@gjsify/tls 0.3.20 → 0.3.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/esm/index.js +2 -2
  2. package/package.json +5 -5
package/lib/esm/index.js CHANGED
@@ -1,3 +1,3 @@
1
- import e from"@girs/gio-2.0";import t from"@girs/glib-2.0";import{Server as n,Socket as r}from"node:net";import{createNodeError as i,deferEmit as a}from"@gjsify/utils";const o=`TLSv1.2`,s=`TLSv1.3`,c=`TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384`;function l(){return[`aes-128-gcm`,`aes-256-gcm`,`chacha20-poly1305`,`aes-128-cbc`,`aes-256-cbc`]}function u(e){return e.endsWith(`.`)?e.slice(0,-1):e}function d(e){return u(e).toLowerCase().split(`.`)}function f(e,t){let n=d(t);return n.length===e.length?n[0]===`*`?n.slice(1).join(`.`)===e.slice(1).join(`.`):n.every((t,n)=>t===e[n]):!1}function p(e,t){let n=t.subject,r=t.subjectaltname,i=[],a=[];if(e=String(e),r){let e=r.split(`, `);for(let t of e)t.startsWith(`DNS:`)?i.push(t.slice(4)):t.startsWith(`IP Address:`)&&a.push(t.slice(11).trim())}let o=!1,s=`Unknown reason`;e=u(e);let c=/^(\d{1,3}\.){3}\d{1,3}$/.test(e),l=e.includes(`:`);if(c||l)o=a.some(t=>t.toLowerCase()===e.toLowerCase()),o||(s=`IP: ${e} is not in the cert's list: ${a.join(`, `)}`);else if(i.length>0||n?.CN){let t=d(e);if(i.length>0)o=i.some(e=>f(t,e)),o||(s=`Host: ${e}. is not in the cert's altnames: ${r}`);else{let r=n.CN;Array.isArray(r)?o=r.some(e=>f(t,e)):r&&(o=f(t,r)),o||(s=`Host: ${e}. is not cert's CN: ${r}`)}}else s=`Cert does not contain a DNS name`;if(!o){let n=Error(s);return n.reason=s,n.host=e,n.cert=t,n}}var m=class extends r{encrypted=!0;authorized=!1;authorizationError;alpnProtocol=!1;_tlsConnection=null;constructor(e,t){super()}_setupTlsStreams(e){this._tlsConnection=e,this._inputStream=e.get_input_stream(),this._outputStream=e.get_output_stream(),this._connection=e}getPeerCertificate(e){if(!this._tlsConnection)return{};try{return this._tlsConnection.get_peer_certificate()?{subject:{},issuer:{},valid_from:``,valid_to:``}:{}}catch{return{}}}getProtocol(){if(!this._tlsConnection)return null;try{switch(this._tlsConnection.get_protocol_version()){case e.TlsProtocolVersion.TLS_1_0:return`TLSv1`;case e.TlsProtocolVersion.TLS_1_1:return`TLSv1.1`;case e.TlsProtocolVersion.TLS_1_2:return`TLSv1.2`;case e.TlsProtocolVersion.TLS_1_3:return`TLSv1.3`;default:return null}}catch{return null}}getCipher(){if(!this._tlsConnection)return null;try{return{name:this._tlsConnection.get_ciphersuite_name()||`unknown`,version:this.getProtocol()||`unknown`}}catch{return null}}getAlpnProtocol(){if(!this._tlsConnection)return!1;try{return this._tlsConnection.get_negotiated_protocol()||!1}catch{return!1}}};function h(n,r){let i=new m(void 0,n);r&&i.once(`secureConnect`,r);let a=n.port||443,o=n.host||`localhost`,s=n.servername||o,c=n.rejectUnauthorized!==!1;return i.once(`connect`,()=>{let r=i._connection;if(!r){i.destroy(Error(`No underlying connection for TLS upgrade`));return}try{let o=e.NetworkAddress.new(s,a),l=e.TlsClientConnection.new(r,o);if(l.set_server_identity(o),n.ALPNProtocols&&n.ALPNProtocols.length>0)try{l.set_advertised_protocols(n.ALPNProtocols)}catch{}c||l.connect(`accept-certificate`,()=>!0);let u=new e.Cancellable;l.handshake_async(t.PRIORITY_DEFAULT,u,(e,t)=>{try{l.handshake_finish(t),i.authorized=!0,i._setupTlsStreams(l),i.alpnProtocol=i.getAlpnProtocol(),i._reading=!1,i._startReading(),i.emit(`secureConnect`)}catch(e){i.authorized=!1,i.authorizationError=e instanceof Error?e.message:String(e),c?i.destroy(e instanceof Error?e:Error(String(e))):(i._setupTlsStreams(l),i.emit(`secureConnect`))}})}catch(e){i.destroy(e instanceof Error?e:Error(String(e)))}}),i.connect({port:a,host:o}),i}function g(e){return{context:e||{}}}const _=[];function v(t,n){let r=Array.isArray(t)?t.map(e=>typeof e==`string`?e:e.toString(`utf-8`)).join(`
