OAAO,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,CAAC;QAEb,IAAA,0CAAe,EAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAmB,EAAE,CAAC,CAAC;QAE1E,4CAA4C;QAC5C,MAAM,IAAI,GAAG,SAAS,CAAC,cAAc,CAAC,MAAM,CAAa,CAAC;QAC1D,MAAM,4BAA4B,GAAI,IAAY,CAAC,uBAAwC,CAAC;QAE5F,6CAA6C;QAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAa,CAAC;QAC9E,MAAM,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC,eAAe,CAAa,CAAC;QAC5E,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAa,CAAC;QAC9E,MAAM,iBAAiB,GAAG,SAAS,CAAC,cAAc,CAAC,mBAAmB,CAAa,CAAC;QAEpF,SAAS,cAAc,CAEnB,SAAyB,EACzB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;YAE5C,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE;gBACrC,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC,CAAC;aACtE;YACD,4BAA4B;YAC5B,gDAAgD;YAChD,yDAAyD;YACzD,IAAI;YAEJ,uGAAuG;YACvG,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;YAC9C,IAAI,QAAQ,KAAK,uCAAY,CAAC,IAAI,IAAI,QAAQ,KAAK,uCAAY,CAAC,kBAAkB,EAAE;gBAChF,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC,CAAC;aACzE;YACD,gGAAgG;YAChG,MAAM,kBAAkB,GAAK,SAAiB,CAAC,oBAAgD,IAAI,SAAS,CAAC;YAC7G,IAAI,kBAAkB,EAAE;gBACpB,IAAA,kCAAc,EAAC,UAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE,kBAAkB,CAAC;qBACvE,IAAI,CAAC,GAAG,EAAE;oBACP,8BAA8B;oBAE9B,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC1E,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;oBACX,QAAQ,CAAC,GAAG,CAAC,CAAC;oBACd,QAAQ,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBAChE,CAAC,CAAC,CAAC;aACV;iBAAM;gBACH,UAAU,CAAC,sGAAsG,CAAC,CAAC;gBACnH,OAAO,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;aAChF;QACL,CAAC;QAED,SAAS,aAAa,CAElB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;YAE5C,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,kCAAc,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QAE/B,SAAS,qBAAqB,CAE1B,SAAoB,EACpB,OAAwB,EACxB,QAA4C;YAE5C,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;YACnD,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,4BAAO,CAAC,EAAE,QAAQ,EAAE,6BAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,uCAAY,CAAC,IAAI,EAAE,CAAC,CAAC;YAClF,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC3E,CAAC;QACD,uFAAuF;QACvF,uDAAuD;QACvD,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QAChD,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAC3C,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QACjD,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,UAAU,CAAC,eAAe,CAAC,CAAC;QAE5C,SAAS,sCAAsC,CAAC,YAA2B;YACvE,MAAM,QAAQ,GAAG,YAAY,CAAC,cAAc,CAAC,eAAe,CAAQ,CAAC;YACrE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE;gBAChD,OAAO;aACV;YACD,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;YACzD,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;YACpD,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAC1D,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;YACnF,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QACnF,CAAC;QACD,sCAAsC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACnE,CAAC;CAAA;AA/FD,4CA+FC;AAED,SAAgB,mCAAmC,CAAC,SAAgC;IAChF,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE;QACvC,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;QAC/C,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,qBAAqB,CAAC,8CAAsB,CAAC,eAAe,GAAG,8CAAsB,CAAC,kBAAkB,CAAC,CAAC;KAChH;AACL,CAAC;AALD,kFAKC"}
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
import { AddressSpace, UACertificateGroup } from "node-opcua-address-space";
|
|
2
|
+
import { PushCertificateManagerServerOptions } from "./push_certificate_manager_server_impl";
|
|
3
|
+
export declare function promoteCertificateGroup(certificateGroup: UACertificateGroup): Promise<void>;
|
|
4
|
+
export declare function installPushCertificateManagement(addressSpace: AddressSpace, options: PushCertificateManagerServerOptions): Promise<void>;
|
|
@@ -0,0 +1,412 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.installPushCertificateManagement = exports.promoteCertificateGroup = void 0;
|
|
13
|
+
/**
|
|
14
|
+
* @module node-opcua-server-configuration
|
|
15
|
+
*/
|
|
16
|
+
const path = require("path");
|
|
17
|
+
const fs = require("fs");
|
|
18
|
+
const node_opcua_address_space_1 = require("node-opcua-address-space");
|
|
19
|
+
const node_opcua_address_space_base_1 = require("node-opcua-address-space-base");
|
|
20
|
+
const node_opcua_debug_1 = require("node-opcua-debug");
|
|
21
|
+
const node_opcua_nodeid_1 = require("node-opcua-nodeid");
|
|
22
|
+
const node_opcua_status_code_1 = require("node-opcua-status-code");
|
|
23
|
+
const node_opcua_variant_1 = require("node-opcua-variant");
|
|
24
|
+
const node_opcua_data_model_1 = require("node-opcua-data-model");
|
|
25
|
+
const node_opcua_constants_1 = require("node-opcua-constants");
|
|
26
|
+
const node_opcua_crypto_1 = require("node-opcua-crypto");
|
|
27
|
+
const push_certificate_manager_server_impl_1 = require("./push_certificate_manager_server_impl");
|
|
28
|
+
const promote_trust_list_1 = require("./promote_trust_list");
|
|
29
|
+
const tools_1 = require("./tools");
|
|
30
|
+
const roles_and_permissions_1 = require("./roles_and_permissions");
|
|
31
|
+
const install_certificate_file_watcher_1 = require("./install_certificate_file_watcher");
|
|
32
|
+
const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
|
|
33
|
+
const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
|
|
34
|
+
const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
|
|
35
|
+
const errorLog = debugLog;
|
|
36
|
+
function expected(variant, dataType, variantArrayType) {
|
|
37
|
+
if (!variant) {
|
|
38
|
+
return false;
|
|
39
|
+
}
|
|
40
|
+
if (variant.dataType !== dataType) {
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
if (variant.arrayType !== variantArrayType) {
|
|
44
|
+
return false;
|
|
45
|
+
}
|
|
46
|
+
return true;
|
|
47
|
+
}
|
|
48
|
+
function getPushCertificateManager(method) {
|
|
49
|
+
const serverConfiguration = method.addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
|
|
50
|
+
const serverConfigurationPriv = serverConfiguration;
|
|
51
|
+
if (serverConfigurationPriv.$pushCertificateManager) {
|
|
52
|
+
return serverConfigurationPriv.$pushCertificateManager;
|
|
53
|
+
}
|
|
54
|
+
// throw new Error("Cannot find pushCertificateManager object");
|
|
55
|
+
return null;
|
|
56
|
+
}
|
|
57
|
+
function _createSigningRequest(inputArguments, context) {
|
|
58
