chore: clean-up crypto imports

packages/node-opcua-basic-types/test/test_encode_decode.js

@@ -1,4 +1,5 @@
 "use strict";
+const { randomBytes } = require("crypto");
 const should = require("should");
 
 const { hexDump } = require("node-opcua-debug");
@@ -13,7 +14,6 @@ const {
     makeExpandedNodeId,
     ExpandedNodeId
 } = require("node-opcua-nodeid");
-const crypto = require("crypto");
 const { encodeNodeId, decodeNodeId, randomGuid } = require("..");
 
 
@@ -363,7 +363,7 @@ describe("testing built-in type encoding", () => {
 
     it("should encode and decode a BYTESTRING NodeId", () => {
 
-        const nodeId = new NodeId(NodeIdType.BYTESTRING, crypto.randomBytes(16));
+        const nodeId = new NodeId(NodeIdType.BYTESTRING, randomBytes(16));
 
         const expectedLength = 1 + 2 + 4 + 16;
         test_encode_decode(nodeId, ec.encodeNodeId, ec.decodeNodeId, expectedLength, (buffer) => {

packages/node-opcua-client/source/private/opcua_client_impl.ts

@@ -1,13 +1,8 @@
 /**
  * @module node-opcua-client-private
  */
-// tslint:disable:variable-name
-// tslint:disable:no-console
-// tslint:disable:no-empty
-
-import * as crypto from "crypto";
-import { createPublicKey } from "crypto";
 import { callbackify } from "util";
+import { randomBytes, createPublicKey, createPrivateKey } from "crypto";
 import * as async from "async";
 import chalk from "chalk";
 
@@ -849,7 +844,7 @@ export class OPCUAClientImpl extends ClientBaseImpl implements OPCUAClient {
 
         // note : do not confuse CreateSessionRequest.clientNonce with OpenSecureChannelRequest.clientNonce
         //        which are two different nonce, with different size (although they share the same name )
-        this.clientNonce = crypto.randomBytes(32);
+        this.clientNonce = randomBytes(32);
 
         // recycle session name if already exists
         const sessionName = session.name;
@@ -1262,7 +1257,7 @@ export class OPCUAClientImpl extends ClientBaseImpl implements OPCUAClient {
 
                 case UserTokenType.Certificate: {
                     const certificate = userIdentityInfo.certificateData;
-                    const privateKey = crypto.createPrivateKey(userIdentityInfo.privateKey);
+                    const privateKey = createPrivateKey(userIdentityInfo.privateKey);
                     ({ userIdentityToken, userTokenSignature } = createX509IdentityToken(context, certificate, privateKey));
                     break;
                 }

packages/node-opcua-client/source/verify.ts

@@ -1,10 +1,8 @@
-import { createPrivateKey } from "crypto";
 import { OPCUACertificateManager } from "node-opcua-certificate-manager";
 import { OPCUASecureObject } from "node-opcua-common";
 
 import {
     Certificate,
-    convertPEMtoDER,
     exploreCertificate,
     explorePrivateKey,
     publicKeyAndPrivateKeyMatches

packages/node-opcua-common/source/applicationurn.ts

@@ -1,11 +1,12 @@
 /**
  * @module node-opcua-common
  */
-import * as crypto from "crypto";
+import {createHash} from "crypto";
 
 import { assert } from "node-opcua-assert";
 
 export function makeApplicationUrn(hostname: string, suffix: string): string {
+
     assert(!suffix.match(/urn:/), "already a application URN ?");
     // beware : Openssl doesn't support urn with length greater than 64 !!
     //          sometimes hostname length could be too long ...
@@ -15,7 +16,7 @@ export function makeApplicationUrn(hostname: string, suffix: string): string {
     if (hostnameHash.length + 7 + suffix.length >= 64) {
         // we need to reduce the applicationUrn side => let's take
         // a portion of the hostname hash.
-        hostnameHash = crypto.createHash("md5").update(hostname).digest("hex").substring(0, 16);
+        hostnameHash = createHash("md5").update(hostname).digest("hex").substring(0, 16);
     }
     const applicationUrn = "urn:" + hostnameHash + ":" + suffix;
     assert(applicationUrn.length <= 64);

packages/node-opcua-common/source/opcua_secure_object.ts

@@ -1,7 +1,6 @@
 /**
  * @module node-opcua-common
  */
-import { createPrivateKey } from "crypto";
 import { EventEmitter } from "events";
 import * as fs from "fs";
 

packages/node-opcua-end2end-test/test/secure_connection/test_e2e_secure_server_connection_rejection_use_cases.js

