{"version":3,"sources":["/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/chunk-2DISC7JP.cjs","../source_nodejs/generate_private_key_filename.ts","../source_nodejs/read.ts","../source_nodejs/read_certificate_revocation_list.ts","../source_nodejs/read_certificate_signing_request.ts","../source_nodejs/write.ts"],"names":["fs"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,wDAA6B;AAC7B;AACA;ACYA,gCAAoC;AACpC,gEAAe;AAEf,MAAA,SAAsB,sBAAA,CAAuB,kBAAA,EAA4B,aAAA,EAA0C;AAC/G,EAAA,MAAM,KAAA,EAAO,MAAM,+CAAA,aAA6B,CAAA;AAChD,EAAA,MAAM,cAAA,EAAgB,MAAM,+CAAA,IAAgB,CAAK,UAAU,CAAA;AAC3D,EAAA,MAAM,YAAA,CAAG,QAAA,CAAS,SAAA,CAAU,kBAAA,EAAoB,aAAA,CAAc,OAAA,EAAS,OAAO,CAAA;AAC9E,EAAA,aAAA,CAAc,QAAA,EAAU,EAAA;AACxB,EAAA,aAAA,CAAc,QAAA,EAAU,IAAI,WAAA,CAAY,CAAC,CAAA;AAC7C;AAQA,MAAA,SAAsB,+BAAA,CAAgC,kBAAA,EAA4B,aAAA,EAAmC;AACjH,EAAA,MAAM,EAAE,WAAW,EAAA,EAAI,yCAAA,KAAoB,EAAO;AAAA,IAC9C,aAAA;AAAA,IACA,kBAAA,EAAoB,EAAE,IAAA,EAAM,OAAA,EAAS,MAAA,EAAQ,MAAM,CAAA;AAAA,IACnD,iBAAA,EAAmB,EAAE,IAAA,EAAM,MAAA,EAAQ,MAAA,EAAQ,MAAM;AAAA,EACrD,CAAC,CAAA;AACD,EAAA,MAAM,YAAA,CAAG,QAAA,CAAS,SAAA,CAAU,kBAAA,EAAoB,UAAA,EAAY,OAAO,CAAA;AACvE;ADlBA;AACA;AEPA,gFAAmB;AACnB;AACA;AACA,wEAAiB;AACjB,4EAAkB;AAelB,SAAS,YAAA,CAAa,QAAA,EAAuB;AACzC,EAAA,8BAAA,OAAc,SAAA,IAAa,QAAQ,CAAA;AACnC,EAAA,OAAO,gDAAA,YAAiBA,CAAG,YAAA,CAAa,QAAA,EAAU,OAAO,CAAC,CAAA;AAC9D;AAUA,SAAS,mBAAA,CAAoB,GAAA,EAAqB;AAC9C,EAAA,MAAM,QAAA,EAAU,GAAA,CAAI,KAAA,CAAM,8BAA8B,CAAA;AACxD,EAAA,OAAO,QAAA,EAAU,OAAA,CAAQ,OAAA,EAAS,CAAA;AACtC;AAaO,SAAS,eAAA,CAAgB,QAAA,EAA+B;AAC3D,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAOA,YAAAA,CAAG,YAAA,CAAa,QAAQ,CAAA;AAAA,EACnC;AACA,EAAA,MAAM,IAAA,EAAM,YAAA,CAAa,QAAQ,CAAA;AACjC,EAAA,MAAM,MAAA,EAAQ,mBAAA,CAAoB,GAAG,CAAA;AACrC,EAAA,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAG;AACX,IAAA,OAAA,CAAQ,IAAA;AAAA,MACJ,CAAA,sCAAA,EAAyC,cAAA,CAAK,QAAA,CAAS,QAAQ,CAAC,CAAA,WAAA,EACnD,KAAK,CAAA,+GAAA;AAAA,IAEtB,CAAA;AAAA,EACJ;AACA,EAAA,OAAO,+CAAA,GAAmB,CAAA;AAC9B;AAWO,SAAS,oBAAA,CAAqB,QAAA,EAAiC;AAClE,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAO,yCAAA,YAAUA,CAAG,YAAA,CAAa,QAAQ,CAAgB,CAAA;AAAA,EAC7D;AACA,EAAA,MAAM,IAAA,EAAM,YAAA,CAAa,QAAQ,CAAA;AACjC,EAAA,OAAO,6BAAA,CAA8B,GAAG,CAAA;AAC5C;AAKA,MAAA,SAAsB,yBAAA,CAA0B,QAAA,EAA0C;AACtF,EAAA,MAAM,IAAA,EAAM,MAAMA,YAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,QAAQ,CAAA;AAC/C,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAO,yCAAA,GAA4B,CAAA;AAAA,EACvC;AACA,EAAA,MAAM,IAAA,EAAM,gDAAA,GAAiB,CAAI,QAAA,CAAS,OAAO,CAAC,CAAA;AAClD,EAAA,OAAO,6BAAA,CAA8B,GAAG,CAAA;AAC5C;AAMA,SAAS,6BAAA,CAA8B,GAAA,EAA4B;AAC/D,EAAA,MAAM,MAAA,EAAuB,CAAC,CAAA;AAC9B,EAAA,MAAM,MAAA,EAAQ,sFAAA;AACd,EAAA,IAAI,KAAA;AACJ,EAAA,MAAA,EAAQ,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA;AACtB,EAAA,MAAA,CAAO,MAAA,IAAU,IAAA,EAAM;AACnB,IAAA,MAAM,OAAA,EAAS,KAAA,CAAM,CAAC,CAAA,CAAE,OAAA,CAAQ,QAAA,EAAU,EAAE,CAAA;AAC5C,IAAA,MAAM,UAAA,EAAY,MAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,QAAQ,CAAA;AAC9C,IAAA,IAAI;AACA,MAAA,MAAM,eAAA,EAAiB,yCAAA,SAAmB,CAAA;AAC1C,MAAA,IAAA,CAAA,MAAW,EAAA,GAAK,cAAA,EAAgB;AAC5B,QAAA,KAAA,CAAM,IAAA,CAAK,CAAC,CAAA;AAAA,MAChB;AAAA,IACJ,EAAA,MAAA,CAAS,IAAA,EAAM;AAEX,MAAA,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA;AAAA,IACxB;AACA,IAAA,MAAA,EAAQ,KAAA,CAAM,IAAA,CAAK,GAAG,CAAA;AAAA,EAC1B;AACA,EAAA,OAAO,KAAA;AACX;