本文整理汇总了TypeScript中node-opcua-crypto.makeSHA1Thumbprint函数的典型用法代码示例。如果您正苦于以下问题:TypeScript makeSHA1Thumbprint函数的具体用法?TypeScript makeSHA1Thumbprint怎么用?TypeScript makeSHA1Thumbprint使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了makeSHA1Thumbprint函数的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的TypeScript代码示例。
示例1: it
it("should provide rejected list", async () => {
// Given 2 rejected certificates , in two different groups
// at 2 different time
await pushManager.applicationGroup!.rejectCertificate(cert1);
await new Promise((resolve) => setTimeout(resolve, 150));
await pushManager.userTokenGroup!.rejectCertificate(cert2);
// When I call getRejectedList
const result = await pushManager.getRejectedList();
// Then I should retrieve those 2 certificates
result.statusCode.should.eql(StatusCodes.Good);
result.certificates!.should.be.instanceOf(Array);
result.certificates!.length.should.eql(2);
// And their thumbprint should match the expected one
const thumbprint1 = makeSHA1Thumbprint(result.certificates![0]).toString("hex");
const thumbprint2 = makeSHA1Thumbprint(result.certificates![1]).toString("hex");
const thumbprints = [thumbprint1, thumbprint2 ].sort();
const certs = [
makeSHA1Thumbprint(cert1).toString("hex"),
makeSHA1Thumbprint(cert2).toString("hex") ].sort();
// And the most recent certificate should come first
thumbprints[0].should.eql(certs[0]);
thumbprints[1].should.eql(certs[1]);
});
示例2: verifyServer
function verifyServer(server: OPCUAServer) {
debugLog("---------------------------------------------------------------");
const certificateChain1 = server.getCertificateChain();
debugLog("server.getCertificateChain() =",
makeSHA1Thumbprint(certificateChain1).toString("hex") + " l=" + certificateChain1.length);
const privateKey1 = convertPEMtoDER(server.getPrivateKey());
debugLog("server.getPrivateKey() =",
makeSHA1Thumbprint(privateKey1).toString("hex"));
const match = certificateMatchesPrivateKey(certificateChain1, privateKey1);
debugLog("math =", match);
for (const endpoint of server.endpoints) {
debugLog("endpoint ", endpoint.toString());
for (const e of endpoint.endpointDescriptions()) {
const certificateChain3 = e.serverCertificate;
debugLog("endpoint certificate =",
makeSHA1Thumbprint(certificateChain3).toString("hex") + " l=" + certificateChain3.length);
// xx console.log(e.toString());
}
}
debugLog("---------------------------------------------------------------");
}
示例3: beforeEach
beforeEach(async () => {
const pkiFolder = path.join(temporaryFolder1, "pki");
if (!fs.existsSync(pkiFolder)) {
await rimraf.sync(pkiFolder);
}
if (fs.existsSync(temporaryFolder1)) {
await rimraf.sync(temporaryFolder1);
await fs.mkdirSync(temporaryFolder1);
}
if (fs.existsSync(temporaryFolder2)) {
await rimraf.sync(temporaryFolder2);
await fs.mkdirSync(temporaryFolder2);
}
acceptingCertificateMgr = new OPCUACertificateManager({
automaticallyAcceptUnknownCertificate: true,
rootFolder: temporaryFolder1
});
rejectingCertificateMgr = new OPCUACertificateManager({
automaticallyAcceptUnknownCertificate: false,
rootFolder: temporaryFolder2
});
certificate = await readCertificate(certificate1File);
certificateThumbprint = makeSHA1Thumbprint(certificate).toString("hex");
await acceptingCertificateMgr.initialize();
await rejectingCertificateMgr.initialize();
});
示例4: _verify_serverCertificate
/**
* check if certificate is trusted or untrusted
*/
function _verify_serverCertificate(serverCertificate: Certificate, callback: ErrorCallback) {
// todo:
// - use Certificate manager to deal with trusted/ untrusted certificate
// - add certificate verification and validity check
const pkiFolder = process.cwd() + "/pki";
// istanbul ignore next
if (!fs.existsSync(pkiFolder)) {
fs.mkdirSync(pkiFolder);
}
const pkiRejectedCertificateFolder = path.join(pkiFolder, "rejected");
// istanbul ignore next
if (!fs.existsSync(pkiRejectedCertificateFolder)) {
fs.mkdirSync(pkiRejectedCertificateFolder);
}
const thumbprint = makeSHA1Thumbprint(serverCertificate);
const certificateFilename = path.join(pkiRejectedCertificateFolder, thumbprint.toString("hex") + ".pem");
fs.writeFile(certificateFilename, toPem(serverCertificate, "CERTIFICATE"), () => {
setImmediate(callback);
});
}
示例5: getCertificateChainEP
function getCertificateChainEP(this: OPCUAServerEndPoint): Certificate {
const certificateFile = path.join(this.certificateManager.rootDir, "own/certs/certificate.pem");
const certificatePEM = fs.readFileSync(certificateFile, "utf8");
const $$certificateChain = convertPEMtoDER(certificatePEM);
const thumbprint = makeSHA1Thumbprint($$certificateChain);
return $$certificateChain;
}
示例6: stopOnGoingConnection
async function stopOnGoingConnection() {
debugLog("stopping");
await new Promise((resolve) => setTimeout(resolve, 5000));
debugLog("stopOnGoingConnection - Server certificate is now ",
makeSHA1Thumbprint(onGoingClient.serverCertificate!).toString("base64"));
await onGoingSession.close();
await onGoingClient.disconnect();
}
示例7: _prepare_security_header
/**
* @method _prepare_security_header
* @param request
* @param message
* @return {AsymmetricAlgorithmSecurityHeader}
* @private
*/
private _prepare_security_header(request: OpenSecureChannelRequest, message: Message): AsymmetricAlgorithmSecurityHeader {
let securityHeader = null;
// senderCertificate:
// The X509v3 certificate assigned to the sending application instance.