@@ -1,5 +1,6 @@
 "use strict";
 
+const { randomBytes } = require("crypto");
 const should = require("should");
 const async = require("async");
 const sinon = require("sinon");
@@ -172,11 +173,10 @@ describe("testing the server ability to deny client session request (server with
 
     it("Client shall deny server session if server nonce is too small", function(done) {
 
-        const crypto = require("crypto");
         let bad_nonce = 0;
         server.makeServerNonce = function() {
             bad_nonce += 1;
-            return crypto.randomBytes(31); //<< instead of 32  !!!
+            return randomBytes(31); //<< instead of 32  !!!
         };
         const options = {
             endpointMustExist: true

packages/node-opcua-file-transfer/test/test_file_transfer.ts

@@ -4,7 +4,7 @@ import * as fsOrigin from "fs";
 import * as os from "os";
 import * as path from "path";
 import { promisify } from "util";
-import * as crypto from "crypto";
+import { randomBytes } from "crypto";
 import sinon from "sinon";
 
 import { fs as fsMemory } from "memfs";
@@ -370,7 +370,7 @@ const describe = require("node-opcua-leak-detector").describeWithLeakDetector;
         it(m + "readFile with large file", async () => {
 
 
-            const randomData = crypto.randomBytes(3 * 1024).toString("hex");
+            const randomData = randomBytes(3 * 1024).toString("hex");
 
             randomData.length.should.equal(6 * 1024);
 

packages/node-opcua-secure-channel/source/client/client_secure_channel_layer.ts

@@ -1,9 +1,7 @@
+/* eslint-disable @typescript-eslint/no-unsafe-declaration-merging */
 /**
  * @module node-opcua-secure-channel
  */
-// tslint:disable:variable-name
-// tslint:disable:object-literal-shorthand
-// tslint:disable:no-console
 import { createPublicKey, randomBytes } from "crypto";
 import { EventEmitter } from "events";
 import { types } from "util";

packages/node-opcua-secure-channel/source/server/server_secure_channel_layer.ts

@@ -2,7 +2,7 @@
 /**
  * @module node-opcua-secure-channel
  */
-import * as crypto from "crypto";
+import { createPublicKey, randomBytes } from "crypto";
 import { EventEmitter } from "events";
 import { Socket } from "net";
 import { callbackify } from "util";
@@ -744,15 +744,18 @@ export class ServerSecureChannelLayer extends EventEmitter {
 
     private _start_security_token_watch_dog() {
         // install securityToken timeout watchdog
-        this._securityTokenTimeout = setTimeout(() => {
-            warningLog(
-                " Security token has really expired and shall be discarded !!!! (lifetime is = ",
-                this.securityToken.revisedLifetime,
-                ")"
-            );
-            warningLog(" Server will now refuse message with token ", this.securityToken.tokenId);
-            this._securityTokenTimeout = null;
-        }, (this.securityToken.revisedLifetime * 120) / 100);
+        this._securityTokenTimeout = setTimeout(
+            () => {
+                warningLog(
+                    " Security token has really expired and shall be discarded !!!! (lifetime is = ",
+                    this.securityToken.revisedLifetime,
+                    ")"
+                );
+                warningLog(" Server will now refuse message with token ", this.securityToken.tokenId);
+                this._securityTokenTimeout = null;
+            },
+            (this.securityToken.revisedLifetime * 120) / 100
+        );
     }
 