1
+ import e from"@girs/gio-2.0";import t from"@girs/glib-2.0";import{Server as n,Socket as r}from"node:net";import{createNodeError as i,deferEmit as a}from"@gjsify/utils";const o=`TLSv1.2`,s=`TLSv1.3`,c=`TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384`;function getCiphers(){return[`aes-128-gcm`,`aes-256-gcm`,`chacha20-poly1305`,`aes-128-cbc`,`aes-256-cbc`]}function unfqdn(e){return e.endsWith(`.`)?e.slice(0,-1):e}function splitHost(e){return unfqdn(e).toLowerCase().split(`.`)}function checkWildcard(e,t){let n=splitHost(t);return n.length===e.length?n[0]===`*`?n.slice(1).join(`.`)===e.slice(1).join(`.`):n.every((t,n)=>t===e[n]):!1}function checkServerIdentity(e,t){let n=t.subject,r=t.subjectaltname,i=[],a=[];if(e=String(e),r){let e=r.split(`, `);for(let t of e)t.startsWith(`DNS:`)?i.push(t.slice(4)):t.startsWith(`IP Address:`)&&a.push(t.slice(11).trim())}let o=!1,s=`Unknown reason`;e=unfqdn(e);let c=/^(\d{1,3}\.){3}\d{1,3}$/.test(e),l=e.includes(`:`);if(c||l)o=a.some(t=>t.toLowerCase()===e.toLowerCase()),o||(s=`IP: ${e} is not in the cert's list: ${a.join(`, `)}`);else if(i.length>0||n?.CN){let t=splitHost(e);if(i.length>0)o=i.some(e=>checkWildcard(t,e)),o||(s=`Host: ${e}. is not in the cert's altnames: ${r}`);else{let r=n.CN;Array.isArray(r)?o=r.some(e=>checkWildcard(t,e)):r&&(o=checkWildcard(t,r)),o||(s=`Host: ${e}. is not cert's CN: ${r}`)}}else s=`Cert does not contain a DNS name`;if(!o){let n=Error(s);return n.reason=s,n.host=e,n.cert=t,n}}var TLSSocket=class extends r{encrypted=!0;authorized=!1;authorizationError;alpnProtocol=!1;_tlsConnection=null;constructor(e,t){super()}_setupTlsStreams(e){this._tlsConnection=e,this._inputStream=e.get_input_stream(),this._outputStream=e.get_output_stream(),this._connection=e}getPeerCertificate(e){if(!this._tlsConnection)return{};try{return this._tlsConnection.get_peer_certificate()?{subject:{},issuer:{},valid_from:``,valid_to:``}:{}}catch{return{}}}getProtocol(){if(!this._tlsConnection)return null;try{switch(this._tlsConnection.get_protocol_version()){case e.TlsProtocolVersion.TLS_1_0:return`TLSv1`;case e.TlsProtocolVersion.TLS_1_1:return`TLSv1.1`;case e.TlsProtocolVersion.TLS_1_2:return`TLSv1.2`;case e.TlsProtocolVersion.TLS_1_3:return`TLSv1.3`;default:return null}}catch{return null}}getCipher(){if(!this._tlsConnection)return null;try{return{name:this._tlsConnection.get_ciphersuite_name()||`unknown`,version:this.getProtocol()||`unknown`}}catch{return null}}getAlpnProtocol(){if(!this._tlsConnection)return!1;try{return this._tlsConnection.get_negotiated_protocol()||!1}catch{return!1}}};function connect(n,r){let i=new TLSSocket(void 0,n);r&&i.once(`secureConnect`,r);let a=n.port||443,o=n.host||`localhost`,s=n.servername||o,c=n.rejectUnauthorized!