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
59
|
+
const certificateGroupIdVariant = inputArguments[0];
|
|
60
|
+
const certificateTypeIdVariant = inputArguments[1];
|
|
61
|
+
const subjectNameVariant = inputArguments[2];
|
|
62
|
+
const regeneratePrivateKeyVariant = inputArguments[3];
|
|
63
|
+
const nonceVariant = inputArguments[4];
|
|
64
|
+
if (!expected(certificateGroupIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
|
|
65
|
+
warningLog("expecting an NodeId for certificateGroupId - 0");
|
|
66
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
|
|
67
|
+
}
|
|
68
|
+
if (!expected(certificateTypeIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
|
|
69
|
+
warningLog("expecting an NodeId for certificateTypeId - 1");
|
|
70
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
|
|
71
|
+
}
|
|
72
|
+
if (!expected(subjectNameVariant, node_opcua_variant_1.DataType.String, node_opcua_variant_1.VariantArrayType.Scalar)) {
|
|
73
|
+
warningLog("expecting an String for subjectName - 2");
|
|
74
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
|
|
75
|
+
}
|
|
76
|
+
if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
|
|
77
|
+
warningLog("expecting an Boolean for regeneratePrivateKey - 3");
|
|
78
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
|
|
79
|
+
}
|
|
80
|
+
if (!expected(nonceVariant, node_opcua_variant_1.DataType.ByteString, node_opcua_variant_1.VariantArrayType.Scalar)) {
|
|
81
|
+
warningLog("expecting an ByteString for nonceVariant - 4");
|
|
82
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
|
|
83
|
+
}
|
|
84
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
85
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
86
|
+
}
|
|
87
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
88
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
89
|
+
}
|
|
90
|
+
const certificateGroupId = certificateGroupIdVariant.value;
|
|
91
|
+
const certificateTypeId = certificateTypeIdVariant.value;
|
|
92
|
+
const subjectName = subjectNameVariant.value;
|
|
93
|
+
const regeneratePrivateKey = regeneratePrivateKeyVariant.value;
|
|
94
|
+
const nonce = nonceVariant.value;
|
|
95
|
+
const pushCertificateManager = getPushCertificateManager(this);
|
|
96
|
+
if (!pushCertificateManager) {
|
|
97
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
|
|
98
|
+
}
|
|
99
|
+
const result = yield pushCertificateManager.createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
|
|
100
|
+
if (result.statusCode.isNotGood()) {
|
|
101
|
+
return { statusCode: result.statusCode };
|
|
102
|
+
}
|
|
103
|
+
const callMethodResult = {
|
|
104
|
+
outputArguments: [
|
|
105
|
+
{
|
|
106
|
+
dataType: node_opcua_variant_1.DataType.ByteString,
|
|
107
|
+
value: result.certificateSigningRequest
|
|
108
|
+
}
|
|
109
|
+
],
|
|
110
|
+
statusCode: result.statusCode
|
|
111
|
+
};
|
|
112
|
+
return callMethodResult;
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
function _updateCertificate(inputArguments, context) {
|
|
116
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
117
|
+
const certificateGroupId = inputArguments[0].value;
|
|
118
|
+
const certificateTypeId = inputArguments[1].value;
|
|
119
|
+
const certificate = inputArguments[2].value;
|
|
120
|
+
const issuerCertificates = inputArguments[3].value;
|
|
121
|
+
const privateKeyFormat = inputArguments[4].value;
|
|
122
|
+
const privateKey = inputArguments[5].value;
|
|
123
|
+
// This Method requires an encrypted channel and that the Client provides credentials with
|
|
124
|
+
// administrative rights on the Server
|
|
125
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
126
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
127
|
+
}
|
|
128
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
129
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
130
|
+
}
|
|
131
|
+
if (privateKeyFormat && privateKeyFormat !== "" && privateKeyFormat.toLowerCase() !== "pem") {
|
|
132
|
+
errorLog("_updateCertificate: Invalid PEM format requested " + privateKeyFormat);
|
|
133
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
|
|
134
|
+
}
|
|
135
|
+
const pushCertificateManager = getPushCertificateManager(this);
|
|
136
|
+
if (!pushCertificateManager) {
|
|
137
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
|
|
138
|
+
}
|
|
139
|
+
const result = yield pushCertificateManager.updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
|
|
140
|
+
// todo raise a CertificateUpdatedAuditEventType
|
|
141
|
+
if (result.statusCode.isNotGood()) {
|
|
142
|
+
return { statusCode: result.statusCode };
|
|
143
|
+
}
|
|
144
|
+
const callMethodResult = {
|
|
145
|
+
outputArguments: [
|
|
146
|
+
{
|
|
147
|
+
dataType: node_opcua_variant_1.DataType.Boolean,
|
|
148
|
+
value: !!result.applyChangesRequired
|
|
149
|
+
}
|
|
150
|
+
],
|
|
151
|
+
statusCode: result.statusCode
|
|
152
|
+
};
|
|
153
|
+
return callMethodResult;
|
|
154
|
+
});
|
|
155
|
+
}
|
|
156
|
+
function _getRejectedList(inputArguments, context) {
|
|
157
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
158
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
159
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
160
|
+
}
|
|
161
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
162
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
163
|
+
}
|
|
164
|
+
const pushCertificateManager = getPushCertificateManager(this);
|
|
165
|
+
if (!pushCertificateManager) {
|
|
166
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
|
|
167
|
+
}
|
|
168
|
+
const result = yield pushCertificateManager.getRejectedList();
|
|
169
|
+
if (result.statusCode.isNotGood()) {
|
|
170
|
+
return { statusCode: result.statusCode };
|
|
171
|
+
}
|
|
172
|
+
return {
|
|
173
|
+
outputArguments: [
|
|
174
|
+
{
|
|
175
|
+
arrayType: node_opcua_variant_1.VariantArrayType.Array,
|
|
176
|
+
dataType: node_opcua_variant_1.DataType.ByteString,
|
|
177
|
+
value: result.certificates
|
|
178
|
+
}
|
|
179
|
+
],
|
|
180
|
+
statusCode: node_opcua_status_code_1.StatusCodes.Good
|
|
181
|
+
};
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
function _applyChanges(inputArguments, context) {
|
|
185
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
186
|
+
// This Method requires an encrypted channel and that the Client provide credentials with
|
|
187
|
+
// administrative rights on the Server.
