node-opcua-server 2.165.2 → 2.167.0

package/source/register_server_manager.ts

@@ -1,38 +1,36 @@
- /**
+/**
  * @module node-opcua-server
  */
 // tslint:disable:no-console
-import { EventEmitter } from "events";
+import { EventEmitter } from "node:events";
 import chalk from "chalk";
 
 import { assert } from "node-opcua-assert";
-import { UAString } from "node-opcua-basic-types";
-import {
-    coerceLocalizedText,
-    LocalizedTextOptions,
-    OPCUAClientBase,
-    OPCUAClientBaseOptions,
-    ResponseCallback
-} from "node-opcua-client";
-import { make_debugLog, checkDebugFlag, make_warningLog } from "node-opcua-debug";
+import type { UAString } from "node-opcua-basic-types";
+import type { OPCUACertificateManager } from "node-opcua-certificate-manager";
+import { coerceLocalizedText, type LocalizedTextOptions, OPCUAClientBase, type ResponseCallback } from "node-opcua-client";
+import { exploreCertificate } from "node-opcua-crypto/web";
+import { checkDebugFlag, make_debugLog, make_warningLog } from "node-opcua-debug";
 import { resolveFullyQualifiedDomainName } from "node-opcua-hostname";
 import { coerceSecurityPolicy, MessageSecurityMode, SecurityPolicy } from "node-opcua-secure-channel";
 import {
     RegisterServer2Request,
-    RegisterServer2Response,
+    type RegisterServer2Response,
     RegisterServerRequest,
-    RegisterServerResponse
+    type RegisterServerResponse
 } from "node-opcua-service-discovery";
-import { ApplicationType, EndpointDescription, MdnsDiscoveryConfiguration, RegisteredServerOptions } from "node-opcua-types";
-import { exploreCertificate } from "node-opcua-crypto/web";
-import { OPCUACertificateManager } from "node-opcua-certificate-manager";
-import { IRegisterServerManager, RegisterServerManagerStatus } from "./i_register_server_manager";
-
-const doDebug = checkDebugFlag("REGISTER_LDS");
+import {
+    type ApplicationType,
+    type EndpointDescription,
+    MdnsDiscoveryConfiguration,
+    type RegisteredServerOptions
+} from "node-opcua-types";
+import { type IRegisterServerManager, RegisterServerManagerStatus } from "./i_register_server_manager";
+
+const _doDebug = checkDebugFlag("REGISTER_LDS");
 const debugLog = make_debugLog("REGISTER_LDS");
 const warningLog = make_warningLog("REGISTER_LDS");
 
-
 const g_DefaultRegistrationServerTimeout = 8 * 60 * 1000; // 8 minutes
 
 function securityPolicyLevel(securityPolicy: UAString): number {
@@ -110,7 +108,7 @@ function constructRegisteredServer(server: IPartialServer, isOnline: boolean): R
     assert(!isOnline || discoveryUrls.length >= 1, "expecting some discoveryUrls if we go online .... ");
 
     const info = exploreCertificate(server.getCertificate());
-    const commonName = info.tbsCertificate.subject.commonName!;
+    const _commonName = info.tbsCertificate.subject.commonName ?? "";
 
     const serverUri = info.tbsCertificate.extensions?.subjectAltName?.uniformResourceIdentifier[0];
     // c8 ignore next
@@ -122,7 +120,7 @@ function constructRegisteredServer(server: IPartialServer, isOnline: boolean): R
             "\n subjectAltName            : ",
             info.tbsCertificate.extensions?.subjectAltName,
             "\n commonName                : ",
-            info.tbsCertificate.subject.commonName!,
+            info.tbsCertificate.subject.commonName,
             "\n serverInfo.applicationUri : ",
             server.serverInfo.applicationUri
         );
@@ -203,7 +201,7 @@ async function sendRegisterServerRequest(server: IPartialServer, client: ClientB
     const request = constructRegisterServer2Request(server, isOnline);
 
