npm - node-opcua-server - Versions diffs - 2.76.1 → 2.76.2 - Mend

node-opcua-server 2.76.1 → 2.76.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/dist/base_server.d.ts +110 -110
package/dist/base_server.js +473 -473
package/dist/factory.d.ts +12 -12
package/dist/factory.js +23 -23
package/dist/filter/check_where_clause_on_address_space.d.ts +3 -3
package/dist/filter/check_where_clause_on_address_space.js +22 -22
package/dist/filter/extract_event_fields.d.ts +10 -10
package/dist/filter/extract_event_fields.js +17 -17
package/dist/helper.d.ts +10 -10
package/dist/helper.js +75 -75
package/dist/history_server_capabilities.d.ts +35 -35
package/dist/history_server_capabilities.js +43 -43
package/dist/i_channel_data.d.ts +13 -13
package/dist/i_channel_data.js +2 -2
package/dist/i_register_server_manager.d.ts +16 -16
package/dist/i_register_server_manager.js +2 -2
package/dist/i_server_side_publish_engine.d.ts +36 -36
package/dist/i_server_side_publish_engine.js +49 -49
package/dist/i_socket_data.d.ts +11 -11
package/dist/i_socket_data.js +2 -2
package/dist/index.d.ts +16 -16
package/dist/index.js +32 -32
package/dist/monitored_item.d.ts +177 -177
package/dist/monitored_item.js +1001 -1001
package/dist/node_sampler.d.ts +3 -3
package/dist/node_sampler.js +75 -75
package/dist/opcua_server.d.ts +747 -747
package/dist/opcua_server.js +2431 -2431
package/dist/queue.d.ts +11 -11
package/dist/queue.js +71 -71
package/dist/register_server_manager.d.ts +96 -96
package/dist/register_server_manager.js +584 -584
package/dist/register_server_manager_hidden.d.ts +17 -17
package/dist/register_server_manager_hidden.js +27 -27
package/dist/register_server_manager_mdns_only.d.ts +22 -22
package/dist/register_server_manager_mdns_only.js +55 -55
package/dist/server_capabilities.d.ts +148 -148
package/dist/server_capabilities.js +92 -92
package/dist/server_end_point.d.ts +183 -183
package/dist/server_end_point.js +817 -817
package/dist/server_engine.d.ts +317 -317
package/dist/server_engine.js +1716 -1716
package/dist/server_publish_engine.d.ts +113 -113
package/dist/server_publish_engine.js +541 -541
package/dist/server_publish_engine_for_orphan_subscriptions.d.ts +16 -16
package/dist/server_publish_engine_for_orphan_subscriptions.js +51 -51
package/dist/server_session.d.ts +182 -182
package/dist/server_session.js +739 -739
package/dist/server_subscription.d.ts +421 -421
package/dist/server_subscription.js +1346 -1346
package/dist/sessions_compatible_for_transfer.d.ts +2 -2
package/dist/sessions_compatible_for_transfer.js +39 -39
package/dist/user_manager.d.ts +32 -32
package/dist/user_manager.js +74 -74
package/dist/user_manager_ua.d.ts +3 -3
package/dist/user_manager_ua.js +39 -39
package/dist/validate_filter.d.ts +5 -5
package/dist/validate_filter.js +60 -60
package/package.json +42 -41

package/dist/server_end_point.js CHANGED Viewed

@@ -1,818 +1,818 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.OPCUAServerEndPoint = void 0;
-/**
- * @module node-opcua-server
- */
-// tslint:disable:no-console
-const events_1 = require("events");
-const net = require("net");
-const chalk = require("chalk");
-const async = require("async");
-const node_opcua_assert_1 = require("node-opcua-assert");
-const node_opcua_crypto_1 = require("node-opcua-crypto");
-const node_opcua_debug_1 = require("node-opcua-debug");
-const node_opcua_hostname_1 = require("node-opcua-hostname");
-const node_opcua_secure_channel_1 = require("node-opcua-secure-channel");
-const node_opcua_service_endpoints_1 = require("node-opcua-service-endpoints");
-const node_opcua_service_endpoints_2 = require("node-opcua-service-endpoints");
-const node_opcua_service_endpoints_3 = require("node-opcua-service-endpoints");
-const debugLog = (0, node_opcua_debug_1.make_debugLog)(__filename);
-const errorLog = (0, node_opcua_debug_1.make_errorLog)(__filename);
-const warningLog = (0, node_opcua_debug_1.make_warningLog)(__filename);
-const doDebug = (0, node_opcua_debug_1.checkDebugFlag)(__filename);
-const default_transportProfileUri = "http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary";
-function extractSocketData(socket, reason) {
-    const { bytesRead, bytesWritten, remoteAddress, remoteFamily, remotePort, localAddress, localPort } = socket;
-    const data = {
-        bytesRead,
-        bytesWritten,
-        localAddress,
-        localPort,
-        remoteAddress,
-        remoteFamily,
-        remotePort,
-        timestamp: new Date(),
-        reason
-    };
-    return data;
-}
-function extractChannelData(channel) {
-    const { channelId, clientCertificate, clientNonce, clientSecurityHeader, securityHeader, securityMode, securityPolicy, timeout, transactionsCount } = channel;
-    const channelData = {
-        channelId,
-        clientCertificate,
-        clientNonce,
-        clientSecurityHeader,
-        securityHeader,
-        securityMode,
-        securityPolicy,
-        timeout,
-        transactionsCount
-    };
-    return channelData;
-}
-function dumpChannelInfo(channels) {
-    function d(s) {
-        return `[ status=${s.status} lastSeen=${s.clientLastContactTime.toFixed(0)}ms sessionName=${s.sessionName} timeout=${s.sessionTimeout} ]`;
-    }
-    function dumpChannel(channel) {
-        var _a;
-        console.log("------------------------------------------------------");
-        console.log("            channelId = ", channel.channelId);
-        console.log("             timeout  = ", channel.timeout);
-        console.log("        remoteAddress = ", channel.remoteAddress);
-        console.log("        remotePort    = ", channel.remotePort);
-        console.log("");
-        console.log("        bytesWritten  = ", channel.bytesWritten);
-        console.log("        bytesRead     = ", channel.bytesRead);
-        console.log("        sessions      = ", Object.keys(channel.sessionTokens).length);
-        console.log(Object.values(channel.sessionTokens).map(d).join("\n"));
-        const socket = (_a = channel.transport) === null || _a === void 0 ? void 0 : _a._socket;
-        if (!socket) {
-            console.log(" SOCKET IS CLOSED");
-        }
-    }
-    for (const channel of channels) {
-        dumpChannel(channel);
-    }
-    console.log("------------------------------------------------------");
-}
-const emptyCertificate = Buffer.alloc(0);
-const emptyPrivateKeyPEM = "";
-let OPCUAServerEndPointCounter = 0;
-function getUniqueName(name, collection) {
-    if (collection[name]) {
-        let counter = 0;
-        while (collection[name + "_" + counter.toString()]) {
-            counter++;
-        }
-        name = name + "_" + counter.toString();
-        collection[name] = 1;
-        return name;
-    }
-    else {
-        collection[name] = 1;
-        return name;
-    }
-}
-/**
- * OPCUAServerEndPoint a Server EndPoint.
