node-opcua-pki - npm Package Compare versions

Comparing version 4.2.1 to 4.3.0

dist/lib/pki/certificate_manager.d.ts

@@ -26,2 +26,8 @@ /// <reference types="node" />
 }
+export interface VerifyCertificateOptions {
+    acceptOutdatedCertificate?: boolean;
+    acceptOutDatedIssuerCertificate?: boolean;
+    ignoreMissingRevocationList?: boolean;
+    acceptPendingCertificate?: boolean;
+}
 export declare enum VerificationStatus {
@@ -101,4 +107,4 @@ /** The certificate provided as a parameter is not valid. */
     isCertificateTrusted(certificate: Certificate): Promise<string>;
-    _innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number): Promise<VerificationStatus>;
-    verifyCertificateAsync(certificate: Certificate): Promise<VerificationStatus>;
+    _innerVerifyCertificateAsync(certificate: Certificate, isIssuer: boolean, level: number, options: VerifyCertificateOptions): Promise<VerificationStatus>;
+    protected verifyCertificateAsync(certificate: Certificate, options: VerifyCertificateOptions): Promise<VerificationStatus>;
     /**
@@ -109,3 +115,3 @@ * Verify certificate validity
      */
-    verifyCertificate(certificate: Certificate): Promise<VerificationStatus>;
+    verifyCertificate(certificate: Certificate, options?: VerifyCertificateOptions): Promise<VerificationStatus>;
     verifyCertificate(certificate: Certificate, callback: (err: Error | null, status?: VerificationStatus) => void): void;
@@ -112,0 +118,0 @@ initialize(): Promise<void>;

dist/lib/pki/certificate_manager.js

@@ -98,3 +98,3 @@ "use strict";
     VerificationStatus["Good"] = "Good";
-})(VerificationStatus = exports.VerificationStatus || (exports.VerificationStatus = {}));
+})(VerificationStatus || (exports.VerificationStatus = VerificationStatus = {}));
 function makeFingerprint(certificate) {
@@ -173,3 +173,3 @@ return (0, node_opcua_crypto_1.makeSHA1Thumbprint)(certificate).toString("hex");
     CertificateManagerState[CertificateManagerState["Disposed"] = 4] = "Disposed";
-})(CertificateManagerState = exports.CertificateManagerState || (exports.CertificateManagerState = {}));
+})(CertificateManagerState || (exports.CertificateManagerState = CertificateManagerState = {}));
 class CertificateManager {
@@ -304,3 +304,3 @@ constructor(options) {
     }
-    _innerVerifyCertificateAsync(certificate, isIssuer, level) {
+    _innerVerifyCertificateAsync(certificate, isIssuer, level, options) {
         var _a, _b, _c, _d, _e;
@@ -339,3 +339,3 @@ return __awaiter(this, void 0, void 0, function* () {
                     }
-                    const issuerStatus = yield this._innerVerifyCertificateAsync(issuerCertificate, true, level + 1);
+                    const issuerStatus = yield this._innerVerifyCertificateAsync(issuerCertificate, true, level + 1, options);
                     if (issuerStatus === VerificationStatus.BadCertificateRevocationUnknown) {
@@ -350,4 +350,6 @@ // the issuer must have a CRL available .... !
                     if (issuerStatus === VerificationStatus.BadCertificateTimeInvalid) {
-                        // the issuer must have valid dates ....
-                        return VerificationStatus.BadCertificateIssuerTimeInvalid;
+                        if (!options || !options.acceptOutDatedIssuerCertificate) {
+                            // the issuer must have valid dates ....
+                            return VerificationStatus.BadCertificateIssuerTimeInvalid;
+                        }
                     }
@@ -370,5 +372,10 @@ if (issuerStatus == VerificationStatus.BadCertificateUntrusted) {
                     // let detected if our certificate is in the revocation list
-                    const revokedStatus = yield this.isCertificateRevoked(certificate);
+                    let revokedStatus = yield this.isCertificateRevoked(certificate);
                     if (revokedStatus === VerificationStatus.BadCertificateRevocationUnknown) {
-                        return VerificationStatus.BadCertificateRevocationUnknown;
+                        if (!options || !options.ignoreMissingRevocationList) {
+                            return VerificationStatus.BadCertificateRevocationUnknown;
+                        }
+                        else {
+                            revokedStatus = VerificationStatus.Good;
+                        }
                     }
@@ -421,3 +428,5 @@ if (revokedStatus !== VerificationStatus.Good) {
                     certificateInfo.notBefore);
-                isTimeInvalid = true;
+                if (!options.acceptPendingCertificate) {
+                    isTimeInvalid = true;
+                }
             }
@@ -428,3 +437,5 @@ //  check that certificate has not expired
                 (0, debug_1.debugLog)(chalk.red("certificate is invalid : certificate has expired !") + " not after date =" + certificateInfo.notAfter);
-                isTimeInvalid = true;
+                if (!options.acceptOutdatedCertificate) {
+                    isTimeInvalid = true;
+                }
             }
@@ -449,10 +460,20 @@ if (status === "trusted") {
     }
-    verifyCertificateAsync(certificate) {
+    verifyCertificateAsync(certificate, options) {
         return __awaiter(this, void 0, void 0, function* () {
-            const status1 = yield this._innerVerifyCertificateAsync(certificate, false, 0);
+            const status1 = yield this._innerVerifyCertificateAsync(certificate, false, 0, options);
             return status1;
         });
     }
-    verifyCertificate(certificate, callback) {
-        if (!callback)
+    verifyCertificate(certificate, ...args) {
+        let options;
+        let callback = undefined;
+        if (args.length === 1) {
+            callback = args[0];
+        }
+        else if (args.length === 2) {
+            options = args[0];
+            callback = args[1];
+        }
+        // istanbul ignore next
+        if (!callback || typeof callback !== "function")
             throw new Error("internal error");
@@ -464,3 +485,3 @@ // Is the  signature on the SoftwareCertificate valid .?
         }
-        (0, util_1.callbackify)(this.verifyCertificateAsync).call(this, certificate, callback);
+        (0, util_1.callbackify)(this.verifyCertificateAsync).call(this, certificate, options || {}, callback);
     }
@@ -467,0 +488,0 @@ initialize(...args) {