AAYA,MAAA,SAAsB,oBAAA,CAAqB,QAAA,EAAwC;AAC/E,EAAA,MAAM,IAAA,EAAM,MAAMA,YAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,QAAQ,CAAA;AAC/C,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAO,GAAA;AAAA,EACX;AACA,EAAA,MAAM,QAAA,EAAU,gDAAA,GAAiB,CAAI,QAAA,CAAS,OAAO,CAAC,CAAA;AACtD,EAAA,MAAM,MAAA,EAAQ,mBAAA,CAAoB,OAAO,CAAA;AACzC,EAAA,GAAA,CAAI,MAAA,EAAQ,CAAA,EAAG;AACX,IAAA,OAAA,CAAQ,IAAA;AAAA,MACJ,CAAA,2CAAA,EAA8C,cAAA,CAAK,QAAA,CAAS,QAAQ,CAAC,CAAA,WAAA,EACxD,KAAK,CAAA,oHAAA;AAAA,IAEtB,CAAA;AAAA,EACJ;AACA,EAAA,OAAO,+CAAA,OAAuB,CAAA;AAClC;AAKO,SAAS,aAAA,CAAc,QAAA,EAA6B;AACvD,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,MAAM,IAAA,EAAMA,YAAAA,CAAG,YAAA,CAAa,QAAQ,CAAA;AACpC,IAAA,OAAO,qCAAA,GAAmB,CAAA;AAAA,EAC9B,EAAA,KAAO;AACH,IAAA,MAAM,QAAA,EAAkB,YAAA,CAAa,QAAQ,CAAA;AAC7C,IAAA,OAAO,qCAAA,OAAuB,CAAA;AAAA,EAClC;AACJ;AAKA,MAAA,SAAsB,kBAAA,CAAmB,QAAA,EAAsC;AAC3E,EAAA,MAAM,IAAA,EAAM,MAAMA,YAAAA,CAAG,QAAA,CAAS,QAAA,CAAS,QAAQ,CAAA;AAC/C,EAAA,GAAA,CAAI,QAAA,CAAS,KAAA,CAAM,SAAS,CAAA,EAAG;AAC3B,IAAA,OAAO,qCAAA,GAAmB,CAAA;AAAA,EAC9B;AACA,EAAA,OAAO,qCAAA,gDAAgB,GAAiB,CAAI,QAAA,CAAS,OAAO,CAAC,CAAC,CAAA;AAClE;AAIA,SAAS,kBAAA,CAAmB,MAAA,EAAqC;AAC7D,EAAA,GAAA,CAAI,CAAC,yBAAA,GAAoB,OAAA,CAAQ,GAAA,CAAI,oBAAA,EAAsB;AAEvD,IAAA,GAAA,CAAI,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,EAAG;AACzB,MAAA,MAAM,OAAA,EAAS,qCAAA,MAAM,EAAQ,aAAa,CAAA;AAC1C,MAAA,8BAAA,CAAQ,iBAAA,EAAmB,aAAa,CAAA,CAAE,OAAA,CAAQ,+CAAA,MAAsB,CAAW,EAAA,GAAK,CAAC,CAAA;AACzF,MAAA,OAAO,EAAE,MAAA,EAAQ,OAAO,CAAA;AAAA,IAC5B;AACA,IAAA,OAAO,EAAE,MAAA,EAAQ,gBAAA,CAAiB,MAAgB,EAAE,CAAA;AAAA,EACxD;AAEA,EAAA,MAAM,OAAA,EAAS,OAAA,CAAQ,GAAA,CAAI,YAAA;AAC3B,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe,WAAA;AAC3B,EAAA,MAAM,SAAA,EAAW,sCAAA,MAAuB,CAAA;AACxC,EAAA,OAAA,CAAQ,GAAA,CAAI,aAAA,EAAe,MAAA;AAC3B,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAS,CAAA;AAC9B;AAEA,SAAS,gBAAA,CAAiB,GAAA,EAAqB;AAC3C,EAAA,OAAO,GAAA,CAAI,KAAA,CAAM,KAAK,EAAA,EAAI,IAAA,EAAM,CAAA,EAAA;AAAM;AAC1C;AAI6D;AAC1B,EAAA;AACS,IAAA;AACP,IAAA;AAC1B,EAAA;AACkC,IAAA;AACX,IAAA;AAC9B,EAAA;AACJ;AAK0C;AACR,EAAA;AACC,EAAA;AACE,IAAA;AACjC,EAAA;AAC0B,EAAA;AAC9B;AAEmC;AACH,EAAA;AAChC;AAKsB;AACY,EAAA;AACH,EAAA;AAC/B;AAEiC;AACD,EAAA;AAChC;AAKsB;AACY,EAAA;AACH,EAAA;AAC/B;AAKkC;AACF,EAAA;AAChC;AAMsB;AACY,EAAA;AACH,EAAA;AAC/B;AAEmC;AAEC;AACd,EAAA;AACK,EAAA;AAChB,EAAA;AACX;AAC8C;AACf,EAAA;AACK,IAAA;AAChC,EAAA;AACO,EAAA;AACX;AAKkC;AACP,EAAA;AACH,IAAA;AACpB,EAAA;AACiC,EAAA;AACR,IAAA;AACzB,EAAA;AACgC,EAAA;AACX,EAAA;AACO,EAAA;AACI,EAAA;AAChB,EAAA;AACpB;AAEiC;AACI,EAAA;AACR,IAAA;AACzB,EAAA;AACgC,EAAA;AACF,EAAA;AACF,EAAA;AACK,EAAA;AACrC;AF3GmC;AACA;AG9LpB;AAIO;AACY,EAAA;AACI,EAAA;AAEvB,IAAA;AACX,EAAA;AAC6B,EAAA;AACC,EAAA;AAClC;AH4LmC;AACA;AIzMpB;AAMO;AACY,EAAA;AACI,EAAA;AAEvB,IAAA;AACX,EAAA;AAC6B,EAAA;AACC,EAAA;AAClC;AJqMmC;AACA;AKpNpB;AAemB;AACF,EAAA;AACC,EAAA;AAAqC;AACtE;AAQsC;AACP,EAAA;AAC/B;AAKsB;AACU,EAAA;AAChC;AAUkC;AACF,EAAA;AACJ,EAAA;AAC5B;AAQyC;AACV,EAAA;AAC/B;AAKsB;AACU,EAAA;AAChC;AL0KmC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA","file":"/home/runner/work/node-opcua-crypto/node-opcua-crypto/packages/node-opcua-crypto/dist/chunk-2DISC7JP.cjs","sourcesContent":[null,"// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport { generateKeyPairSync } from \"node:crypto\";\nimport fs from \"node:fs\";\nimport { generateKeyPair, privateKeyToPEM } from \"../source/index.js\";\nexport async function generatePrivateKeyFile(privateKeyFilename: string, modulusLength: 1024 | 2048 | 3072 | 4096) {\n    const keys = await generateKeyPair(modulusLength);\n    const privateKeyPem = await privateKeyToPEM(keys.privateKey);\n    await fs.promises.writeFile(privateKeyFilename, privateKeyPem.privPem, \"utf-8\");\n    privateKeyPem.privPem = \"\";\n    privateKeyPem.privDer = new ArrayBuffer(0);\n}\n\n/**\n * alternate function to generate PrivateKeyFile, using native\n * node:crypto.\n *\n * This function is slower than generatePrivateKeyFile\n */\nexport async function generatePrivateKeyFileAlternate(privateKeyFilename: string, modulusLength: 2048 | 3072 | 4096) {\n    const { privateKey } = generateKeyPairSync(\"rsa\", {\n        modulusLength,\n        privateKeyEncoding: { type: \"pkcs8\", format: \"pem\" },\n        publicKeyEncoding: { type: \"spki\", format: \"pem\" },\n    });\n    await fs.promises.writeFile(privateKeyFilename, privateKey, \"utf-8\");\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport assert from \"node:assert\";\nimport { createPrivateKey, createPublicKey } from \"node:crypto\";\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport sshpk from \"sshpk\";\nimport type {\n    Certificate,\n    CertificatePEM,\n    DER,\n    KeyObject,\n    PEM,\n    PrivateKey,\n    PrivateKeyPEM,\n    PublicKey,\n    PublicKeyPEM,\n} from \"../source/common.js\";\nimport { split_der } from \"../source/crypto_explore_certificate.js\";\nimport { convertPEMtoDER, identifyPemType, removeTrailingLF, toPem } from \"../source/crypto_utils.js\";\n\nfunction _readPemFile(filename: string): PEM {\n    assert(typeof filename === \"string\");\n    return removeTrailingLF(fs.readFileSync(filename, \"utf-8\"));\n}\n\nfunction _readPemOrDerFileAsDER(filename: string): DER {\n    if (filename.match(/.*\\.der/)) {\n        return fs.readFileSync(filename) as Buffer;\n    }\n    const raw_key: string = _readPemFile(filename);\n    return convertPEMtoDER(raw_key);\n}\n\nfunction _countPemCertBlocks(pem: string): number {\n    const matches = pem.match(/-----BEGIN CERTIFICATE-----/g);\n    return matches ? matches.length : 0;\n}\n\n/**\n * Read a DER or PEM certificate from file.\n *\n * **Note:** If the PEM file contains multiple certificate blocks\n * (e.g. a leaf cert + CA chain), only the **first** certificate\n * is returned. Use {@link readCertificateChain} to read all\n * certificates individually.\n *\n * @deprecated Use {@link readCertificateChain} instead, which\n * returns each certificate as a separate DER buffer.\n */\nexport function readCertificate(filename: string): Certificate {\n    if (filename.match(/.*\\.der/)) {\n        return fs.readFileSync(filename) as Certificate;\n    }\n    const pem = _readPemFile(filename);\n    const count = _countPemCertBlocks(pem);\n    if (count > 1) {\n        console.warn(\n            `[node-opcua-crypto] readCertificate: \"${path.basename(filename)}\"` +\n            ` contains ${count} PEM certificate block(s) but only the first` +\n            ` will be used. Use readCertificateChain() to read all certificates.