     await new Promise<void>((resolve, reject) => {
-        client.performMessageTransaction(request, (err: Error | null, response?: RegisterServer2Response) => {
+        client.performMessageTransaction(request, (err: Error | null, _response?: RegisterServer2Response) => {
             if (!err) {
                 // RegisterServerResponse
                 debugLog("RegisterServerManager#_registerServer sendRegisterServer2Request has succeeded (isOnline", isOnline, ")");
@@ -213,7 +211,7 @@ async function sendRegisterServerRequest(server: IPartialServer, client: ClientB
             debugLog("RegisterServerManager#_registerServer" + " falling back to using sendRegisterServerRequest instead");
             // fall back to
             const request1 = constructRegisterServerRequest(server, isOnline);
-            client.performMessageTransaction(request1, (err1: Error | null, response1?: RegisterServerResponse) => {
+            client.performMessageTransaction(request1, (err1: Error | null, _response1?: RegisterServerResponse) => {
                 if (!err1) {
                     debugLog(
                         "RegisterServerManager#_registerServer sendRegisterServerRequest " + "has succeeded (isOnline",
@@ -227,10 +225,9 @@ async function sendRegisterServerRequest(server: IPartialServer, client: ClientB
                     isOnline,
                     ")"
                 );
-                reject(err1!)
+                reject(err1);
             });
         });
-
     });
 }
 
@@ -256,7 +253,7 @@ export interface RegisterServerManagerOptions {
 let g_registeringClientCounter = 0;
 /**
  * RegisterServerManager is responsible to Register an opcua server on a LDS or LDS-ME server
- * This class takes in charge : 
+ * This class takes in charge :
  * - the initial registration of a server
  * - the regular registration renewal (every 8 minutes or so ...)
  * - dealing with cases where LDS is not up and running when server starts.
@@ -349,7 +346,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
     public async start(): Promise<void> {
         debugLog("RegisterServerManager#start");
         if (this.state !== RegisterServerManagerStatus.INACTIVE) {
-            throw new Error("RegisterServer process already started: " + RegisterServerManagerStatus[this.state]);
+            throw new Error(`RegisterServer process already started: ${RegisterServerManagerStatus[this.state]}`);
         }
         this.discoveryServerEndpointUrl = resolveFullyQualifiedDomainName(this.discoveryServerEndpointUrl);
 
@@ -359,7 +356,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
         // This method is called without await to ensure it is non-blocking.
         // The catch block handles any synchronous errors.
         this.#_runRegistrationProcess().catch((err) => {
-            warningLog("Synchronous error in #_runRegistrationProcess: ", (err?.message));
+            warningLog("Synchronous error in #_runRegistrationProcess: ", err?.message);
         });
     }
 
@@ -370,7 +367,12 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
      */
     async #_runRegistrationProcess(): Promise<void> {
         while (this.getState() !== RegisterServerManagerStatus.WAITING && !this.#_isTerminating()) {
-            debugLog("RegisterServerManager#_runRegistrationProcess - state =", RegisterServerManagerStatus[this.state], "isTerminating =", this.#_isTerminating());
+            debugLog(
+                "RegisterServerManager#_runRegistrationProcess - state =",
+                RegisterServerManagerStatus[this.state],
+                "isTerminating =",
+                this.#_isTerminating()
+            );
             try {
                 if (this.getState() === RegisterServerManagerStatus.INACTIVE) {
                     this.#_setState(RegisterServerManagerStatus.INITIALIZING);
@@ -399,7 +401,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
                 this.#_trigger_next();
                 return;
             } catch (err) {
-                debugLog("RegisterServerManager#_runRegistrationProcess - operation failed!", ((err as Error).message));
+                debugLog("RegisterServerManager#_runRegistrationProcess - operation failed!", (err as Error).message);
                 if (!this.#_isTerminating()) {
                     this.#_setState(RegisterServerManagerStatus.INACTIVE);
                     this.#_emitEvent("serverRegistrationFailure");
@@ -413,7 +415,10 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
         }
     }
     #_isTerminating(): boolean {
-        return this.getState() === RegisterServerManagerStatus.UNREGISTERING || this.getState() === RegisterServerManagerStatus.DISPOSING
+        return (
+            this.getState() === RegisterServerManagerStatus.UNREGISTERING ||
+            this.getState() === RegisterServerManagerStatus.DISPOSING
+        );
     }
 
