node-opcua-server-configuration 2.98.0 → 2.98.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/index.d.ts +1 -0
- package/dist/clientTools/index.js +18 -0
- package/dist/clientTools/index.js.map +1 -0
- package/dist/clientTools/push_certificate_management_client.d.ts +176 -0
- package/dist/clientTools/push_certificate_management_client.js +464 -0
- package/dist/clientTools/push_certificate_management_client.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +28 -0
- package/dist/index.js.map +1 -0
- package/dist/push_certificate_manager.d.ts +141 -0
- package/dist/push_certificate_manager.js +3 -0
- package/dist/push_certificate_manager.js.map +1 -0
- package/dist/server/install_certificate_file_watcher.d.ts +5 -0
- package/dist/server/install_certificate_file_watcher.js +24 -0
- package/dist/server/install_certificate_file_watcher.js.map +1 -0
- package/dist/server/install_push_certitifate_management.d.ts +19 -0
- package/dist/server/install_push_certitifate_management.js +216 -0
- package/dist/server/install_push_certitifate_management.js.map +1 -0
- package/dist/server/promote_trust_list.d.ts +6 -0
- package/dist/server/promote_trust_list.js +176 -0
- package/dist/server/promote_trust_list.js.map +1 -0
- package/dist/server/push_certificate_manager_helpers.d.ts +4 -0
- package/dist/server/push_certificate_manager_helpers.js +412 -0
- package/dist/server/push_certificate_manager_helpers.js.map +1 -0
- package/dist/server/push_certificate_manager_server_impl.d.ts +47 -0
- package/dist/server/push_certificate_manager_server_impl.js +526 -0
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -0
- package/dist/server/roles_and_permissions.d.ts +3 -0
- package/dist/server/roles_and_permissions.js +39 -0
- package/dist/server/roles_and_permissions.js.map +1 -0
- package/dist/server/tools.d.ts +3 -0
- package/dist/server/tools.js +20 -0
- package/dist/server/tools.js.map +1 -0
- package/dist/server/trust_list_server.d.ts +13 -0
- package/dist/server/trust_list_server.js +90 -0
- package/dist/server/trust_list_server.js.map +1 -0
- package/dist/standard_certificate_types.d.ts +6 -0
- package/dist/standard_certificate_types.js +14 -0
- package/dist/standard_certificate_types.js.map +1 -0
- package/dist/trust_list.d.ts +79 -0
- package/dist/trust_list.js +3 -0
- package/dist/trust_list.js.map +1 -0
- package/dist/trust_list_impl.d.ts +0 -0
- package/dist/trust_list_impl.js +26 -0
- package/dist/trust_list_impl.js.map +1 -0
- package/package.json +31 -27
- package/bin/configurator.ts +0 -304
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
/// <reference types="node" />
|
|
3
|
+
/**
|
|
4
|
+
* @module node-opcua-server-configuration-server
|
|
5
|
+
*/
|
|
6
|
+
import { EventEmitter } from "events";
|
|
7
|
+
import { SubjectOptions } from "node-opcua-pki";
|
|
8
|
+
import { ByteString } from "node-opcua-basic-types";
|
|
9
|
+
import { DirectoryName } from "node-opcua-crypto/dist/source/asn1";
|
|
10
|
+
import { NodeId } from "node-opcua-nodeid";
|
|
11
|
+
import { CertificateManager } from "node-opcua-certificate-manager";
|
|
12
|
+
import { StatusCode } from "node-opcua-status-code";
|
|
13
|
+
import { CreateSigningRequestResult, GetRejectedListResult, PushCertificateManager, UpdateCertificateResult } from "../push_certificate_manager";
|
|
14
|
+
export interface PushCertificateManagerServerOptions {
|
|
15
|
+
applicationGroup?: CertificateManager;
|
|
16
|
+
userTokenGroup?: CertificateManager;
|
|
17
|
+
httpsGroup?: CertificateManager;
|
|
18
|
+
applicationUri: string;
|
|
19
|
+
}
|
|
20
|
+
export declare function copyFile(source: string, dest: string): Promise<void>;
|
|
21
|
+
export declare function deleteFile(file: string): Promise<void>;
|
|
22
|
+
export declare function moveFile(source: string, dest: string): Promise<void>;
|
|
23
|
+
export declare function moveFileWithBackup(source: string, dest: string): Promise<void>;
|
|
24
|
+
export declare function subjectToString(subject: SubjectOptions & DirectoryName): string;
|
|
25
|
+
export type ActionQueue = (() => Promise<void>)[];
|
|
26
|
+
export declare class PushCertificateManagerServerImpl extends EventEmitter implements PushCertificateManager {
|
|
27
|
+
applicationGroup?: CertificateManager;
|
|
28
|
+
userTokenGroup?: CertificateManager;
|
|
29
|
+
httpsGroup?: CertificateManager;
|
|
30
|
+
private readonly _map;
|
|
31
|
+
private readonly _pendingTasks;
|
|
32
|
+
private _tmpCertificateManager?;
|
|
33
|
+
private $$actionQueue;
|
|
34
|
+
private applicationUri;
|
|
35
|
+
constructor(options: PushCertificateManagerServerOptions);
|
|
36
|
+
initialize(): Promise<void>;
|
|
37
|
+
get supportedPrivateKeyFormats(): string[];
|
|
38
|
+
getSupportedPrivateKeyFormats(): Promise<string[]>;
|
|
39
|
+
createSigningRequest(certificateGroupId: NodeId | string, certificateTypeId: NodeId | string, subjectName: string | SubjectOptions | null, regeneratePrivateKey?: boolean, nonce?: Buffer): Promise<CreateSigningRequestResult>;
|
|
40
|
+
getRejectedList(): Promise<GetRejectedListResult>;
|
|
41
|
+
updateCertificate(certificateGroupId: NodeId | string, certificateTypeId: NodeId | string, certificate: Buffer, issuerCertificates: ByteString[]): Promise<UpdateCertificateResult>;
|
|
42
|
+
applyChanges(): Promise<StatusCode>;
|
|
43
|
+
private getCertificateManager;
|
|
44
|
+
private addPendingTask;
|
|
45
|
+
private applyPendingTasks;
|
|
46
|
+
private flushActionQueue;
|
|
47
|
+
}
|
|
@@ -0,0 +1,526 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
var __asyncValues = (this && this.__asyncValues) || function (o) {
|
|
12
|
+
if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
|
|
13
|
+
var m = o[Symbol.asyncIterator], i;
|
|
14
|
+
return m ? m.call(o) : (o = typeof __values === "function" ? __values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i);
|
|
15
|
+
function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }
|
|
16
|
+
function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }
|
|
17
|
+
};
|
|
18
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
19
|
+
exports.PushCertificateManagerServerImpl = exports.subjectToString = exports.moveFileWithBackup = exports.moveFile = exports.deleteFile = exports.copyFile = void 0;
|
|
20
|
+
/**
|
|
21
|
+
* @module node-opcua-server-configuration-server
|
|
22
|
+
*/
|
|
23
|
+
const events_1 = require("events");
|
|
24
|
+
const fs = require("fs");
|
|
25
|
+
const path = require("path");
|
|
26
|
+
const crypto_1 = require("crypto");
|
|
27
|
+
const util_1 = require("util");
|
|
28
|
+
const rimraf = require("rimraf");
|
|
29
|
+
const node_opcua_assert_1 = require("node-opcua-assert");
|
|
30
|
+
const node_opcua_basic_types_1 = require("node-opcua-basic-types");
|
|
31
|
+
const node_opcua_crypto_1 = require("node-opcua-crypto");
|
|
32
|
+
const node_opcua_debug_1 = require("node-opcua-debug");
|
|
33
|
+
const node_opcua_nodeid_1 = require("node-opcua-nodeid");
|
|
34
|
+
const node_opcua_certificate_manager_1 = require("node-opcua-certificate-manager");
|
|
35
|
+
// node 14 onward : import { readFile, writeFile, readdir } from "fs/promises";
|
|
36
|
+
const { readFile, writeFile, readdir } = fs.promises;
|
|
37
|
+
const debugLog = (0, node_opcua_debug_1.make_debugLog)("ServerConfiguration");
|
|
38
|
+
const errorLog = (0, node_opcua_debug_1.make_errorLog)("ServerConfiguration");
|
|
39
|
+
const warningLog = (0, node_opcua_debug_1.make_warningLog)("ServerConfiguration");
|
|
40
|
+
const doDebug = (0, node_opcua_debug_1.checkDebugFlag)("ServerConfiguration");
|
|
41
|
+
const defaultApplicationGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultApplicationGroup");
|
|
42
|
+
const defaultHttpsGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultHttpsGroup");
|
|
43
|
+
const defaultUserTokenGroup = (0, node_opcua_nodeid_1.resolveNodeId)("ServerConfiguration_CertificateGroups_DefaultUserTokenGroup");
|
|
44
|
+
function findCertificateGroupName(certificateGroupNodeId) {
|
|
45
|
+
if (typeof certificateGroupNodeId === "string") {
|
|
46
|
+
return certificateGroupNodeId;
|
|
47
|
+
}
|
|
48
|
+
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, node_opcua_nodeid_1.NodeId.nullNodeId) || (0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultApplicationGroup)) {
|
|
49
|
+
return "DefaultApplicationGroup";
|
|
50
|
+
}
|
|
51
|
+
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultHttpsGroup)) {
|
|
52
|
+
return "DefaultHttpsGroup";
|
|
53
|
+
}
|
|
54
|
+
if ((0, node_opcua_nodeid_1.sameNodeId)(certificateGroupNodeId, defaultUserTokenGroup)) {
|
|
55
|
+
return "DefaultUserTokenGroup";
|
|
56
|
+
}
|
|
57
|
+
return "";
|
|
58
|
+
}
|
|
59
|
+
function copyFile(source, dest) {
|
|
60
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
61
|
+
try {
|
|
62
|
+
debugLog("copying file \n source ", source, "\n =>\n dest ", dest);
|
|
63
|
+
const sourceExist = fs.existsSync(source);
|
|
64
|
+
if (sourceExist) {
|
|
65
|
+
yield fs.promises.copyFile(source, dest);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
catch (err) {
|
|
69
|
+
errorLog(err);
|
|
70
|
+
}
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
exports.copyFile = copyFile;
|
|
74
|
+
function deleteFile(file) {
|
|
75
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
76
|
+
try {
|
|
77
|
+
const exists = yield fs.existsSync(file);
|
|
78
|
+
if (exists) {
|
|
79
|
+
debugLog("deleting file ", file);
|
|
80
|
+
yield fs.promises.unlink(file);
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
catch (err) {
|
|
84
|
+
errorLog(err);
|
|
85
|
+
}
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
exports.deleteFile = deleteFile;
|
|
89
|
+
function moveFile(source, dest) {
|
|
90
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
91
|
+
debugLog("moving file file \n source ", source, "\n =>\n dest ", dest);
|
|
92
|
+
try {
|
|
93
|
+
yield copyFile(source, dest);
|
|
94
|
+
yield deleteFile(source);
|
|
95
|
+
}
|
|
96
|
+
catch (err) {
|
|
97
|
+
errorLog(err);
|
|
98
|
+
}
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
exports.moveFile = moveFile;
|
|
102
|
+
function moveFileWithBackup(source, dest) {
|
|
103
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
104
|
+
// let make a copy of the destination file
|
|
105
|
+
debugLog("moveFileWithBackup file \n source ", source, "\n =>\n dest ", dest);
|
|
106
|
+
yield copyFile(dest, dest + "_old");
|
|
107
|
+
yield moveFile(source, dest);
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
exports.moveFileWithBackup = moveFileWithBackup;
|
|
111
|
+
function subjectToString(subject) {
|
|
112
|
+
let s = "";
|
|
113
|
+
subject.commonName && (s += `/CN=${subject.commonName}`);
|
|
114
|
+
subject.country && (s += `/C=${subject.country}`);
|
|
115
|
+
subject.countryName && (s += `/C=${subject.countryName}`);
|
|
116
|
+
subject.domainComponent && (s += `/DC=${subject.domainComponent}`);
|
|
117
|
+
subject.locality && (s += `/L=${subject.locality}`);
|
|
118
|
+
subject.localityName && (s += `/L=${subject.localityName}`);
|
|
119
|
+
subject.organization && (s += `/O=${subject.organization}`);
|
|
120
|
+
subject.organizationName && (s += `/O=${subject.organizationName}`);
|
|
121
|
+
subject.organizationUnitName && (s += `/OU=${subject.organizationUnitName}`);
|
|
122
|
+
subject.state && (s += `/ST=${subject.state}`);
|
|
123
|
+
subject.stateOrProvinceName && (s += `/ST=${subject.stateOrProvinceName}`);
|
|
124
|
+
return s;
|
|
125
|
+
}
|
|
126
|
+
exports.subjectToString = subjectToString;
|
|
127
|
+
let fileCounter = 0;
|
|
128
|
+
class PushCertificateManagerServerImpl extends events_1.EventEmitter {
|
|
129
|
+
constructor(options) {
|
|
130
|
+
super();
|
|
131
|
+
this._map = {};
|
|
132
|
+
this._pendingTasks = [];
|
|
133
|
+
this.$$actionQueue = [];
|
|
134
|
+
this.applicationUri = options ? options.applicationUri : "";
|
|
135
|
+
if (options) {
|
|
136
|
+
this.applicationGroup = options.applicationGroup;
|
|
137
|
+
this.userTokenGroup = options.userTokenGroup;
|
|
138
|
+
this.httpsGroup = options.httpsGroup;
|
|
139
|
+
if (this.userTokenGroup) {
|
|
140
|
+
this._map.DefaultUserTokenGroup = this.userTokenGroup;
|
|
141
|
+
// istanbul ignore next
|
|
142
|
+
if (!(this.userTokenGroup instanceof node_opcua_certificate_manager_1.CertificateManager)) {
|
|
143
|
+
errorLog("Expecting this.userTokenGroup to be instanceof CertificateManager :", this.userTokenGroup.constructor.name);
|
|
144
|
+
throw new Error("Expecting this.userTokenGroup to be instanceof CertificateManager ");
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
if (this.applicationGroup) {
|
|
148
|
+
this._map.DefaultApplicationGroup = this.applicationGroup;
|
|
149
|
+
(0, node_opcua_assert_1.assert)(this.applicationGroup instanceof node_opcua_certificate_manager_1.CertificateManager);
|
|
150
|
+
}
|
|
151
|
+
if (this.httpsGroup) {
|
|
152
|
+
this._map.DefaultHttpsGroup = this.httpsGroup;
|
|
153
|
+
(0, node_opcua_assert_1.assert)(this.httpsGroup instanceof node_opcua_certificate_manager_1.CertificateManager);
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
initialize() {
|
|
158
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
159
|
+
if (this.applicationGroup) {
|
|
160
|
+
yield this.applicationGroup.initialize();
|
|
161
|
+
}
|
|
162
|
+
if (this.userTokenGroup) {
|
|
163
|
+
yield this.userTokenGroup.initialize();
|
|
164
|
+
}
|
|
165
|
+
if (this.httpsGroup) {
|
|
166
|
+
yield this.httpsGroup.initialize();
|
|
167
|
+
}
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
get supportedPrivateKeyFormats() {
|
|
171
|
+
return ["PEM"];
|
|
172
|
+
}
|
|
173
|
+
getSupportedPrivateKeyFormats() {
|
|
174
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
175
|
+
return this.supportedPrivateKeyFormats;
|
|
176
|
+
});
|
|
177
|
+
}
|
|
178
|
+
createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce) {
|
|
179
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
180
|
+
let certificateManager = this.getCertificateManager(certificateGroupId);
|
|
181
|
+
if (!certificateManager) {
|
|
182
|
+
debugLog(" cannot find group ", certificateGroupId);
|
|
183
|
+
return {
|
|
184
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
if (!subjectName) {
|
|
188
|
+
// reuse existing subjectName
|
|
189
|
+
const currentCertificateFilename = path.join(certificateManager.rootDir, "own/certs/certificate.pem");
|
|
190
|
+
if (!fs.existsSync(currentCertificateFilename)) {
|
|
191
|
+
errorLog("Cannot find existing certificate to extract subjectName", currentCertificateFilename);
|
|
192
|
+
return {
|
|
193
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidState
|
|
194
|
+
};
|
|
195
|
+
}
|
|
196
|
+
const certificate = (0, node_opcua_crypto_1.readCertificate)(currentCertificateFilename);
|
|
197
|
+
const e = (0, node_opcua_crypto_1.exploreCertificate)(certificate);
|
|
198
|
+
subjectName = subjectToString(e.tbsCertificate.subject);
|
|
199
|
+
warningLog("reusing existing certificate subjectAltName = ", subjectName);
|
|
200
|
+
}
|
|
201
|
+
// todo : at this time regenerate PrivateKey is not supported
|
|
202
|
+
if (regeneratePrivateKey) {
|
|
203
|
+
// The Server shall create a new Private Key which it stores until the
|
|
204
|
+
// matching signed Certificate is uploaded with the UpdateCertificate Method.
|
|
205
|
+
// Previously created Private Keys may be discarded if UpdateCertificate was not
|
|
206
|
+
// called before calling this method again.
|
|
207
|
+
// Additional entropy which the caller shall provide if regeneratePrivateKey is TRUE.
|
|
208
|
+
// It shall be at least 32 bytes long
|
|
209
|
+
if (!nonce || nonce.length < 32) {
|
|
210
|
+
(0, node_opcua_debug_1.make_warningLog)(" nonce should be provided when regeneratePrivateKey is set, and length shall be greater than 32 bytes");
|
|
211
|
+
return {
|
|
212
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
const location = path.join(certificateManager.rootDir, "tmp");
|
|
216
|
+
if (fs.existsSync(location)) {
|
|
217
|
+
yield (0, util_1.promisify)(rimraf)(path.join(location));
|
|
218
|
+
}
|
|
219
|
+
if (!fs.existsSync(location)) {
|
|
220
|
+
yield fs.promises.mkdir(location);
|
|
221
|
+
}
|
|
222
|
+
const destCertificateManager = certificateManager;
|
|
223
|
+
const keySize = certificateManager.keySize; // because keySize is private !
|
|
224
|
+
certificateManager = new node_opcua_certificate_manager_1.CertificateManager({
|
|
225
|
+
keySize,
|
|
226
|
+
location
|
|
227
|
+
});
|
|
228
|
+
debugLog("generating a new private key ...");
|
|
229
|
+
yield certificateManager.initialize();
|
|
230
|
+
this._tmpCertificateManager = certificateManager;
|
|
231
|
+
this.addPendingTask(() => __awaiter(this, void 0, void 0, function* () {
|
|
232
|
+
yield moveFileWithBackup(certificateManager.privateKey, destCertificateManager.privateKey);
|
|
233
|
+
}));
|
|
234
|
+
this.addPendingTask(() => __awaiter(this, void 0, void 0, function* () {
|
|
235
|
+
yield (0, util_1.promisify)(rimraf)(path.join(location));
|
|
236
|
+
}));
|
|
237
|
+
}
|
|
238
|
+
else {
|
|
239
|
+
// The Server uses its existing Private Key
|
|
240
|
+
}
|
|
241
|
+
if (typeof subjectName !== "string") {
|
|
242
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadInternalError };
|
|
243
|
+
}
|
|
244
|
+
const options = {
|
|
245
|
+
applicationUri: this.applicationUri,
|
|
246
|
+
subject: subjectName
|
|
247
|
+
};
|
|
248
|
+
yield certificateManager.initialize();
|
|
249
|
+
const csrFile = yield certificateManager.createCertificateRequest(options);
|
|
250
|
+
const csrPEM = yield readFile(csrFile, "utf8");
|
|
251
|
+
const certificateSigningRequest = (0, node_opcua_crypto_1.convertPEMtoDER)(csrPEM);
|
|
252
|
+
this.addPendingTask(() => deleteFile(csrFile));
|
|
253
|
+
return {
|
|
254
|
+
certificateSigningRequest,
|
|
255
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
256
|
+
};
|
|
257
|
+
});
|
|
258
|
+
}
|
|
259
|
+
getRejectedList() {
|
|
260
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
261
|
+
// rejectedList comes from each group
|
|
262
|
+
function extractRejectedList(group, certificateList) {
|
|
263
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
264
|
+
if (!group) {
|
|
265
|
+
return;
|
|
266
|
+
}
|
|
267
|
+
const rejectedFolder = path.join(group.rootDir, "rejected");
|
|
268
|
+
const files = yield readdir(rejectedFolder);
|
|
269
|
+
const stat = fs.promises.stat;
|
|
270
|
+
const promises1 = [];
|
|
271
|
+
for (const certFile of files) {
|
|
272
|
+
// read date
|
|
273
|
+
promises1.push(stat(path.join(rejectedFolder, certFile)));
|
|
274
|
+
}
|
|
275
|
+
const stats = yield Promise.all(promises1);
|
|
276
|
+
for (let i = 0; i < stats.length; i++) {
|
|
277
|
+
certificateList.push({
|
|
278
|
+
filename: path.join(rejectedFolder, files[i]),
|
|
279
|
+
stat: stats[i]
|
|
280
|
+
});
|
|
281
|
+
}
|
|
282
|
+
});
|
|
283
|
+
}
|
|
284
|
+
const list = [];
|
|
285
|
+
yield extractRejectedList(this.applicationGroup, list);
|
|
286
|
+
yield extractRejectedList(this.userTokenGroup, list);
|
|
287
|
+
yield extractRejectedList(this.httpsGroup, list);
|
|
288
|
+
// now sort list from newer file to older file
|
|
289
|
+
list.sort((a, b) => b.stat.mtime.getTime() - a.stat.mtime.getTime());
|
|
290
|
+
const promises = [];
|
|
291
|
+
for (const item of list) {
|
|
292
|
+
promises.push(readFile(item.filename, "utf8"));
|
|
293
|
+
}
|
|
294
|
+
const certificatesPEM = yield Promise.all(promises);
|
|
295
|
+
const certificates = certificatesPEM.map(node_opcua_crypto_1.convertPEMtoDER);
|
|
296
|
+
return {
|
|
297
|
+
certificates,
|
|
298
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
299
|
+
};
|
|
300
|
+
});
|
|
301
|
+
}
|
|
302
|
+
// eslint-disable-next-line max-statements
|
|
303
|
+
updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey) {
|
|
304
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
305
|
+
// Result Code Description
|
|
306
|
+
// BadInvalidArgument The certificateTypeId or certificateGroupId is not valid.
|
|
307
|
+
// BadCertificateInvalid The Certificate is invalid or the format is not supported.
|
|
308
|
+
// BadNotSupported The PrivateKey is invalid or the format is not supported.
|
|
309
|
+
// BadUserAccessDenied The current user does not have the rights required.
|
|
310
|
+
// BadSecurityChecksFailed Some failure occurred verifying the integrity of the Certificate.
|
|
311
|
+
const certificateManager = this.getCertificateManager(certificateGroupId);
|
|
312
|
+
if (!certificateManager) {
|
|
313
|
+
debugLog(" cannot find group ", certificateGroupId);
|
|
314
|
+
return {
|
|
315
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.BadInvalidArgument
|
|
316
|
+
};
|
|
317
|
+
}
|
|
318
|
+
function preInstallCertificate(self) {
|
|
319
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
320
|
+
const certFolder = path.join(certificateManager.rootDir, "own/certs");
|
|
321
|
+
const certificateFileDER = path.join(certFolder, `_pending_certificate${fileCounter++}.der`);
|
|
322
|
+
const certificateFilePEM = path.join(certFolder, `_pending_certificate${fileCounter++}.pem`);
|
|
323
|
+
yield writeFile(certificateFileDER, certificate, "binary");
|
|
324
|
+
yield writeFile(certificateFilePEM, (0, node_opcua_crypto_1.toPem)(certificate, "CERTIFICATE"));
|
|
325
|
+
const destDER = path.join(certFolder, "certificate.der");
|
|
326
|
+
const destPEM = path.join(certFolder, "certificate.pem");
|
|
327
|
+
// put existing file in security by backing them up
|
|
328
|
+
self.addPendingTask(() => moveFileWithBackup(certificateFileDER, destDER));
|
|
329
|
+
self.addPendingTask(() => moveFileWithBackup(certificateFilePEM, destPEM));
|
|
330
|
+
});
|
|
331
|
+
}
|
|
332
|
+
function preInstallPrivateKey(self) {
|
|
333
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
334
|
+
(0, node_opcua_assert_1.assert)(privateKeyFormat.toUpperCase() === "PEM");
|
|
335
|
+
const ownPrivateFolder = path.join(certificateManager.rootDir, "own/private");
|
|
336
|
+
const privateKeyFilePEM = path.join(ownPrivateFolder, `_pending_private_key${fileCounter++}.pem`);
|
|
337
|
+
const privateKeyPEM = (0, node_opcua_crypto_1.toPem)(privateKey, "RSA PRIVATE KEY");
|
|
338
|
+
yield writeFile(privateKeyFilePEM, privateKeyPEM, "utf-8");
|
|
339
|
+
self.addPendingTask(() => moveFileWithBackup(privateKeyFilePEM, certificateManager.privateKey));
|
|
340
|
+
});
|
|
341
|
+
}
|
|
342
|
+
// OPC Unified Architecture, Part 12 42 Release 1.04:
|
|
343
|
+
//
|
|
344
|
+
// UpdateCertificate is used to update a Certificate for a Server.
|
|
345
|
+
// There are the following three use cases for this Method:
|
|
346
|
+
//
|
|
347
|
+
// - The new Certificate was created based on a signing request created with the Method
|
|
348
|
+
// In this case there is no privateKey provided.
|
|
349
|
+
// - A new privateKey and Certificate was created outside the Server and both are updated
|
|
350
|
+
// with this Method.
|
|
351
|
+
// - A new Certificate was created and signed with the information from the old Certificate.
|
|
352
|
+
// In this case there is no privateKey provided.
|
|
353
|
+
// The Server shall do all normal integrity checks on the Certificate and all of the issuer
|
|
354
|
+
// Certificates. If errors occur the BadSecurityChecksFailed error is returned.
|
|
355
|
+
// todo : all normal integrity check on the certificate
|
|
356
|
+
const certInfo = (0, node_opcua_crypto_1.exploreCertificate)(certificate);
|
|
357
|
+
const now = new Date();
|
|
358
|
+
if (certInfo.tbsCertificate.validity.notBefore.getTime() > now.getTime()) {
|
|
359
|
+
// certificate is not yet valid
|
|
360
|
+
warningLog("Certificate is not yet valid : not before ", certInfo.tbsCertificate.validity.notBefore.toISOString(), "now = ", now.toISOString());
|
|
361
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed };
|
|
362
|
+
}
|
|
363
|
+
if (certInfo.tbsCertificate.validity.notAfter.getTime() < now.getTime()) {
|
|
364
|
+
// certificate is already out of date
|
|
365
|
+
warningLog("Certificate is already out of date : not after ", certInfo.tbsCertificate.validity.notAfter.toISOString(), "now = ", now.toISOString());
|
|
366
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed };
|
|
367
|
+
}
|
|
368
|
+
// If the Server returns applyChangesRequired=FALSE then it is indicating that it is able to
|
|
369
|
+
// satisfy the requirements specified for the ApplyChanges Method.
|
|
370
|
+
debugLog(" updateCertificate ", (0, node_opcua_crypto_1.makeSHA1Thumbprint)(certificate).toString("hex"));
|
|
371
|
+
if (!privateKeyFormat || !privateKey) {
|
|
372
|
+
// first of all we need to find the future private key;
|
|
373
|
+
// this one may have been created during the creation of the certficate signing request
|
|
374
|
+
// but is not active yet
|
|
375
|
+
const privateKeyDER = (0, node_opcua_crypto_1.readPrivateKey)(this._tmpCertificateManager ? this._tmpCertificateManager.privateKey : certificateManager.privateKey);
|
|
376
|
+
// The Server shall report an error if the public key does not match the existing Certificate and
|
|
377
|
+
// the privateKey was not provided.
|
|
378
|
+
// privateKey is not provided, so check that the public key matches the existing certificate
|
|
379
|
+
if (!(0, node_opcua_crypto_1.certificateMatchesPrivateKey)(certificate, privateKeyDER)) {
|
|
380
|
+
// certificate doesn't match privateKey
|
|
381
|
+
warningLog("certificate doesn't match privateKey");
|
|
382
|
+
/* debug code */
|
|
383
|
+
const certificatePEM = (0, node_opcua_crypto_1.toPem)(certificate, "CERTIFICATE");
|
|
384
|
+
const privateKeyPEM = (0, node_opcua_crypto_1.toPem)(privateKeyDER, "RSA PRIVATE KEY");
|
|
385
|
+
const initialBuffer = Buffer.from("Lorem Ipsum");
|
|
386
|
+
const encryptedBuffer = (0, node_opcua_crypto_1.publicEncrypt_long)(initialBuffer, certificatePEM, 256, 11);
|
|
387
|
+
const decryptedBuffer = (0, node_opcua_crypto_1.privateDecrypt_long)(encryptedBuffer, privateKeyPEM, 256);
|
|
388
|
+
console.log(certificatePEM);
|
|
389
|
+
console.log(privateKeyPEM);
|
|
390
|
+
console.log("decrypted buffer", decryptedBuffer.toString("utf-8"));
|
|
391
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed };
|
|
392
|
+
}
|
|
393
|
+
// a new certificate is provided for us,
|
|
394
|
+
// we keep our private key
|
|
395
|
+
// we do this in two stages
|
|
396
|
+
yield preInstallCertificate(this);
|
|
397
|
+
return {
|
|
398
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
399
|
+
};
|
|
400
|
+
}
|
|
401
|
+
else if (privateKey) {
|
|
402
|
+
// a private key has been provided by the caller !