`,\n        );\n    }\n    return convertPEMtoDER(pem) as Certificate;\n}\n\n/**\n * Read a PEM or DER certificate file that may contain multiple\n * certificates (e.g. a leaf cert + CA issuer chain) and return\n * each certificate as a separate DER `Buffer`.\n *\n * - For a DER file, returns a single-element array.\n * - For a PEM file with N certificate blocks, returns N elements\n *   in the same order they appear in the file (leaf first).\n */\nexport function readCertificateChain(filename: string): Certificate[] {\n    if (filename.match(/.*\\.der/)) {\n        return split_der(fs.readFileSync(filename) as Certificate);\n    }\n    const pem = _readPemFile(filename);\n    return _extractAllPemDerCertificates(pem);\n}\n\n/**\n * Async version of {@link readCertificateChain}.\n */\nexport async function readCertificateChainAsync(filename: string): Promise<Certificate[]> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return split_der(buf as Certificate);\n    }\n    const pem = removeTrailingLF(buf.toString(\"utf-8\"));\n    return _extractAllPemDerCertificates(pem);\n}\n\n/**\n * Extract all CERTIFICATE PEM blocks from a PEM string and\n * return each as a separate DER `Buffer`.\n */\nfunction _extractAllPemDerCertificates(pem: string): Certificate[] {\n    const certs: Certificate[] = [];\n    const regex = /-----BEGIN CERTIFICATE-----\\r?\\n([/+=a-zA-Z0-9\\r\\n]*)\\r?\\n-----END CERTIFICATE-----/g;\n    let match: RegExpExecArray | null;\n    match = regex.exec(pem);\n    while (match !== null) {\n        const base64 = match[1].replace(/\\r?\\n/g, \"\");\n        const derBuffer = Buffer.from(base64, \"base64\") as Certificate;\n        try {\n            const separatedCerts = split_der(derBuffer);\n            for (const c of separatedCerts) {\n                certs.push(c);\n            }\n        } catch (_err) {\n            // Fallback: push buffer as is if it fails parsing\n            certs.push(derBuffer);\n        }\n        match = regex.exec(pem);\n    }\n    return certs;\n}\n\n/**\n * Async version of {@link readCertificate}.\n * Uses `fs.promises.readFile` so the event loop is not blocked\n * during I/O.\n *\n * **Note:** If the PEM file contains multiple certificate blocks,\n * only the first is returned. Use {@link readCertificateChainAsync}.\n *\n * @deprecated Use {@link readCertificateChainAsync} instead.\n */\nexport async function readCertificateAsync(filename: string): Promise<Certificate> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return buf as Certificate;\n    }\n    const raw_key = removeTrailingLF(buf.toString(\"utf-8\"));\n    const count = _countPemCertBlocks(raw_key);\n    if (count > 1) {\n        console.warn(\n            `[node-opcua-crypto] readCertificateAsync: \"${path.basename(filename)}\"` +\n            ` contains ${count} PEM certificate block(s) but only the first` +\n            ` will be used. Use readCertificateChainAsync() to read all certificates.`,\n        );\n    }\n    return convertPEMtoDER(raw_key) as Certificate;\n}\n\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPublicKey(filename: string): KeyObject {\n    if (filename.match(/.*\\.der/)) {\n        const der = fs.readFileSync(filename) as Buffer;\n        return createPublicKey(der);\n    } else {\n        const raw_key: string = _readPemFile(filename);\n        return createPublicKey(raw_key);\n    }\n}\n\n/**\n * Async version of {@link readPublicKey}.