Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

node-opcua-service-secure-channel

Package Overview
Dependencies
Maintainers
1
Versions
218
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-opcua-service-secure-channel - npm Package Compare versions

Comparing version 2.5.10 to 2.6.0-alpha.5

3

dist/AsymmetricAlgorithmSecurityHeader.d.ts

@@ -1,4 +0,1 @@

/**
* @module node-opcua-service-secure-channel
*/
import { ByteString, UAString } from "node-opcua-basic-types";

@@ -5,0 +2,0 @@ import { BinaryStream, OutputBinaryStream } from "node-opcua-binary-stream";

91

dist/AsymmetricAlgorithmSecurityHeader.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
/**
* @module node-opcua-service-secure-channel
*/
// OPC UA Secure Conversation Message Header : Part 6 page 36
// Asymmetric algorithms are used to secure the OpenSecureChannel messages.
exports.AsymmetricAlgorithmSecurityHeader = void 0;
const node_opcua_basic_types_1 = require("node-opcua-basic-types");

@@ -14,64 +10,43 @@ const node_opcua_factory_1 = require("node-opcua-factory");

fields: [
// length shall not exceed 256
// The URI of the security policy used to secure the message.
// This field is encoded as a UTF8 string without a null terminator
{ name: "securityPolicyUri", fieldType: "String" },
// The X509v3 certificate assigned to the sending application instance.
// This is a DER encoded blob.
// This indicates what private key was used to sign the MessageChunk.
// This field shall be null if the message is not signed.
// The structure of an X509 Certificate is defined in X509.
// The DER format for a Certificate is defined in X690
// The Stack shall close the channel and report an error to the Application if the SenderCertificate
// is too large for the buffer size supported by the transport layer.
// If the Certificate is signed by a CA the DER encoded CA Certificate may be appended after the Certificate
// in the byte array. If the CA Certificate is also signed by another CA this process is repeated until
// the entire Certificate chain is in the buffer or if MaxSenderCertificateSize limit is reached
// (the process stops after the last whole Certificate that can be added without exceeding the
// MaxSenderCertificateSize limit).
// Receivers can extract the Certificates from the byte array by using the Certificate size contained
// in DER header (see X509).
// Receivers that do not handle Certificate chains shall ignore the extra bytes.
{ name: "senderCertificate", fieldType: "ByteString", defaultValue: null },
// The thumbprint of the X509v3 certificate assigned to the receiving application
// The thumbprint is the SHA1 digest of the DER encoded form of the certificate.
// This indicates what public key was used to encrypt the MessageChunk
// This field shall be null if the message is not encrypted.
{ name: "receiverCertificateThumbprint", fieldType: "ByteString", defaultValue: null }
]
});
class AsymmetricAlgorithmSecurityHeader extends node_opcua_factory_1.BaseUAObject {
constructor(options) {
options = options || {};
super();
const schema = schemaAsymmetricAlgorithmSecurityHeader;
/* istanbul ignore next */
if (node_opcua_factory_1.parameters.debugSchemaHelper) {
node_opcua_factory_1.check_options_correctness_against_schema(this, schema, options);
let AsymmetricAlgorithmSecurityHeader = (() => {
class AsymmetricAlgorithmSecurityHeader extends node_opcua_factory_1.BaseUAObject {
constructor(options) {
options = options || {};
super();
const schema = schemaAsymmetricAlgorithmSecurityHeader;
if (node_opcua_factory_1.parameters.debugSchemaHelper) {