     /**
@@ -435,30 +440,28 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
         assert(typeof this.discoveryServerEndpointUrl === "string");
         assert(this.state === RegisterServerManagerStatus.INITIALIZING);
 
-
         this.selectedEndpoint = undefined;
 
-        const applicationName = coerceLocalizedText(this.server.serverInfo.applicationName!)?.text || undefined;
+        const applicationName = coerceLocalizedText(this.server.serverInfo.applicationName)?.text || undefined;
         this.server.serverCertificateManager.referenceCounter++;
 
         const server = this.server;
         const prefix = `Client-${g_registeringClientCounter++}`;
         const action = "initializing";
         const ldsInfo = this.discoveryServerEndpointUrl;
-        const serverInfo = this.server?.serverInfo.applicationUri!;
-        const clientName = `${prefix} for server ${serverInfo} to LDS ${ldsInfo} for ${action}`;
+        const serverAppUri = this.server?.serverInfo.applicationUri ?? "";
+        const clientName = `${prefix} for server ${serverAppUri} to LDS ${ldsInfo} for ${action}`;
 
         const registrationClient = OPCUAClientBase.create({
             clientName,
             applicationName,
-            applicationUri: server.serverInfo.applicationUri!,
+            applicationUri: server.serverInfo.applicationUri ?? "",
             connectionStrategy: infinite_connectivity_strategy,
             clientCertificateManager: server.serverCertificateManager,
             certificateFile: server.certificateFile,
             privateKeyFile: server.privateKeyFile
         }) as ClientBaseEx;
 
-
         registrationClient.on("backoff", (nbRetry: number, delay: number) => {
             if (this.state !== RegisterServerManagerStatus.INITIALIZING) return; // Ignore event if state has changed
             debugLog("RegisterServerManager - received backoff");
@@ -489,24 +492,18 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
                 return;
             }
 
-
-            const endpoints: EndpointDescription[] | undefined = await registrationClient.getEndpoints();
-            const endpoint = findSecureEndpoint(endpoints!);
+            const endpoints = await registrationClient.getEndpoints();
+            if (!endpoints || endpoints.length === 0) {
+                throw new Error("Cannot retrieve endpoints from discovery server");
+            }
+            const endpoint = findSecureEndpoint(endpoints);
             if (!endpoint) {
                 throw new Error("Cannot find Secure endpoint");
             }
 
-            if (endpoint.serverCertificate) {
-                assert(endpoint.serverCertificate);
-                this.selectedEndpoint = endpoint;
-            } else {
-                this.selectedEndpoint = undefined;
-            }
+            this.selectedEndpoint = endpoint.serverCertificate ? endpoint : undefined;
 
             this._serverEndpoints = registrationClient._serverEndpoints;
-        } catch (err) {
-            // Do not set state to INACTIVE or rethrow here, let the caller handle it.
-            throw err;
         } finally {
             if (this._registration_client) {
                 const tmp = this._registration_client;
@@ -557,7 +554,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
             this.#_setState(RegisterServerManagerStatus.REGISTERING);
             this.#_emitEvent("serverRegistrationPending");
 
-            this.#_registerOrUnregisterServer(/*isOnline=*/true)
+            this.#_registerOrUnregisterServer(/*isOnline=*/ true)
                 .then(() => after_register())
                 .catch((err) => after_register(err));
         }, this.timeout);
@@ -577,7 +574,6 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
             this._registrationTimerId = null;
         }
 
-
         // Immediately set state to signal a stop
         this.#_setState(RegisterServerManagerStatus.UNREGISTERING);
 
