How to use the node-opcua-service-secure-channel.MessageSecurityMode.SignAndEncrypt function in node-opcua-service-secure-channel

}

        // We shall decrypt it with the receiver private key.
        const buf = binaryStream.buffer.slice(binaryStream.length);

        if (!securityTokenData.derivedKeys) {
            console.log("xxxxxxx NO DERIVED KEYX");
            return false;
        }

        const derivedKeys: DerivedKeys = securityTokenData.derivedKeys;

        assert(derivedKeys !== null);
        assert(derivedKeys.signatureLength > 0, " must provide a signature length");

        if (this.securityMode === MessageSecurityMode.SignAndEncrypt) {

            const decryptedBuffer = decryptBufferWithDerivedKeys(buf, derivedKeys);

            // replace decrypted buffer in initial buffer
            decryptedBuffer.copy(binaryStream.buffer, binaryStream.length);

            // adjust length
            binaryStream.buffer = binaryStream.buffer.slice(0, binaryStream.length + decryptedBuffer.length);

            /* istanbul ignore next */
            if (doDebug) {
                debugLog(chalk.cyan("DE-----------------------------"));
                debugLog(hexDump(binaryStream.buffer));
                debugLog(chalk.cyan("-------------------------------"));
            }
        }

}
        }

        // now check signature ....
        const chunk = binaryStream.buffer;

        const signatureIsOK = verifyChunkSignatureWithDerivedKeys(chunk, derivedKeys);
        if (!signatureIsOK) {
            this._report_error("_decrypt_MSG : Sign and Encrypt : Invalid packet signature");
            return false;
        }

        // remove signature
        binaryStream.buffer = reduceLength(binaryStream.buffer, derivedKeys.signatureLength);

        if (this.securityMode === MessageSecurityMode.SignAndEncrypt) {
            // remove padding
            binaryStream.buffer = removePadding(binaryStream.buffer);
        }

        return true;
    }

//    The thumbprint of the X509v3 certificate assigned to the receiving application
        //    The thumbprint is the SHA1 digest of the DER encoded form of the certificate.
        //    This indicates what public key was used to encrypt the MessageChunk
        //   This field shall be null if the message is not encrypted.
        switch (request.securityMode) {

            case MessageSecurityMode.None:
                securityHeader = new AsymmetricAlgorithmSecurityHeader({
                    receiverCertificateThumbprint: null, // message not encrypted
                    securityPolicyUri: "http://opcfoundation.org/UA/SecurityPolicy#None",
                    senderCertificate: null // message not signed
                });

                break;
            case MessageSecurityMode.Sign:
            case MessageSecurityMode.SignAndEncrypt:
            default: {
                // get the thumbprint of the client certificate
                const thumbprint = this.receiverCertificate
                    ? makeSHA1Thumbprint(this.receiverCertificate)
                    : null;

                if (!this.clientSecurityHeader) {
                    throw new Error("Internal");
                }
                const asymmClientSecurityHeader = this.clientSecurityHeader as AsymmetricAlgorithmSecurityHeader;

                securityHeader = new AsymmetricAlgorithmSecurityHeader({
                    receiverCertificateThumbprint: thumbprint, // message not encrypted (????)
                    securityPolicyUri: asymmClientSecurityHeader.securityPolicyUri,
                    senderCertificate: this.getCertificateChain() // certificate of the private key used to sign the message
                });

private _construct_security_header() {

        assert(this.hasOwnProperty("securityMode"));
        assert(this.hasOwnProperty("securityPolicy"));
        this.receiverCertificate = this.serverCertificate ? Buffer.from(this.serverCertificate) : null;

        let securityHeader = null;
        switch (this.securityMode) {
            case MessageSecurityMode.Sign:
            case MessageSecurityMode.SignAndEncrypt: {

                assert(this.securityPolicy !== SecurityPolicy.None);
                // get the thumbprint of the client certificate
                const thumbprint = this.receiverCertificate ? makeSHA1Thumbprint(this.receiverCertificate) : null;
                securityHeader = new AsymmetricAlgorithmSecurityHeader({
                    receiverCertificateThumbprint: thumbprint,       // thumbprint of the public key used to encrypt the message
                    securityPolicyUri: toURI(this.securityPolicy),
                    senderCertificate: this.getCertificateChain()  // certificate of the private key used to sign the message
                });

                break;
            }
            default:
                /* istanbul ignore next */
                assert(false, "invalid security mode");
        }

export function getOptionsForSymmetricSignAndEncrypt(
  securityMode: MessageSecurityMode,
  derivedKeys: DerivedKeys
): SecureMessageChunkManagerOptions {

    assert(derivedKeys.hasOwnProperty("signatureLength"));
    assert(securityMode !== MessageSecurityMode.None && securityMode !== MessageSecurityMode.Invalid);

    let options = {
        signBufferFunc: (chunk: Buffer) => makeMessageChunkSignatureWithDerivedKeys(chunk, derivedKeys),
        signatureLength: derivedKeys.signatureLength,
    };
    if (securityMode === MessageSecurityMode.SignAndEncrypt) {
        options = _.extend(options, {
            cipherBlockSize: derivedKeys.encryptingBlockSize,
            encryptBufferFunc: (chunk: Buffer) => encryptBufferWithDerivedKeys(chunk, derivedKeys),
            plainBlockSize: derivedKeys.encryptingBlockSize,
        });
    }
    return options as SecureMessageChunkManagerOptions;
}

let endpoint = endpoints.filter(function (e) {
        return e.securityMode === MessageSecurityMode.SignAndEncrypt;
    });