node_opcua_factory_1.check_options_correctness_against_schema(this, schema, options);
}
this.securityPolicyUri = node_opcua_factory_1.initialize_field(schema.fields[0], options.securityPolicyUri);
this.senderCertificate = node_opcua_factory_1.initialize_field(schema.fields[1], options.senderCertificate);
this.receiverCertificateThumbprint = node_opcua_factory_1.initialize_field(schema.fields[2], options.receiverCertificateThumbprint);
}
this.securityPolicyUri = node_opcua_factory_1.initialize_field(schema.fields[0], options.securityPolicyUri);
this.senderCertificate = node_opcua_factory_1.initialize_field(schema.fields[1], options.senderCertificate);
this.receiverCertificateThumbprint = node_opcua_factory_1.initialize_field(schema.fields[2], options.receiverCertificateThumbprint);
encode(stream) {
super.encode(stream);
node_opcua_basic_types_1.encodeString(this.securityPolicyUri, stream);
node_opcua_basic_types_1.encodeByteString(this.senderCertificate, stream);
node_opcua_basic_types_1.encodeByteString(this.receiverCertificateThumbprint, stream);
}
decode(stream) {
super.decode(stream);
this.securityPolicyUri = node_opcua_basic_types_1.decodeString(stream);
this.senderCertificate = node_opcua_basic_types_1.decodeByteString(stream);
this.receiverCertificateThumbprint = node_opcua_basic_types_1.decodeByteString(stream);
}
}
encode(stream) {
super.encode(stream);
node_opcua_basic_types_1.encodeString(this.securityPolicyUri, stream);
node_opcua_basic_types_1.encodeByteString(this.senderCertificate, stream);
node_opcua_basic_types_1.encodeByteString(this.receiverCertificateThumbprint, stream);
}
decode(stream) {
super.decode(stream);
this.securityPolicyUri = node_opcua_basic_types_1.decodeString(stream);
this.senderCertificate = node_opcua_basic_types_1.decodeByteString(stream);
this.receiverCertificateThumbprint = node_opcua_basic_types_1.decodeByteString(stream);
}
}
AsymmetricAlgorithmSecurityHeader.possibleFields = [
"securityPolicyUri",
"senderCertificate",
"receiverCertificateThumbprint"
];
AsymmetricAlgorithmSecurityHeader.schema = schemaAsymmetricAlgorithmSecurityHeader;
return AsymmetricAlgorithmSecurityHeader;
})();
exports.AsymmetricAlgorithmSecurityHeader = AsymmetricAlgorithmSecurityHeader;
AsymmetricAlgorithmSecurityHeader.possibleFields = [
"securityPolicyUri",
"senderCertificate",
"receiverCertificateThumbprint"
];
AsymmetricAlgorithmSecurityHeader.schema = schemaAsymmetricAlgorithmSecurityHeader;
AsymmetricAlgorithmSecurityHeader.prototype.schema = AsymmetricAlgorithmSecurityHeader.schema;
//# sourceMappingURL=AsymmetricAlgorithmSecurityHeader.js.map
"use strict";
function __export(m) {
for (var p in m) if (!exports.hasOwnProperty(p)) exports[p] = m[p];
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __exportStar = (this && this.__exportStar) || function(m, exports) {
for (var p in m) if (p !== "default" && !exports.hasOwnProperty(p)) __createBinding(exports, m, p);
}
Object.defineProperty(exports, "__esModule", { value: true });
/**
* @module node-opcua-service-secure-channel
*/
// tslint:disable:max-line-length
exports.hasTokenExpired = void 0;
const node_opcua_assert_1 = require("node-opcua-assert");
const node_opcua_types_1 = require("node-opcua-types");
var node_opcua_types_2 = require("node-opcua-types");
exports.ChannelSecurityToken = node_opcua_types_2.ChannelSecurityToken;
exports.OpenSecureChannelRequest = node_opcua_types_2.OpenSecureChannelRequest;
exports.OpenSecureChannelResponse = node_opcua_types_2.OpenSecureChannelResponse;
exports.CloseSecureChannelRequest = node_opcua_types_2.CloseSecureChannelRequest;