- * A sever end point is listening to one port
- * note:
- *   see OPCUA Release 1.03 part 4 page 108 7.1 ApplicationDescription
- */
-class OPCUAServerEndPoint extends events_1.EventEmitter {
-    constructor(options) {
-        super();
-        this._started = false;
-        this._counter = OPCUAServerEndPointCounter++;
-        this._policy_deduplicator = {};
-        (0, node_opcua_assert_1.assert)(!Object.prototype.hasOwnProperty.call(options, "certificate"), "expecting a certificateChain instead");
-        (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(options, "certificateChain"), "expecting a certificateChain");
-        (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(options, "privateKey"));
-        this.certificateManager = options.certificateManager;
-        options.port = options.port || 0;
-        this.port = parseInt(options.port.toString(), 10);
-        (0, node_opcua_assert_1.assert)(typeof this.port === "number");
-        this._certificateChain = options.certificateChain;
-        this._privateKey = options.privateKey;
-        this._channels = {};
-        this.defaultSecureTokenLifetime = options.defaultSecureTokenLifetime || 600000;
-        this.maxConnections = options.maxConnections || 20;
-        this.timeout = options.timeout || 30000;
-        this._server = undefined;
-        this._setup_server();
-        this._endpoints = [];
-        this.objectFactory = options.objectFactory;
-        this.bytesWrittenInOldChannels = 0;
-        this.bytesReadInOldChannels = 0;
-        this.transactionsCountOldChannels = 0;
-        this.securityTokenCountOldChannels = 0;
-        this.serverInfo = options.serverInfo;
-        (0, node_opcua_assert_1.assert)(this.serverInfo !== null && typeof this.serverInfo === "object");
-    }
-    dispose() {
-        this._certificateChain = emptyCertificate;
-        this._privateKey = emptyPrivateKeyPEM;
-        (0, node_opcua_assert_1.assert)(Object.keys(this._channels).length === 0, "OPCUAServerEndPoint channels must have been deleted");
-        this._channels = {};
-        this.serverInfo = new node_opcua_service_endpoints_3.ApplicationDescription({});
-        this._endpoints = [];
-        (0, node_opcua_assert_1.assert)(this._endpoints.length === 0, "endpoints must have been deleted");
-        this._endpoints = [];
-        this._server = undefined;
-        this._listen_callback = undefined;
-        this.removeAllListeners();
-    }
-    toString() {
-        const privateKey1 = (0, node_opcua_crypto_1.convertPEMtoDER)(this.getPrivateKey());
-        const txt = " end point" +
-            this._counter +
-            " port = " +
-            this.port +
-            " l = " +
-            this._endpoints.length +
-            " " +
-            (0, node_opcua_crypto_1.makeSHA1Thumbprint)(this.getCertificateChain()).toString("hex") +
-            " " +
-            (0, node_opcua_crypto_1.makeSHA1Thumbprint)(privateKey1).toString("hex");
-        return txt;
-    }
-    getChannels() {
-        return Object.values(this._channels);
-    }
-    /**
-     * Returns the X509 DER form of the server certificate
-     */
-    getCertificate() {
-        return (0, node_opcua_crypto_1.split_der)(this.getCertificateChain())[0];
-    }
-    /**
-     * Returns the X509 DER form of the server certificate
-     */
-    getCertificateChain() {
-        return this._certificateChain;
-    }
-    /**
-     * the private key
-     */
-    getPrivateKey() {
-        return this._privateKey;
-    }
-    /**
-     * The number of active channel on this end point.
-     */
-    get currentChannelCount() {
-        return Object.keys(this._channels).length;
-    }
-    /**
-     * @method getEndpointDescription
-     * @param securityMode
-     * @param securityPolicy
-     * @return endpoint_description {EndpointDescription|null}
-     */
-    getEndpointDescription(securityMode, securityPolicy, endpointUrl) {
-        const endpoints = this.endpointDescriptions();
-        const arr = endpoints.filter(matching_endpoint.bind(this, securityMode, securityPolicy, endpointUrl));
-        if (endpointUrl && endpointUrl.length > 0 && !(arr.length === 0 || arr.length === 1)) {
-            errorLog("Several matching endpoints have been found : ");
-            for (const a of arr) {
-                errorLog("   ", a.endpointUrl, node_opcua_secure_channel_1.MessageSecurityMode[securityMode], securityPolicy);
-            }
-        }
-        return arr.length === 0 ? null : arr[0];
-    }
-    addEndpointDescription(securityMode, securityPolicy, options) {
-        if (!options) {
-            options = {
-                hostname: (0, node_opcua_hostname_1.getFullyQualifiedDomainName)(),
-                securityPolicies: [node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256]
-            };
-        }
-        options.allowAnonymous = options.allowAnonymous === undefined ? true : options.allowAnonymous;
-        // istanbul ignore next
-        if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.None && securityPolicy !== node_opcua_secure_channel_1.SecurityPolicy.None) {
-            throw new Error(" invalid security ");
-        }
-        // istanbul ignore next
-        if (securityMode !== node_opcua_secure_channel_1.MessageSecurityMode.None && securityPolicy === node_opcua_secure_channel_1.SecurityPolicy.None) {
-            throw new Error(" invalid security ");
-        }
-        //
-        const port = this.port;
-        // resource Path is a string added at the end of the url such as "/UA/Server"
-        const resourcePath = (options.resourcePath || "").replace(/\\/g, "/");
-        (0, node_opcua_assert_1.assert)(resourcePath.length === 0 || resourcePath.charAt(0) === "/", "resourcePath should start with /");
-        const hostname = options.hostname || (0, node_opcua_hostname_1.getFullyQualifiedDomainName)();
-        const endpointUrl = `opc.tcp://${hostname}:${port}${resourcePath}`;
-        const endpoint_desc = this.getEndpointDescription(securityMode, securityPolicy, endpointUrl);
-        // istanbul ignore next
-        if (endpoint_desc) {
-            throw new Error(" endpoint already exist");
-        }
-        // now build endpointUrl
-        this._endpoints.push(_makeEndpointDescription({
-            collection: this._policy_deduplicator,
-            endpointUrl,
-            hostname,
-            port,
-            server: this.serverInfo,
-            serverCertificateChain: this.getCertificateChain(),
-            securityMode,
-            securityPolicy,
-            allowAnonymous: options.allowAnonymous,
-            allowUnsecurePassword: options.allowUnsecurePassword,
-            resourcePath: options.resourcePath,
-            restricted: !!options.restricted,
-            securityPolicies: (options === null || options === void 0 ? void 0 : options.securityPolicies) || []
-        }));
-    }
-    addRestrictedEndpointDescription(options) {
-        options = Object.assign({}, options);
-        options.restricted = true;
-        return this.addEndpointDescription(node_opcua_secure_channel_1.MessageSecurityMode.None, node_opcua_secure_channel_1.SecurityPolicy.None, options);
-    }
-    addStandardEndpointDescriptions(options) {
-        options = options || {};
-        options.securityModes = options.securityModes || defaultSecurityModes;
-        options.securityPolicies = options.securityPolicies || defaultSecurityPolicies;
-        const defaultHostname = options.hostname || (0, node_opcua_hostname_1.getFullyQualifiedDomainName)();
-        let hostnames = [defaultHostname];
-        options.alternateHostname = options.alternateHostname || [];
-        if (typeof options.alternateHostname === "string") {
-            options.alternateHostname = [options.alternateHostname];
-        }
-        // remove duplicates if any (uniq)
-        hostnames = [...new Set(hostnames.concat(options.alternateHostname))];
-        for (const alternateHostname of hostnames) {
-            const optionsE = options;
-            optionsE.hostname = alternateHostname;
-            if (options.securityModes.indexOf(node_opcua_secure_channel_1.MessageSecurityMode.None) >= 0) {
-                this.addEndpointDescription(node_opcua_secure_channel_1.MessageSecurityMode.None, node_opcua_secure_channel_1.SecurityPolicy.None, optionsE);
-            }
-            else {
-                if (!options.disableDiscovery) {
-                    this.addRestrictedEndpointDescription(optionsE);
-                }
-            }
-            for (const securityMode of options.securityModes) {
-                if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.None) {
-                    continue;
-                }
-                for (const securityPolicy of options.securityPolicies) {
-                    if (securityPolicy === node_opcua_secure_channel_1.SecurityPolicy.None) {
-                        continue;
-                    }
-                    this.addEndpointDescription(securityMode, securityPolicy, optionsE);
-                }
-            }
-        }
-    }
-    /**
-     * returns the list of end point descriptions.
-     */
-    endpointDescriptions() {
-        return this._endpoints;
-    }
-    /**
-     * @method listen
-     * @async
-     */
-    listen(callback) {
-        (0, node_opcua_assert_1.assert)(typeof callback === "function");
-        (0, node_opcua_assert_1.assert)(!this._started, "OPCUAServerEndPoint is already listening");
-        this._listen_callback = callback;
-        this._server.on("error", (err) => {
-            debugLog(chalk.red.bold(" error") + " port = " + this.port, err);
-            this._started = false;
-            this._end_listen(err);
-        });
-        this._server.on("listening", () => {
-            debugLog("server is listening");
-        });
-        this._server.listen(this.port,
-        /*"::",*/ (err) => {
-            // 'listening' listener
-            debugLog(chalk.green.bold("LISTENING TO PORT "), this.port, "err  ", err);
-            (0, node_opcua_assert_1.assert)(!err, " cannot listen to port ");
-            this._started = true;
-            this._end_listen();
-        });
-    }
-    killClientSockets(callback) {
-        for (const channel of this.getChannels()) {
-            const hacked_channel = channel;
-            if (hacked_channel.transport && hacked_channel.transport._socket) {
-                // hacked_channel.transport._socket.close();
-                hacked_channel.transport._socket.destroy();
-                hacked_channel.transport._socket.emit("error", new Error("EPIPE"));
-            }
-        }
-        callback();
-    }
-    suspendConnection(callback) {
-        if (!this._started) {
-            return callback(new Error("Connection already suspended !!"));
-        }
-        // Stops the server from accepting new connections and keeps existing connections.
-        // (note from nodejs doc: This function is asynchronous, the server is finally closed
-        // when all connections are ended and the server emits a 'close' event.