\n */\nexport async function readPublicKeyAsync(filename: string): Promise<KeyObject> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return createPublicKey(buf);\n    }\n    return createPublicKey(removeTrailingLF(buf.toString(\"utf-8\")));\n}\n\n// console.log(\"createPrivateKey\", (crypto as any).createPrivateKey, process.env.NO_CREATE_PRIVATEKEY);\n\nfunction myCreatePrivateKey(rawKey: string | Buffer): PrivateKey {\n    if (!createPrivateKey || process.env.NO_CREATE_PRIVATEKEY) {\n        // we are not running nodejs or createPrivateKey is not supported in the environment\n        if (Buffer.isBuffer(rawKey)) {\n            const pemKey = toPem(rawKey, \"PRIVATE KEY\");\n            assert([\"RSA PRIVATE KEY\", \"PRIVATE KEY\"].indexOf(identifyPemType(pemKey) as string) >= 0);\n            return { hidden: pemKey };\n        }\n        return { hidden: ensureTrailingLF(rawKey as string) };\n    }\n    // see https://askubuntu.com/questions/1409458/openssl-config-cuases-error-in-node-js-crypto-how-should-the-config-be-updated\n    const backup = process.env.OPENSSL_CONF;\n    process.env.OPENSSL_CONF = \"/dev/null\";\n    const retValue = createPrivateKey(rawKey);\n    process.env.OPENSSL_CONF = backup;\n    return { hidden: retValue };\n}\n\nfunction ensureTrailingLF(str: string): string {\n    return str.match(/\\n$/) ? str : `${str}\\n`;\n}\n/**\n * read a DER or PEM certificate from file\n */\nexport function readPrivateKey(filename: string): PrivateKey {\n    if (filename.match(/.*\\.der/)) {\n        const der: Buffer = fs.readFileSync(filename);\n        return myCreatePrivateKey(der);\n    } else {\n        const raw_key: string = _readPemFile(filename);\n        return myCreatePrivateKey(raw_key);\n    }\n}\n\n/**\n * Async version of {@link readPrivateKey}.\n */\nexport async function readPrivateKeyAsync(filename: string): Promise<PrivateKey> {\n    const buf = await fs.promises.readFile(filename);\n    if (filename.match(/.*\\.der/)) {\n        return myCreatePrivateKey(buf);\n    }\n    return myCreatePrivateKey(removeTrailingLF(buf.toString(\"utf-8\")));\n}\n\nexport function readCertificatePEM(filename: string): CertificatePEM {\n    return _readPemFile(filename);\n}\n\n/**\n * Async version of {@link readCertificatePEM}.\n */\nexport async function readCertificatePEMAsync(filename: string): Promise<CertificatePEM> {\n    const buf = await fs.promises.readFile(filename, \"utf-8\");\n    return removeTrailingLF(buf);\n}\n\nexport function readPublicKeyPEM(filename: string): PublicKeyPEM {\n    return _readPemFile(filename);\n}\n\n/**\n * Async version of {@link readPublicKeyPEM}.\n */\nexport async function readPublicKeyPEMAsync(filename: string): Promise<PublicKeyPEM> {\n    const buf = await fs.promises.readFile(filename, \"utf-8\");\n    return removeTrailingLF(buf);\n}\n/**\n *\n * @deprecated\n */\nexport function readPrivateKeyPEM(filename: string): PrivateKeyPEM {\n    return _readPemFile(filename);\n}\n\n/**\n * Async version of {@link readPrivateKeyPEM}.