exports.CloseSecureChannelResponse = node_opcua_types_2.CloseSecureChannelResponse;
exports.ServiceFault = node_opcua_types_2.ServiceFault;
exports.SecurityTokenRequestType = node_opcua_types_2.SecurityTokenRequestType;
exports.ResponseHeader = node_opcua_types_2.ResponseHeader;
exports.RequestHeader = node_opcua_types_2.RequestHeader;
exports.SignatureData = node_opcua_types_2.SignatureData;
exports.MessageSecurityMode = node_opcua_types_2.MessageSecurityMode;
exports._enumerationMessageSecurityMode = node_opcua_types_2._enumerationMessageSecurityMode;
exports.UserTokenPolicy = node_opcua_types_2.UserTokenPolicy;
Object.defineProperty(exports, "ChannelSecurityToken", { enumerable: true, get: function () { return node_opcua_types_2.ChannelSecurityToken; } });
Object.defineProperty(exports, "OpenSecureChannelRequest", { enumerable: true, get: function () { return node_opcua_types_2.OpenSecureChannelRequest; } });
Object.defineProperty(exports, "OpenSecureChannelResponse", { enumerable: true, get: function () { return node_opcua_types_2.OpenSecureChannelResponse; } });
Object.defineProperty(exports, "CloseSecureChannelRequest", { enumerable: true, get: function () { return node_opcua_types_2.CloseSecureChannelRequest; } });
Object.defineProperty(exports, "CloseSecureChannelResponse", { enumerable: true, get: function () { return node_opcua_types_2.CloseSecureChannelResponse; } });
Object.defineProperty(exports, "ServiceFault", { enumerable: true, get: function () { return node_opcua_types_2.ServiceFault; } });
Object.defineProperty(exports, "SecurityTokenRequestType", { enumerable: true, get: function () { return node_opcua_types_2.SecurityTokenRequestType; } });
Object.defineProperty(exports, "ResponseHeader", { enumerable: true, get: function () { return node_opcua_types_2.ResponseHeader; } });
Object.defineProperty(exports, "RequestHeader", { enumerable: true, get: function () { return node_opcua_types_2.RequestHeader; } });
Object.defineProperty(exports, "SignatureData", { enumerable: true, get: function () { return node_opcua_types_2.SignatureData; } });
Object.defineProperty(exports, "MessageSecurityMode", { enumerable: true, get: function () { return node_opcua_types_2.MessageSecurityMode; } });
Object.defineProperty(exports, "_enumerationMessageSecurityMode", { enumerable: true, get: function () { return node_opcua_types_2._enumerationMessageSecurityMode; } });
Object.defineProperty(exports, "UserTokenPolicy", { enumerable: true, get: function () { return node_opcua_types_2.UserTokenPolicy; } });
var AsymmetricAlgorithmSecurityHeader_1 = require("./AsymmetricAlgorithmSecurityHeader");
exports.AsymmetricAlgorithmSecurityHeader = AsymmetricAlgorithmSecurityHeader_1.AsymmetricAlgorithmSecurityHeader;
Object.defineProperty(exports, "AsymmetricAlgorithmSecurityHeader", { enumerable: true, get: function () { return AsymmetricAlgorithmSecurityHeader_1.AsymmetricAlgorithmSecurityHeader; } });
var SymmetricAlgorithmSecurityHeader_1 = require("./SymmetricAlgorithmSecurityHeader");
exports.SymmetricAlgorithmSecurityHeader = SymmetricAlgorithmSecurityHeader_1.SymmetricAlgorithmSecurityHeader;
__export(require("./message_security_mode"));
// createdAt
Object.defineProperty(exports, "SymmetricAlgorithmSecurityHeader", { enumerable: true, get: function () { return SymmetricAlgorithmSecurityHeader_1.SymmetricAlgorithmSecurityHeader; } });
__exportStar(require("./message_security_mode"), exports);
node_opcua_types_1.ChannelSecurityToken.schema.fields[2].defaultValue = () => new Date();
// revisedLifetime
node_opcua_types_1.ChannelSecurityToken.schema.fields[3].defaultValue = () => 30000;