// This is a DER encoded blob.
// This indicates what private key was used to sign the MessageChunk.
// This field shall be null if the message is not signed.
// receiverCertificateThumbprint:
// The thumbprint of the X509v3 certificate assigned to the receiving application
// The thumbprint is the SHA1 digest of the DER encoded form of the certificate.
// This indicates what public key was used to encrypt the MessageChunk
// This field shall be null if the message is not encrypted.
switch (request.securityMode) {
case MessageSecurityMode.None:
securityHeader = new AsymmetricAlgorithmSecurityHeader({
receiverCertificateThumbprint: null, // message not encrypted
securityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#None",
senderCertificate: null // message not signed
});
break;
case MessageSecurityMode.Sign:
case MessageSecurityMode.SignAndEncrypt:
default: {
// get the thumbprint of the client certificate
const thumbprint = this.receiverCertificate
? makeSHA1Thumbprint(this.receiverCertificate)
: null;
if (!this.clientSecurityHeader) {
throw new Error("Internal");
}
const asymmClientSecurityHeader = this.clientSecurityHeader as AsymmetricAlgorithmSecurityHeader;
securityHeader = new AsymmetricAlgorithmSecurityHeader({
receiverCertificateThumbprint: thumbprint, // message not encrypted (????)
securityPolicyUri: asymmClientSecurityHeader.securityPolicyUri,
senderCertificate: this.getCertificateChain() // certificate of the private key used to sign the message
});
}
}
return securityHeader;
}
示例8: makeSHA1Thumbprint
this._getCertificateStatus(certificate, (err: Error|null, status0?: "unknown" | "trusted" | "rejected") => {
if (err) { return callback!(err); }
if (status0 === "unknown") {
const thumbprint = makeSHA1Thumbprint(certificate).toString("hex");
// certificate has not bee seen before
errorLog("Certificate with thumbprint " + thumbprint + "has not been seen before");
if (this.automaticallyAcceptUnknownCertificate) {
errorLog("automaticallyAcceptUnknownCertificate = true");
errorLog("certificate with thumbprint " + thumbprint + " is now trusted");
this.trustCertificate(certificate, checkCertificateStep2);
} else {
errorLog("automaticallyAcceptUnknownCertificate = false");
errorLog("certificate with thumbprint " + thumbprint + " is now rejected");
this.rejectCertificate(certificate, checkCertificateStep2);
}
} else {
checkCertificateStep2(null);
}
});
示例9: _check_receiverCertificateThumbprint
/**
* @method _check_receiverCertificateThumbprint
* verify that the receiverCertificateThumbprint send by the client
* matching the CertificateThumbPrint of the server
* @param clientSecurityHeader
* @return true if the receiver certificate thumbprint matches the server certificate
* @private
*/
private _check_receiverCertificateThumbprint(clientSecurityHeader: SecurityHeader): boolean {
if (clientSecurityHeader instanceof SymmetricAlgorithmSecurityHeader) {
return false;
}
if (clientSecurityHeader.receiverCertificateThumbprint) {
// check if the receiverCertificateThumbprint is my certificate thumbprint
const serverCertificateChain = this.getCertificateChain();
const myCertificateThumbPrint = makeSHA1Thumbprint(serverCertificateChain);
const thisIsMyCertificate =
myCertificateThumbPrint.toString("hex") ===
clientSecurityHeader.receiverCertificateThumbprint.toString("hex");
if (doDebug && !thisIsMyCertificate) {
debugLog("receiverCertificateThumbprint do not match server certificate",
myCertificateThumbPrint.toString("hex") + " <> "
+ clientSecurityHeader.receiverCertificateThumbprint.toString("hex"));
}
return thisIsMyCertificate;
}
return true;
}
示例10: _decrypt_OPN
private _decrypt_OPN(binaryStream: BinaryStream): boolean {
assert(this.securityPolicy !== SecurityPolicy.None);
assert(this.securityPolicy !== SecurityPolicy.Invalid);
assert(this.securityMode !== MessageSecurityMode.None);
assert(this.securityHeader instanceof AsymmetricAlgorithmSecurityHeader);
const asymmetricAlgorithmSecurityHeader = this.securityHeader! as AsymmetricAlgorithmSecurityHeader;
/* istanbul ignore next */
if (doDebug) {
debugLog("securityHeader = {");
debugLog(" securityPolicyId: ", asymmetricAlgorithmSecurityHeader.securityPolicyUri);
debugLog(" senderCertificate: ",
makeSHA1Thumbprint(asymmetricAlgorithmSecurityHeader.senderCertificate).toString("hex"));
debugLog("};");
}
// OpcUA part 2 V 1.02 page 15
// 4.11 OPC UA Security Related Services
// [...]