-        // The optional callback will be called once the 'close' event occurs.
-        // Unlike that event, it will be called with an Error as its only argument
-        // if the server was not open when it was closed.
-        this._server.close(() => {
-            this._started = false;
-            debugLog("Connection has been closed !" + this.port);
-        });
-        this._started = false;
-        callback();
-    }
-    restoreConnection(callback) {
-        this.listen(callback);
-    }
-    abruptlyInterruptChannels() {
-        for (const channel of Object.values(this._channels)) {
-            channel.abruptlyInterrupt();
-        }
-    }
-    /**
-     * @method shutdown
-     * @async
-     */
-    shutdown(callback) {
-        debugLog("OPCUAServerEndPoint#shutdown ");
-        if (this._started) {
-            // make sure we don't accept new connection any more ...
-            this.suspendConnection(() => {
-                // shutdown all opened channels ...
-                const _channels = Object.values(this._channels);
-                async.each(_channels, (channel, callback1) => {
-                    this.shutdown_channel(channel, callback1);
-                }, (err) => {
-                    /* istanbul ignore next */
-                    if (!(Object.keys(this._channels).length === 0)) {
-                        errorLog(" Bad !");
-                    }
-                    (0, node_opcua_assert_1.assert)(Object.keys(this._channels).length === 0, "channel must have unregistered themselves");
-                    callback(err || undefined);
-                });
-            });
-        }
-        else {
-            callback();
-        }
-    }
-    /**
-     * @method start
-     * @async
-     * @param callback
-     */
-    start(callback) {
-        (0, node_opcua_assert_1.assert)(typeof callback === "function");
-        this.listen(callback);
-    }
-    get bytesWritten() {
-        const channels = Object.values(this._channels);
-        return (this.bytesWrittenInOldChannels +
-            channels.reduce((accumulated, channel) => {
-                return accumulated + channel.bytesWritten;
-            }, 0));
-    }
-    get bytesRead() {
-        const channels = Object.values(this._channels);
-        return (this.bytesReadInOldChannels +
-            channels.reduce((accumulated, channel) => {
-                return accumulated + channel.bytesRead;
-            }, 0));
-    }
-    get transactionsCount() {
-        const channels = Object.values(this._channels);
-        return (this.transactionsCountOldChannels +
-            channels.reduce((accumulated, channel) => {
-                return accumulated + channel.transactionsCount;
-            }, 0));
-    }
-    get securityTokenCount() {
-        const channels = Object.values(this._channels);
-        return (this.securityTokenCountOldChannels +
-            channels.reduce((accumulated, channel) => {
-                return accumulated + channel.securityTokenCount;
-            }, 0));
-    }
-    get activeChannelCount() {
-        return Object.keys(this._channels).length;
-    }
-    _dump_statistics() {
-        this._server.getConnections((err, count) => {
-            debugLog(chalk.cyan("CONCURRENT CONNECTION = "), count);
-        });
-        debugLog(chalk.cyan("MAX CONNECTIONS = "), this._server.maxConnections);
-    }
-    _setup_server() {
-        (0, node_opcua_assert_1.assert)(!this._server);
-        this._server = net.createServer({ pauseOnConnect: true }, this._on_client_connection.bind(this));
-        // xx console.log(" Server with max connections ", self.maxConnections);
-        this._server.maxConnections = this.maxConnections + 1; // plus one extra
-        this._listen_callback = undefined;
-        this._server
-            .on("connection", (socket) => {
-            // istanbul ignore next
-            if (doDebug) {
-                this._dump_statistics();
-                debugLog("server connected  with : " + socket.remoteAddress + ":" + socket.remotePort);
-            }
-        })
-            .on("close", () => {
-            debugLog("server closed : all connections have ended");
-        })
-            .on("error", (err) => {
-            // this could be because the port is already in use
-            debugLog(chalk.red.bold("server error: "), err.message);
-        });
-    }
-    _on_client_connection(socket) {
-        // a client is attempting a connection on the socket
-        socket.setNoDelay(true);
-        debugLog("OPCUAServerEndPoint#_on_client_connection", this._started);
-        if (!this._started) {
-            debugLog(chalk.bgWhite.cyan("OPCUAServerEndPoint#_on_client_connection " +
-                "SERVER END POINT IS PROBABLY SHUTTING DOWN !!! - Connection is refused"));
-            socket.end();
-            return;
-        }
-        const deny_connection = () => {
-            console.log(chalk.bgWhite.cyan("OPCUAServerEndPoint#_on_client_connection " +
-                "The maximum number of connection has been reached - Connection is refused"));
-            const reason = "maxConnections reached (" + this.maxConnections + ")";
-            const socketData = extractSocketData(socket, reason);
-            this.emit("connectionRefused", socketData);
-            socket.end();
-            socket.destroy();
-        };
-        const establish_connection = () => {
-            const nbConnections = Object.keys(this._channels).length;
-            if (nbConnections >= this.maxConnections) {
-                warningLog(" nbConnections ", nbConnections, " self._server.maxConnections", this._server.maxConnections, this.maxConnections);
-                deny_connection();
-                return;
-            }
-            debugLog("OPCUAServerEndPoint._on_client_connection successful => New Channel");
-            const channel = new node_opcua_secure_channel_1.ServerSecureChannelLayer({
-                defaultSecureTokenLifetime: this.defaultSecureTokenLifetime,
-                // objectFactory: this.objectFactory,
-                parent: this,
-                timeout: this.timeout
-            });
-            debugLog("channel Timeout = >", channel.timeout);
-            socket.resume();
-            this._preregisterChannel(channel);
-            channel.init(socket, (err) => {
-                this._un_pre_registerChannel(channel);
-                debugLog(chalk.yellow.bold("Channel#init done"), err);
-                if (err) {
-                    const reason = "openSecureChannel has Failed " + err.message;
-                    const socketData = extractSocketData(socket, reason);
-                    const channelData = extractChannelData(channel);
-                    this.emit("openSecureChannelFailure", socketData, channelData);
-                    socket.end();
-                    socket.destroy();
-                }
-                else {
-                    debugLog("server receiving a client connection");
-                    this._registerChannel(channel);
-                }
-            });
-            channel.on("message", (message) => {
-                // forward
-                this.emit("message", message, channel, this);
-            });
-        };
-        // Each SecureChannel exists until it is explicitly closed or until the last token has expired and the overlap
-        // period has elapsed. A Server application should limit the number of SecureChannels.
-        // To protect against misbehaving Clients and denial of service attacks, the Server shall close the oldest
-        // SecureChannel that has no Session assigned before reaching the maximum number of supported SecureChannels.
-        this._prevent_DDOS_Attack(establish_connection, deny_connection);
-    }
-    _preregisterChannel(channel) {
-        // _preregisterChannel is used to keep track of channel for which
-        // that are in early stage of the hand shaking process.
-        // e.g HEL/ACK and OpenSecureChannel may not have been received yet
-        // as they will need to be interrupted when OPCUAServerEndPoint is closed
-        (0, node_opcua_assert_1.assert)(this._started, "OPCUAServerEndPoint must be started");
-        (0, node_opcua_assert_1.assert)(!Object.prototype.hasOwnProperty.call(this._channels, channel.hashKey), " channel already preregistered!");
-        const channelPriv = channel;
-        this._channels[channel.hashKey] = channelPriv;
-        channelPriv._unpreregisterChannelEvent = () => {
-            debugLog("Channel received an abort event during the preregistration phase");
-            this._un_pre_registerChannel(channel);
-            channel.dispose();
-        };
-        channel.on("abort", channelPriv._unpreregisterChannelEvent);
-    }
-    _un_pre_registerChannel(channel) {
-        if (!this._channels[channel.hashKey]) {
-            debugLog("Already un preregistered ?", channel.hashKey);
-            return;
-        }
-        delete this._channels[channel.hashKey];
-        const channelPriv = channel;
-        if (typeof channelPriv._unpreregisterChannelEvent === "function") {
-            channel.removeListener("abort", channelPriv._unpreregisterChannelEvent);
-            channelPriv._unpreregisterChannelEvent = undefined;
-        }
-    }
-    /**
-     * @method _registerChannel
-     * @param channel
-     * @private
-     */
-    _registerChannel(channel) {
-        if (this._started) {
-            debugLog(chalk.red("_registerChannel = "), "channel.hashKey = ", channel.hashKey);
-            (0, node_opcua_assert_1.assert)(!this._channels[channel.hashKey]);
-            this._channels[channel.hashKey] = channel;
-            /**
-             * @event newChannel
-             * @param channel
-             */
-            this.emit("newChannel", channel);
-            channel.on("abort", () => {
-                this._unregisterChannel(channel);
-            });
-        }
-        else {
-            debugLog("OPCUAServerEndPoint#_registerChannel called when end point is shutdown !");
-            debugLog("  -> channel will be forcefully terminated");
-            channel.close();
-            channel.dispose();
-        }
-    }
-    /**
-     * @method _unregisterChannel
-     * @param channel
-     * @private
-     */
-    _unregisterChannel(channel) {
-        debugLog("_un-registerChannel channel.hashKey", channel.hashKey);
-        if (!Object.prototype.hasOwnProperty.call(this._channels, channel.hashKey)) {
-            return;
-        }
-        (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(this._channels, channel.hashKey), "channel is not registered");
-        /**
-         * @event closeChannel
-         * @param channel
-         */
-        this.emit("closeChannel", channel);
-        // keep trace of statistics data from old channel for our own accumulated stats.