\n * @deprecated\n */\nexport async function readPrivateKeyPEMAsync(filename: string): Promise<PrivateKeyPEM> {\n    const buf = await fs.promises.readFile(filename, \"utf-8\");\n    return removeTrailingLF(buf);\n}\n\nlet _g_certificate_store: string = \"\";\n\nexport function setCertificateStore(store: string): string {\n    const old_store = _g_certificate_store;\n    _g_certificate_store = store;\n    return old_store;\n}\nexport function getCertificateStore(): string {\n    if (!_g_certificate_store) {\n        _g_certificate_store = path.join(__dirname, \"../../certificates/\");\n    }\n    return _g_certificate_store;\n}\n/**\n *\n * @param filename\n */\nexport function readPrivateRsaKey(filename: string): PrivateKey {\n    if (!createPrivateKey) {\n        throw new Error(\"createPrivateKey is not supported in this environment\");\n    }\n    if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n        filename = path.join(getCertificateStore(), filename);\n    }\n    const content = fs.readFileSync(filename, \"utf8\");\n    const sshKey = sshpk.parsePrivateKey(content, \"auto\");\n    const key = sshKey.toString(\"pkcs1\") as PEM;\n    const hidden = createPrivateKey({ format: \"pem\", type: \"pkcs1\", key });\n    return { hidden };\n}\n\nexport function readPublicRsaKey(filename: string): PublicKey {\n    if (filename.substring(0, 1) !== \".\" && !fs.existsSync(filename)) {\n        filename = path.join(getCertificateStore(), filename);\n    }\n    const content = fs.readFileSync(filename, \"utf-8\");\n    const sshKey = sshpk.parseKey(content, \"ssh\");\n    const key = sshKey.toString(\"pkcs1\") as PEM;\n    return createPublicKey({ format: \"pem\", type: \"pkcs1\", key });\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\nimport type { CertificateRevocationList } from \"../source/common.js\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\n\nexport async function readCertificateRevocationList(filename: string): Promise<CertificateRevocationList> {\n    const crl = await fs.promises.readFile(filename);\n    if (crl[0] === 0x30 && crl[1] === 0x82) {\n        // der format\n        return crl as CertificateRevocationList;\n    }\n    const raw_crl = crl.toString();\n    return convertPEMtoDER(raw_crl);\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\nimport type { CertificateRevocationList } from \"../source/common.js\";\nimport { convertPEMtoDER } from \"../source/crypto_utils.js\";\n\nexport type CertificateSigningRequest = Buffer;\n\nexport async function readCertificateSigningRequest(filename: string): Promise<CertificateSigningRequest> {\n    const csr = await fs.promises.readFile(filename);\n    if (csr[0] === 0x30 && csr[1] === 0x82) {\n        // der format\n        return csr as CertificateRevocationList;\n    }\n    const raw_crl = csr.toString();\n    return convertPEMtoDER(raw_crl);\n}\n","// ---------------------------------------------------------------------------------------------------------------------\n// node-opcua-crypto\n// ---------------------------------------------------------------------------------------------------------------------\n// Copyright (c) 2014-2022 - Etienne Rossignon - etienne.rossignon (at) gadz.org\n// Copyright (c) 2022-2026 - Sterfive.com\n// ---------------------------------------------------------------------------------------------------------------------\n//\n// This  project is licensed under the terms of the MIT license.