|
|
188
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
189
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
190
|
+
}
|
|
191
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
192
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
193
|
+
}
|
|
194
|
+
const pushCertificateManager = getPushCertificateManager(this);
|
|
195
|
+
if (!pushCertificateManager) {
|
|
196
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
|
|
197
|
+
}
|
|
198
|
+
const statusCode = yield pushCertificateManager.applyChanges();
|
|
199
|
+
return { statusCode };
|
|
200
|
+
});
|
|
201
|
+
}
|
|
202
|
+
function getCertificateFilename(certificateManager) {
|
|
203
|
+
return path.join(certificateManager.rootDir, "own/certs/certificate.pem"); // to do , find a better way
|
|
204
|
+
}
|
|
205
|
+
function getCertificate(certificateManager) {
|
|
206
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
207
|
+
try {
|
|
208
|
+
const certificateFile = getCertificateFilename(certificateManager);
|
|
209
|
+
if (fs.existsSync(certificateFile)) {
|
|
210
|
+
const certificate = yield (0, node_opcua_crypto_1.readCertificate)(certificateFile);
|
|
211
|
+
return certificate;
|
|
212
|
+
}
|
|
213
|
+
return null;
|
|
214
|
+
}
|
|
215
|
+
catch (err) {
|
|
216
|
+
warningLog("getCertificate Error", err.message);
|
|
217
|
+
return null;
|
|
218
|
+
}
|
|
219
|
+
});
|
|
220
|
+
}
|
|
221
|
+
function bindCertificateGroup(certificateGroup, certificateManager) {
|
|
222
|
+
if (certificateManager) {
|
|
223
|
+
const certificateFile = getCertificateFilename(certificateManager);
|
|
224
|
+
const changeDetector = (0, install_certificate_file_watcher_1.installCertificateFileWatcher)(certificateGroup, certificateFile);
|
|
225
|
+
changeDetector.on("certificateChange", () => {
|
|
226
|
+
debugLog("detecting certificate change", certificateFile);
|
|
227
|
+
updateCertificateAlarm();
|
|
228
|
+
});
|
|
229
|
+
}
|
|
230
|
+
function updateCertificateAlarm() {
|
|
231
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
232
|
+
try {
|
|
233
|
+
debugLog("updateCertificateAlarm", certificateGroup.browseName.toString());
|
|
234
|
+
const certificateExpired = certificateGroup.getComponentByName("CertificateExpired");
|
|
235
|
+
if (certificateExpired && certificateManager) {
|
|
236
|
+
const certificateExpiredEx = certificateExpired;
|
|
237
|
+
const certificate = yield getCertificate(certificateManager);
|
|
238
|
+
certificateExpiredEx.setCertificate(certificate);
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
catch (err) {
|
|
242
|
+
warningLog("updateCertificateAlarm Error", err.message);
|
|
243
|
+
}
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
const addressSpace = certificateGroup.addressSpace;
|
|
247
|
+
if (!certificateManager) {
|
|
248
|
+
return;
|
|
249
|
+
}
|
|
250
|
+
const trustList = certificateGroup.getComponentByName("TrustList");
|
|
251
|
+
if (trustList) {
|
|
252
|
+
trustList.$$certificateManager = certificateManager;
|
|
253
|
+
}
|
|
254
|
+
const certificateExpired = certificateGroup.getComponentByName("CertificateExpired");
|
|
255
|
+
if (certificateExpired) {
|
|
256
|
+
certificateExpired.$$certificateManager = certificateManager;
|
|
257
|
+
// install alarm handling
|
|
258
|
+
const timerId = setInterval(updateCertificateAlarm, 60 * 1000);
|
|
259
|
+
addressSpace.registerShutdownTask(() => clearInterval(timerId));
|
|
260
|
+
updateCertificateAlarm();
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
function bindCertificateManager(addressSpace, options) {
|
|
264
|
+
const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
|
|
265
|
+
const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
|
|
266
|
+
if (defaultApplicationGroup) {
|
|
267
|
+
bindCertificateGroup(defaultApplicationGroup, options.applicationGroup);
|
|
268
|
+
}
|
|
269
|
+
const defaultTokenGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultUserTokenGroup");
|
|
270
|
+
if (defaultTokenGroup) {
|
|
271
|
+
bindCertificateGroup(defaultTokenGroup, options.userTokenGroup);
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
function setNotifierOfChain(childObject) {
|
|
275
|
+
if (!childObject) {
|
|
276
|
+
return;
|
|
277
|
+
}
|
|
278
|
+