-        this.bytesWrittenInOldChannels += channel.bytesWritten;
-        this.bytesReadInOldChannels += channel.bytesRead;
-        this.transactionsCountOldChannels += channel.transactionsCount;
-        delete this._channels[channel.hashKey];
-        // istanbul ignore next
-        if (doDebug) {
-            this._dump_statistics();
-            debugLog("un-registering channel  - Count = ", this.currentChannelCount);
-        }
-        /// channel.dispose();
-    }
-    _end_listen(err) {
-        (0, node_opcua_assert_1.assert)(typeof this._listen_callback === "function");
-        this._listen_callback(err);
-        this._listen_callback = undefined;
-    }
-    /**
-     *  shutdown_channel
-     * @param channel
-     * @param inner_callback
-     */
-    shutdown_channel(channel, inner_callback) {
-        (0, node_opcua_assert_1.assert)(typeof inner_callback === "function");
-        channel.once("close", () => {
-            // xx console.log(" ON CLOSED !!!!");
-        });
-        channel.close(() => {
-            this._unregisterChannel(channel);
-            setImmediate(inner_callback);
-        });
-    }
-    /**
-     * @private
-     */
-    _prevent_DDOS_Attack(establish_connection, deny_connection) {
-        const nbConnections = this.activeChannelCount;
-        if (nbConnections >= this.maxConnections) {
-            // istanbul ignore next
-            errorLog(chalk.bgRed.white("PREVENTING DDOS ATTACK => maxConnection =" + this.maxConnections));
-            const unused_channels = this.getChannels().filter((channel1) => {
-                return !channel1.isOpened && !channel1.hasSession;
-            });
-            if (unused_channels.length === 0) {
-                // all channels are in used , we cannot get any
-                errorLog("All channels are in used ! let cancel some");
-                // istanbul ignore next
-                if (doDebug) {
-                    console.log("  - all channels are used !!!!");
-                    dumpChannelInfo(this.getChannels());
-                }
-                setTimeout(deny_connection, 10);
-                return;
-            }
-            // istanbul ignore next
-            if (doDebug) {
-                console.log("   - Unused channels that can be clobbered", unused_channels.map((channel1) => channel1.hashKey).join(" "));
-            }
-            const channel = unused_channels[0];
-            errorLog("Closing channel ", channel.hashKey);
-            channel.close(() => {
-                // istanbul ignore next
-                if (doDebug) {
-                    console.log("   _ Unused channel has been closed ", channel.hashKey);
-                }
-                this._unregisterChannel(channel);
-                establish_connection();
-            });
-        }
-        else {
-            setImmediate(establish_connection);
-        }
-    }
-}
-exports.OPCUAServerEndPoint = OPCUAServerEndPoint;
-function estimateSecurityLevel(securityMode, securityPolicy) {
-    if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.None) {
-        return 1;
-    }
-    let offset = 100;
-    if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.SignAndEncrypt) {
-        offset = 200;
-    }
-    switch (securityPolicy) {
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic128:
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15:
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic192:
-            return 2; // deprecated => low
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic192Rsa15:
-            return 3; // deprecated => low
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic256:
-            return 4; // deprecated => low
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic256Rsa15:
-            return 4 + offset;
-        case node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep:
-            return 5 + offset;
-        case node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256:
-            return 6 + offset;
-        case node_opcua_secure_channel_1.SecurityPolicy.Aes256_Sha256_RsaPss:
-            return 7 + offset;
-        default:
-        case node_opcua_secure_channel_1.SecurityPolicy.None:
-            return 1;
-    }
-}
-/**
- * @private
- */
-function _makeEndpointDescription(options) {
-    (0, node_opcua_assert_1.assert)(isFinite(options.port), "expecting a valid port number");
-    (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(options, "serverCertificateChain"));
-    (0, node_opcua_assert_1.assert)(!Object.prototype.hasOwnProperty.call(options, "serverCertificate"));
-    (0, node_opcua_assert_1.assert)(!!options.securityMode); // s.MessageSecurityMode
-    (0, node_opcua_assert_1.assert)(!!options.securityPolicy);
-    (0, node_opcua_assert_1.assert)(options.server !== null && typeof options.server === "object");
-    (0, node_opcua_assert_1.assert)(!!options.hostname && typeof options.hostname === "string");
-    (0, node_opcua_assert_1.assert)(typeof options.restricted === "boolean");
-    const u = (n) => getUniqueName(n, options.collection);
-    options.securityLevel =
-        options.securityLevel === undefined
-            ? estimateSecurityLevel(options.securityMode, options.securityPolicy)
-            : options.securityLevel;
-    (0, node_opcua_assert_1.assert)(isFinite(options.securityLevel), "expecting a valid securityLevel");
-    const securityPolicyUri = (0, node_opcua_secure_channel_1.toURI)(options.securityPolicy);
-    const userIdentityTokens = [];
-    if (options.securityPolicy === node_opcua_secure_channel_1.SecurityPolicy.None) {
-        if (options.allowUnsecurePassword) {
-            userIdentityTokens.push({
-                policyId: u("username_unsecure"),
-                tokenType: node_opcua_service_endpoints_1.UserTokenType.UserName,
-                issuedTokenType: null,
-                issuerEndpointUrl: null,
-                securityPolicyUri: null
-            });
-        }
-        const a = (tokenType, securityPolicy, name) => {
-            if (options.securityPolicies.indexOf(securityPolicy) >= 0) {
-                userIdentityTokens.push({
-                    policyId: u(name),
-                    tokenType,
-                    issuedTokenType: null,
-                    issuerEndpointUrl: null,
-                    securityPolicyUri: securityPolicy
-                });
-            }
-        };
-        const onlyCertificateLessConnection = options.onlyCertificateLessConnection === undefined ? false : options.onlyCertificateLessConnection;
-        if (!onlyCertificateLessConnection) {
-            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Basic256, "username_basic256");
-            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15, "username_basic128Rsa15");
-            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256, "username_basic256Sha256");
-            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep, "username_aes128Sha256RsaOaep");
-            // X509
-            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Basic256, "certificate_basic256");
-            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15, "certificate_basic128Rsa15");
-            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256, "certificate_basic256Sha256");
-            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep, "certificate_aes128Sha256RsaOaep");
-        }
-    }
-    else {
-        // note:
-        //  when channel session security is not "None",
-        //  userIdentityTokens can be left to null.
