How to use the node-opcua-crypto.toPem function in node-opcua-crypto

const pki_folder = process.cwd() + "/pki";

    // istanbul ignore next
    if (!fs.existsSync(pki_folder)) {
        fs.mkdirSync(pki_folder);
    }
    const pki_untrusted_folder = path.join(pki_folder, "untrusted");

    // istanbul ignore next
    if (!fs.existsSync(pki_untrusted_folder)) {
        fs.mkdirSync(pki_untrusted_folder);
    }
    const thumbprint = crypto_utils.makeSHA1Thumbprint(serverCertificate);

    const certificate_filename = path.join(pki_untrusted_folder, thumbprint.toString("hex") + ".pem");
    fs.writeFile(certificate_filename, crypto_utils.toPem(serverCertificate, "CERTIFICATE"), function () {
        setImmediate(callback);
    });

}

let identityToken;
    let serverCertificate = session.serverCertificate;
    // if server does not provide certificate use unencrypted password
    if (!serverCertificate) {
        identityToken = new UserNameIdentityToken({
            encryptionAlgorithm: null,
            password: Buffer.from(password, "utf-8"),
            policyId: userTokenPolicy ? userTokenPolicy.policyId : null,
            userName: userName,
        });
        return identityToken;
    }

    assert(serverCertificate instanceof Buffer);
    serverCertificate = crypto_utils.toPem(serverCertificate, "CERTIFICATE");
    const publicKey = crypto_utils.extractPublicKeyFromCertificateSync(serverCertificate);

    let serverNonce = session.serverNonce || Buffer.alloc(0);
    assert(serverNonce instanceof Buffer);

    // If None is specified for the UserTokenPolicy and SecurityPolicy is None
    // then the password only contains the UTF-8 encoded password.
    // note: this means that password is sent in clear text to the server
    // note: OPCUA specification discourages use of unencrypted password
    //       but some old OPCUA server may only provide this policy and we
    //       still have to support in the client?
    if (securityPolicy === SecurityPolicy.None) {
        identityToken = new UserNameIdentityToken({
            encryptionAlgorithm: null,
            password: Buffer.from(password, "utf-8"),
            policyId: userTokenPolicy.policyId,

table.cell("Application URI", endpoint.server.applicationUri);
        table.cell("Product URI", endpoint.server.productUri);
        table.cell("Application Name", endpoint.server.applicationName.text);
        table.cell("Security Mode", MessageSecurityMode[endpoint.securityMode].toString());
        table.cell("securityPolicyUri", endpoint.securityPolicyUri);
        table.cell("Type", ApplicationType[endpoint.server.applicationType]);
        table.cell("certificate", "..." /*endpoint.serverCertificate*/);
        endpoint.server.discoveryUrls = endpoint.server.discoveryUrls || [];
        table.cell("discoveryUrls", endpoint.server.discoveryUrls.join(" - "));

        serverCertificate = endpoint.serverCertificate;

        const certificate_filename = path.join(__dirname, "../certificates/PKI/server_certificate" + i + ".pem");

        if (serverCertificate) {
            fs.writeFile(certificate_filename, toPem(serverCertificate, "CERTIFICATE"), () => {/**/
            });
        }
        table.newRow();
        i++;
    }
    console.log(table.toString());

    for (const endpoint of endpoints) {
        console.log("Identify Token for : Security Mode=", endpoint.securityMode.toString(), " Policy=", endpoint.securityPolicyUri);
        const table2 = new Table();
        for (const token of endpoint.userIdentityTokens!) {
            table2.cell("policyId", token.policyId);
            table2.cell("tokenType", token.tokenType.toString());
            table2.cell("issuedTokenType", token.issuedTokenType);
            table2.cell("issuerEndpointUrl", token.issuerEndpointUrl);
            table2.cell("securityPolicyUri", token.securityPolicyUri);

function RSAPKCS1V15SHA1_Verify(buffer: Buffer, signature: Signature, certificate: Certificate): boolean {
    assert(certificate instanceof Buffer);
    assert(signature instanceof Buffer);
    const options = {
        algorithm: "RSA-SHA1",
        publicKey: toPem(certificate, "CERTIFICATE"),
        signatureLength: 0,
    };
    return verifyMessageChunkSignature(buffer, signature, options);
}

function RSAPKCS1V15SHA1_Sign(buffer, privateKey) {

    if (privateKey instanceof Buffer) {
        privateKey = crypto_utils.toPem(privateKey, "RSA PRIVATE KEY");
    }
    const params = {
        signatureLength: crypto_utils.rsa_length(privateKey),
        algorithm: "RSA-SHA1",
        privateKey: privateKey
    };
    return crypto_utils.makeMessageChunkSignature(buffer, params);
}

function RSAPKCS1V15SHA1_Verify(buffer, signature, certificate) {
    assert(certificate instanceof Buffer);
    assert(signature instanceof Buffer);
    const options = {
        algorithm: "RSA-SHA1",
        publicKey: crypto_utils.toPem(certificate, "CERTIFICATE")
    };
    return crypto_utils.verifyMessageChunkSignature(buffer, signature, options);
}
const RSAPKCS1OAEPSHA1_Verify = RSAPKCS1V15SHA1_Verify;

function RSAPKCS1OAEPSHA256_Verify(buffer: Buffer, signature: Signature, certificate: Certificate): boolean {
    const options = {
        algorithm: "RSA-SHA256",
        publicKey: toPem(certificate, "CERTIFICATE"),
        signatureLength: 0
    };
    return verifyMessageChunkSignature(buffer, signature, options);
}

function RSAPKCS1OAEPSHA256_Verify(buffer, signature, certificate) {
    const options = {
        algorithm: "RSA-SHA256",
        publicKey: crypto_utils.toPem(certificate, "CERTIFICATE")
    };
    return crypto_utils.verifyMessageChunkSignature(buffer, signature, options);
}