     private _add_new_security_token() {
@@ -1121,7 +1124,7 @@ export class ServerSecureChannelLayer extends EventEmitter {
                 extractPublicKeyFromCertificate(this.receiverCertificate, (err, keyPem) => {
                     if (!err) {
                         if (keyPem) {
-                            this.receiverPublicKey = crypto.createPublicKey(keyPem);
+                            this.receiverPublicKey = createPublicKey(keyPem);
                             this.receiverPublicKeyLength = rsaLengthPublicKey(keyPem);
                         }
                         callback(null, statusCode);
@@ -1261,7 +1264,7 @@ export class ServerSecureChannelLayer extends EventEmitter {
             //    serverNonce shall be generated for each time a SecureChannel is renewed.
             //    This parameter shall have a length equal to key size used for the symmetric
             //    encryption algorithm that is identified by the securityPolicyUri.
-            this.serverNonce = crypto.randomBytes(cryptoFactory.symmetricKeyLength);
+            this.serverNonce = randomBytes(cryptoFactory.symmetricKeyLength);
 
             if (this.clientNonce.length !== this.serverNonce.length) {
                 warningLog(

packages/node-opcua-secure-channel/test/test_security_policy.js

@@ -1,6 +1,6 @@
 "use strict";
 
-const crypto = require("crypto");
+const { randomBytes } = require("crypto");
 const should = require("should");
 const { readCertificate, readPrivateKeyPEM } = require("node-opcua-crypto");
 const { getFixture } = require("node-opcua-test-fixtures");
@@ -39,7 +39,7 @@ describe("Security Policy", function () {
 
 describe("Security Policy computeSignature, verifySignature", function () {
     const senderCertificate = readCertificate(getFixture("certs/server_cert_2048.pem"));
-    const senderNonce = crypto.randomBytes(32);
+    const senderNonce = randomBytes(32);
 
     const receiverPrivateKey = readPrivateKeyPEM(getFixture("certs/client_key_1024.pem"));
     const receiverCertificate = readCertificate(getFixture("certs/client_cert_1024.pem"));

packages/node-opcua-server-configuration/source/server/install_push_certitifate_management.ts

@@ -4,7 +4,6 @@
 import * as fs from "fs";
 import * as os from "os";
 import * as path from "path";
-import { createPrivateKey } from "crypto";
 
 import { types } from "util";
 import chalk from "chalk";
@@ -93,7 +92,7 @@ async function install(this: OPCUAServerPartial): Promise<void> {
     );
 
     if (!this.$$privateKey) {
-        this.$$privateKey = createPrivateKey(await readFile(this.serverCertificateManager.privateKey, "utf8"));
+        this.$$privateKey = readPrivateKey(this.serverCertificateManager.privateKey);
     }
 
     if (!this.$$certificateChain) {

packages/node-opcua-server/source/opcua_server.ts

@@ -6,7 +6,7 @@
 // tslint:disable:max-line-length
 // tslint:disable:unified-signatures
 
-import * as crypto from "crypto";
+import { randomBytes } from "crypto";
 import { EventEmitter } from "events";
 import { callbackify, types } from "util";
 
@@ -1749,7 +1749,7 @@ export class OPCUAServer extends OPCUABaseServer {
     }
 
     protected makeServerNonce(): Nonce {
-        return crypto.randomBytes(32);
+        return randomBytes(32);
     }
 
     // session services

packages/node-opcua-server/source/server_session.ts

@@ -3,7 +3,7 @@
  */
 // tslint:disable:no-console
 
-import * as crypto from "crypto";
+import { randomBytes } from "crypto";
 import { EventEmitter } from "events";
 
 import { assert } from "node-opcua-assert";
@@ -147,7 +147,7 @@ export class ServerSession extends EventEmitter implements ISubscriber, ISession
         assert(sessionTimeout >= 0, " sessionTimeout");
         this.sessionTimeout = sessionTimeout;
 
-        const authenticationTokenBuf = crypto.randomBytes(16);
+        const authenticationTokenBuf = randomBytes(16);
         this.authenticationToken = new NodeId(NodeIdType.BYTESTRING, authenticationTokenBuf);
 
         // the sessionId