-        //  in this case this mean that secure policy will be the same as connection security policy
-        userIdentityTokens.push({
-            policyId: u("usernamePassword"),
-            tokenType: node_opcua_service_endpoints_1.UserTokenType.UserName,
-            issuedTokenType: null,
-            issuerEndpointUrl: null,
-            securityPolicyUri: null
-        });
-        userIdentityTokens.push({
-            policyId: u("certificateX509"),
-            tokenType: node_opcua_service_endpoints_1.UserTokenType.Certificate,
-            issuedTokenType: null,
-            issuerEndpointUrl: null,
-            securityPolicyUri: null
-        });
-    }
-    if (options.allowAnonymous) {
-        userIdentityTokens.push({
-            policyId: u("anonymous"),
-            tokenType: node_opcua_service_endpoints_1.UserTokenType.Anonymous,
-            issuedTokenType: null,
-            issuerEndpointUrl: null,
-            securityPolicyUri: null
-        });
-    }
-    // return the endpoint object
-    const endpoint = new node_opcua_service_endpoints_2.EndpointDescription({
-        endpointUrl: options.endpointUrl,
-        server: undefined,
-        serverCertificate: options.serverCertificateChain,
-        securityMode: options.securityMode,
-        securityPolicyUri,
-        userIdentityTokens,
-        securityLevel: options.securityLevel,
-        transportProfileUri: default_transportProfileUri
-    });
-    endpoint.__defineGetter__("endpointUrl", () => {
-        return (0, node_opcua_hostname_1.resolveFullyQualifiedDomainName)(options.endpointUrl);
-    });
-    endpoint.server = options.server;
-    endpoint.restricted = options.restricted;
-    return endpoint;
-}
-/**
- * return true if the end point matches security mode and policy
- * @param endpoint
- * @param securityMode
- * @param securityPolicy
- * @internal
- *
- */
-function matching_endpoint(securityMode, securityPolicy, endpointUrl, endpoint) {
-    (0, node_opcua_assert_1.assert)(endpoint instanceof node_opcua_service_endpoints_2.EndpointDescription);
-    const endpoint_securityPolicy = (0, node_opcua_secure_channel_1.fromURI)(endpoint.securityPolicyUri);
-    if (endpointUrl && endpoint.endpointUrl !== endpointUrl) {
-        return false;
-    }
-    return endpoint.securityMode === securityMode && endpoint_securityPolicy === securityPolicy;
-}
-const defaultSecurityModes = [node_opcua_secure_channel_1.MessageSecurityMode.None, node_opcua_secure_channel_1.MessageSecurityMode.Sign, node_opcua_secure_channel_1.MessageSecurityMode.SignAndEncrypt];
-const defaultSecurityPolicies = [
-    node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15,
-    node_opcua_secure_channel_1.SecurityPolicy.Basic256,
-    // xx UNUSED!!    SecurityPolicy.Basic256Rsa15,
-    node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256,
-    node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep
-    // NO USED YET SecurityPolicy.Aes256_Sha256_RsaPss
-];
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OPCUAServerEndPoint = void 0;
+/**
+ * @module node-opcua-server
+ */
+// tslint:disable:no-console
+const events_1 = require("events");
+const net = require("net");
+const chalk = require("chalk");
+const async = require("async");
+const node_opcua_assert_1 = require("node-opcua-assert");
+const node_opcua_crypto_1 = require("node-opcua-crypto");
+const node_opcua_debug_1 = require("node-opcua-debug");
+const node_opcua_hostname_1 = require("node-opcua-hostname");
+const node_opcua_secure_channel_1 = require("node-opcua-secure-channel");
+const node_opcua_service_endpoints_1 = require("node-opcua-service-endpoints");
+const node_opcua_service_endpoints_2 = require("node-opcua-service-endpoints");
+const node_opcua_service_endpoints_3 = require("node-opcua-service-endpoints");
+const debugLog = (0, node_opcua_debug_1.make_debugLog)(__filename);
+const errorLog = (0, node_opcua_debug_1.make_errorLog)(__filename);
+const warningLog = (0, node_opcua_debug_1.make_warningLog)(__filename);
+const doDebug = (0, node_opcua_debug_1.checkDebugFlag)(__filename);
+const default_transportProfileUri = "http://opcfoundation.org/UA-Profile/Transport/uatcp-uasc-uabinary";
+function extractSocketData(socket, reason) {
+    const { bytesRead, bytesWritten, remoteAddress, remoteFamily, remotePort, localAddress, localPort } = socket;
+    const data = {
+        bytesRead,
+        bytesWritten,
+        localAddress,
+        localPort,
+        remoteAddress,
+        remoteFamily,
+        remotePort,
+        timestamp: new Date(),
+        reason
+    };
+    return data;
+}
+function extractChannelData(channel) {
+    const { channelId, clientCertificate, clientNonce, clientSecurityHeader, securityHeader, securityMode, securityPolicy, timeout, transactionsCount } = channel;
+    const channelData = {
+        channelId,
+        clientCertificate,
+        clientNonce,
+        clientSecurityHeader,
+        securityHeader,
+        securityMode,
+        securityPolicy,
+        timeout,
+        transactionsCount
+    };
+    return channelData;
+}
+function dumpChannelInfo(channels) {
+    function d(s) {
+        return `[ status=${s.status} lastSeen=${s.clientLastContactTime.toFixed(0)}ms sessionName=${s.sessionName} timeout=${s.sessionTimeout} ]`;
+    }
+    function dumpChannel(channel) {
+        var _a;
+        console.log("------------------------------------------------------");
+        console.log("            channelId = ", channel.channelId);
+        console.log("             timeout  = ", channel.timeout);
+        console.log("        remoteAddress = ", channel.remoteAddress);
+        console.log("        remotePort    = ", channel.remotePort);
+        console.log("");
+        console.log("        bytesWritten  = ", channel.bytesWritten);
+        console.log("        bytesRead     = ", channel.bytesRead);
+        console.log("        sessions      = ", Object.keys(channel.sessionTokens).length);
+        console.log(Object.values(channel.sessionTokens).map(d).join("\n"));
+        const socket = (_a = channel.transport) === null || _a === void 0 ? void 0 : _a._socket;
+        if (!socket) {
+            console.log(" SOCKET IS CLOSED");
+        }
+    }
+    for (const channel of channels) {
+        dumpChannel(channel);
+    }
+    console.log("------------------------------------------------------");
+}
+const emptyCertificate = Buffer.alloc(0);
+const emptyPrivateKeyPEM = "";
+let OPCUAServerEndPointCounter = 0;
+function getUniqueName(name, collection) {
+    if (collection[name]) {
+        let counter = 0;
+        while (collection[name + "_" + counter.toString()]) {
+            counter++;
+        }
+        name = name + "_" + counter.toString();
+        collection[name] = 1;
+        return name;
+    }
+    else {
+        collection[name] = 1;
+        return name;
+    }
+}
+/**
+ * OPCUAServerEndPoint a Server EndPoint.
+ * A sever end point is listening to one port
+ * note:
+ *   see OPCUA Release 1.03 part 4 page 108 7.1 ApplicationDescription
+ */
+class OPCUAServerEndPoint extends events_1.EventEmitter {
+    constructor(options) {
+        super();
+        this._started = false;
+        this._counter = OPCUAServerEndPointCounter++;
+        this._policy_deduplicator = {};
+        (0, node_opcua_assert_1.assert)(!Object.prototype.hasOwnProperty.call(options, "certificate"), "expecting a certificateChain instead");
+        (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(options, "certificateChain"), "expecting a certificateChain");
+        (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(options, "privateKey"));
+        this.certificateManager = options.certificateManager;
+        options.port = options.port || 0;
+        this.port = parseInt(options.port.toString(), 10);
+        (0, node_opcua_assert_1.assert)(typeof this.port === "number");
+        this._certificateChain = options.certificateChain;
+        this._privateKey = options.privateKey;
+        this._channels = {};
+        this.defaultSecureTokenLifetime = options.defaultSecureTokenLifetime || 600000;
+        this.maxConnections = options.maxConnections || 20;
+        this.timeout = options.timeout || 30000;
+        this._server = undefined;
+        this._setup_server();
+        this._endpoints = [];
+        this.objectFactory = options.objectFactory;
+        this.bytesWrittenInOldChannels = 0;
+        this.bytesReadInOldChannels = 0;
+        this.transactionsCountOldChannels = 0;
+        this.securityTokenCountOldChannels = 0;
+        this.serverInfo = options.serverInfo;
+        (0, node_opcua_assert_1.assert)(this.serverInfo !== null && typeof this.serverInfo === "object");
+    }
+    dispose() {
+        this._certificateChain = emptyCertificate;
+        this._privateKey = emptyPrivateKeyPEM;
+        (0, node_opcua_assert_1.assert)(Object.keys(this._channels).length === 0, "OPCUAServerEndPoint channels must have been deleted");
+        this._channels = {};
+        this.serverInfo = new node_opcua_service_endpoints_3.ApplicationDescription({});
+        this._endpoints = [];
+        (0, node_opcua_assert_1.assert)(this._endpoints.length === 0, "endpoints must have been deleted");
+        this._endpoints = [];
+        this._server = undefined;
+        this._listen_callback = undefined;
+        this.removeAllListeners();
+    }
+    toString() {
+        const privateKey1 = (0, node_opcua_crypto_1.convertPEMtoDER)(this.getPrivateKey());
+        const txt = " end point" +
+            this._counter +
+            " port = " +
+            this.port +
+            " l = " +
+            this._endpoints.length +
+            " " +
+            (0, node_opcua_crypto_1.makeSHA1Thumbprint)(this.getCertificateChain()).toString("hex") +
+            " " +
+            (0, node_opcua_crypto_1.makeSHA1Thumbprint)(privateKey1).toString("hex");
+        return txt;
+    }
+    getChannels() {
+        return Object.values(this._channels);
+    }
+    /**
+     * Returns the X509 DER form of the server certificate
+     */
+    getCertificate() {
+        return (0, node_opcua_crypto_1.split_der)(this.getCertificateChain())[0];
+    }
+    /**
+     * Returns the X509 DER form of the server certificate
+     */
+    getCertificateChain() {
+        return this._certificateChain;
+    }
+    /**
+     * the private key
+     */
+    getPrivateKey() {
+        return this._privateKey;
+    }
+    /**
+     * The number of active channel on this end point.