const parentObject = childObject.parent;
|
|
279
|
+
if (!parentObject) {
|
|
280
|
+
return;
|
|
281
|
+
}
|
|
282
|
+
const notifierOf = childObject.findReferencesEx("HasNotifier", node_opcua_data_model_1.BrowseDirection.Inverse);
|
|
283
|
+
if (notifierOf.length === 0) {
|
|
284
|
+
const notifierOfNode = childObject.addReference({
|
|
285
|
+
referenceType: "HasNotifier",
|
|
286
|
+
nodeId: parentObject.nodeId,
|
|
287
|
+
isForward: false
|
|
288
|
+
});
|
|
289
|
+
}
|
|
290
|
+
parentObject.setEventNotifier(parentObject.eventNotifier | node_opcua_address_space_base_1.EventNotifierFlags.SubscribeToEvents);
|
|
291
|
+
if (parentObject.nodeId.namespace === 0 && parentObject.nodeId.value === node_opcua_constants_1.ObjectIds.Server) {
|
|
292
|
+
return;
|
|
293
|
+
}
|
|
294
|
+
setNotifierOfChain(parentObject);
|
|
295
|
+
}
|
|
296
|
+
function promoteCertificateGroup(certificateGroup) {
|
|
297
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
298
|
+
const trustList = certificateGroup.getChildByName("TrustList");
|
|
299
|
+
if (trustList) {
|
|
300
|
+
yield (0, promote_trust_list_1.promoteTrustList)(trustList);
|
|
301
|
+
}
|
|
302
|
+
if (!certificateGroup.certificateExpired) {
|
|
303
|
+
const namespace = certificateGroup.addressSpace.getOwnNamespace();
|
|
304
|
+
// certificateGroup.
|
|
305
|
+
(0, node_opcua_address_space_1.instantiateCertificateExpirationAlarm)(namespace, "CertificateExpirationAlarmType", {
|
|
306
|
+
browseName: (0, node_opcua_data_model_1.coerceQualifiedName)("0:CertificateExpired"),
|
|
307
|
+
componentOf: certificateGroup,
|
|
308
|
+
conditionSource: null,
|
|
309
|
+
conditionOf: certificateGroup,
|
|
310
|
+
inputNode: node_opcua_nodeid_1.NodeId.nullNodeId,
|
|
311
|
+
normalState: node_opcua_nodeid_1.NodeId.nullNodeId,
|
|
312
|
+
optionals: ["ExpirationLimit"],
|
|
313
|
+
conditionName: "CertificateExpired",
|
|
314
|
+
conditionClass: (0, node_opcua_nodeid_1.resolveNodeId)("CertificateExpirationAlarmType"),
|
|
315
|
+
});
|
|
316
|
+
}
|
|
317
|
+
certificateGroup.setEventNotifier(node_opcua_address_space_base_1.EventNotifierFlags.SubscribeToEvents);
|
|
318
|
+
setNotifierOfChain(certificateGroup);
|
|
319
|
+
});
|
|
320
|
+
}
|
|
321
|
+
exports.promoteCertificateGroup = promoteCertificateGroup;
|
|
322
|
+
;
|
|
323
|
+
function installPushCertificateManagement(addressSpace, options) {
|
|
324
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
325
|
+
addressSpace.installAlarmsAndConditionsService();
|
|
326
|
+
const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName("ServerConfiguration");
|
|
327
|
+
const serverConfigurationPriv = serverConfiguration;
|
|
328
|
+
if (serverConfigurationPriv.$pushCertificateManager) {
|
|
329
|
+
warningLog("PushCertificateManagement has already been installed");
|
|
330
|
+
return;
|
|
331
|
+
}
|
|
332
|
+
const accessRestrictionFlag = node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired;
|
|
333
|
+
function installAccessRestrictions(serverConfiguration) {
|
|
334
|
+
serverConfiguration.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
|
|
335
|
+
serverConfiguration.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
|
|
336
|
+
const applyName = serverConfiguration.getMethodByName("ApplyChanges");
|
|
337
|
+
applyName === null || applyName === void 0 ? void 0 : applyName.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
338
|
+
applyName === null || applyName === void 0 ? void 0 : applyName.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
|
|
339
|
+
const createSigningRequest = serverConfiguration.getMethodByName("CreateSigningRequest");
|
|
340
|
+
createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
341
|
+
createSigningRequest === null || createSigningRequest === void 0 ? void 0 : createSigningRequest.setAccessRestrictions(accessRestrictionFlag);
|
|
342
|
+
const getRejectedList = serverConfiguration.getMethodByName("GetRejectedList");
|
|
343
|
+
getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
344
|
+
getRejectedList === null || getRejectedList === void 0 ? void 0 : getRejectedList.setAccessRestrictions(accessRestrictionFlag);
|
|
345
|
+
const updateCertificate = serverConfiguration.getMethodByName("UpdateCertificate");