@@ -45,62 +47,14 @@ function hasTokenExpired(token) {

});
// ErrorMessage
// "Error", "UInt32","The numeric code for the error. This shall be one of the values listed in Table 40."
// "Reason","String", "A more verbose description of the error.This string shall not be more than 4096 characters."
// OPC Unified Architecture, Part 4 $7.27 page 139
// RequestHeader",
// 0. authenticationToken NodeId The secret Session identifier used to verify that the request is associated with
// the Session. The SessionAuthenticationToken type is defined in 7.29.
// 1. timestamp UtcTime The time the Client sent the request.
node_opcua_assert_1.assert(node_opcua_types_1.RequestHeader.schema.fields[1].name === "timestamp");
node_opcua_types_1.RequestHeader.schema.fields[1].defaultValue = () => new Date();
// 2. requestHandle IntegerId " A requestHandle associated with the request. This client defined handle can
// be used to cancel the request. It is also returned in the response.
node_opcua_assert_1.assert(node_opcua_types_1.RequestHeader.schema.fields[2].name === "requestHandle");
node_opcua_types_1.RequestHeader.schema.fields[2].defaultValue = 0xDEADBEEF;
// 3. returnDiagnostics UInt32 A bit mask that identifies the types of vendor-specific diagnostics to be
// returned in diagnosticInfo response parameters.
// 4. auditEntryId UAString An identifier that identifies the Client's security audit log entry associated with
// this request.
// 5. timeoutHint UInt32
// 6. additionalHeader ExtensionObject
node_opcua_assert_1.assert(node_opcua_types_1.RequestHeader.schema.fields[6].name === "additionalHeader");
node_opcua_types_1.RequestHeader.schema.fields[6].defaultValue = () => null;
// OPC Unified Architecture, Part 4 $7.27 page 139
// Response Header,
// 0. timestamp UtcTime The time the Server sent the response.
node_opcua_assert_1.assert(node_opcua_types_1.ResponseHeader.schema.fields[0].name === "timestamp");
node_opcua_types_1.ResponseHeader.schema.fields[0].defaultValue = () => new Date();
// 1. requestHandle IntegerId The requestHandle given by the Client to the request.
// 2. serviceResult StatusCode OPC UA-defined result of the Service invocation.
// 3. serviceDiagnostics DiagnosticInfo The diagnostics associated with the ServiceResult.
// 4. stringTable String[] There is one string in this list for each unique namespace, symbolic identifier,
// and localized text string contained in all of the diagnostics information
// parameters contained in the response (see 7.8). Each is identified within this
// table by its zero-based index.
// 5. additionalHeader ExtensionObject Reserved for future use.
// OpenSecureChannelResponse
// documentation excerpt:
// SecurityTokens have a finite lifetime negotiated with this Service. However, differences between the
// system clocks on different machines and network latencies mean that valid Messages could arrive after the token has
// expired. To prevent valid Messages from being discarded, the applications should do the following:
// 1. Clients should request a new SecurityTokens after 75% of its lifetime has elapsed. This should ensure that Clients
// will receive the new SecurityToken before the old one actually expires.
// 2. Servers should use the existing SecurityToken to secure outgoing Messages until the SecurityToken expires or the
// Server receives a Message secured with a new SecurityToken.
// This should ensure that Clients do not reject Messages secured with the new SecurityToken that arrive before
// the Client receives the new SecurityToken.
// 3. Clients should accept Messages secured by an expired SecurityToken for up to 25% of the token lifetime.
// This should ensure that Messages sent by the Server before the token expired are not rejected because of
// network delays.
// Node-opcua raised a issue in mantis => issue 2895
// BUG: the specification 1.02 says in part 4 $7.30
// SignatureData is "signature" + "algorithm"
// however the schema file specifies: "algorithm" + "signature" , Schema file is correct
// SignatureData
// algorithm String The cryptography algorithm used to create the signature.
node_opcua_assert_1.assert(node_opcua_types_1.SignatureData.schema.fields[0].name === "algorithm");
node_opcua_types_1.SignatureData.schema.fields[0].defaultValue = () => null;
// signature ByteString The digital signature.
node_opcua_assert_1.assert(node_opcua_types_1.SignatureData.schema.fields[1].name === "signature");
node_opcua_types_1.SignatureData.schema.fields[1].defaultValue = () => null;
//# sourceMappingURL=index.js.map

@@ -1,5 +0,2 @@

/**
* @module node-opcua-service-secure-channel
*/
import { MessageSecurityMode } from "node-opcua-types";
export declare function coerceMessageSecurityMode(value?: number | string): MessageSecurityMode;
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
/**
* @module node-opcua-service-secure-channel
*/
exports.coerceMessageSecurityMode = void 0;
const node_opcua_types_1 = require("node-opcua-types");

@@ -7,0 +5,0 @@ function coerceMessageSecurityMode(value) {

@@ -1,4 +0,1 @@

/**
* @module node-opcua-service-secure-channel
*/
import { UInt32 } from "node-opcua-basic-types";

@@ -5,0 +2,0 @@ import { BinaryStream, OutputBinaryStream } from "node-opcua-binary-stream";