+     */
+    get currentChannelCount() {
+        return Object.keys(this._channels).length;
+    }
+    /**
+     * @method getEndpointDescription
+     * @param securityMode
+     * @param securityPolicy
+     * @return endpoint_description {EndpointDescription|null}
+     */
+    getEndpointDescription(securityMode, securityPolicy, endpointUrl) {
+        const endpoints = this.endpointDescriptions();
+        const arr = endpoints.filter(matching_endpoint.bind(this, securityMode, securityPolicy, endpointUrl));
+        if (endpointUrl && endpointUrl.length > 0 && !(arr.length === 0 || arr.length === 1)) {
+            errorLog("Several matching endpoints have been found : ");
+            for (const a of arr) {
+                errorLog("   ", a.endpointUrl, node_opcua_secure_channel_1.MessageSecurityMode[securityMode], securityPolicy);
+            }
+        }
+        return arr.length === 0 ? null : arr[0];
+    }
+    addEndpointDescription(securityMode, securityPolicy, options) {
+        if (!options) {
+            options = {
+                hostname: (0, node_opcua_hostname_1.getFullyQualifiedDomainName)(),
+                securityPolicies: [node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256]
+            };
+        }
+        options.allowAnonymous = options.allowAnonymous === undefined ? true : options.allowAnonymous;
+        // istanbul ignore next
+        if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.None && securityPolicy !== node_opcua_secure_channel_1.SecurityPolicy.None) {
+            throw new Error(" invalid security ");
+        }
+        // istanbul ignore next
+        if (securityMode !== node_opcua_secure_channel_1.MessageSecurityMode.None && securityPolicy === node_opcua_secure_channel_1.SecurityPolicy.None) {
+            throw new Error(" invalid security ");
+        }
+        //
+        const port = this.port;
+        // resource Path is a string added at the end of the url such as "/UA/Server"
+        const resourcePath = (options.resourcePath || "").replace(/\\/g, "/");
+        (0, node_opcua_assert_1.assert)(resourcePath.length === 0 || resourcePath.charAt(0) === "/", "resourcePath should start with /");
+        const hostname = options.hostname || (0, node_opcua_hostname_1.getFullyQualifiedDomainName)();
+        const endpointUrl = `opc.tcp://${hostname}:${port}${resourcePath}`;
+        const endpoint_desc = this.getEndpointDescription(securityMode, securityPolicy, endpointUrl);
+        // istanbul ignore next
+        if (endpoint_desc) {
+            throw new Error(" endpoint already exist");
+        }
+        // now build endpointUrl
+        this._endpoints.push(_makeEndpointDescription({
+            collection: this._policy_deduplicator,
+            endpointUrl,
+            hostname,
+            port,
+            server: this.serverInfo,
+            serverCertificateChain: this.getCertificateChain(),
+            securityMode,
+            securityPolicy,
+            allowAnonymous: options.allowAnonymous,
+            allowUnsecurePassword: options.allowUnsecurePassword,
+            resourcePath: options.resourcePath,
+            restricted: !!options.restricted,
+            securityPolicies: (options === null || options === void 0 ? void 0 : options.securityPolicies) || []
+        }));
+    }
+    addRestrictedEndpointDescription(options) {
+        options = Object.assign({}, options);
+        options.restricted = true;
+        return this.addEndpointDescription(node_opcua_secure_channel_1.MessageSecurityMode.None, node_opcua_secure_channel_1.SecurityPolicy.None, options);
+    }
+    addStandardEndpointDescriptions(options) {
+        options = options || {};
+        options.securityModes = options.securityModes || defaultSecurityModes;
+        options.securityPolicies = options.securityPolicies || defaultSecurityPolicies;
+        const defaultHostname = options.hostname || (0, node_opcua_hostname_1.getFullyQualifiedDomainName)();
+        let hostnames = [defaultHostname];
+        options.alternateHostname = options.alternateHostname || [];
+        if (typeof options.alternateHostname === "string") {
+            options.alternateHostname = [options.alternateHostname];
+        }
+        // remove duplicates if any (uniq)
+        hostnames = [...new Set(hostnames.concat(options.alternateHostname))];
+        for (const alternateHostname of hostnames) {
+            const optionsE = options;
+            optionsE.hostname = alternateHostname;
+            if (options.securityModes.indexOf(node_opcua_secure_channel_1.MessageSecurityMode.None) >= 0) {
+                this.addEndpointDescription(node_opcua_secure_channel_1.MessageSecurityMode.None, node_opcua_secure_channel_1.SecurityPolicy.None, optionsE);
+            }
+            else {
+                if (!options.disableDiscovery) {
+                    this.addRestrictedEndpointDescription(optionsE);
+                }
+            }
+            for (const securityMode of options.securityModes) {
+                if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.None) {
+                    continue;
+                }
+                for (const securityPolicy of options.securityPolicies) {
+                    if (securityPolicy === node_opcua_secure_channel_1.SecurityPolicy.None) {
+                        continue;
+                    }
+                    this.addEndpointDescription(securityMode, securityPolicy, optionsE);
+                }
+            }
+        }
+    }
+    /**
+     * returns the list of end point descriptions.
+     */
+    endpointDescriptions() {
+        return this._endpoints;
+    }
+    /**
+     * @method listen
+     * @async
+     */
+    listen(callback) {
+        (0, node_opcua_assert_1.assert)(typeof callback === "function");
+        (0, node_opcua_assert_1.assert)(!this._started, "OPCUAServerEndPoint is already listening");
+        this._listen_callback = callback;
+        this._server.on("error", (err) => {
+            debugLog(chalk.red.bold(" error") + " port = " + this.port, err);
+            this._started = false;
+            this._end_listen(err);
+        });
+        this._server.on("listening", () => {
+            debugLog("server is listening");
+        });
+        this._server.listen(this.port,
+        /*"::",*/ (err) => {
+            // 'listening' listener
+            debugLog(chalk.green.bold("LISTENING TO PORT "), this.port, "err  ", err);
+            (0, node_opcua_assert_1.assert)(!err, " cannot listen to port ");
+            this._started = true;
+            this._end_listen();
+        });
+    }
+    killClientSockets(callback) {
+        for (const channel of this.getChannels()) {
+            const hacked_channel = channel;
+            if (hacked_channel.transport && hacked_channel.transport._socket) {
+                // hacked_channel.transport._socket.close();
+                hacked_channel.transport._socket.destroy();
+                hacked_channel.transport._socket.emit("error", new Error("EPIPE"));
+            }
+        }
+        callback();
+    }
+    suspendConnection(callback) {
+        if (!this._started) {
+            return callback(new Error("Connection already suspended !!"));
+        }
+        // Stops the server from accepting new connections and keeps existing connections.
+        // (note from nodejs doc: This function is asynchronous, the server is finally closed
+        // when all connections are ended and the server emits a 'close' event.
+        // The optional callback will be called once the 'close' event occurs.
+        // Unlike that event, it will be called with an Error as its only argument
+        // if the server was not open when it was closed.
+        this._server.close(() => {
+            this._started = false;
+            debugLog("Connection has been closed !" + this.port);
+        });
+        this._started = false;
+        callback();
+    }
+    restoreConnection(callback) {
+        this.listen(callback);
+    }
+    abruptlyInterruptChannels() {
+        for (const channel of Object.values(this._channels)) {
+            channel.abruptlyInterrupt();
+        }
+    }
+    /**
+     * @method shutdown
+     * @async
+     */
+    shutdown(callback) {
+        debugLog("OPCUAServerEndPoint#shutdown ");
+        if (this._started) {
+            // make sure we don't accept new connection any more ...
+            this.suspendConnection(() => {
+                // shutdown all opened channels ...
