update to node-opcua-crypto@4 beta

package.json

@@ -130,7 +130,7 @@
         "memfs": "^4.2.0",
         "mkdirp": "1.0.4",
         "mocha-clean": "^1.0.0",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-pki": "4.2.1",
         "object.values": "^1.1.6",
         "pretty-ms": "^8.0.0",

packages/node-opcua-address-space-base/package.json

@@ -19,7 +19,7 @@
         "node-opcua-assert": "2.105.0",
         "node-opcua-basic-types": "2.108.0",
         "node-opcua-constants": "2.98.1",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-data-model": "2.108.0",
         "node-opcua-data-value": "2.108.0",
         "node-opcua-date-time": "2.108.0",

packages/node-opcua-address-space/package.json

@@ -28,7 +28,7 @@
         "node-opcua-binary-stream": "2.108.0",
         "node-opcua-client-dynamic-extension-object": "2.108.0",
         "node-opcua-constants": "2.98.1",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-data-access": "2.108.0",
         "node-opcua-data-model": "2.108.0",
         "node-opcua-data-value": "2.108.0",

packages/node-opcua-certificate-manager/package.json

@@ -16,7 +16,7 @@
         "env-paths": "2.2.1",
         "mkdirp": "1.0.4",
         "node-opcua-assert": "2.105.0",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-debug": "2.108.0",
         "node-opcua-object-registry": "2.108.0",
         "node-opcua-pki": "4.2.1",

packages/node-opcua-chunkmanager/source/chunk_manager.ts

@@ -219,7 +219,7 @@ export class ChunkManager extends EventEmitter {
             const sectionToSign = chunk.subarray(0, signatureStart);
 
             const signature = this.signBufferFunc(sectionToSign);
-            assert(signature.length === this.signatureLength);
+            assert(signature.length === this.signatureLength , "expecting signature length to match");
 
             signature.copy(chunk, signatureStart);
         } else {

packages/node-opcua-client/package.json

@@ -24,7 +24,7 @@
         "node-opcua-client-dynamic-extension-object": "2.108.0",
         "node-opcua-common": "2.108.0",
         "node-opcua-constants": "2.98.1",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-data-model": "2.108.0",
         "node-opcua-data-value": "2.108.0",
         "node-opcua-date-time": "2.108.0",

packages/node-opcua-client/source/private/opcua_client_impl.ts

@@ -2,13 +2,13 @@
  * @module node-opcua-client-private
  */
 import { callbackify } from "util";
-import { randomBytes, createPublicKey, createPrivateKey } from "crypto";
+import { randomBytes, createPublicKey } from "crypto";
 import * as async from "async";
 import chalk from "chalk";
 
 import { assert } from "node-opcua-assert";
 import { createFastUninitializedBuffer } from "node-opcua-buffer-utils";
-import { Certificate, exploreCertificate, extractPublicKeyFromCertificateSync, Nonce, PrivateKey, toPem } from "node-opcua-crypto";
+import { Certificate, exploreCertificate, extractPublicKeyFromCertificateSync, makePrivateKeyFromPem, PrivateKey, Nonce, toPem } from "node-opcua-crypto";
 
 import { LocalizedText } from "node-opcua-data-model";
 import { checkDebugFlag, make_debugLog, make_errorLog, make_warningLog } from "node-opcua-debug";
@@ -1257,7 +1257,7 @@ export class OPCUAClientImpl extends ClientBaseImpl implements OPCUAClient {
 
                 case UserTokenType.Certificate: {
                     const certificate = userIdentityInfo.certificateData;
-                    const privateKey = createPrivateKey(userIdentityInfo.privateKey);
+                    const privateKey = makePrivateKeyFromPem(userIdentityInfo.privateKey);
                     ({ userIdentityToken, userTokenSignature } = createX509IdentityToken(context, certificate, privateKey));
                     break;
                 }

packages/node-opcua-common/package.json

@@ -12,7 +12,7 @@
     "types": "./dist/index.d.ts",
     "dependencies": {
         "node-opcua-assert": "2.105.0",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-types": "2.108.0"
     },
     "devDependencies": {

packages/node-opcua-end2end-test/package.json

@@ -26,7 +26,7 @@
         "node-opcua-client-crawler": "2.108.0",
         "node-opcua-client-proxy": "2.108.0",
         "node-opcua-constants": "2.98.1",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-debug": "2.108.0",
         "node-opcua-extension-object": "2.108.0",
         "node-opcua-factory": "2.108.0",

