@libp2p/tls 0.0.0 → 1.0.0-0c7bbbb07

package/dist/src/index.d.ts

@@ -1,9 +1,7 @@
 /**
  * @packageDocumentation
  *
- * A connection encrypter that does no connection encryption.
- *
- * This should not be used in production should be used for research purposes only.
+ * Implements the spec at https://github.com/libp2p/specs/blob/master/tls/tls.md
  *
  * @example
  *
@@ -20,6 +18,7 @@
  * ```
  */
 import type { ComponentLogger, ConnectionEncrypter } from '@libp2p/interface';
+export declare const PROTOCOL = "/tls/1.0.0";
 export interface TLSComponents {
     logger: ComponentLogger;
 }

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AASH,OAAO,KAAK,EAAE,eAAe,EAAuB,mBAAmB,EAA6B,MAAM,mBAAmB,CAAA;AAM7H,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,eAAe,CAAA;CACxB;AAED,MAAM,WAAW,OAAO;IACtB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AA+ED,wBAAgB,GAAG,CAAE,IAAI,CAAC,EAAE,OAAO,GAAG,CAAC,UAAU,EAAE,aAAa,KAAK,mBAAmB,CAEvF"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAE7E,eAAO,MAAM,QAAQ,eAAe,CAAA;AAEpC,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,eAAe,CAAA;CACxB;AAED,MAAM,WAAW,OAAO;IACtB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED,wBAAgB,GAAG,CAAE,IAAI,CAAC,EAAE,OAAO,GAAG,CAAC,UAAU,EAAE,aAAa,KAAK,mBAAmB,CAEvF"}

package/dist/src/index.js

@@ -1,9 +1,7 @@
 /**
  * @packageDocumentation
  *
- * A connection encrypter that does no connection encryption.
- *
- * This should not be used in production should be used for research purposes only.
+ * Implements the spec at https://github.com/libp2p/specs/blob/master/tls/tls.md
  *
  * @example
  *
@@ -19,81 +17,9 @@
  * })
  * ```
  */
-import { TLSSocket, connect } from 'node:tls';
-import { UnexpectedPeerError } from '@libp2p/interface';
-// @ts-expect-error no types
-import itToStream from 'it-to-stream';
-// @ts-expect-error no types
-import streamToIt from 'stream-to-it';
-import { generateCertificate, verifyPeerCertificate } from './utils.js';
-const PROTOCOL = '/tls/1.0.0';
-class TLS {
-    protocol = PROTOCOL;
-    // private readonly log: Logger
-    // private readonly timeout: number
-    // constructor (components: TLSComponents, init: TLSInit = {}) {
-    //   this.log = components.logger.forComponent('libp2p:tls')
-    //   this.timeout = init.timeout ?? 1000
-    // }
-    async secureInbound(localId, conn, remoteId) {
-        return this._encrypt(localId, conn, false, remoteId);
-    }
-    async secureOutbound(localId, conn, remoteId) {
-        return this._encrypt(localId, conn, true, remoteId);
-    }
-    /**
-     * Encrypt connection
-     */
-    async _encrypt(localId, conn, isServer, remoteId) {
-        const opts = {
-            ...await generateCertificate(localId),
-            isServer,
-            requestCert: true,
-            // accept self-signed certificates
-            rejectUnauthorized: false,
-            // require TLS 1.3 or later
-            minVersion: 'TLSv1.3'
-        };
-        let socket;
-        if (isServer) {
-            socket = new TLSSocket(itToStream.duplex(conn), opts);
-        }
-        else {
-            socket = connect({
-                socket: itToStream.duplex(conn),
-                ...opts
-            });
-        }
-        return new Promise((resolve, reject) => {
-            function verifyRemote() {
-                const remote = socket.getPeerCertificate();
-                verifyPeerCertificate(remote.raw)
-                    .then(remotePeer => {
-                    if (remoteId?.equals(remotePeer) === false) {
-                        throw new UnexpectedPeerError();
-                    }
-                    const outputStream = streamToIt.duplex(socket);
-                    conn.source = outputStream.source;
-                    conn.sink = outputStream.sink;
-                    resolve({
-                        remotePeer,
-                        conn
-                    });
-                })
-                    .catch(err => {
-                    reject(err);
-                });
-            }
-            socket.on('error', err => {
-                reject(err);
-            });
-            socket.on('secure', (evt) => {
-                verifyRemote();
-            });
-        });
-    }
-}
+import { TLS } from './tls.js';
+export const PROTOCOL = '/tls/1.0.0';
 export function tls(init) {
-    return (components) => new TLS();
+    return (components) => new TLS(components, init);
 }
 //# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,SAAS,EAAyB,OAAO,EAAE,MAAM,UAAU,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,4BAA4B;AAC5B,OAAO,UAAU,MAAM,cAAc,CAAA;AACrC,4BAA4B;AAC5B,OAAO,UAAU,MAAM,cAAc,CAAA;AACrC,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAA;AAKvE,MAAM,QAAQ,GAAG,YAAY,CAAA;AAc7B,MAAM,GAAG;IACA,QAAQ,GAAW,QAAQ,CAAA;IAClC,+BAA+B;IAC/B,mCAAmC;IAEnC,gEAAgE;IAChE,4DAA4D;IAC5D,wCAAwC;IACxC,IAAI;IAEJ,KAAK,CAAC,aAAa,CAA6F,OAAe,EAAE,IAAY,EAAE,QAAiB;QAC9J,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,cAAc,CAA6F,OAAe,EAAE,IAAY,EAAE,QAAiB;QAC/J,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACrD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAA6F,OAAe,EAAE,IAAY,EAAE,QAAiB,EAAE,QAAiB;QAC5K,MAAM,IAAI,GAAqB;YAC7B,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC;YACrC,QAAQ;YACR,WAAW,EAAE,IAAI;YACjB,kCAAkC;YAClC,kBAAkB,EAAE,KAAK;YACzB,2BAA2B;YAC3B,UAAU,EAAE,SAAS;SACtB,CAAA;QAED,IAAI,MAAiB,CAAA;QAErB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,GAAG,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,CAAA;QACvD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC;gBACf,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC;gBAC/B,GAAG,IAAI;aACR,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,SAAS,YAAY;gBACnB,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAA;gBAE1C,qBAAqB,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC9B,IAAI,CAAC,UAAU,CAAC,EAAE;oBACjB,IAAI,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,KAAK,KAAK,EAAE,CAAC;wBAC3C,MAAM,IAAI,mBAAmB,EAAE,CAAA;oBACjC,CAAC;oBAED,MAAM,YAAY,GAAG,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;oBAC9C,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAA;oBACjC,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC,IAAI,CAAA;oBAE7B,OAAO,CAAC;wBACN,UAAU;wBACV,IAAI;qBACL,CAAC,CAAA;gBACJ,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,CAAC,EAAE;oBACX,MAAM,CAAC,GAAG,CAAC,CAAA;gBACb,CAAC,CAAC,CAAA;YACN,CAAC;YAED,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBACvB,MAAM,CAAC,GAAG,CAAC,CAAA;YACb,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC1B,YAAY,EAAE,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAED,MAAM,UAAU,GAAG,CAAE,IAAc;IACjC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,GAAG,EAAE,CAAA;AAClC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAA;AAcpC,MAAM,UAAU,GAAG,CAAE,IAAc;IACjC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;AAClD,CAAC"}