// The OPC UA Client sends its Public Key in a Digital Certificate and secret information with the
// OpenSecureChannel service Message to the Server. This Message is secured by applying
// Asymmetric Encryption with the Server's Public Key and by generating Asymmetric Signatures with
// the Client's Private Key. However the Digital Certificate is sent unencrypted so that the receiver can
// use it to verify the Asymmetric Signature.
// [...]
//
/* istanbul ignore next */
if (doDebug) {
debugLog(chalk.cyan("EN------------------------------"));
// xx debugLog(hexDump(binaryStream.buffer, 32, 0xFFFFFFFF));
debugLog("---------------------- SENDER CERTIFICATE");
debugLog("thumbprint ", makeSHA1Thumbprint(asymmetricAlgorithmSecurityHeader.senderCertificate).toString("hex"));
}
if (!this.cryptoFactory) {
this._report_error(" Security Policy " + this.securityPolicy + " is not implemented yet");
return false;
}
// The message has been signed with sender private key and has been encrypted with receiver public key.
// We shall decrypt it with the receiver private key.
const buf = binaryStream.buffer.slice(binaryStream.length);
if (asymmetricAlgorithmSecurityHeader.receiverCertificateThumbprint) {
// this mean that the message has been encrypted ....
assert(this.privateKey !== invalidPrivateKey, "expecting a valid private key");
const decryptedBuffer = this.cryptoFactory.asymmetricDecrypt(buf, this.privateKey);
// replace decrypted buffer in initial buffer
decryptedBuffer.copy(binaryStream.buffer, binaryStream.length);
// adjust length
binaryStream.buffer = binaryStream.buffer.slice(0, binaryStream.length + decryptedBuffer.length);
/* istanbul ignore next */
if (doDebug) {
debugLog(chalk.cyan("DE-----------------------------"));
// debugLog(hexDump(binaryStream.buffer));
debugLog(chalk.cyan("-------------------------------"));
const thumbprint = makeSHA1Thumbprint(asymmetricAlgorithmSecurityHeader.senderCertificate);
debugLog("Certificate thumbprint:", thumbprint.toString("hex"));
}
}
const cert = exploreCertificateInfo(asymmetricAlgorithmSecurityHeader.senderCertificate);
// then verify the signature
const signatureLength = cert.publicKeyLength; // 1024 bits = 128Bytes or 2048=256Bytes or 3072 or 4096
assert(signatureLength === 128 ||
signatureLength === 256 ||
signatureLength === 384 ||
signatureLength === 512);
const chunk = binaryStream.buffer;
const signatureIsOK = asymmetricVerifyChunk(this.cryptoFactory, chunk, asymmetricAlgorithmSecurityHeader.senderCertificate);
if (!signatureIsOK) {
/* istanbul ignore next */
if (doDebug) {
debugLog(hexDump(binaryStream.buffer));
}
this._report_error("Sign and Encrypt asymmetricVerify : Invalid packet signature");
return false;
}
// remove signature
binaryStream.buffer = reduceLength(binaryStream.buffer, signatureLength);
// remove padding
if (asymmetricAlgorithmSecurityHeader.receiverCertificateThumbprint) {
binaryStream.buffer = removePadding(binaryStream.buffer);
}
return true; // success
//.........这里部分代码省略.........