==!1;return i.once(`connect`,()=>{let r=i._connection;if(!r){i.destroy(Error(`No underlying connection for TLS upgrade`));return}try{let o=e.NetworkAddress.new(s,a),l=e.TlsClientConnection.new(r,o);if(l.set_server_identity(o),n.ALPNProtocols&&n.ALPNProtocols.length>0)try{l.set_advertised_protocols(n.ALPNProtocols)}catch{}c||l.connect(`accept-certificate`,()=>!0);let u=new e.Cancellable;l.handshake_async(t.PRIORITY_DEFAULT,u,(e,t)=>{try{l.handshake_finish(t),i.authorized=!0,i._setupTlsStreams(l),i.alpnProtocol=i.getAlpnProtocol(),i._reading=!1,i._startReading(),i.emit(`secureConnect`)}catch(e){i.authorized=!1,i.authorizationError=e instanceof Error?e.message:String(e),c?i.destroy(e instanceof Error?e:Error(String(e))):(i._setupTlsStreams(l),i.emit(`secureConnect`))}})}catch(e){i.destroy(e instanceof Error?e:Error(String(e)))}}),i.connect({port:a,host:o}),i}function createSecureContext(e){return{context:e||{}}}const l=[];function buildGioCertificate(t,n){let r=Array.isArray(t)?t.map(e=>typeof e==`string`?e:e.toString(`utf-8`)).join(`
2
2
  `):typeof t==`string`?t:t.toString(`utf-8`),i=n?Array.isArray(n)?n.map(e=>typeof e==`string`?e:e.toString(`utf-8`)).join(`
3
- `):typeof n==`string`?n:n.toString(`utf-8`):``,a=i?`${r}\n${i}`:r;return e.TlsCertificate.new_from_pem(a,a.length)}var y=class extends n{_tlsCertificate=null;_tlsOptions;_sniContexts=new Map;constructor(e,t){if(super(),this._tlsOptions=e||{},t&&this.on(`secureConnection`,t),this._tlsOptions.cert)try{this._tlsCertificate=v(this._tlsOptions.cert,this._tlsOptions.key)}catch(e){a(this,`error`,i(e,`createServer`,{}))}}addContext(e,t){if(t.cert)try{let n=v(t.cert,t.key);this._sniContexts.set(e,n)}catch(e){this.emit(`error`,i(e,`addContext`,{}))}}listen(...e){return this.on(`connection`,e=>{this._upgradeTls(e)}),super.listen(...e)}_upgradeTls(n){let r=n._connection;if(!r){let e=Error(`Cannot upgrade socket: no underlying connection`);this.emit(`tlsClientError`,e,n),n.destroy();return}if(!this._tlsCertificate){let e=Error(`TLS server has no certificate configured`);this.emit(`tlsClientError`,e,n),n.destroy();return}try{let a=e.TlsServerConnection.new(r,this._tlsCertificate);if(this._tlsOptions.requestCert?a.authenticationMode=this._tlsOptions.rejectUnauthorized===!1?e.TlsAuthenticationMode.REQUESTED:e.TlsAuthenticationMode.REQUIRED:a.authenticationMode=e.TlsAuthenticationMode.NONE,this._tlsOptions.rejectUnauthorized===!1&&a.connect(`accept-certificate`,()=>!0),this._tlsOptions.ALPNProtocols&&this._tlsOptions.ALPNProtocols.length>0)try{a.set_advertised_protocols(this._tlsOptions.ALPNProtocols)}catch{}let o=new e.Cancellable;a.handshake_async(t.PRIORITY_DEFAULT,o,(e,t)=>{try{a.handshake_finish(t);let e=new m;e.encrypted=!0,e.authorized=!0,e._setupTlsStreams(a),e.alpnProtocol=e.getAlpnProtocol(),e._startReading(),this.emit(`secureConnection`,e)}catch(e){let t=i(e,`handshake`,{});this.emit(`tlsClientError`,t,n),n.destroy()}})}catch(e){let t=i(e,`tls_wrap`,{});this.emit(`tlsClientError`,t,n),n.destroy()}}};function b(e,t){return typeof e==`function`?new y(void 0,e):new y(e,t)}var x={TLSSocket:m,TLSServer:y,Server:y,connect:h,createServer:b,createSecureContext:g,checkServerIdentity:p,getCiphers:l,rootCertificates:_,DEFAULT_MIN_VERSION:o,DEFAULT_MAX_VERSION:s,DEFAULT_CIPHERS:c};export{c as DEFAULT_CIPHERS,s as DEFAULT_MAX_VERSION,o as DEFAULT_MIN_VERSION,y as Server,y as TLSServer,m as TLSSocket,p as checkServerIdentity,h as connect,g as createSecureContext,b as createServer,x as default,l as getCiphers,_ as rootCertificates};