package/dist/src/tls.d.ts

@@ -0,0 +1,36 @@
+/**
+ * @packageDocumentation
+ *
+ * Implements the spec at https://github.com/libp2p/specs/blob/master/tls/tls.md
+ *
+ * @example
+ *
+ * ```typescript
+ * import { createLibp2p } from 'libp2p'
+ * import { tls } from '@libp2p/tls'
+ *
+ * const node = await createLibp2p({
+ *   // ...other options
+ *   connectionEncryption: [
+ *     tls()
+ *   ]
+ * })
+ * ```
+ */
+import type { TLSComponents, TLSInit } from './index.js';
+import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, PeerId } from '@libp2p/interface';
+import type { Duplex } from 'it-stream-types';
+import type { Uint8ArrayList } from 'uint8arraylist';
+export declare class TLS implements ConnectionEncrypter {
+    protocol: string;
+    private readonly log;
+    private readonly timeout;
+    constructor(components: TLSComponents, init?: TLSInit);
+    secureInbound<Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection>(localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>>;
+    secureOutbound<Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection>(localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>>;
+    /**
+     * Encrypt connection
+     */
+    _encrypt<Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection>(localId: PeerId, conn: Stream, isServer: boolean, remoteId?: PeerId): Promise<SecuredConnection<Stream>>;
+}
+//# sourceMappingURL=tls.d.ts.map

package/dist/src/tls.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAMH,OAAO,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACxD,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,EAAU,MAAM,mBAAmB,CAAA;AACpH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAEpD,qBAAa,GAAI,YAAW,mBAAmB;IACtC,QAAQ,EAAE,MAAM,CAAW;IAClC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAQ;IAC5B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;gBAEnB,UAAU,EAAE,aAAa,EAAE,IAAI,GAAE,OAAY;IAKpD,aAAa,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAI/L,cAAc,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAItM;;OAEG;IACG,QAAQ,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;CAgEpN"}