\n//\n// Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated\n// documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the\n// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to\n// permit persons to whom the Software is furnished to do so,  subject to the following conditions:\n//\n// The above copyright notice and this permission notice shall be included in all copies or substantial portions of the\n// Software.\n//\n// THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE\n// WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\n// COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR\n// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n// ---------------------------------------------------------------------------------------------------------------------\n\nimport fs from \"node:fs\";\n\nimport type { Certificate } from \"../source/common.js\";\nimport { combine_der } from \"../source/crypto_explore_certificate.js\";\nimport { toPem } from \"../source/crypto_utils.js\";\n\n// ── PEM ──────────────────────────────────────────────────────\n\n/**\n * Convert one or more DER certificates to a PEM string.\n *\n * Accepts a single `Certificate` (DER buffer) or an array.\n * Returns a multi-block PEM string with each certificate\n * separated by a newline.\n */\nexport function certificatesToPem(certificates: Certificate | Certificate[]): string {\n    const certs = Array.isArray(certificates) ? certificates : [certificates];\n    return `${certs.map((der) => toPem(der, \"CERTIFICATE\")).join(\"\\n\")}\\n`;\n}\n\n/**\n * Write one or more DER certificates to a PEM file.\n *\n * Each certificate is written as a separate PEM block in the\n * order provided (typically leaf first, then issuer chain).\n */\nexport function writeCertificateChain(filename: string, certificates: Certificate | Certificate[]): void {\n    fs.writeFileSync(filename, certificatesToPem(certificates), \"utf-8\");\n}\n\n/**\n * Async version of {@link writeCertificateChain}.\n */\nexport async function writeCertificateChainAsync(filename: string, certificates: Certificate | Certificate[]): Promise<void> {\n    await fs.promises.writeFile(filename, certificatesToPem(certificates), \"utf-8\");\n}\n\n// ── DER ──────────────────────────────────────────────────────\n\n/**\n * Convert one or more DER certificates to a single concatenated\n * DER buffer (OPC UA certificate chain format).\n *\n * Accepts a single `Certificate` (DER buffer) or an array.\n */\nexport function certificatesToDer(certificates: Certificate | Certificate[]): Certificate {\n    const certs = Array.isArray(certificates) ? certificates : [certificates];\n    return combine_der(certs);\n}\n\n/**\n * Write one or more DER certificates to a `.der` file as a\n * concatenated DER chain (OPC UA binary chain format).\n *\n * Order should be leaf first, then issuer chain.\n */\nexport function writeCertificateChainDer(filename: string, certificates: Certificate | Certificate[]): void {\n    fs.writeFileSync(filename, certificatesToDer(certificates));\n}\n\n/**\n * Async version of {@link writeCertificateChainDer}.\n */\nexport async function writeCertificateChainDerAsync(filename: string, certificates: Certificate | Certificate[]): Promise<void> {\n    await fs.promises.writeFile(filename, certificatesToDer(certificates));\n}\n"]}