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
/**
* @module node-opcua-service-secure-channel
*/
// Symmetric algorithms are used to secure all messages other than the OpenSecureChannel messages
// OPC UA Secure Conversation Message Header Release 1.02 Part 6 page 39
exports.SymmetricAlgorithmSecurityHeader = void 0;
const node_opcua_basic_types_1 = require("node-opcua-basic-types");

@@ -14,31 +10,28 @@ const node_opcua_factory_1 = require("node-opcua-factory");

fields: [
// A unique identifier for the ClientSecureChannelLayer token used to secure the message
// This identifier is returned by the server in an OpenSecureChannel response message. If a
// Server receives a TokenId which it does not recognize it shall return an appropriate
// transport layer error.
{ name: "tokenId", fieldType: "UInt32", defaultValue: 0xDEADBEEF }
]
});
class SymmetricAlgorithmSecurityHeader extends node_opcua_factory_1.BaseUAObject {
constructor(options) {
options = options || {};
super();
const schema = schemaSymmetricAlgorithmSecurityHeader;
this.tokenId = node_opcua_factory_1.initialize_field(schema.fields[0], options.tokenId);
let SymmetricAlgorithmSecurityHeader = (() => {
class SymmetricAlgorithmSecurityHeader extends node_opcua_factory_1.BaseUAObject {
constructor(options) {
options = options || {};
super();
const schema = schemaSymmetricAlgorithmSecurityHeader;
this.tokenId = node_opcua_factory_1.initialize_field(schema.fields[0], options.tokenId);
}
encode(stream) {
super.encode(stream);
node_opcua_basic_types_1.encodeUInt32(this.tokenId, stream);
}
decode(stream) {
super.decode(stream);
this.tokenId = node_opcua_basic_types_1.decodeUInt32(stream);
}
}
encode(stream) {
// call base class implementation first
super.encode(stream);
node_opcua_basic_types_1.encodeUInt32(this.tokenId, stream);
}
decode(stream) {
// call base class implementation first
super.decode(stream);
this.tokenId = node_opcua_basic_types_1.decodeUInt32(stream);
}
}
SymmetricAlgorithmSecurityHeader.possibleFields = ["tokenId"];
SymmetricAlgorithmSecurityHeader.schema = schemaSymmetricAlgorithmSecurityHeader;
return SymmetricAlgorithmSecurityHeader;
})();
exports.SymmetricAlgorithmSecurityHeader = SymmetricAlgorithmSecurityHeader;
SymmetricAlgorithmSecurityHeader.possibleFields = ["tokenId"];
SymmetricAlgorithmSecurityHeader.schema = schemaSymmetricAlgorithmSecurityHeader;
SymmetricAlgorithmSecurityHeader.prototype.schema = SymmetricAlgorithmSecurityHeader.schema;
//# sourceMappingURL=SymmetricAlgorithmSecurityHeader.js.map
{
"name": "node-opcua-service-secure-channel",
"version": "2.5.10",
"version": "2.6.0-alpha.5+2620e75a",
"description": "pure nodejs OPCUA SDK - module -service-secure-channel",

@@ -13,3 +13,3 @@ "main": "./dist/index.js",

"dependencies": {
"node-opcua-assert": "2.5.8",
"node-opcua-assert": "^2.5.8",
"node-opcua-basic-types": "^2.5.9",

@@ -21,10 +21,10 @@ "node-opcua-binary-stream": "^2.5.9",

"node-opcua-nodeid": "^2.5.9",
"node-opcua-types": "^2.5.10",
"node-opcua-types": "^2.6.0-alpha.5+2620e75a",
"underscore": "^1.10.2"
},
"devDependencies": {
"node-opcua-binary-stream": "2.5.6",
"node-opcua-binary-stream": "2.5.9",
"node-opcua-buffer-utils": "^2.5.9",
"node-opcua-debug": "^2.5.9",
"node-opcua-generator": "^2.5.10",
"node-opcua-generator": "^2.6.0-alpha.5+2620e75a",
"node-opcua-packet-analyzer": "^2.5.10",

@@ -49,3 +49,3 @@ "node-opcua-status-code": "^2.5.9",

"homepage": "http://node-opcua.github.io/",
"gitHead": "f83ada4e88fdeedc0710c5a3b75bbd4b44d9ff76"
"gitHead": "2620e75a3de3fd14b2c084d864e39c3ea7003d10"
}

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc