node-opcua-service-secure-channel - npm Package Compare versions

Comparing version 2.6.0-alpha.7 to 2.6.1

dist/AsymmetricAlgorithmSecurityHeader.d.ts

@@ -0,1 +1,4 @@
+/**
+ * @module node-opcua-service-secure-channel
+ */
 import { ByteString, UAString } from "node-opcua-basic-types";
@@ -2,0 +5,0 @@ import { BinaryStream, OutputBinaryStream } from "node-opcua-binary-stream";

dist/AsymmetricAlgorithmSecurityHeader.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AsymmetricAlgorithmSecurityHeader = void 0;
+/**
+ * @module node-opcua-service-secure-channel
+ */
+// OPC UA Secure Conversation Message Header : Part 6 page 36
+// Asymmetric algorithms are used to secure the OpenSecureChannel messages.
 const node_opcua_basic_types_1 = require("node-opcua-basic-types");
@@ -10,8 +15,31 @@ const node_opcua_factory_1 = require("node-opcua-factory");
     fields: [
+        // length shall not exceed 256
+        // The URI of the security policy used to secure the message.
+        // This field is encoded as a UTF8 string without a null terminator
         { name: "securityPolicyUri", fieldType: "String" },
+        // The X509v3 certificate assigned to the sending application instance.
+        // This is a DER encoded blob.
+        // This indicates what private key was used to sign the MessageChunk.
+        // This field shall be null if the message is not signed.
+        // The structure of an X509 Certificate is defined in X509.
+        // The DER format for a Certificate is defined in X690
+        // The Stack shall close the channel and report an error to the Application if the SenderCertificate
+        // is too large for the buffer size supported by the transport layer.
+        // If the Certificate is signed by a CA the DER encoded CA Certificate may be appended after the Certificate
+        // in the byte array. If the CA Certificate is also signed by another CA this process is repeated until
+        // the entire Certificate chain is in the buffer or if MaxSenderCertificateSize limit is reached
+        // (the process stops after the last whole Certificate that can be added without exceeding the
+        // MaxSenderCertificateSize limit).
+        // Receivers can extract the Certificates from the byte array by using the Certificate size contained
+        // in DER header (see X509).
+        // Receivers that do not handle Certificate chains shall ignore the extra bytes.
         { name: "senderCertificate", fieldType: "ByteString", defaultValue: null },
+        // The thumbprint of the X509v3 certificate assigned to the receiving application
+        // The thumbprint is the SHA1 digest of the DER encoded form of the certificate.
+        // This indicates what public key was used to encrypt the MessageChunk
+        // This field shall be null if the message is not encrypted.
         { name: "receiverCertificateThumbprint", fieldType: "ByteString", defaultValue: null }
     ]
 });
-let AsymmetricAlgorithmSecurityHeader = (() => {
+let AsymmetricAlgorithmSecurityHeader = /** @class */ (() => {
     class AsymmetricAlgorithmSecurityHeader extends node_opcua_factory_1.BaseUAObject {
@@ -22,2 +50,3 @@ constructor(options) {
             const schema = schemaAsymmetricAlgorithmSecurityHeader;
+            /* istanbul ignore next */
             if (node_opcua_factory_1.parameters.debugSchemaHelper) {
@@ -24,0 +53,0 @@ node_opcua_factory_1.check_options_correctness_against_schema(this, schema, options);

dist/index.js

@@ -14,2 +14,6 @@ "use strict";
 exports.hasTokenExpired = void 0;
+/**
+ * @module node-opcua-service-secure-channel
+ */
+// tslint:disable:max-line-length
 const node_opcua_assert_1 = require("node-opcua-assert");
@@ -36,3 +40,5 @@ const node_opcua_types_1 = require("node-opcua-types");
 __exportStar(require("./message_security_mode"), exports);
+// createdAt
 node_opcua_types_1.ChannelSecurityToken.schema.fields[2].defaultValue = () => new Date();
+// revisedLifetime
 node_opcua_types_1.ChannelSecurityToken.schema.fields[3].defaultValue = () => 30000;
@@ -49,14 +55,62 @@ function hasTokenExpired(token) {
 });
+// ErrorMessage
+// "Error",  "UInt32","The numeric code for the error. This shall be one of the values listed in Table 40."
+// "Reason","String", "A more verbose description of the error.This string shall not be more than 4096 characters."
+// OPC Unified Architecture, Part 4  $7.27 page 139
+// RequestHeader",
+// 0.  authenticationToken         NodeId         The secret Session identifier used to verify that the request is associated with
+//                                                the Session. The SessionAuthenticationToken type is defined in 7.29.
+// 1. timestamp                   UtcTime         The time the Client sent the request.
 node_opcua_assert_1.assert(node_opcua_types_1.RequestHeader.schema.fields[1].name === "timestamp");
 node_opcua_types_1.RequestHeader.schema.fields[1].defaultValue = () => new Date();
+// 2. requestHandle               IntegerId "     A requestHandle associated with the request. This client defined handle can
+//                                                be used to cancel the request. It is also returned in the response.
 node_opcua_assert_1.assert(node_opcua_types_1.RequestHeader.schema.fields[2].name === "requestHandle");
 node_opcua_types_1.RequestHeader.schema.fields[2].defaultValue = 0xDEADBEEF;
+// 3. returnDiagnostics           UInt32          A bit mask that identifies the types of vendor-specific diagnostics to be
+//                                                returned in diagnosticInfo response parameters.
+// 4. auditEntryId                UAString        An identifier that identifies the Client's security audit log entry associated with
+//                                                this request.
+// 5. timeoutHint                UInt32
+// 6.  additionalHeader          ExtensionObject
 node_opcua_assert_1.assert(node_opcua_types_1.RequestHeader.schema.fields[6].name === "additionalHeader");
 node_opcua_types_1.RequestHeader.schema.fields[6].defaultValue = () => null;
+// OPC Unified Architecture, Part 4  $7.27 page 139
+// Response Header,
+// 0. timestamp                 UtcTime           The time the Server sent the response.
 node_opcua_assert_1.assert(node_opcua_types_1.ResponseHeader.schema.fields[0].name === "timestamp");
 node_opcua_types_1.ResponseHeader.schema.fields[0].defaultValue = () => new Date();
+// 1. requestHandle             IntegerId          The requestHandle given by the Client to the request.
+// 2. serviceResult             StatusCode         OPC UA-defined result of the Service invocation.
+// 3. serviceDiagnostics        DiagnosticInfo     The diagnostics associated with the ServiceResult.
+// 4. stringTable               String[]           There is one string in this list for each unique namespace, symbolic identifier,
+//                                                 and localized text string contained in all of the diagnostics information
+//                                                 parameters contained in the response (see 7.8). Each is identified within this
+//                                                 table by its zero-based index.
+// 5. additionalHeader          ExtensionObject    Reserved for future use.
+// OpenSecureChannelResponse
+// documentation excerpt:
+// SecurityTokens have a finite lifetime negotiated with this Service. However, differences between the
+// system clocks on different machines and network latencies mean that valid Messages could arrive after the token has
+// expired. To prevent valid Messages from being discarded, the applications should do the following:
+// 1.  Clients should request a new SecurityTokens after 75% of its lifetime has elapsed. This should ensure that Clients
+//     will receive the new SecurityToken before the old one actually expires.
+// 2.  Servers should use the existing SecurityToken to secure outgoing  Messages until the SecurityToken expires or the
+//     Server receives a Message secured with a new SecurityToken.
+//     This should ensure that Clients do not reject Messages secured with the new SecurityToken that arrive before
+//     the Client receives the new SecurityToken.
+// 3.  Clients should accept Messages secured by an expired SecurityToken for up to 25% of the token lifetime.
+//     This should ensure that  Messages sent by the Server before the token expired are not rejected because of
+//     network delays.
+// Node-opcua raised a issue in mantis => issue 2895
+// BUG: the specification 1.02 says in part 4 $7.30
+//   SignatureData  is "signature" + "algorithm"
+//   however the schema file specifies:   "algorithm" + "signature" , Schema file is correct
+// SignatureData
+//   algorithm          String      The cryptography algorithm used to create the signature.
 node_opcua_assert_1.assert(node_opcua_types_1.SignatureData.schema.fields[0].name === "algorithm");
 node_opcua_types_1.SignatureData.schema.fields[0].defaultValue = () => null;
+//  signature           ByteString   The digital signature.
 node_opcua_assert_1.assert(node_opcua_types_1.SignatureData.schema.fields[1].name === "signature");
 node_opcua_types_1.SignatureData.schema.fields[1].defaultValue = () => null;
 //# sourceMappingURL=index.js.map

dist/message_security_mode.d.ts

@@ -0,2 +1,5 @@
+/**
+ * @module node-opcua-service-secure-channel
+ */
 import { MessageSecurityMode } from "node-opcua-types";
 export declare function coerceMessageSecurityMode(value?: number | string): MessageSecurityMode;

dist/message_security_mode.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.coerceMessageSecurityMode = void 0;
+/**
+ * @module node-opcua-service-secure-channel
+ */
 const node_opcua_types_1 = require("node-opcua-types");
@@ -5,0 +8,0 @@ function coerceMessageSecurityMode(value) {

dist/SymmetricAlgorithmSecurityHeader.d.ts

@@ -0,1 +1,4 @@
+/**
+ * @module node-opcua-service-secure-channel
+ */
 import { UInt32 } from "node-opcua-basic-types";
@@ -2,0 +5,0 @@ import { BinaryStream, OutputBinaryStream } from "node-opcua-binary-stream";

dist/SymmetricAlgorithmSecurityHeader.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SymmetricAlgorithmSecurityHeader = void 0;
+/**
+ * @module node-opcua-service-secure-channel
+ */
+// Symmetric algorithms are used to secure all messages other than the OpenSecureChannel messages
+// OPC UA Secure Conversation Message Header Release 1.02 Part 6 page 39
 const node_opcua_basic_types_1 = require("node-opcua-basic-types");
@@ -10,6 +15,10 @@ const node_opcua_factory_1 = require("node-opcua-factory");
     fields: [
+        // A unique identifier for the ClientSecureChannelLayer token used to secure the message
+        // This identifier is returned by the server in an OpenSecureChannel response message. If a
+        // Server receives a TokenId which it does not recognize it shall return an appropriate
+        // transport layer error.
         { name: "tokenId", fieldType: "UInt32", defaultValue: 0xDEADBEEF }
     ]
 });
-let SymmetricAlgorithmSecurityHeader = (() => {
+let SymmetricAlgorithmSecurityHeader = /** @class */ (() => {
     class SymmetricAlgorithmSecurityHeader extends node_opcua_factory_1.BaseUAObject {
@@ -23,2 +32,3 @@ constructor(options) {
         encode(stream) {
+            // call base class implementation first
             super.encode(stream);
@@ -28,2 +38,3 @@ node_opcua_basic_types_1.encodeUInt32(this.tokenId, stream);
         decode(stream) {
+            // call base class implementation first
             super.decode(stream);
@@ -30,0 +41,0 @@ this.tokenId = node_opcua_basic_types_1.decodeUInt32(stream);

package.json

 {
     "name": "node-opcua-service-secure-channel",
-    "version": "2.6.0-alpha.7",
+    "version": "2.6.1",
     "description": "pure nodejs OPCUA SDK - module -service-secure-channel",
@@ -13,10 +13,10 @@ "main": "./dist/index.js",
     "dependencies": {
-        "node-opcua-assert": "^2.6.0-alpha.1",
-        "node-opcua-basic-types": "^2.6.0-alpha.1",
-        "node-opcua-binary-stream": "^2.6.0-alpha.1",
-        "node-opcua-data-model": "^2.6.0-alpha.7",
-        "node-opcua-extension-object": "^2.6.0-alpha.7",
-        "node-opcua-factory": "^2.6.0-alpha.7",
-        "node-opcua-nodeid": "^2.6.0-alpha.1",
-        "node-opcua-types": "^2.6.0-alpha.7",
+        "node-opcua-assert": "^2.6.1",
+        "node-opcua-basic-types": "^2.6.1",
+        "node-opcua-binary-stream": "^2.6.1",
+        "node-opcua-data-model": "^2.6.1",
+        "node-opcua-extension-object": "^2.6.1",
+        "node-opcua-factory": "^2.6.1",
+        "node-opcua-nodeid": "^2.6.1",
+        "node-opcua-types": "^2.6.1",
         "underscore": "^1.10.2"
@@ -26,7 +26,7 @@ },
         "node-opcua-binary-stream": "2.5.9",
-        "node-opcua-buffer-utils": "^2.6.0-alpha.1",
-        "node-opcua-debug": "^2.6.0-alpha.1",
-        "node-opcua-generator": "^2.6.0-alpha.7",
-        "node-opcua-packet-analyzer": "^2.6.0-alpha.7",
-        "node-opcua-status-code": "^2.6.0-alpha.1",
+        "node-opcua-buffer-utils": "^2.6.1",
+        "node-opcua-debug": "^2.6.1",
+        "node-opcua-generator": "^2.6.1",
+        "node-opcua-packet-analyzer": "^2.6.1",
+        "node-opcua-status-code": "^2.6.1",
         "should": "^13.2.3"
@@ -49,3 +49,3 @@ },
     "homepage": "http://node-opcua.github.io/",
-    "gitHead": "6af0c6f183dcb96ddc5a2befc98851d0960c5fd0"
+    "gitHead": "15f0c0f83232fc63310dc04fea187048c7a01e4b"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42542

increased by23.89%

Lines of code

562

increased by23.25%

Number of low quality alerts

0

decreased by-100%

Dependency changes

• Updatednode-opcua-assert@^2.6.1

• Updatednode-opcua-basic-types@^2.6.1

• Updatednode-opcua-binary-stream@^2.6.1

• Updatednode-opcua-data-model@^2.6.1

• Updatednode-opcua-extension-object@^2.6.1

• Updatednode-opcua-factory@^2.6.1

• Updatednode-opcua-nodeid@^2.6.1

• Updatednode-opcua-types@^2.6.1