+                const _channels = Object.values(this._channels);
+                async.each(_channels, (channel, callback1) => {
+                    this.shutdown_channel(channel, callback1);
+                }, (err) => {
+                    /* istanbul ignore next */
+                    if (!(Object.keys(this._channels).length === 0)) {
+                        errorLog(" Bad !");
+                    }
+                    (0, node_opcua_assert_1.assert)(Object.keys(this._channels).length === 0, "channel must have unregistered themselves");
+                    callback(err || undefined);
+                });
+            });
+        }
+        else {
+            callback();
+        }
+    }
+    /**
+     * @method start
+     * @async
+     * @param callback
+     */
+    start(callback) {
+        (0, node_opcua_assert_1.assert)(typeof callback === "function");
+        this.listen(callback);
+    }
+    get bytesWritten() {
+        const channels = Object.values(this._channels);
+        return (this.bytesWrittenInOldChannels +
+            channels.reduce((accumulated, channel) => {
+                return accumulated + channel.bytesWritten;
+            }, 0));
+    }
+    get bytesRead() {
+        const channels = Object.values(this._channels);
+        return (this.bytesReadInOldChannels +
+            channels.reduce((accumulated, channel) => {
+                return accumulated + channel.bytesRead;
+            }, 0));
+    }
+    get transactionsCount() {
+        const channels = Object.values(this._channels);
+        return (this.transactionsCountOldChannels +
+            channels.reduce((accumulated, channel) => {
+                return accumulated + channel.transactionsCount;
+            }, 0));
+    }
+    get securityTokenCount() {
+        const channels = Object.values(this._channels);
+        return (this.securityTokenCountOldChannels +
+            channels.reduce((accumulated, channel) => {
+                return accumulated + channel.securityTokenCount;
+            }, 0));
+    }
+    get activeChannelCount() {
+        return Object.keys(this._channels).length;
+    }
+    _dump_statistics() {
+        this._server.getConnections((err, count) => {
+            debugLog(chalk.cyan("CONCURRENT CONNECTION = "), count);
+        });
+        debugLog(chalk.cyan("MAX CONNECTIONS = "), this._server.maxConnections);
+    }
+    _setup_server() {
+        (0, node_opcua_assert_1.assert)(!this._server);
+        this._server = net.createServer({ pauseOnConnect: true }, this._on_client_connection.bind(this));
+        // xx console.log(" Server with max connections ", self.maxConnections);
+        this._server.maxConnections = this.maxConnections + 1; // plus one extra
+        this._listen_callback = undefined;
+        this._server
+            .on("connection", (socket) => {
+            // istanbul ignore next
+            if (doDebug) {
+                this._dump_statistics();
+                debugLog("server connected  with : " + socket.remoteAddress + ":" + socket.remotePort);
+            }
+        })
+            .on("close", () => {
+            debugLog("server closed : all connections have ended");
+        })
+            .on("error", (err) => {
+            // this could be because the port is already in use
+            debugLog(chalk.red.bold("server error: "), err.message);
+        });
+    }
+    _on_client_connection(socket) {
+        // a client is attempting a connection on the socket
+        socket.setNoDelay(true);
+        debugLog("OPCUAServerEndPoint#_on_client_connection", this._started);
+        if (!this._started) {
+            debugLog(chalk.bgWhite.cyan("OPCUAServerEndPoint#_on_client_connection " +
+                "SERVER END POINT IS PROBABLY SHUTTING DOWN !!! - Connection is refused"));
+            socket.end();
+            return;
+        }
+        const deny_connection = () => {
+            console.log(chalk.bgWhite.cyan("OPCUAServerEndPoint#_on_client_connection " +
+                "The maximum number of connection has been reached - Connection is refused"));
+            const reason = "maxConnections reached (" + this.maxConnections + ")";
+            const socketData = extractSocketData(socket, reason);
+            this.emit("connectionRefused", socketData);
+            socket.end();
+            socket.destroy();
+        };
+        const establish_connection = () => {
+            const nbConnections = Object.keys(this._channels).length;
+            if (nbConnections >= this.maxConnections) {
+                warningLog(" nbConnections ", nbConnections, " self._server.maxConnections", this._server.maxConnections, this.maxConnections);
+                deny_connection();
+                return;
+            }
+            debugLog("OPCUAServerEndPoint._on_client_connection successful => New Channel");
+            const channel = new node_opcua_secure_channel_1.ServerSecureChannelLayer({
+                defaultSecureTokenLifetime: this.defaultSecureTokenLifetime,
+                // objectFactory: this.objectFactory,
+                parent: this,
+                timeout: this.timeout
+            });
+            debugLog("channel Timeout = >", channel.timeout);
+            socket.resume();
+            this._preregisterChannel(channel);
+            channel.init(socket, (err) => {
+                this._un_pre_registerChannel(channel);
+                debugLog(chalk.yellow.bold("Channel#init done"), err);
+                if (err) {
+                    const reason = "openSecureChannel has Failed " + err.message;
+                    const socketData = extractSocketData(socket, reason);
+                    const channelData = extractChannelData(channel);
+                    this.emit("openSecureChannelFailure", socketData, channelData);
+                    socket.end();
+                    socket.destroy();
+                }
+                else {
+                    debugLog("server receiving a client connection");
+                    this._registerChannel(channel);
+                }
+            });
+            channel.on("message", (message) => {
+                // forward
+                this.emit("message", message, channel, this);
+            });
+        };
+        // Each SecureChannel exists until it is explicitly closed or until the last token has expired and the overlap
+        // period has elapsed. A Server application should limit the number of SecureChannels.
+        // To protect against misbehaving Clients and denial of service attacks, the Server shall close the oldest
+        // SecureChannel that has no Session assigned before reaching the maximum number of supported SecureChannels.
+        this._prevent_DDOS_Attack(establish_connection, deny_connection);
+    }
+    _preregisterChannel(channel) {
+        // _preregisterChannel is used to keep track of channel for which
+        // that are in early stage of the hand shaking process.
+        // e.g HEL/ACK and OpenSecureChannel may not have been received yet
+        // as they will need to be interrupted when OPCUAServerEndPoint is closed
+        (0, node_opcua_assert_1.assert)(this._started, "OPCUAServerEndPoint must be started");
+        (0, node_opcua_assert_1.assert)(!Object.prototype.hasOwnProperty.call(this._channels, channel.hashKey), " channel already preregistered!");
+        const channelPriv = channel;
+        this._channels[channel.hashKey] = channelPriv;
+        channelPriv._unpreregisterChannelEvent = () => {
+            debugLog("Channel received an abort event during the preregistration phase");
+            this._un_pre_registerChannel(channel);
+            channel.dispose();
+        };
+        channel.on("abort", channelPriv._unpreregisterChannelEvent);
+    }
+    _un_pre_registerChannel(channel) {
+        if (!this._channels[channel.hashKey]) {
+            debugLog("Already un preregistered ?", channel.hashKey);
+            return;
+        }
+        delete this._channels[channel.hashKey];
+        const channelPriv = channel;
+        if (typeof channelPriv._unpreregisterChannelEvent === "function") {
+            channel.removeListener("abort", channelPriv._unpreregisterChannelEvent);
+            channelPriv._unpreregisterChannelEvent = undefined;
+        }
+    }
+    /**
+     * @method _registerChannel
+     * @param channel
+     * @private
+     */
+    _registerChannel(channel) {
+        if (this._started) {
+            debugLog(chalk.red("_registerChannel = "), "channel.hashKey = ", channel.hashKey);
+            (0, node_opcua_assert_1.assert)(!this._channels[channel.hashKey]);
+            this._channels[channel.hashKey] = channel;
+            /**
+             * @event newChannel
+             * @param channel
+             */
+            this.emit("newChannel", channel);
+            channel.on("abort", () => {
+                this._unregisterChannel(channel);
+            });
+        }
+        else {
+            debugLog("OPCUAServerEndPoint#_registerChannel called when end point is shutdown !");
+            debugLog("  -> channel will be forcefully terminated");
+            channel.close();
+            channel.dispose();
+        }
+    }
+    /**
+     * @method _unregisterChannel
+     * @param channel
+     * @private
+     */
+    _unregisterChannel(channel) {
+        debugLog("_un-registerChannel channel.hashKey", channel.hashKey);
+        if (!Object.prototype.hasOwnProperty.call(this._channels, channel.hashKey)) {
+            return;
+        }
+        (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(this._channels, channel.hashKey), "channel is not registered");
+        /**
+         * @event closeChannel
+         * @param channel
+         */
+        this.emit("closeChannel", channel);
+        // keep trace of statistics data from old channel for our own accumulated stats.