|
|
403
|
+
if (!privateKeyFormat) {
|
|
404
|
+
warningLog("the privateKeyFormat must be specified " + privateKeyFormat);
|
|
405
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported };
|
|
406
|
+
}
|
|
407
|
+
if (privateKeyFormat !== "PEM" && privateKeyFormat !== "PFX") {
|
|
408
|
+
warningLog(" the private key format is invalid privateKeyFormat =" + privateKeyFormat);
|
|
409
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported };
|
|
410
|
+
}
|
|
411
|
+
if (privateKeyFormat !== "PEM") {
|
|
412
|
+
warningLog("in NodeOPCUA we only support PEM for the moment privateKeyFormat =" + privateKeyFormat);
|
|
413
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported };
|
|
414
|
+
}
|
|
415
|
+
if (privateKey instanceof Buffer || typeof privateKey === "string") {
|
|
416
|
+
privateKey = (0, crypto_1.createPrivateKey)(privateKey);
|
|
417
|
+
}
|
|
418
|
+
// privateKey is provided, so check that the public key matches provided private key
|
|
419
|
+
if (!(0, node_opcua_crypto_1.certificateMatchesPrivateKey)(certificate, privateKey)) {
|
|
420
|
+
// certificate doesn't match privateKey
|
|
421
|
+
warningLog("certificate doesn't match privateKey");
|
|
422
|
+
return { statusCode: node_opcua_basic_types_1.StatusCodes.BadSecurityChecksFailed };
|
|
423
|
+
}
|
|
424
|
+
yield preInstallPrivateKey(this);
|
|
425
|
+
yield preInstallCertificate(this);
|
|
426
|
+
return {
|
|
427
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.Good
|
|
428
|
+
};
|
|
429
|
+
}
|
|
430
|
+
else {
|
|
431
|
+
// todo !
|
|
432
|
+
return {
|
|
433
|
+
statusCode: node_opcua_basic_types_1.StatusCodes.BadNotSupported
|
|
434
|
+
};
|
|
435
|
+
}
|
|
436
|
+
});
|
|
437
|
+
}
|
|
438
|
+
applyChanges() {
|
|
439
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
440
|
+
// ApplyChanges is used to tell the Server to apply any security changes.
|
|
441
|
+
// This Method should only be called if a previous call to a Method that changed the
|
|
442
|
+
// configuration returns applyChangesRequired=true.
|
|
443
|
+
//
|
|
444
|
+
// If the Server Certificate has changed, Secure Channels using the old Certificate will
|
|
445
|
+
// eventually be interrupted.
|
|
446
|
+
this.emit("CertificateAboutToChange", this.$$actionQueue);
|
|
447
|
+
yield this.flushActionQueue();
|
|
448
|
+
try {
|
|
449
|
+
yield this.applyPendingTasks();
|
|
450
|
+
}
|
|
451
|
+
catch (err) {
|
|
452
|
+
debugLog("err ", err);
|
|
453
|
+
return node_opcua_basic_types_1.StatusCodes.BadInternalError;
|
|
454
|
+
}
|
|
455
|
+
this.emit("CertificateChanged", this.$$actionQueue);
|
|
456
|
+
yield this.flushActionQueue();
|
|
457
|
+
// The only leeway the Server has is with the timing.
|
|
458
|
+
// In the best case, the Server can close the TransportConnections for the affected Endpoints and leave any
|
|
459
|
+
// Subscriptions intact. This should appear no different than a network interruption from the
|
|
460
|
+
// perspective of the Client. The Client should be prepared to deal with Certificate changes
|
|
461
|
+
// during its reconnect logic. In the worst case, a full shutdown which affects all connected
|
|
462
|
+
// Clients will be necessary. In the latter case, the Server shall advertise its intent to interrupt
|
|
463
|
+
// connections by setting the SecondsTillShutdown and ShutdownReason Properties in the
|
|
464
|
+
// ServerStatus Variable.
|
|
465
|
+
// If the Secure Channel being used to call this Method will be affected by the Certificate change
|
|
466
|
+
// then the Server shall introduce a delay long enough to allow the caller to receive a reply.
|
|
467
|
+
return node_opcua_basic_types_1.StatusCodes.Good;
|
|
468
|
+
});
|
|
469
|
+
}
|
|
470
|
+
getCertificateManager(certificateGroupId) {
|
|
471
|
+
const groupName = findCertificateGroupName(certificateGroupId);
|
|
472
|
+
return this._map[groupName] || null;
|
|
473
|
+
}
|
|
474
|
+
addPendingTask(functor) {
|
|
475
|
+
this._pendingTasks.push(functor);
|
|
476
|
+
}
|
|
477
|
+
applyPendingTasks() {
|
|
478
|
+
var _a, e_1, _b, _c;
|
|
479
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
480
|
+
debugLog("start applyPendingTasks");
|
|
481
|
+
const promises = [];
|
|
482
|
+
const t = this._pendingTasks.splice(0);
|
|
483
|
+
if (false) {
|
|
484
|
+
try {
|
|
485
|
+
// node 10.2 and above
|
|
486
|
+
for (var _d = true, t_1 = __asyncValues(t), t_1_1; t_1_1 = yield t_1.next(), _a = t_1_1.done, !_a;) {
|
|
487
|
+
_c = t_1_1.value;
|
|
488
|
+
_d = false;
|
|
489
|
+
try {
|
|
490
|
+
const task = _c;
|
|
491
|
+
yield task();
|
|
492
|
+
}
|
|
493
|
+
finally {
|
|
494
|
+
_d = true;
|
|
495
|
+
}
|
|
496
|
+
}
|
|
497
|
+
}
|
|
498
|
+
catch (e_1_1) { e_1 = { error: e_1_1 }; }
|
|
499
|
+
finally {
|
|
500
|
+
try {
|
|
501
|
+
if (!_d && !_a && (_b = t_1.return)) yield _b.call(t_1);
|
|
502
|
+
}
|
|
503
|
+
finally { if (e_1) throw e_1.error; }
|
|
504
|
+
}
|
|
505
|
+
}
|
|
506
|
+
else {
|
|
507
|
+
while (t.length) {
|
|
508
|
+
const task = t.shift();
|
|
509
|
+
yield task();
|
|
510
|
+
}
|
|
511
|
+
}
|
|
512
|
+
yield Promise.all(promises);
|
|
513
|
+
debugLog("end applyPendingTasks");
|
|
514
|
+
});
|
|
515
|
+
}
|
|
516
|
+
flushActionQueue() {
|
|
517
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
518
|
+
while (this.$$actionQueue.length) {
|
|
519
|
+
const first = this.$$actionQueue.pop();
|
|
520
|
+
yield first();
|
|
521
|
+
}
|
|
522
|
+
});
|
|
523
|
+
}
|
|
524
|
+
}
|
|
525
|
+
exports.PushCertificateManagerServerImpl = PushCertificateManagerServerImpl;
|
|
526
|
+
//# sourceMappingURL=push_certificate_manager_server_impl.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"push_certificate_manager_server_impl.js","sourceRoot":"","sources":["../../source/server/push_certificate_manager_server_impl.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;AAAA;;GAEG;AACH,mCAAsC;AACtC,yBAAyB;AACzB,6BAA6B;AAC7B,mCAAqD;AACrD,+BAAiC;AAEjC,iCAAiC;AAEjC,yDAA2C;AAC3C,mEAAiE;AACjE,yDAW2B;AAI3B,uDAAiG;AACjG,yDAAsE;AACtE,mFAAoE;AAUpE,gFAAgF;AAChF,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC;AAErD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AAEtD,MAAM,uBAAuB,GAAG,IAAA,iCAAa,EAAC,+DAA+D,CAAC,CAAC;AAC/G,MAAM,iBAAiB,GAAG,IAAA,iCAAa,EAAC,yDAAyD,CAAC,CAAC;AACnG,MAAM,qBAAqB,GAAG,IAAA,iCAAa,EAAC,6DAA6D,CAAC,CAAC;AAE3G,SAAS,wBAAwB,CAAC,sBAAuC;IACrE,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE;QAC5C,OAAO,sBAAsB,CAAC;KACjC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,0BAAM,CAAC,UAAU,CAAC,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,uBAAuB,CAAC,EAAE;QACtH,OAAO,yBAAyB,CAAC;KACpC;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,iBAAiB,CAAC,EAAE;QACvD,OAAO,mBAAmB,CAAC;KAC9B;IACD,IAAI,IAAA,8BAAU,EAAC,sBAAsB,EAAE,qBAAqB,CAAC,EAAE;QAC3D,OAAO,uBAAuB,CAAC;KAClC;IACD,OAAO,EAAE,CAAC;AACd,CAAC;AAYD,SAAsB,QAAQ,CAAC,MAAc,EAAE,IAAY;;QACvD,IAAI;YACA,QAAQ,CAAC,yBAAyB,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;YACnE,MAAM,WAAW,GAAG,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,WAAW,EAAE;gBACb,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;aAC5C;SACJ;QAAC,OAAO,GAAG,EAAE;YACV,QAAQ,CAAC,GAAG,CAAC,CAAC;SACjB;IACL,CAAC;CAAA;AAVD,4BAUC;AAED,SAAsB,UAAU,CAAC,IAAY;;QACzC,IAAI;YACA,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,MAAM,EAAE;gBACR,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;gBACjC,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAClC;SACJ;QAAC,OAAO,GAAG,EAAE;YACV,QAAQ,CAAC,GAAG,CAAC,CAAC;SACjB;IACL,CAAC;CAAA;AAVD,gCAUC;AAED,SAAsB,QAAQ,CAAC,MAAc,EAAE,IAAY;;QACvD,QAAQ,CAAC,6BAA6B,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;QACvE,IAAI;YACA,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YAC7B,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;SAC5B;QAAC,OAAO,GAAG,EAAE;YACV,QAAQ,CAAC,GAAG,CAAC,CAAC;SACjB;IACL,CAAC;CAAA;AARD,4BAQC;AAED,SAAsB,kBAAkB,CAAC,MAAc,EAAE,IAAY;;QACjE,0CAA0C;QAC1C,QAAQ,CAAC,oCAAoC,EAAE,MAAM,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC;QAC9E,MAAM,QAAQ,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAAC,CAAC;QACpC,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC;CAAA;AALD,gDAKC;AAED,SAAgB,eAAe,CAAC,OAAuC;IACnE,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,OAAO,CAAC,UAAU,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEzD,OAAO,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,WAAW,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAE1D,OAAO,CAAC,eAAe,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC;IAEnE,OAAO,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAE5D,OAAO,CAAC,YAAY,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,gBAAgB,IAAI,CAAC,CAAC,IAAI,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAEpE,OAAO,CAAC,oBAAoB,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAE7E,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,IAAI,OAAO,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAE3E,OAAO,CAAC,CAAC;AACb,CAAC;AArBD,0CAqBC;AACD,IAAI,WAAW,GAAG,CAAC,CAAC;AAIpB,MAAa,gCAAiC,SAAQ,qBAAY;IAY9D,YAAY,OAA4C;QACpD,KAAK,EAAE,CAAC;QARK,SAAI,GAA0C,EAAE,CAAC;QACjD,kBAAa,GAAc,EAAE,CAAC;QAEvC,kBAAa,GAAgB,EAAE,CAAC;QAOpC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QAE5D,IAAI,OAAO,EAAE;YACT,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;YACjD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;YAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;YACrC,IAAI,IAAI,CAAC,cAAc,EAAE;gBACrB,IAAI,CAAC,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,cAAc,CAAC;gBAEtD,uBAAuB;gBACvB,IAAI,CAAC,CAAC,IAAI,CAAC,cAAc,YAAY,mDAAkB,CAAC,EAAE;oBACtD,QAAQ,CACJ,qEAAqE,EACpE,IAAI,CAAC,cAAsB,CAAC,WAAW,CAAC,IAAI,CAChD,CAAC;oBACF,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;iBACzF;aACJ;YACD,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBACvB,IAAI,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,gBAAgB,CAAC;gBAC1D,IAAA,0BAAM,EAAC,IAAI,CAAC,gBAAgB,YAAY,mDAAkB,CAAC,CAAC;aAC/D;YACD,IAAI,IAAI,CAAC,UAAU,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,UAAU,CAAC;gBAC9C,IAAA,0BAAM,EAAC,IAAI,CAAC,UAAU,YAAY,mDAAkB,CAAC,CAAC;aACzD;SACJ;IACL,CAAC;IAEY,UAAU;;YACnB,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBACvB,MAAM,IAAI,CAAC,gBAAgB,CAAC,UAAU,EAAE,CAAC;aAC5C;YACD,IAAI,IAAI,CAAC,cAAc,EAAE;gBACrB,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,CAAC;aAC1C;YACD,IAAI,IAAI,CAAC,UAAU,EAAE;gBACjB,MAAM,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;aACtC;QACL,CAAC;KAAA;IAED,IAAW,0BAA0B;QACjC,OAAO,CAAC,KAAK,CAAC,CAAC;IACnB,CAAC;IAEY,6BAA6B;;YACtC,OAAO,IAAI,CAAC,0BAA0B,CAAC;QAC3C,CAAC;KAAA;IAEY,oBAAoB,CAC7B,kBAAmC,EACnC,iBAAkC,EAClC,WAA2C,EAC3C,oBAA8B,EAC9B,KAAc;;YAEd,IAAI,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;YAExE,IAAI,CAAC,kBAAkB,EAAE;gBACrB,QAAQ,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;gBACpD,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;iBAC7C,CAAC;aACL;YAED,IAAI,CAAC,WAAW,EAAE;gBACd,6BAA6B;gBAC7B,MAAM,0BAA0B,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;gBACtG,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,0BAA0B,CAAC,EAAE;oBAC5C,QAAQ,CAAC,yDAAyD,EAAE,0BAA0B,CAAC,CAAC;oBAChG,OAAO;wBACH,UAAU,EAAE,oCAAW,CAAC,eAAe;qBAC1C,CAAC;iBACL;gBACD,MAAM,WAAW,GAAG,IAAA,mCAAe,EAAC,0BAA0B,CAAC,CAAC;gBAChE,MAAM,CAAC,GAAG,IAAA,sCAAkB,EAAC,WAAW,CAAC,CAAC;gBAC1C,WAAW,GAAG,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;gBACxD,UAAU,CAAC,gDAAgD,EAAE,WAAW,CAAC,CAAC;aAC7E;YAED,6DAA6D;YAC7D,IAAI,oBAAoB,EAAE;gBACtB,sEAAsE;gBACtE,6EAA6E;gBAC7E,gFAAgF;gBAChF,2CAA2C;gBAE3C,qFAAqF;gBACrF,qCAAqC;gBACrC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE;oBAC7B,IAAA,kCAAe,EACX,uGAAuG,CAC1G,CAAC;oBACF,OAAO;wBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;qBAC7C,CAAC;iBACL;gBAED,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC9D,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;oBACzB,MAAM,IAAA,gBAAS,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;iBAChD;gBACD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;oBAC1B,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;iBACrC;gBAED,MAAM,sBAAsB,GAAG,kBAAkB,CAAC;gBAClD,MAAM,OAAO,GAAI,kBAA0B,CAAC,OAAO,CAAC,CAAC,+BAA+B;gBACpF,kBAAkB,GAAG,IAAI,mDAAkB,CAAC;oBACxC,OAAO;oBACP,QAAQ;iBACX,CAAC,CAAC;gBACH,QAAQ,CAAC,kCAAkC,CAAC,CAAC;gBAC7C,MAAM,kBAAkB,CAAC,UAAU,EAAE,CAAC;gBAEtC,IAAI,CAAC,sBAAsB,GAAG,kBAAkB,CAAC;gBAEjD,IAAI,CAAC,cAAc,CAAC,GAAS,EAAE;oBAC3B,MAAM,kBAAkB,CAAC,kBAAmB,CAAC,UAAU,EAAE,sBAAsB,CAAC,UAAU,CAAC,CAAC;gBAChG,CAAC,CAAA,CAAC,CAAC;gBACH,IAAI,CAAC,cAAc,CAAC,GAAS,EAAE;oBAC3B,MAAM,IAAA,gBAAS,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACjD,CAAC,CAAA,CAAC,CAAC;aACN;iBAAM;gBACH,2CAA2C;aAC9C;YAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;gBACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC;aACvD;YACD,MAAM,OAAO,GAAG;gBACZ,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,OAAO,EAAE,WAAY;aACxB,CAAC;YACF,MAAM,kBAAkB,CAAC,UAAU,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,MAAM,kBAAkB,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAC3E,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC/C,MAAM,yBAAyB,GAAG,IAAA,mCAAe,EAAC,MAAM,CAAC,CAAC;YAE1D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;YAE/C,OAAO;gBACH,yBAAyB;gBACzB,UAAU,EAAE,oCAAW,CAAC,IAAI;aAC/B,CAAC;QACN,CAAC;KAAA;IAEY,eAAe;;YAQxB,qCAAqC;YACrC,SAAe,mBAAmB,CAAC,KAAqC,EAAE,eAA2B;;oBACjG,IAAI,CAAC,KAAK,EAAE;wBACR,OAAO;qBACV;oBACD,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;oBAC5D,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAC;oBAE5C,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;oBAE9B,MAAM,SAAS,GAAwB,EAAE,CAAC;oBAC1C,KAAK,MAAM,QAAQ,IAAI,KAAK,EAAE;wBAC1B,YAAY;wBACZ,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;qBAC7D;oBACD,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBAE3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;wBACnC,eAAe,CAAC,IAAI,CAAC;4BACjB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;4BAC7C,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;yBACjB,CAAC,CAAC;qBACN;gBACL,CAAC;aAAA;YAED,MAAM,IAAI,GAAe,EAAE,CAAC;YAC5B,MAAM,mBAAmB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YACvD,MAAM,mBAAmB,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;YACrD,MAAM,mBAAmB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAEjD,8CAA8C;YAC9C,IAAI,CAAC,IAAI,CAAC,CAAC,CAAW,EAAE,CAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEzF,MAAM,QAAQ,GAAsB,EAAE,CAAC;YACvC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE;gBACrB,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;aAClD;YACD,MAAM,eAAe,GAAa,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAE9D,MAAM,YAAY,GAAa,eAAe,CAAC,GAAG,CAAC,mCAAe,CAAC,CAAC;YACpE,OAAO;gBACH,YAAY;gBACZ,UAAU,EAAE,oCAAW,CAAC,IAAI;aAC/B,CAAC;QACN,CAAC;KAAA;IAQD,0CAA0C;IAC7B,iBAAiB,CAC1B,kBAAmC,EACnC,iBAAkC,EAClC,WAAmB,EACnB,kBAAgC,EAChC,gBAAyB,EACzB,UAAyC;;YAEzC,yCAAyC;YACzC,sFAAsF;YACtF,uFAAuF;YACvF,sFAAsF;YACtF,gFAAgF;YAChF,8FAA8F;YAC9F,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAE,CAAC;YAE3E,IAAI,CAAC,kBAAkB,EAAE;gBACrB,QAAQ,CAAC,qBAAqB,EAAE,kBAAkB,CAAC,CAAC;gBACpD,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,kBAAkB;iBAC7C,CAAC;aACL;YAED,SAAe,qBAAqB,CAAC,IAAsC;;oBACvE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;oBACtE,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;oBAC7F,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;oBAE7F,MAAM,SAAS,CAAC,kBAAkB,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;oBAC3D,MAAM,SAAS,CAAC,kBAAkB,EAAE,IAAA,yBAAK,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;oBAEvE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;oBACzD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;oBAEzD,mDAAmD;oBACnD,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;oBAC3E,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC/E,CAAC;aAAA;YAED,SAAe,oBAAoB,CAAC,IAAsC;;oBACtE,IAAA,0BAAM,EAAC,gBAAiB,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,CAAC;oBAElD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;oBAC9E,MAAM,iBAAiB,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,uBAAuB,WAAW,EAAE,MAAM,CAAC,CAAC;oBAElG,MAAM,aAAa,GAAG,IAAA,yBAAK,EAAC,UAAW,EAAE,iBAAiB,CAAC,CAAC;oBAC5D,MAAM,SAAS,CAAC,iBAAiB,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;oBAE3D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;gBACpG,CAAC;aAAA;YAED,qDAAqD;YACrD,EAAE;YACF,kEAAkE;YAClE,2DAA2D;YAC3D,EAAE;YACF,wFAAwF;YACxF,mDAAmD;YACnD,0FAA0F;YAC1F,uBAAuB;YACvB,6FAA6F;YAC7F,mDAAmD;YAEnD,2FAA2F;YAC3F,+EAA+E;YAC/E,uDAAuD;YACvD,MAAM,QAAQ,GAAG,IAAA,sCAAkB,EAAC,WAAW,CAAC,CAAC;YAEjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE;gBACtE,+BAA+B;gBAC/B,UAAU,CACN,4CAA4C,EAC5C,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,EACxD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;gBACF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,uBAAuB,EAAE,CAAC;aAC9D;YACD,IAAI,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE;gBACrE,qCAAqC;gBACrC,UAAU,CACN,iDAAiD,EACjD,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,EAAE,EACvD,QAAQ,EACR,GAAG,CAAC,WAAW,EAAE,CACpB,CAAC;gBACF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,uBAAuB,EAAE,CAAC;aAC9D;YAED,4FAA4F;YAC5F,kEAAkE;YAElE,QAAQ,CAAC,qBAAqB,EAAE,IAAA,sCAAkB,EAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YAEjF,IAAI,CAAC,gBAAgB,IAAI,CAAC,UAAU,EAAE;gBAClC,uDAAuD;gBACvD,uFAAuF;gBACvF,wBAAwB;gBACxB,MAAM,aAAa,GAAG,IAAA,kCAAc,EAChC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC,kBAAkB,CAAC,UAAU,CACvG,CAAC;gBAEF,iGAAiG;gBACjG,mCAAmC;gBACnC,4FAA4F;gBAC5F,IAAI,CAAC,IAAA,gDAA4B,EAAC,WAAW,EAAE,aAAa,CAAC,EAAE;oBAC3D,uCAAuC;oBACvC,UAAU,CAAC,sCAAsC,CAAC,CAAC;oBACnD,gBAAgB;oBAChB,MAAM,cAAc,GAAG,IAAA,yBAAK,EAAC,WAAW,EAAE,aAAa,CAAC,CAAC;oBACzD,MAAM,aAAa,GAAG,IAAA,yBAAK,EAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;oBAC9D,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;oBACjD,MAAM,eAAe,GAAG,IAAA,sCAAkB,EAAC,aAAa,EAAE,cAAc,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;oBACnF,MAAM,eAAe,GAAG,IAAA,uCAAmB,EAAC,eAAe,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;oBACjF,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;oBAC5B,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;oBACnE,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,uBAAuB,EAAE,CAAC;iBAC9D;gBACD,wCAAwC;gBACxC,0BAA0B;gBAC1B,2BAA2B;gBAC3B,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBAElC,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,IAAI;iBAC/B,CAAC;aACL;iBAAM,IAAI,UAAU,EAAE;gBACnB,kDAAkD;gBAClD,IAAI,CAAC,gBAAgB,EAAE;oBACnB,UAAU,CAAC,yCAAyC,GAAG,gBAAgB,CAAC,CAAC;oBACzE,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC;iBACtD;gBACD,IAAI,gBAAgB,KAAK,KAAK,IAAI,gBAAgB,KAAK,KAAK,EAAE;oBAC1D,UAAU,CAAC,uDAAuD,GAAG,gBAAgB,CAAC,CAAC;oBACvF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC;iBACtD;gBACD,IAAI,gBAAgB,KAAK,KAAK,EAAE;oBAC5B,UAAU,CAAC,oEAAoE,GAAG,gBAAgB,CAAC,CAAC;oBACpG,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC;iBACtD;gBAED,IAAI,UAAU,YAAY,MAAM,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;oBAChE,UAAU,GAAG,IAAA,yBAAgB,EAAC,UAAU,CAAC,CAAC;iBAC7C;gBACD,qFAAqF;gBACrF,IAAI,CAAC,IAAA,gDAA4B,EAAC,WAAW,EAAE,UAAU,CAAC,EAAE;oBACxD,uCAAuC;oBACvC,UAAU,CAAC,sCAAsC,CAAC,CAAC;oBACnD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,uBAAuB,EAAE,CAAC;iBAC9D;gBAED,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAEjC,MAAM,qBAAqB,CAAC,IAAI,CAAC,CAAC;gBAElC,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,IAAI;iBAC/B,CAAC;aACL;iBAAM;gBACH,SAAS;gBACT,OAAO;oBACH,UAAU,EAAE,oCAAW,CAAC,eAAe;iBAC1C,CAAC;aACL;QACL,CAAC;KAAA;IAEY,YAAY;;YACrB,yEAAyE;YACzE,oFAAoF;YACpF,mDAAmD;YACnD,EAAE;YACF,wFAAwF;YACxF,6BAA6B;YAE7B,IAAI,CAAC,IAAI,CAAC,0BAA0B,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1D,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAE9B,IAAI;gBACA,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;aAClC;YAAC,OAAO,GAAG,EAAE;gBACV,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBACtB,OAAO,oCAAW,CAAC,gBAAgB,CAAC;aACvC;YACD,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;YACpD,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAE9B,qDAAqD;YACrD,2GAA2G;YAC3G,6FAA6F;YAC7F,4FAA4F;YAC5F,6FAA6F;YAC7F,oGAAoG;YACpG,sFAAsF;YACtF,yBAAyB;YAEzB,kGAAkG;YAClG,8FAA8F;YAC9F,OAAO,oCAAW,CAAC,IAAI,CAAC;QAC5B,CAAC;KAAA;IAEO,qBAAqB,CAAC,kBAAmC;QAC7D,MAAM,SAAS,GAAG,wBAAwB,CAAC,kBAAkB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;IACxC,CAAC;IAEO,cAAc,CAAC,OAA4B;QAC/C,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAEa,iBAAiB;;;YAC3B,QAAQ,CAAC,yBAAyB,CAAC,CAAC;YACpC,MAAM,QAAQ,GAAoB,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YAEvC,IAAI,KAAK,EAAE;;oBACP,sBAAsB;oBACtB,KAAyB,eAAA,MAAA,cAAA,CAAC,CAAA,OAAA;wBAAD,iBAAC;wBAAD,WAAC;;4BAAf,MAAM,IAAI,KAAA,CAAA;4BACjB,MAAM,IAAI,EAAE,CAAC;;;;;qBAChB;;;;;;;;;aACJ;iBAAM;gBACH,OAAO,CAAC,CAAC,MAAM,EAAE;oBACb,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,EAAG,CAAC;oBACxB,MAAM,IAAI,EAAE,CAAC;iBAChB;aACJ;YACD,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC5B,QAAQ,CAAC,uBAAuB,CAAC,CAAC;;KACrC;IAEa,gBAAgB;;YAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;gBAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAG,CAAC;gBACxC,MAAM,KAAM,EAAE,CAAC;aAClB;QACL,CAAC;KAAA;CACJ;AA5cD,4EA4cC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.rolePermissionAdminOnly = exports.rolePermissionRestricted = void 0;
|
|
4
|
+
const node_opcua_address_space_1 = require("node-opcua-address-space");
|
|
5
|
+
const node_opcua_data_model_1 = require("node-opcua-data-model");
|
|
6
|
+
exports.rolePermissionRestricted = [
|
|
7
|
+
{
|
|
8
|
+
roleId: node_opcua_address_space_1.WellKnownRoles.Anonymous,
|
|
9
|
+
permissions: node_opcua_address_space_1.PermissionType.Browse,
|
|
10
|
+
},
|
|
11
|
+
{
|
|
12
|
+
roleId: node_opcua_address_space_1.WellKnownRoles.AuthenticatedUser,
|
|
13
|
+
permissions: node_opcua_address_space_1.PermissionType.Browse,
|
|
14
|
+
},
|
|
15
|
+
{
|
|
16
|
+
roleId: node_opcua_address_space_1.WellKnownRoles.ConfigureAdmin,
|
|
17
|
+
permissions: (0, node_opcua_data_model_1.makePermissionFlag)("Browse | ReadRolePermissions | Read | ReadHistory | ReceiveEvents")
|
|
18
|
+
},
|
|
19
|
+
{
|
|
20
|
+
roleId: node_opcua_address_space_1.WellKnownRoles.SecurityAdmin,
|
|
21
|
+
permissions: node_opcua_data_model_1.allPermissions
|
|
22
|
+
},
|
|
23
|
+
];
|
|
24
|
+
exports.rolePermissionAdminOnly = [
|
|
25
|
+
{
|
|
26
|
+
roleId: node_opcua_address_space_1.WellKnownRoles.SecurityAdmin,
|
|
27
|
+
permissions: node_opcua_data_model_1.allPermissions
|
|
28
|
+
},
|
|
29
|
+
/* {
|
|
30
|
+
roleId: WellKnownRoles.Anonymous,
|
|
31
|
+
permissions: PermissionType.Browse
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
roleId: WellKnownRoles.AuthenticatedUser,
|
|
35
|
+
permissions: PermissionType.Browse
|
|
36
|
+
}
|
|
37
|
+
*/
|
|
38
|
+
];
|
|
39
|
+
//# sourceMappingURL=roles_and_permissions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roles_and_permissions.js","sourceRoot":"","sources":["../../source/server/roles_and_permissions.ts"],"names":[],"mappings":";;;AAAA,uEAAqG;AACrG,iEAA2E;AAE9D,QAAA,wBAAwB,GAAgC;IAEjE;QACI,MAAM,EAAE,yCAAc,CAAC,SAAS;QAChC,WAAW,EAAE,yCAAc,CAAC,MAAM;KACrC;IACD;QACI,MAAM,EAAE,yCAAc,CAAC,iBAAiB;QACxC,WAAW,EAAE,yCAAc,CAAC,MAAM;KACrC;IACD;QACI,MAAM,EAAE,yCAAc,CAAC,cAAc;QACrC,WAAW,EAAE,IAAA,0CAAkB,EAAC,mEAAmE,CAAC;KACvG;IACD;QACI,MAAM,EAAE,yCAAc,CAAC,aAAa;QACpC,WAAW,EAAE,sCAAc;KAC9B;CACJ,CAAC;AACW,QAAA,uBAAuB,GAAgC;IAChE;QACI,MAAM,EAAE,yCAAc,CAAC,aAAa;QACpC,WAAW,EAAE,sCAAc;KAC9B;IACJ;;;;;;;;MAQE;CACF,CAAC"}
|