NodeOPCUA API Documentation
    Preparing search index...

    Interface ICertificateStore

    interface ICertificateStore {
        referenceCounter: number;
        addIssuer(
            certificate: DER,
            validate?: boolean,
            addInTrustList?: boolean,
        ): Promise<unknown>;
        addRevocationList(
            crl: DER,
            target?: "issuers" | "trusted",
        ): Promise<unknown>;
        checkCertificate(certificate: DER | DER[]): Promise<StatusCode>;
        dispose(): Promise<void>;
        getTrustStatus(certificate: DER): Promise<StatusCode>;
        initialize(): Promise<void>;
        rejectCertificate(certificate: DER | DER[]): Promise<void>;
        trustCertificate(certificate: DER | DER[]): Promise<void>;
        verifyCertificate(
            certificate: DER | DER[],
            options?: { acceptOutdatedCertificate?: boolean },
        ): Promise<string>;
    }

    Implemented by

    Index

    Properties

    referenceCounter

    Methods

    addIssuer addRevocationList checkCertificate dispose getTrustStatus initialize rejectCertificate trustCertificate verifyCertificate

    Properties

    referenceCounter: number

    Shared ownership counter.

    Multiple clients/servers may share the same store. dispose() only releases resources when the counter reaches zero — preventing premature cleanup.

    Methods

    • Register an issuer (CA) certificate so that certificates signed by this CA can be validated.

      Parameters

      • certificate: DER

        the issuer certificate (DER)

      • Optionalvalidate: boolean

        whether to validate the issuer cert itself (default: true)

      • OptionaladdInTrustList: boolean

        also add to the trusted list

      Returns Promise<unknown>

    • Register a Certificate Revocation List so that revoked certificates can be detected during validation.

      Parameters

      • crl: DER

        the CRL (DER-encoded)

      • Optionaltarget: "issuers" | "trusted"

        which folder/set to store the CRL in

      Returns Promise<unknown>

    • Check a peer certificate against the trust store.

      Returns StatusCodes.Good if trusted, StatusCodes.BadCertificateUntrusted if unknown/rejected, or another StatusCode for validation failures.

      Parameters

      • certificate: DER | DER[]

      Returns Promise<StatusCode>

    • Dispose of the store, releasing resources (watchers, handles). Only actually releases when referenceCounter reaches zero.

      Returns Promise<void>

    • Check whether a certificate is currently trusted.

      Parameters

      • certificate: DER

      Returns Promise<StatusCode>

    • Initialize the store (create dirs, load state).

      Returns Promise<void>

    • Move a certificate to the rejected store. If previously trusted, it will be removed from the trusted set.

      Parameters

      • certificate: DER | DER[]

      Returns Promise<void>

    • Move a certificate to the trusted store. If previously rejected, it will be removed from the rejected set.

      Parameters

      • certificate: DER | DER[]

      Returns Promise<void>

    • Verify a certificate against the store.

      Returns a string status: "Good", "BadCertificateUntrusted", "BadCertificateTimeInvalid", etc.

      Parameters

      • certificate: DER | DER[]
      • Optionaloptions: { acceptOutdatedCertificate?: boolean }

      Returns Promise<string>

    Settings

    Member Visibility

    On This Page

    Properties
    Methods