|
|
346
|
+
updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
347
|
+
updateCertificate === null || updateCertificate === void 0 ? void 0 : updateCertificate.setAccessRestrictions(accessRestrictionFlag);
|
|
348
|
+
const certificateGroups = serverConfiguration.getComponentByName("CertificateGroups");
|
|
349
|
+
certificateGroups.setRolePermissions(roles_and_permissions_1.rolePermissionRestricted);
|
|
350
|
+
certificateGroups.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.None);
|
|
351
|
+
function installAccessRestrictionOnGroup(group) {
|
|
352
|
+
const trustList = group.getComponentByName("TrustList");
|
|
353
|
+
if (trustList) {
|
|
354
|
+
(0, promote_trust_list_1.installAccessRestrictionOnTrustList)(trustList);
|
|
355
|
+
}
|
|
356
|
+
}
|
|
357
|
+
for (const group of certificateGroups.getComponents()) {
|
|
358
|
+
group.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
359
|
+
group.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
|
|
360
|
+
if (group.nodeClass === node_opcua_data_model_1.NodeClass.Object) {
|
|
361
|
+
installAccessRestrictionOnGroup(group);
|
|
362
|
+
}
|
|
363
|
+
}
|
|
364
|
+
}
|
|
365
|
+
installAccessRestrictions(serverConfiguration);
|
|
366
|
+
serverConfigurationPriv.$pushCertificateManager = new push_certificate_manager_server_impl_1.PushCertificateManagerServerImpl(options);
|
|
367
|
+
serverConfiguration.supportedPrivateKeyFormats.setValueFromSource({
|
|
368
|
+
arrayType: node_opcua_variant_1.VariantArrayType.Array,
|
|
369
|
+
dataType: node_opcua_variant_1.DataType.String,
|
|
370
|
+
value: ["PEM"]
|
|
371
|
+
});
|
|
372
|
+
function install_method_handle_on_type(addressSpace) {
|
|
373
|
+
const serverConfigurationType = addressSpace.findObjectType("ServerConfigurationType");
|
|
374
|
+
if (serverConfigurationType.createSigningRequest.isBound()) {
|
|
375
|
+
return;
|
|
376
|
+
}
|
|
377
|
+
serverConfigurationType.createSigningRequest.bindMethod(_createSigningRequest);
|
|
378
|
+
serverConfigurationType.getRejectedList.bindMethod(_getRejectedList);
|
|
379
|
+
serverConfigurationType.updateCertificate.bindMethod(_updateCertificate);
|
|
380
|
+
serverConfigurationType.applyChanges.bindMethod(_applyChanges);
|
|
381
|
+
}
|
|
382
|
+
install_method_handle_on_type(addressSpace);
|
|
383
|
+
serverConfiguration.createSigningRequest.bindMethod(_createSigningRequest);
|
|
384
|
+
serverConfiguration.updateCertificate.bindMethod(_updateCertificate);
|
|
385
|
+
serverConfiguration.getRejectedList.bindMethod(_getRejectedList);
|
|
386
|
+
if (serverConfiguration.applyChanges) {
|
|
387
|
+
serverConfiguration.applyChanges.bindMethod(_applyChanges);
|
|
388
|
+
}
|
|
389
|
+
const cg = serverConfiguration.certificateGroups.getComponents();
|
|
390
|
+
const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
|
|
391
|
+
const certificateTypes = defaultApplicationGroup.getPropertyByName("CertificateTypes");
|
|
392
|
+
certificateTypes.setValueFromSource({
|
|
393
|
+
dataType: node_opcua_variant_1.DataType.NodeId,
|
|
394
|
+
arrayType: node_opcua_variant_1.VariantArrayType.Array,
|
|
395
|
+
value: [(0, node_opcua_nodeid_1.resolveNodeId)(node_opcua_constants_1.ObjectTypeIds.RsaSha256ApplicationCertificateType)]
|
|
396
|
+
});
|
|
397
|
+
const certificateGroupType = addressSpace.findObjectType("CertificateGroupType");
|
|
398
|
+
for (const certificateGroup of cg) {
|
|
399
|
+
if (certificateGroup.nodeClass !== node_opcua_data_model_1.NodeClass.Object) {
|
|
400
|
+
continue;
|
|
401
|
+
}
|
|
402
|
+
const o = certificateGroup;
|
|
403
|
+
if (!o.typeDefinitionObj.isSubtypeOf(certificateGroupType)) {
|
|
404
|
+
continue;
|
|
405
|
+
}
|
|
406
|
+
yield promoteCertificateGroup(certificateGroup);
|
|
407
|
+
}
|
|
408
|
+
yield bindCertificateManager(addressSpace, options);
|
|
409
|
+
});
|
|
410
|
+
}
|
|
411
|
+
exports.installPushCertificateManagement = installPushCertificateManagement;
|
|
412
|
+
