import { Certificate, CertificateRevocationList, DER } from "node-opcua-crypto"; import { SubjectOptions } from "../misc/subject"; import { CertificateStatus, Filename, KeySize } from "../toolbox/common"; import { CreateSelfSignCertificateParam } from "../toolbox/common"; export interface CertificateManagerOptions { keySize?: KeySize; location: string; } export interface CreateSelfSignCertificateParam1 extends CreateSelfSignCertificateParam { outputFile?: Filename; subject: SubjectOptions | string; applicationUri: string; dns: string[]; startDate: Date; validity: number; } export interface VerifyCertificateOptions { acceptOutdatedCertificate?: boolean; acceptOutDatedIssuerCertificate?: boolean; ignoreMissingRevocationList?: boolean; acceptPendingCertificate?: boolean; } export declare enum VerificationStatus { /** The certificate provided as a parameter is not valid. */ BadCertificateInvalid = "BadCertificateInvalid", /** An error occurred verifying security. */ BadSecurityChecksFailed = "BadSecurityChecksFailed", /** The certificate does not meet the requirements of the security policy. */ BadCertificatePolicyCheckFailed = "BadCertificatePolicyCheckFailed", /** The certificate has expired or is not yet valid. */ BadCertificateTimeInvalid = "BadCertificateTimeInvalid", /** An issuer certificate has expired or is not yet valid. */ BadCertificateIssuerTimeInvalid = "BadCertificateIssuerTimeInvalid", /** The HostName used to connect to a server does not match a HostName in the certificate. */ BadCertificateHostNameInvalid = "BadCertificateHostNameInvalid", /** The URI specified in the ApplicationDescription does not match the URI in the certificate. */ BadCertificateUriInvalid = "BadCertificateUriInvalid", /** The certificate may not be used for the requested operation. */ BadCertificateUseNotAllowed = "BadCertificateUseNotAllowed", /** The issuer certificate may not be used for the requested operation. */ BadCertificateIssuerUseNotAllowed = "BadCertificateIssuerUseNotAllowed", /** The certificate is not trusted. */ BadCertificateUntrusted = "BadCertificateUntrusted", /** It was not possible to determine if the certificate has been revoked. */ BadCertificateRevocationUnknown = "BadCertificateRevocationUnknown", /** It was not possible to determine if the issuer certificate has been revoked. */ BadCertificateIssuerRevocationUnknown = "BadCertificateIssuerRevocationUnknown", /** The certificate has been revoked. */ BadCertificateRevoked = "BadCertificateRevoked", /** The issuer certificate has been revoked. */ BadCertificateIssuerRevoked = "BadCertificateIssuerRevoked", /** The certificate chain is incomplete. */ BadCertificateChainIncomplete = "BadCertificateChainIncomplete", /** Validation OK. */ Good = "Good" } export declare function findIssuerCertificateInChain(certificate: Certificate, chain: Certificate[]): Certificate | null; export declare enum CertificateManagerState { Uninitialized = 0, Initializing = 1, Initialized = 2, Disposing = 3, Disposed = 4 } export declare class CertificateManager { untrustUnknownCertificate: boolean; state: CertificateManagerState; folderPoolingInterval: number; private readonly keySize; private readonly location; private readonly _watchers; private _readCertificatesCalled; private readonly _filenameToHash; private readonly _thumbs; constructor(options: CertificateManagerOptions); get configFile(): string; get rootDir(): string; get privateKey(): string; get randomFile(): string; /** * returns the certificate status trusted/rejected * @param certificate */ getCertificateStatus(certificate: Buffer): Promise; rejectCertificate(certificate: Certificate): Promise; trustCertificate(certificate: Certificate): Promise; get rejectedFolder(): string; get trustedFolder(): string; get crlFolder(): string; get issuersCertFolder(): string; get issuersCrlFolder(): string; isCertificateTrusted(certificate: Certificate): Promise; _innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number, options: VerifyCertificateOptions): Promise; protected verifyCertificateAsync(certificate: Certificate, options: VerifyCertificateOptions): Promise; /** * Verify certificate validity * @method verifyCertificate * @param certificate */ verifyCertificate(certificate: Certificate, options?: VerifyCertificateOptions): Promise; initialize(): Promise; private _initialize; dispose(): Promise; protected withLock2(action: () => Promise): Promise; /** * * create a self-signed certificate for the CertificateManager private key * */ createSelfSignedCertificate(params: CreateSelfSignCertificateParam1): Promise; createCertificateRequest(params: CreateSelfSignCertificateParam): Promise; addIssuer(certificate: DER, validate?: boolean, addInTrustList?: boolean): Promise; addRevocationList(crl: CertificateRevocationList): Promise; /** * find the issuer certificate among the trusted issuer certificates. * * The findIssuerCertificate method is an asynchronous method that attempts to find * the issuer certificate for a given certificate from the list of issuer certificate declared in the PKI * * - If the certificate is self-signed, it returns the certificate itself. * * - If the certificate has no extension 3, it is assumed to be generated by an old system, and a null value is returned. * * - the method checks both issuer and trusted certificates and returns the appropriate issuercertificate, * if found. If multiple matching certificates are found, a warning is logged to the console. * */ findIssuerCertificate(certificate: Certificate): Promise; /** * @internal * @private */ _checkRejectedOrTrusted(certificate: Buffer): Promise; private _moveCertificate; private _findAssociatedCRLs; isCertificateRevoked(certificate: Certificate, issuerCertificate?: Certificate | null): Promise; private _pending_crl_to_process; private _on_crl_process?; private queue; private _on_crl_file_added; private _process_next_crl; private _readCertificates; private waitAndCheckCRLProcessingStatus; }