+        this.bytesWrittenInOldChannels += channel.bytesWritten;
+        this.bytesReadInOldChannels += channel.bytesRead;
+        this.transactionsCountOldChannels += channel.transactionsCount;
+        delete this._channels[channel.hashKey];
+        // istanbul ignore next
+        if (doDebug) {
+            this._dump_statistics();
+            debugLog("un-registering channel  - Count = ", this.currentChannelCount);
+        }
+        /// channel.dispose();
+    }
+    _end_listen(err) {
+        (0, node_opcua_assert_1.assert)(typeof this._listen_callback === "function");
+        this._listen_callback(err);
+        this._listen_callback = undefined;
+    }
+    /**
+     *  shutdown_channel
+     * @param channel
+     * @param inner_callback
+     */
+    shutdown_channel(channel, inner_callback) {
+        (0, node_opcua_assert_1.assert)(typeof inner_callback === "function");
+        channel.once("close", () => {
+            // xx console.log(" ON CLOSED !!!!");
+        });
+        channel.close(() => {
+            this._unregisterChannel(channel);
+            setImmediate(inner_callback);
+        });
+    }
+    /**
+     * @private
+     */
+    _prevent_DDOS_Attack(establish_connection, deny_connection) {
+        const nbConnections = this.activeChannelCount;
+        if (nbConnections >= this.maxConnections) {
+            // istanbul ignore next
+            errorLog(chalk.bgRed.white("PREVENTING DDOS ATTACK => maxConnection =" + this.maxConnections));
+            const unused_channels = this.getChannels().filter((channel1) => {
+                return !channel1.isOpened && !channel1.hasSession;
+            });
+            if (unused_channels.length === 0) {
+                // all channels are in used , we cannot get any
+                errorLog("All channels are in used ! let cancel some");
+                // istanbul ignore next
+                if (doDebug) {
+                    console.log("  - all channels are used !!!!");
+                    dumpChannelInfo(this.getChannels());
+                }
+                setTimeout(deny_connection, 10);
+                return;
+            }
+            // istanbul ignore next
+            if (doDebug) {
+                console.log("   - Unused channels that can be clobbered", unused_channels.map((channel1) => channel1.hashKey).join(" "));
+            }
+            const channel = unused_channels[0];
+            errorLog("Closing channel ", channel.hashKey);
+            channel.close(() => {
+                // istanbul ignore next
+                if (doDebug) {
+                    console.log("   _ Unused channel has been closed ", channel.hashKey);
+                }
+                this._unregisterChannel(channel);
+                establish_connection();
+            });
+        }
+        else {
+            setImmediate(establish_connection);
+        }
+    }
+}
+exports.OPCUAServerEndPoint = OPCUAServerEndPoint;
+function estimateSecurityLevel(securityMode, securityPolicy) {
+    if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.None) {
+        return 1;
+    }
+    let offset = 100;
+    if (securityMode === node_opcua_secure_channel_1.MessageSecurityMode.SignAndEncrypt) {
+        offset = 200;
+    }
+    switch (securityPolicy) {
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic128:
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15:
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic192:
+            return 2; // deprecated => low
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic192Rsa15:
+            return 3; // deprecated => low
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic256:
+            return 4; // deprecated => low
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic256Rsa15:
+            return 4 + offset;
+        case node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep:
+            return 5 + offset;
+        case node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256:
+            return 6 + offset;
+        case node_opcua_secure_channel_1.SecurityPolicy.Aes256_Sha256_RsaPss:
+            return 7 + offset;
+        default:
+        case node_opcua_secure_channel_1.SecurityPolicy.None:
+            return 1;
+    }
+}
+/**
+ * @private
+ */
+function _makeEndpointDescription(options) {
+    (0, node_opcua_assert_1.assert)(isFinite(options.port), "expecting a valid port number");
+    (0, node_opcua_assert_1.assert)(Object.prototype.hasOwnProperty.call(options, "serverCertificateChain"));
+    (0, node_opcua_assert_1.assert)(!Object.prototype.hasOwnProperty.call(options, "serverCertificate"));
+    (0, node_opcua_assert_1.assert)(!!options.securityMode); // s.MessageSecurityMode
+    (0, node_opcua_assert_1.assert)(!!options.securityPolicy);
+    (0, node_opcua_assert_1.assert)(options.server !== null && typeof options.server === "object");
+    (0, node_opcua_assert_1.assert)(!!options.hostname && typeof options.hostname === "string");
+    (0, node_opcua_assert_1.assert)(typeof options.restricted === "boolean");
+    const u = (n) => getUniqueName(n, options.collection);
+    options.securityLevel =
+        options.securityLevel === undefined
+            ? estimateSecurityLevel(options.securityMode, options.securityPolicy)
+            : options.securityLevel;
+    (0, node_opcua_assert_1.assert)(isFinite(options.securityLevel), "expecting a valid securityLevel");
+    const securityPolicyUri = (0, node_opcua_secure_channel_1.toURI)(options.securityPolicy);
+    const userIdentityTokens = [];
+    if (options.securityPolicy === node_opcua_secure_channel_1.SecurityPolicy.None) {
+        if (options.allowUnsecurePassword) {
+            userIdentityTokens.push({
+                policyId: u("username_unsecure"),
+                tokenType: node_opcua_service_endpoints_1.UserTokenType.UserName,
+                issuedTokenType: null,
+                issuerEndpointUrl: null,
+                securityPolicyUri: null
+            });
+        }
+        const a = (tokenType, securityPolicy, name) => {
+            if (options.securityPolicies.indexOf(securityPolicy) >= 0) {
+                userIdentityTokens.push({
+                    policyId: u(name),
+                    tokenType,
+                    issuedTokenType: null,
+                    issuerEndpointUrl: null,
+                    securityPolicyUri: securityPolicy
+                });
+            }
+        };
+        const onlyCertificateLessConnection = options.onlyCertificateLessConnection === undefined ? false : options.onlyCertificateLessConnection;
+        if (!onlyCertificateLessConnection) {
+            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Basic256, "username_basic256");
+            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15, "username_basic128Rsa15");
+            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256, "username_basic256Sha256");
+            a(node_opcua_service_endpoints_1.UserTokenType.UserName, node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep, "username_aes128Sha256RsaOaep");
+            // X509
+            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Basic256, "certificate_basic256");
+            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15, "certificate_basic128Rsa15");
+            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256, "certificate_basic256Sha256");
+            a(node_opcua_service_endpoints_1.UserTokenType.Certificate, node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep, "certificate_aes128Sha256RsaOaep");
+        }
+    }
+    else {
+        // note:
+        //  when channel session security is not "None",
+        //  userIdentityTokens can be left to null.
+        //  in this case this mean that secure policy will be the same as connection security policy
+        userIdentityTokens.push({
+            policyId: u("usernamePassword"),
+            tokenType: node_opcua_service_endpoints_1.UserTokenType.UserName,
+            issuedTokenType: null,
+            issuerEndpointUrl: null,
+            securityPolicyUri: null
+        });
+        userIdentityTokens.push({
+            policyId: u("certificateX509"),
+            tokenType: node_opcua_service_endpoints_1.UserTokenType.Certificate,
+            issuedTokenType: null,
+            issuerEndpointUrl: null,
+            securityPolicyUri: null
+        });
+    }
+    if (options.allowAnonymous) {
+        userIdentityTokens.push({
+            policyId: u("anonymous"),
+            tokenType: node_opcua_service_endpoints_1.UserTokenType.Anonymous,
+            issuedTokenType: null,
+            issuerEndpointUrl: null,
+            securityPolicyUri: null
+        });
+    }
+    // return the endpoint object
+    const endpoint = new node_opcua_service_endpoints_2.EndpointDescription({
+        endpointUrl: options.endpointUrl,
+        server: undefined,
+        serverCertificate: options.serverCertificateChain,
+        securityMode: options.securityMode,
+        securityPolicyUri,
+        userIdentityTokens,
+        securityLevel: options.securityLevel,
+        transportProfileUri: default_transportProfileUri
+    });
+    endpoint.__defineGetter__("endpointUrl", () => {
+        return (0, node_opcua_hostname_1.resolveFullyQualifiedDomainName)(options.endpointUrl);
+    });
+    endpoint.server = options.server;
+    endpoint.restricted = options.restricted;
+    return endpoint;
+}
+/**
+ * return true if the end point matches security mode and policy
+ * @param endpoint
+ * @param securityMode
+ * @param securityPolicy
+ * @internal
+ *
+ */
+function matching_endpoint(securityMode, securityPolicy, endpointUrl, endpoint) {
+    (0, node_opcua_assert_1.assert)(endpoint instanceof node_opcua_service_endpoints_2.EndpointDescription);
+    const endpoint_securityPolicy = (0, node_opcua_secure_channel_1.fromURI)(endpoint.securityPolicyUri);
+    if (endpointUrl && endpoint.endpointUrl !== endpointUrl) {
+        return false;
+    }
+    return endpoint.securityMode === securityMode && endpoint_securityPolicy === securityPolicy;
+}
+const defaultSecurityModes = [node_opcua_secure_channel_1.MessageSecurityMode.None, node_opcua_secure_channel_1.MessageSecurityMode.Sign, node_opcua_secure_channel_1.MessageSecurityMode.SignAndEncrypt];
+const defaultSecurityPolicies = [
+    node_opcua_secure_channel_1.SecurityPolicy.Basic128Rsa15,
+    node_opcua_secure_channel_1.SecurityPolicy.Basic256,
+    // xx UNUSED!!    SecurityPolicy.Basic256Rsa15,
+    node_opcua_secure_channel_1.SecurityPolicy.Basic256Sha256,
+    node_opcua_secure_channel_1.SecurityPolicy.Aes128_Sha256_RsaOaep
+    // NO USED YET SecurityPolicy.Aes256_Sha256_RsaPss
+];
 //# sourceMappingURL=server_end_point.js.map