//# sourceMappingURL=push_certificate_manager_helpers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"push_certificate_manager_helpers.js","sourceRoot":"","sources":["../../source/server/push_certificate_manager_helpers.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA;;GAEG;AACH,6BAA6B;AAC7B,yBAAyB;AACzB,uEAUkC;AAClC,iFAAyF;AAEzF,uDAAkF;AAClF,yDAA0D;AAC1D,mEAAqD;AAErD,2DAAyE;AACzE,iEAO+B;AAE/B,+DAAgE;AAEhE,yDAAiE;AAIjE,iGAA+H;AAC/H,6DAA6F;AAC7F,mCAAqE;AACrE,mEAA4F;AAC5F,yFAAmF;AAEnF,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,QAAQ,CAAC;AAE1B,SAAS,QAAQ,CAAC,OAA4B,EAAE,QAAkB,EAAE,gBAAkC;IAClG,IAAI,CAAC,OAAO,EAAE;QACV,OAAO,KAAK,CAAC;KAChB;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;QAC/B,OAAO,KAAK,CAAC;KAChB;IACD,IAAI,OAAO,CAAC,SAAS,KAAK,gBAAgB,EAAE;QACxC,OAAO,KAAK,CAAC;KAChB;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAgB;IAC/C,MAAM,mBAAmB,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAC;IAChH,MAAM,uBAAuB,GAAG,mBAA0B,CAAC;IAC3D,IAAI,uBAAuB,CAAC,uBAAuB,EAAE;QACjD,OAAO,uBAAuB,CAAC,uBAAuB,CAAC;KAC1D;IACD,gEAAgE;IAChE,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAe,qBAAqB,CAEhC,cAAyB,EACzB,OAAwB;;QAExB,MAAM,yBAAyB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,wBAAwB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACnD,MAAM,kBAAkB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,2BAA2B,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,CAAC,yBAAyB,EAAE,6BAAQ,CAAC,MAAM,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YAChF,UAAU,CAAC,gDAAgD,CAAC,CAAC;YAC7D,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,6BAAQ,CAAC,MAAM,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YAC/E,UAAU,CAAC,+CAA+C,CAAC,CAAC;YAC5D,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,6BAAQ,CAAC,MAAM,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YACzE,UAAU,CAAC,yCAAyC,CAAC,CAAC;YACtD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,2BAA2B,EAAE,6BAAQ,CAAC,OAAO,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YACnF,UAAU,CAAC,mDAAmD,CAAC,CAAC;YAChE,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,6BAAQ,CAAC,UAAU,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YACvE,UAAU,CAAC,8CAA8C,CAAC,CAAC;YAC3D,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QAED,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QAED,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,KAAe,CAAC;QACrE,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,KAAe,CAAC;QACnE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAe,CAAC;QACvD,MAAM,oBAAoB,GAAG,2BAA2B,CAAC,KAAgB,CAAC;QAC1E,MAAM,KAAK,GAAG,YAAY,CAAC,KAAe,CAAC;QAE3C,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QACD,MAAM,MAAM,GAA+B,MAAM,sBAAsB,CAAC,oBAAoB,CACxF,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,KAAK,CACR,CAAC;QAEF,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;SAC5C;QAED,MAAM,gBAAgB,GAAG;YACrB,eAAe,EAAE;gBACb;oBACI,QAAQ,EAAE,6BAAQ,CAAC,UAAU;oBAC7B,KAAK,EAAE,MAAM,CAAC,yBAAyB;iBAC1C;aACJ;YACD,UAAU,EAAE,MAAM,CAAC,UAAU;SAChC,CAAC;QACF,OAAO,gBAAgB,CAAC;IAC5B,CAAC;CAAA;AAED,SAAe,kBAAkB,CAE7B,cAAyB,EACzB,OAAwB;;QAExB,MAAM,kBAAkB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACrE,MAAM,iBAAiB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACpE,MAAM,WAAW,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QAC9D,MAAM,kBAAkB,GAAa,cAAc,CAAC,CAAC,CAAC,CAAC,KAAiB,CAAC;QACzE,MAAM,gBAAgB,GAAa,cAAc,CAAC,CAAC,CAAC,CAAC,KAAiB,CAAC;QACvE,MAAM,UAAU,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAmB,CAAC;QAEjE,0FAA0F;QAC1F,sCAAsC;QACtC,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,IAAI,gBAAgB,IAAI,gBAAgB,KAAK,EAAE,IAAI,gBAAgB,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE;YACzF,QAAQ,CAAC,mDAAmD,GAAG,gBAAgB,CAAC,CAAC;YACjF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QAED,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QAED,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,iBAAiB,CACzD,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,CACb,CAAC;QAEF,kDAAkD;QAElD,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;SAC5C;QACD,MAAM,gBAAgB,GAAG;YACrB,eAAe,EAAE;gBACb;oBACI,QAAQ,EAAE,6BAAQ,CAAC,OAAO;oBAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,oBAAqB;iBACxC;aACJ;YACD,UAAU,EAAE,MAAM,CAAC,UAAU;SAChC,CAAC;QACF,OAAO,gBAAgB,CAAC;IAC5B,CAAC;CAAA;AAED,SAAe,gBAAgB,CAE3B,cAAyB,EACzB,OAAwB;;QAExB,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QAED,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,eAAe,EAAE,CAAC;QAE9D,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;SAC5C;QAED,OAAO;YACH,eAAe,EAAE;gBACb;oBACI,SAAS,EAAE,qCAAgB,CAAC,KAAK;oBACjC,QAAQ,EAAE,6BAAQ,CAAC,UAAU;oBAC7B,KAAK,EAAE,MAAM,CAAC,YAAY;iBAC7B;aACJ;YACD,UAAU,EAAE,oCAAW,CAAC,IAAI;SAC/B,CAAC;IACN,CAAC;CAAA;AAED,SAAe,aAAa,CAExB,cAAyB,EACzB,OAAwB;;QAExB,yFAAyF;QACzF,uCAAuC;QACvC,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QACD,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE,CAAC;QAC/D,OAAO,EAAE,UAAU,EAAE,CAAC;IAC1B,CAAC;CAAA;AAED,SAAS,sBAAsB,CAAC,kBAAsC;IAClE,OAAO,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC,CAAC,4BAA4B;AAC3G,CAAC;AACD,SAAe,cAAc,CAAC,kBAAsC;;QAChE,IAAI;YACA,MAAM,eAAe,GAAG,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;YACnE,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE;gBAChC,MAAM,WAAW,GAAG,MAAM,IAAA,mCAAe,EAAC,eAAe,CAAC,CAAC;gBAC3D,OAAO,WAAW,CAAC;aACtB;YACD,OAAO,IAAI,CAAC;SACf;QAAC,OAAO,GAAG,EAAE;YACV,UAAU,CAAC,sBAAsB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC;SACf;IACL,CAAC;CAAA;AAED,SAAS,oBAAoB,CAAC,gBAAoC,EAAE,kBAAuC;IACvG,IAAI,kBAAkB,EAAE;QACpB,MAAM,eAAe,GAAG,sBAAsB,CAAC,kBAAkB,CAAC,CAAC;QACnE,MAAM,cAAc,GAAG,IAAA,gEAA6B,EAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC;QACxF,cAAc,CAAC,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACxC,QAAQ,CAAC,8BAA8B,EAAE,eAAe,CAAC,CAAC;YAC1D,sBAAsB,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;KACN;IAED,SAAe,sBAAsB;;YACjC,IAAI;gBACA,QAAQ,CAAC,wBAAwB,EAAE,gBAAgB,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC3E,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;gBACrF,IAAI,kBAAkB,IAAI,kBAAkB,EAAE;oBAC1C,MAAM,oBAAoB,GAAG,kBAA+D,CAAC;oBAC7F,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,kBAAkB,CAAC,CAAC;oBAC7D,oBAAoB,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;iBACpD;aACJ;YAAC,OAAO,GAAG,EAAE;gBACV,UAAU,CAAC,8BAA8B,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;aACtE;QACL,CAAC;KAAA;IAED,MAAM,YAAY,GAAG,gBAAgB,CAAC,YAAY,CAAC;IACnD,IAAI,CAAC,kBAAkB,EAAE;QACrB,OAAO;KACV;IACD,MAAM,SAAS,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACnE,IAAI,SAAS,EAAE;QACV,SAAiB,CAAC,oBAAoB,GAAG,kBAAkB,CAAC;KAChE;IACD,MAAM,kBAAkB,GAAG,gBAAgB,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;IACrF,IAAI,kBAAkB,EAAE;QACnB,kBAA0B,CAAC,oBAAoB,GAAG,kBAAkB,CAAC;QACtE,yBAAyB;QACzB,MAAM,OAAO,GAAG,WAAW,CAAC,sBAAsB,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;QAC/D,YAAY,CAAC,oBAAoB,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;QAChE,sBAAsB,EAAE,CAAC;KAC5B;AACL,CAAC;AAED,SAAS,sBAAsB,CAAC,YAA0B,EAAE,OAA4C;IACpG,MAAM,mBAAmB,GAAG,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAC7E,qBAAqB,CACE,CAAC;IAE5B,MAAM,uBAAuB,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,kBAAkB,CACpF,yBAAyB,CACC,CAAC;IAC/B,IAAI,uBAAuB,EAAE;QACzB,oBAAoB,CAAC,uBAAuB,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;KAC3E;IACD,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,kBAAkB,CAC9E,uBAAuB,CACG,CAAC;IAC/B,IAAI,iBAAiB,EAAE;QACnB,oBAAoB,CAAC,iBAAiB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;KACnE;AACL,CAAC;AAED,SAAS,kBAAkB,CAAC,WAA4B;IACpD,IAAI,CAAC,WAAW,EAAE;QACd,OAAO;KACV;IACD,MAAM,YAAY,GAAoB,WAAW,CAAC,MAAyB,CAAC;IAC5E,IAAI,CAAC,YAAY,EAAE;QACf,OAAO;KACV;IACD,MAAM,UAAU,GAAG,WAAW,CAAC,gBAAgB,CAAC,aAAa,EAAE,uCAAe,CAAC,OAAO,CAAC,CAAC;IACxF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,MAAM,cAAc,GAAG,WAAW,CAAC,YAAY,CAAC;YAC5C,aAAa,EAAE,aAAa;YAC5B,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,SAAS,EAAE,KAAK;SACnB,CAAC,CAAC;KACN;IACD,YAAY,CAAC,gBAAgB,CAAC,YAAY,CAAC,aAAa,GAAG,kDAAkB,CAAC,iBAAiB,CAAC,CAAC;IACjG,IAAI,YAAY,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,KAAK,KAAK,gCAAS,CAAC,MAAM,EAAE;QACvF,OAAO;KACV;IACD,kBAAkB,CAAC,YAAY,CAAC,CAAC;AACrC,CAAC;AAED,SAAsB,uBAAuB,CAAC,gBAAoC;;QAC9E,MAAM,SAAS,GAAG,gBAAgB,CAAC,cAAc,CAAC,WAAW,CAAgB,CAAC;QAC9E,IAAI,SAAS,EAAE;YACX,MAAM,IAAA,qCAAgB,EAAC,SAAS,CAAC,CAAC;SACrC;QACD,IAAI,CAAC,gBAAgB,CAAC,kBAAkB,EAAE;YACtC,MAAM,SAAS,GAAG,gBAAgB,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;YAElE,oBAAoB;YACpB,IAAA,gEAAqC,EAAC,SAAS,EAAE,gCAAgC,EAAE;gBAC/E,UAAU,EAAE,IAAA,2CAAmB,EAAC,sBAAsB,CAAC;gBACvD,WAAW,EAAE,gBAAgB;gBAC7B,eAAe,EAAE,IAAI;gBACrB,WAAW,EAAE,gBAAgB;gBAC7B,SAAS,EAAE,0BAAM,CAAC,UAAU;gBAC5B,WAAW,EAAE,0BAAM,CAAC,UAAU;gBAC9B,SAAS,EAAE,CAAC,iBAAiB,CAAC;gBAC9B,aAAa,EAAE