package.json

 {
   "name": "node-opcua-pki",
-  "version": "4.2.1",
+  "version": "4.3.0",
   "description": "PKI management for node-opcua",
@@ -52,3 +52,3 @@ "main": "./dist/lib/index.js",
     "minimist": "^1.2.8",
-    "node-opcua-crypto": "3.0.6",
+    "node-opcua-crypto": "4.1.0",
     "progress": "^2.0.3",
@@ -62,3 +62,2 @@ "rimraf": "3.0.2",
   "devDependencies": {
-    "@istanbuljs/nyc-config-typescript": "^1.0.2",
     "@types/async": "^3.2.20",
@@ -68,21 +67,20 @@ "@types/byline": "^4.2.33",
     "@types/mocha": "^10.0.1",
-    "@types/node": "^20.2.6",
+    "@types/node": "^20.5.0",
     "@types/node-dir": "0.0.34",
     "@types/progress": "^2.0.5",
     "@types/rimraf": "^3.0.2",
-    "@types/sinon": "^10.0.15",
-    "@types/underscore": "^1.11.5",
+    "@types/sinon": "^10.0.16",
+    "@types/underscore": "^1.11.6",
     "@types/yargs": "^17.0.24",
     "@types/yauzl": "^2.10.0",
-    "@typescript-eslint/eslint-plugin": "^5.59.9",
-    "@typescript-eslint/parser": "^5.59.9",
-    "eslint": "^8.42.0",
+    "@typescript-eslint/eslint-plugin": "^6.4.0",
+    "@typescript-eslint/parser": "^6.4.0",
+    "eslint": "^8.47.0",
     "mocha": "^10.2.0",
     "node-dir": "^0.1.17",
-    "nyc": "^15.1.0",
     "should": "^13.2.3",
-    "sinon": "^15.1.0",
+    "sinon": "^15.2.0",
     "source-map-support": "^0.5.21",
     "ts-node": "^10.9.1",
-    "typescript": "^5.1.3"
+    "typescript": "^5.1.6"
   },
@@ -89,0 +87,0 @@ "bin": {

No alert changes

Improved metrics

Total package byte prevSize

270981

increased by0.41%

Dev dependency count

22

decreased by-8.33%

Lines of code

4998

increased by0.54%

Dependency changes

• + Addedhexy@0.3.5(transitive)

• + Addednode-opcua-crypto@4.1.0(transitive)

• - Removedhexy@0.3.4(transitive)

• - Removednode-opcua-crypto@3.0.6(transitive)

• Updatednode-opcua-crypto@4.1.0