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_issue985.ts

@@ -26,7 +26,7 @@ import {
     NodeId,
     UserManagerOptions
 } from "node-opcua";
-import { readCertificate, readPrivateKey, readPrivateKeyPEM } from "node-opcua-crypto";
+import { coercePrivateKeyPem, readCertificate, readPrivateKey } from "node-opcua-crypto";
 import { createServerCertificateManager } from "../../test_helpers/createServerCertificateManager";
 const warningLog = make_warningLog("TEST");
 
@@ -182,8 +182,9 @@ describe("test reconnection when server stops and change it privateKey and certi
 
         let _err: Error | undefined;
 
-        const privateKeyBefore = readPrivateKeyPEM(server.privateKeyFile);
-        const privateKeyAfter = await (async () => {
+        const privateKeyBefore = readPrivateKey(server.privateKeyFile);
+
+        const privateKeyAfter = await(async () => {
             try {
                 await server.shutdown();
                 warningLog("server has shutdown");
@@ -196,9 +197,14 @@ describe("test reconnection when server stops and change it privateKey and certi
                 // make sure private key is deleted so it can be regenerated automatically
                 fs.unlinkSync(server.privateKeyFile);
                 fs.unlinkSync(server.certificateFile);
+                fs.existsSync(server.privateKeyFile).should.eql(false);
+                fs.existsSync(server.certificateFile).should.eql(false);
 
                 warningLog("restarting server - with a different private key");
                 server = await startServer();
+                fs.existsSync(server.privateKeyFile).should.eql(true);
+                fs.existsSync(server.certificateFile).should.eql(true);
+
                 warningLog("server restarted");
 
                 const privateKeyAfter = readPrivateKey(server.privateKeyFile);
@@ -213,16 +219,22 @@ describe("test reconnection when server stops and change it privateKey and certi
             } catch (err) {
                 console.log(err);
                 _err = err as Error;
+                throw err;
             } finally {
                 await session.close();
                 await client.disconnect();
                 await server.shutdown();
             }
-            return "";
         })();
 
         should.not.exist(_err);
-        privateKeyAfter.should.not.eql(privateKeyBefore, "expecting a different server private key");
+
+        const privateKeyPemAfter = coercePrivateKeyPem(privateKeyAfter);
+        const privateKeyPemBefore = coercePrivateKeyPem(privateKeyBefore);
+        //xx console.log("privateKeyPemBefore", privateKeyPemBefore);
+        //xx console.log("privateKeyPemAfter", privateKeyPemAfter);
+
+        privateKeyPemAfter.should.not.eql(privateKeyPemBefore, "expecting a different server private key");
     }
     it("T1- server should not crash when client re-establishes the connection - encrypted", async () => {
         await test(SecurityPolicy.Basic256Sha256, MessageSecurityMode.SignAndEncrypt, 10000, 5000);
@@ -370,12 +382,12 @@ describe("test reconnection when server stops and change it privateKey and certi
         const clientCertificateFilename = path.join(certificateFolder, "client_cert_2048.pem");
         const clientCertificate = readCertificate(clientCertificateFilename);
         const clientPrivateKeyFilename = path.join(certificateFolder, "client_key_2048.pem");
-        const privateKey = readPrivateKeyPEM(clientPrivateKeyFilename);
-
+        const privateKey = readPrivateKey(clientPrivateKeyFilename);
+        const privateKeyPem = coercePrivateKeyPem(privateKey);
         try {
             const userIdentity: UserIdentityInfoX509 = {
                 certificateData: clientCertificate,
-                privateKey,
+                privateKey: privateKeyPem,
                 type: UserTokenType.Certificate
             };
 

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_session_with_X509IdentityToken.ts

@@ -6,7 +6,7 @@ import { get_empty_nodeset_filename, OPCUACertificateManager, OPCUAClient, OPCUA
 import { UserIdentityInfoX509, UserTokenType } from "node-opcua-client";
 
 import should from "should";
-import { readCertificate, readPrivateKeyPEM, PrivateKeyPEM   } from "node-opcua-crypto";
+import { readCertificate, readPrivateKey, coercePrivateKeyPem } from "node-opcua-crypto";
 import { Certificate, readCertificateRevocationList } from "node-opcua-crypto";
 
 const empty_nodeset_filename = get_empty_nodeset_filename();
@@ -77,10 +77,13 @@ describe("Testing Session with user certificate", () => {
     after(endServer);
 
     const clientPrivateKeyFilename = path.join(certificateFolder, "client_key_2048.pem");
-    const privateKey: PrivateKeyPEM = readPrivateKeyPEM(clientPrivateKeyFilename);
+    const privateKey1 = readPrivateKey(clientPrivateKeyFilename);
+    const privateKeyPem = coercePrivateKeyPem(privateKey1);
 
     const wrongClientPrivateKeyFilename = path.join(certificateFolder, "server_key_2048.pem");
-    const wrongPrivateKey: PrivateKeyPEM = readPrivateKeyPEM(wrongClientPrivateKeyFilename);
+
+    const wrongPrivateKey1 = readPrivateKey(wrongClientPrivateKeyFilename);
+    const wrongPrivateKey = coercePrivateKeyPem(wrongPrivateKey1);
 
     const clientCertificateFilename = path.join(certificateFolder, "client_cert_2048.pem");
     const clientCertificate: Certificate = readCertificate(clientCertificateFilename);
@@ -114,7 +117,7 @@ describe("Testing Session with user certificate", () => {
 
         const userIdentity: UserIdentityInfoX509 = {
             certificateData: clientCertificate,
-            privateKey,
+            privateKey: privateKeyPem,
             type: UserTokenType.Certificate
         };
         const session = await client!.createSession(userIdentity);
@@ -126,7 +129,7 @@ describe("Testing Session with user certificate", () => {
 
         const userIdentity: UserIdentityInfoX509 = {
             certificateData: clientCertificate,
-            privateKey,
+            privateKey: privateKeyPem,
             type: UserTokenType.Certificate
         };
         let exceptionCaught: Error | null = null;
@@ -144,7 +147,7 @@ describe("Testing Session with user certificate", () => {
     it("should fail to create a session with a invalid client certificate (out-of-date)", async () => {
         const userIdentity: UserIdentityInfoX509 = {
             certificateData: invalidClientCertificate,
-            privateKey,
+            privateKey: privateKeyPem,
             type: UserTokenType.Certificate
         };
         let exceptionCaught: Error | null = null;
@@ -160,7 +163,7 @@ describe("Testing Session with user certificate", () => {
     it("should fail to create a session with a invalid client certificate (not_active_yet)", async () => {
         const userIdentity: UserIdentityInfoX509 = {
             certificateData: notActiveClientCertificate,
-            privateKey,
+            privateKey: privateKeyPem,
             type: UserTokenType.Certificate
         };
         let exceptionCaught: Error | null = null;

packages/node-opcua-samples/package.json

@@ -28,7 +28,7 @@
         "node-opcua-assert": "2.105.0",
         "node-opcua-client-crawler": "2.108.0",
         "node-opcua-client-proxy": "2.108.0",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-packet-analyzer": "2.108.0",
         "node-opcua-pki": "4.2.1",
         "node-opcua-server-configuration": "2.108.0",

packages/node-opcua-secure-channel/package.json

@@ -20,7 +20,7 @@
         "node-opcua-certificate-manager": "2.108.0",
         "node-opcua-chunkmanager": "2.108.0",
         "node-opcua-common": "2.108.0",
-        "node-opcua-crypto": "3.1.0",
+        "node-opcua-crypto": "4.0.0-beta.0",
         "node-opcua-debug": "2.108.0",
         "node-opcua-factory": "2.108.0",
         "node-opcua-nodeid": "2.108.0",

packages/node-opcua-secure-channel/source/message_builder.ts

@@ -315,7 +315,7 @@ export class MessageBuilder extends MessageBuilderBase {
         } catch (err) {
             // this may happen if the message is not well formed or has been altered
             // we better off reporting an error and abort the communication
-            return this._report_error(StatusCodes2.BadTcpInternalError, types.isNativeError(err)? err.message : " err");
+            return this._report_error(StatusCodes2.BadTcpInternalError, types.isNativeError(err) ? err.message : " err");
         }
 
         if (!this.objectFactory.hasConstructor(id)) {

packages/node-opcua-secure-channel/source/security_policy.ts

@@ -20,7 +20,6 @@ import {
     Nonce,
     privateDecrypt_long,
     PrivateKey,
-
     publicEncrypt_long,
     PublicKey,
 
@@ -233,7 +232,6 @@ function RSAPKCS1OAEPSHA256_Verify(buffer: Buffer, signature: Signature, certifi
 }
 
 function RSAPKCS1V15SHA1_Sign(buffer: Buffer, privateKey: PrivateKey): Buffer {
-    assert(!((privateKey as any) instanceof Buffer), "privateKey should not be a Buffer but a PEM");
     const params = {
         algorithm: "RSA-SHA1",
         privateKey,
@@ -243,9 +241,6 @@ function RSAPKCS1V15SHA1_Sign(buffer: Buffer, privateKey: PrivateKey): Buffer {
 }
 
 function RSAPKCS1V15SHA256_Sign(buffer: Buffer, privateKey: PrivateKey): Buffer {
-    // xx    if (privateKey instanceof Buffer) {
-    // xx        privateKey = toPem(privateKey, "RSA PRIVATE KEY");
-    // xx   }
     const params = {
         algorithm: "RSA-SHA256",
         privateKey,
@@ -318,7 +313,7 @@ export interface CryptoFactory {
     maximumAsymmetricKeyLength: number;
 
     asymmetricVerifyChunk: (self: CryptoFactory, chunk: Buffer, certificate: Certificate) => boolean;
-    asymmetricSign: (buffer: Buffer, publicKey: PublicKey) => Buffer;
+    asymmetricSign: (buffer: Buffer, privateKey: PrivateKey) => Buffer;
     asymmetricVerify: (buffer: Buffer, signature: Signature, certificate: Certificate) => boolean;
 
     asymmetricEncrypt: (buffer: Buffer, publicKey: PublicKey) => Buffer;

packages/node-opcua-secure-channel/source/server/server_secure_channel_layer.ts

@@ -520,7 +520,6 @@ export class ServerSecureChannelLayer extends EventEmitter {
     public getPrivateKey(): PrivateKey {
         if (!this.parent) {
             return invalidPrivateKey;
-            // throw new Error("getPrivateKey : cannot get PrivateKey");
         }
         return this.parent.getPrivateKey();
     }
@@ -1062,7 +1061,6 @@ export class ServerSecureChannelLayer extends EventEmitter {
         }
         return null;
     }
-
     private _get_security_options_for_MSG(): SecureMessageChunkManagerOptionsPartial | null {
         if (this.securityMode === MessageSecurityMode.None) {
             return null;

packages/node-opcua-secure-channel/test/test_security_policy.js

@@ -2,7 +2,7 @@
 
 const { randomBytes } = require("crypto");
 const should = require("should");
-const { readCertificate, readPrivateKeyPEM } = require("node-opcua-crypto");
+const { readCertificate, readPrivateKey } = require("node-opcua-crypto");
 const { getFixture } = require("node-opcua-test-fixtures");
 
 
@@ -41,7 +41,7 @@ describe("Security Policy computeSignature, verifySignature", function () {
     const senderCertificate = readCertificate(getFixture("certs/server_cert_2048.pem"));
     const senderNonce = randomBytes(32);
 
-    const receiverPrivateKey = readPrivateKeyPEM(getFixture("certs/client_key_1024.pem"));
+    const receiverPrivateKey = readPrivateKey(getFixture("certs/client_key_1024.pem"));
     const receiverCertificate = readCertificate(getFixture("certs/client_cert_1024.pem"));
 
     const securityPolicy = SecurityPolicy.Basic256;