,oBAAoB;gBACnC,cAAc,EAAE,IAAA,iCAAa,EAAC,gCAAgC,CAAC;aAClE,CAAC,CAAC;SACN;QACD,gBAAgB,CAAC,gBAAgB,CAAC,kDAAkB,CAAC,iBAAiB,CAAC,CAAC;QACxE,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;IACzC,CAAC;CAAA;AAvBD,0DAuBC;AAC6H,CAAC;AAC/H,SAAsB,gCAAgC,CAClD,YAA0B,EAC1B,OAA4C;;QAE5C,YAAY,CAAC,iCAAiC,EAAE,CAAC;QAEjD,MAAM,mBAAmB,GAAG,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAC7E,qBAAqB,CACE,CAAC;QAE5B,MAAM,uBAAuB,GAAG,mBAAgD,CAAC;QACjF,IAAI,uBAAuB,CAAC,uBAAuB,EAAE;YACjD,UAAU,CAAC,sDAAsD,CAAC,CAAC;YACnE,OAAO;SACV;QAED,MAAM,qBAAqB,GAAG,8CAAsB,CAAC,eAAe,GAAG,8CAAsB,CAAC,kBAAkB,CAAC;QAEjH,SAAS,yBAAyB,CAAC,mBAA6B;YAC5D,mBAAmB,CAAC,kBAAkB,CAAC,gDAAwB,CAAC,CAAC;YACjE,mBAAmB,CAAC,qBAAqB,CAAC,8CAAsB,CAAC,IAAI,CAAC,CAAC;YAEvE,MAAM,SAAS,GAAG,mBAAmB,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;YACtE,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;YACvD,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,qBAAqB,CAAC,8CAAsB,CAAC,eAAe,GAAG,8CAAsB,CAAC,kBAAkB,CAAC,CAAC;YAErH,MAAM,oBAAoB,GAAG,mBAAmB,CAAC,eAAe,CAAC,sBAAsB,CAAC,CAAC;YACzF,oBAAoB,aAApB,oBAAoB,uBAApB,oBAAoB,CAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;YAClE,oBAAoB,aAApB,oBAAoB,uBAApB,oBAAoB,CAAE,qBAAqB,CAAC,qBAAqB,CAAC,CAAC;YAEnE,MAAM,eAAe,GAAG,mBAAmB,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;YAC/E,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;YAC7D,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,qBAAqB,CAAC,qBAAqB,CAAC,CAAC;YAE9D,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC;YACnF,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;YAC/D,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,qBAAqB,CAAC,qBAAqB,CAAC,CAAC;YAEhE,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,kBAAkB,CAAC,mBAAmB,CAAE,CAAC;YACvF,iBAAiB,CAAC,kBAAkB,CAAC,gDAAwB,CAAC,CAAC;YAC/D,iBAAiB,CAAC,qBAAqB,CAAC,8CAAsB,CAAC,IAAI,CAAC,CAAC;YAErE,SAAS,+BAA+B,CAAC,KAAe;gBACpD,MAAM,SAAS,GAAG,KAAK,CAAC,kBAAkB,CAAC,WAAW,CAAE,CAAC;gBACzD,IAAI,SAAS,EAAE;oBACX,IAAA,wDAAmC,EAAC,SAAS,CAAC,CAAC;iBAClD;YACL,CAAC;YACD,KAAK,MAAM,KAAK,IAAI,iBAAiB,CAAC,aAAa,EAAE,EAAE;gBACnD,KAAK,CAAC,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;gBAClD,KAAK,CAAC,qBAAqB,CAAC,8CAAsB,CAAC,eAAe,GAAG,8CAAsB,CAAC,kBAAkB,CAAC,CAAC;gBAChH,IAAI,KAAK,CAAC,SAAS,KAAK,iCAAS,CAAC,MAAM,EAAE;oBACtC,+BAA+B,CAAC,KAAiB,CAAC,CAAC;iBACtD;aACJ;QACL,CAAC;QACD,yBAAyB,CAAC,mBAAmB,CAAC,CAAC;QAE/C,uBAAuB,CAAC,uBAAuB,GAAG,IAAI,uEAAgC,CAAC,OAAO,CAAC,CAAC;QAEhG,mBAAmB,CAAC,0BAA0B,CAAC,kBAAkB,CAAC;YAC9D,SAAS,EAAE,qCAAgB,CAAC,KAAK;YACjC,QAAQ,EAAE,6BAAQ,CAAC,MAAM;YACzB,KAAK,EAAE,CAAC,KAAK,CAAC;SACjB,CAAC,CAAC;QAEH,SAAS,6BAA6B,CAAC,YAA0B;YAC7D,MAAM,uBAAuB,GAAG,YAAY,CAAC,cAAc,CAAC,yBAAyB,CAAS,CAAC;YAC/F,IAAI,uBAAuB,CAAC,oBAAoB,CAAC,OAAO,EAAE,EAAE;gBACxD,OAAO;aACV;YACD,uBAAuB,CAAC,oBAAoB,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;YAC/E,uBAAuB,CAAC,eAAe,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;YACrE,uBAAuB,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YACzE,uBAAuB,CAAC,YAAY,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QACnE,CAAC;QAED,6BAA6B,CAAC,YAAY,CAAC,CAAC;QAE5C,mBAAmB,CAAC,oBAAoB,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QAC3E,mBAAmB,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QACrE,mBAAmB,CAAC,eAAe,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;QACjE,IAAI,mBAAmB,CAAC,YAAY,EAAE;YAClC,mBAAmB,CAAC,YAAa,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SAC/D;QAED,MAAM,EAAE,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,aAAa,EAAE,CAAC;QAEjE,MAAM,uBAAuB,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,yBAAyB,CAAE,CAAC;QACrH,MAAM,gBAAgB,GAAG,uBAAuB,CAAC,iBAAiB,CAAC,kBAAkB,CAAe,CAAC;QACrG,gBAAgB,CAAC,kBAAkB,CAAC;YAChC,QAAQ,EAAE,6BAAQ,CAAC,MAAM;YACzB,SAAS,EAAE,qCAAgB,CAAC,KAAK;YACjC,KAAK,EAAE,CAAC,IAAA,iCAAa,EAAC,oCAAa,CAAC,mCAAmC,CAAC,CAAC;SAC5E,CAAC,CAAC;QAEH,MAAM,oBAAoB,GAAG,YAAY,CAAC,cAAc,CAAC,sBAAsB,CAAE,CAAC;QAElF,KAAK,MAAM,gBAAgB,IAAI,EAAE,EAAE;YAC/B,IAAI,gBAAgB,CAAC,SAAS,KAAK,iCAAS,CAAC,MAAM,EAAE;gBACjD,SAAS;aACZ;YACD,MAAM,CAAC,GAAG,gBAA4B,CAAC;YACvC,IAAI,CAAC,CAAC,CAAC,iBAAiB,CAAC,WAAW,CAAC,oBAAoB,CAAC,EAAE;gBACxD,SAAS;aACZ;YACD,MAAM,uBAAuB,CAAC,gBAAsC,CAAC,CAAC;SACzE;QACD,MAAM,sBAAsB,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;CAAA;AA7GD,4EA6GC"}
|