@@ -586,7 +582,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
 
         if (this.selectedEndpoint) {
             try {
-                await this.#_registerOrUnregisterServer(/* isOnline= */false);
+                await this.#_registerOrUnregisterServer(/* isOnline= */ false);
                 this.#_setState(RegisterServerManagerStatus.UNREGISTERED);
                 this.#_emitEvent("serverUnregistered");
             } catch (err) {
@@ -615,9 +611,12 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
         debugLog("RegisterServerManager#_registerServer isOnline:", isOnline);
 
         assert(this.selectedEndpoint, "must have a selected endpoint");
-        assert(this.server!.serverType !== undefined, " must have a valid server Type");
+        assert(this.server?.serverType !== undefined, " must have a valid server Type");
 
-        const server = this.server!;
+        if (!this.server) {
+            throw new Error("RegisterServerManager: server is not set");
+        }
+        const server = this.server;
         const selectedEndpoint = this.selectedEndpoint;
         if (!selectedEndpoint) {
             warningLog("Warning: cannot register server - no endpoint available");
@@ -626,18 +625,18 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
         }
 
         server.serverCertificateManager.referenceCounter++;
-        const applicationName: string | undefined = coerceLocalizedText(server.serverInfo.applicationName!)?.text || undefined;
+        const applicationName: string | undefined = coerceLocalizedText(server.serverInfo.applicationName)?.text || undefined;
 
         const prefix = `Client-${g_registeringClientCounter++}`;
         const action = isOnline ? "registering" : "unregistering";
         const ldsInfo = this.discoveryServerEndpointUrl;
-        const serverInfo = server.serverInfo.applicationUri!;
-        const clientName = `${prefix} for server ${serverInfo} to LDS ${ldsInfo} for ${action}`;
+        const serverAppUri = server.serverInfo.applicationUri ?? "";
+        const clientName = `${prefix} for server ${serverAppUri} to LDS ${ldsInfo} for ${action}`;
 
         const client = OPCUAClientBase.create({
             clientName,
             applicationName,
-            applicationUri: server.serverInfo.applicationUri!,
+            applicationUri: server.serverInfo.applicationUri ?? "",
             connectionStrategy: no_retry_connectivity_strategy,
             clientCertificateManager: server.serverCertificateManager,
 
@@ -645,8 +644,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
             securityPolicy: coerceSecurityPolicy(selectedEndpoint.securityPolicyUri),
             serverCertificate: selectedEndpoint.serverCertificate,
             certificateFile: server.certificateFile,
-            privateKeyFile: server.privateKeyFile,
-
+            privateKeyFile: server.privateKeyFile
         }) as ClientBaseEx;
         client.on("backoff", (nbRetry, delay) => {
             debugLog(client.clientCertificateManager, "backoff trying to connect to the LDS has failed", nbRetry, delay);
@@ -654,30 +652,36 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
 
         this._registration_client = client;
 
-        debugLog("lds endpoint uri : ", selectedEndpoint.endpointUrl);
+        const endpointUrl = selectedEndpoint.endpointUrl;
+        if (!endpointUrl) {
+            throw new Error("selectedEndpoint.endpointUrl is missing — cannot connect to LDS");
+        }
+        debugLog("lds endpoint uri : ", endpointUrl);
 
-        const state = isOnline ? "UnRegisterServer" : "RegisterServer";
+        const state = isOnline ? "RegisterServer" : "UnRegisterServer";
         try {
-            await client.connect(selectedEndpoint!.endpointUrl!);
+            await client.connect(endpointUrl);
 