3
+ `):typeof n==`string`?n:n.toString(`utf-8`):``,a=i?`${r}\n${i}`:r;return e.TlsCertificate.new_from_pem(a,a.length)}var TLSServer=class extends n{_tlsCertificate=null;_tlsOptions;_sniContexts=new Map;constructor(e,t){if(super(),this._tlsOptions=e||{},t&&this.on(`secureConnection`,t),this._tlsOptions.cert)try{this._tlsCertificate=buildGioCertificate(this._tlsOptions.cert,this._tlsOptions.key)}catch(e){a(this,`error`,i(e,`createServer`,{}))}}addContext(e,t){if(t.cert)try{let n=buildGioCertificate(t.cert,t.key);this._sniContexts.set(e,n)}catch(e){this.emit(`error`,i(e,`addContext`,{}))}}listen(...e){return this.on(`connection`,e=>{this._upgradeTls(e)}),super.listen(...e)}_upgradeTls(n){let r=n._connection;if(!r){let e=Error(`Cannot upgrade socket: no underlying connection`);this.emit(`tlsClientError`,e,n),n.destroy();return}if(!this._tlsCertificate){let e=Error(`TLS server has no certificate configured`);this.emit(`tlsClientError`,e,n),n.destroy();return}try{let a=e.TlsServerConnection.new(r,this._tlsCertificate);if(this._tlsOptions.requestCert?a.authenticationMode=this._tlsOptions.rejectUnauthorized===!1?e.TlsAuthenticationMode.REQUESTED:e.TlsAuthenticationMode.REQUIRED:a.authenticationMode=e.TlsAuthenticationMode.NONE,this._tlsOptions.rejectUnauthorized===!1&&a.connect(`accept-certificate`,()=>!0),this._tlsOptions.ALPNProtocols&&this._tlsOptions.ALPNProtocols.length>0)try{a.set_advertised_protocols(this._tlsOptions.ALPNProtocols)}catch{}let o=new e.Cancellable;a.handshake_async(t.PRIORITY_DEFAULT,o,(e,t)=>{try{a.handshake_finish(t);let e=new TLSSocket;e.encrypted=!0,e.authorized=!0,e._setupTlsStreams(a),e.alpnProtocol=e.getAlpnProtocol(),e._startReading(),this.emit(`secureConnection`,e)}catch(e){let t=i(e,`handshake`,{});this.emit(`tlsClientError`,t,n),n.destroy()}})}catch(e){let t=i(e,`tls_wrap`,{});this.emit(`tlsClientError`,t,n),n.destroy()}}};function createServer(e,t){return typeof e==`function`?new TLSServer(void 0,e):new TLSServer(e,t)}var u={TLSSocket,TLSServer,Server:TLSServer,connect,createServer,createSecureContext,checkServerIdentity,getCiphers,rootCertificates:l,DEFAULT_MIN_VERSION:o,DEFAULT_MAX_VERSION:s,DEFAULT_CIPHERS:c};export{c as DEFAULT_CIPHERS,s as DEFAULT_MAX_VERSION,o as DEFAULT_MIN_VERSION,TLSServer as Server,TLSServer,TLSSocket,checkServerIdentity,connect,createSecureContext,createServer,u as default,getCiphers,l as rootCertificates};
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gjsify/tls",
3
- "version": "0.3.20",
3
+ "version": "0.3.21",
4
4
  "description": "Node.js tls module for Gjs",
5
5
  "type": "module",
6
6
  "module": "lib/esm/index.js",
@@ -30,15 +30,15 @@
30
30
  "tls"
31
31
  ],
32
32
  "devDependencies": {
33
- "@gjsify/cli": "^0.3.20",
34
- "@gjsify/unit": "^0.3.20",
33
+ "@gjsify/cli": "^0.3.21",
34
+ "@gjsify/unit": "^0.3.21",
35
35
  "@types/node": "^25.6.2",
36
36
  "typescript": "^6.0.3"
37
37
  },
38
38
  "dependencies": {
39
39
  "@girs/gio-2.0": "2.88.0-4.0.0-rc.14",
40
40
  "@girs/glib-2.0": "2.88.0-4.0.0-rc.14",
41
- "@gjsify/net": "^0.3.20",
42
- "@gjsify/utils": "^0.3.20"
41
+ "@gjsify/net": "^0.3.21",
42
+ "@gjsify/utils": "^0.3.21"
43
43
  }
44
44
  }