             // Check state again after connection is established
             if (this.getState() === expectedState) {
                 try {
-                    await sendRegisterServerRequest(server, client as ClientBaseEx, isOnline)
+                    await sendRegisterServerRequest(server, client as ClientBaseEx, isOnline);
                 } catch (err) {
                     if (this.getState() !== expectedState) {
-                        warningLog(`${state} '${this.server!.serverInfo.applicationUri}' to the LDS has failed during secure connection to the LDS server`);
-                        warningLog(chalk.red("  Error message:"), (err as Error).message);                // Do not rethrow here, let the caller 
+                        warningLog(
+                            `${state} '${this.server?.serverInfo.applicationUri}' to the LDS has failed during secure connection to the LDS server`
+                        );
+                        warningLog(chalk.red("  Error message:"), (err as Error).message); // Do not rethrow here, let the caller
                     }
                 }
             } else {
                 debugLog("RegisterServerManager#_registerServer: aborted ");
             }
-
         } catch (err) {
             if (this.getState() !== expectedState) {
-
-                warningLog(`${state} '${this.server!.serverInfo.applicationUri}' cannot connect to LDS at endpoint ${client.clientName}, ${selectedEndpoint.endpointUrl} :`);
+                warningLog(
+                    `${state} '${this.server?.serverInfo.applicationUri}' cannot connect to LDS at endpoint ${client.clientName}, ${selectedEndpoint.endpointUrl} :`
+                );
                 warningLog(chalk.red("  Error message:"), (err as Error).message);
             }
         } finally {
@@ -700,8 +704,7 @@ export class RegisterServerManager extends EventEmitter implements IRegisterServ
         if (this._registration_client) {
             const client = this._registration_client;
             this._registration_client = null;
-            debugLog("RegisterServerManager#_cancel_pending_client_if_any "
-                + "=> wee need to disconnect_registration_client");
+            debugLog("RegisterServerManager#_cancel_pending_client_if_any " + "=> wee need to disconnect_registration_client");
             try {
                 await client.disconnect();
             } catch (err) {

package/source/server_end_point.ts

@@ -10,7 +10,7 @@ import chalk from "chalk";
 
 import { assert } from "node-opcua-assert";
 import type { OPCUACertificateManager } from "node-opcua-certificate-manager";
-import { type Certificate, makeSHA1Thumbprint, type PrivateKey, split_der } from "node-opcua-crypto/web";
+import { type Certificate, combine_der, makeSHA1Thumbprint, type PrivateKey, split_der } from "node-opcua-crypto/web";
 import { checkDebugFlag, make_debugLog, make_errorLog, make_warningLog } from "node-opcua-debug";
 import { getFullyQualifiedDomainName, resolveFullyQualifiedDomainName } from "node-opcua-hostname";
 import {
@@ -69,9 +69,8 @@ function extractChannelData(channel: ServerSecureChannelLayer): IChannelData {
 
 function dumpChannelInfo(channels: ServerSecureChannelLayer[]): void {
     function d(s: IServerSessionBase) {
-        return `[ status=${s.status} lastSeen=${s.clientLastContactTime.toFixed(0)}ms sessionName=${s.sessionName} timeout=${
-            s.sessionTimeout
-        } ]`;
+        return `[ status=${s.status} lastSeen=${s.clientLastContactTime.toFixed(0)}ms sessionName=${s.sessionName} timeout=${s.sessionTimeout
+            } ]`;
     }
     function dumpChannel(channel: ServerSecureChannelLayer): void {
         console.log("------------------------------------------------------");
@@ -98,7 +97,8 @@ function dumpChannelInfo(channels: ServerSecureChannelLayer[]): void {
     console.log("------------------------------------------------------");
 }
 
-const emptyCertificate = Buffer.alloc(0);
+const emptyCertificateChain: Certificate[] = [];
+
 // biome-ignore lint/suspicious/noExplicitAny: deliberate null→PrivateKey sentinel
 const emptyPrivateKey = null as any as PrivateKey;
 
@@ -116,7 +116,7 @@ export interface OPCUAServerEndPointOptions {
     /**
      * the DER certificate chain
      */
-    certificateChain: Certificate;
+    certificateChain: Certificate[];
 
     /**
      * privateKey
@@ -333,7 +333,7 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
     public _on_connectionRefused?: (socketData: ISocketData) => void;
     public _on_openSecureChannelFailure?: (socketData: ISocketData, channelData: IChannelData) => void;
 
-    private _certificateChain: Certificate;
+    private _certificateChain: Certificate[];
     private _privateKey: PrivateKey;
     private _channels: { [key: string]: ServerSecureChannelLayer };
     private _server?: Server;
@@ -390,7 +390,7 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
     }
 
     public dispose(): void {
-        this._certificateChain = emptyCertificate;
+        this._certificateChain = emptyCertificateChain;
         this._privateKey = emptyPrivateKey;
 
         assert(Object.keys(this._channels).length === 0, "OPCUAServerEndPoint channels must have been deleted");
@@ -417,7 +417,7 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
             " l = " +
             this._endpoints.length +
             " " +
-            makeSHA1Thumbprint(this.getCertificateChain()).toString("hex");
+            makeSHA1Thumbprint(this.getCertificate()).toString("hex");
         return txt;
     }
 
@@ -429,13 +429,13 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
      * Returns the X509 DER form of the server certificate
      */
     public getCertificate(): Certificate {
-        return split_der(this.getCertificateChain())[0];
+        return this.getCertificateChain()[0];
     }
 
     /**
      * Returns the X509 DER form of the server certificate
      */
-    public getCertificateChain(): Certificate {
+    public getCertificateChain(): Certificate[] {
         return this._certificateChain;
     }
 
@@ -687,7 +687,7 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
 
         this._server.listen(
             listenOptions,
-            /*"::",*/ (err?: Error) => {
+            /*"::",*/(err?: Error) => {
                 // 'listening' listener
                 debugLog(chalk.green.bold("LISTENING TO PORT "), this.port, "err  ", err);
                 assert(!err, " cannot listen to port ");
@@ -877,7 +877,7 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
             debugLog(
                 chalk.bgWhite.cyan(
                     "OPCUAServerEndPoint#_on_client_connection " +
-                        "SERVER END POINT IS PROBABLY SHUTTING DOWN !!! - Connection is refused"
+                    "SERVER END POINT IS PROBABLY SHUTTING DOWN !!! - Connection is refused"
                 )
             );
             socket.end();
@@ -887,7 +887,7 @@ export class OPCUAServerEndPoint extends EventEmitter implements ServerSecureCha
             console.log(
                 chalk.bgWhite.cyan(
                     "OPCUAServerEndPoint#_on_client_connection " +
-                        "The maximum number of connection has been reached - Connection is refused"
+                    "The maximum number of connection has been reached - Connection is refused"
                 )
             );
             const reason = `maxConnections reached (${this.maxConnections})`;
@@ -1130,7 +1130,7 @@ interface MakeEndpointDescriptionOptions {
      */
     hostname: string;
 
-    serverCertificateChain: Certificate;
+    serverCertificateChain: Certificate[];
     /**
      *
      */
@@ -1224,13 +1224,6 @@ function estimateSecurityLevel(securityMode: MessageSecurityMode, securityPolicy
  * @private
  */
 function _makeEndpointDescription(options: MakeEndpointDescriptionOptions, parent: OPCUAServerEndPoint): EndpointDescriptionEx {
-    assert(Object.prototype.hasOwnProperty.call(options, "serverCertificateChain"));
-    assert(!Object.prototype.hasOwnProperty.call(options, "serverCertificate"));
-    assert(!!options.securityMode); // s.MessageSecurityMode
-    assert(!!options.securityPolicy);
-    assert(options.server !== null && typeof options.server === "object");
-    assert(!!options.hostname && typeof options.hostname === "string");
-    assert(typeof options.restricted === "boolean");
 
     const u = (n: string) => getUniqueName(n, options.collection);
     options.securityLevel =
@@ -1353,7 +1346,7 @@ function _makeEndpointDescription(options: MakeEndpointDescriptionOptions, paren
         endpointUrl: "<to be evaluated at run time>", // options.endpointUrl,
 
         server: undefined, // options.server,
-        serverCertificate: options.serverCertificateChain,
+        serverCertificate: options.serverCertificateChain.length > 0 ? combine_der(options.serverCertificateChain) : undefined,
 
         securityMode: options.securityMode,
         securityPolicyUri,