package/dist/src/tls.js

@@ -0,0 +1,100 @@
+/**
+ * @packageDocumentation
+ *
+ * Implements the spec at https://github.com/libp2p/specs/blob/master/tls/tls.md
+ *
+ * @example
+ *
+ * ```typescript
+ * import { createLibp2p } from 'libp2p'
+ * import { tls } from '@libp2p/tls'
+ *
+ * const node = await createLibp2p({
+ *   // ...other options
+ *   connectionEncryption: [
+ *     tls()
+ *   ]
+ * })
+ * ```
+ */
+import { TLSSocket, connect } from 'node:tls';
+import { CodeError } from '@libp2p/interface';
+import { generateCertificate, verifyPeerCertificate, itToStream, streamToIt } from './utils.js';
+import { PROTOCOL } from './index.js';
+export class TLS {
+    protocol = PROTOCOL;
+    log;
+    timeout;
+    constructor(components, init = {}) {
+        this.log = components.logger.forComponent('libp2p:tls');
+        this.timeout = init.timeout ?? 1000;
+    }
+    async secureInbound(localId, conn, remoteId) {
+        return this._encrypt(localId, conn, false, remoteId);
+    }
+    async secureOutbound(localId, conn, remoteId) {
+        return this._encrypt(localId, conn, true, remoteId);
+    }
+    /**
+     * Encrypt connection
+     */
+    async _encrypt(localId, conn, isServer, remoteId) {
+        const opts = {
+            ...await generateCertificate(localId),
+            isServer,
+            // require TLS 1.3 or later
+            minVersion: 'TLSv1.3',
+            maxVersion: 'TLSv1.3',
+            // accept self-signed certificates
+            rejectUnauthorized: false
+        };
+        let socket;
+        if (isServer) {
+            socket = new TLSSocket(itToStream(conn), {
+                ...opts,
+                // require clients to send certificates
+                requestCert: true
+            });
+        }
+        else {
+            socket = connect({
+                socket: itToStream(conn),
+                ...opts
+            });
+        }
+        return new Promise((resolve, reject) => {
+            const abortTimeout = setTimeout(() => {
+                socket.destroy(new CodeError('Handshake timeout', 'ERR_HANDSHAKE_TIMEOUT'));
+            }, this.timeout);
+            const verifyRemote = () => {
+                const remote = socket.getPeerCertificate();
+                verifyPeerCertificate(remote.raw, remoteId, this.log)
+                    .then(remotePeer => {
+                    this.log('remote certificate ok, remote peer %p', remotePeer);
+                    resolve({
+                        remotePeer,
+                        conn: {
+                            ...conn,
+                            ...streamToIt(socket)
+                        }
+                    });
+                })
+                    .catch(err => {
+                    reject(err);
+                })
+                    .finally(() => {
+                    clearTimeout(abortTimeout);
+                });
+            };
+            socket.on('error', err => {
+                reject(err);
+                clearTimeout(abortTimeout);
+            });
+            socket.on('secure', (evt) => {
+                this.log('verifying remote certificate');
+                verifyRemote();
+            });
+        });
+    }
+}
+//# sourceMappingURL=tls.js.map

package/dist/src/tls.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAyB,OAAO,EAAE,MAAM,UAAU,CAAA;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAC7C,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAMrC,MAAM,OAAO,GAAG;IACP,QAAQ,GAAW,QAAQ,CAAA;IACjB,GAAG,CAAQ;IACX,OAAO,CAAQ;IAEhC,YAAa,UAAyB,EAAE,OAAgB,EAAE;QACxD,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;QACvD,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAA;IACrC,CAAC;IAED,KAAK,CAAC,aAAa,CAA6F,OAAe,EAAE,IAAY,EAAE,QAAiB;QAC9J,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAA;IACtD,CAAC;IAED,KAAK,CAAC,cAAc,CAA6F,OAAe,EAAE,IAAY,EAAE,QAAiB;QAC/J,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;IACrD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAA6F,OAAe,EAAE,IAAY,EAAE,QAAiB,EAAE,QAAiB;QAC5K,MAAM,IAAI,GAAqB;YAC7B,GAAG,MAAM,mBAAmB,CAAC,OAAO,CAAC;YACrC,QAAQ;YACR,2BAA2B;YAC3B,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,kCAAkC;YAClC,kBAAkB,EAAE,KAAK;SAC1B,CAAA;QAED,IAAI,MAAiB,CAAA;QAErB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,GAAG,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;gBACvC,GAAG,IAAI;gBACP,uCAAuC;gBACvC,WAAW,EAAE,IAAI;aAClB,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC;gBACf,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC;gBACxB,GAAG,IAAI;aACR,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,YAAY,GAAG,UAAU,CAAC,GAAG,EAAE;gBACnC,MAAM,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC,CAAA;YAC7E,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,CAAA;YAEhB,MAAM,YAAY,GAAG,GAAS,EAAE;gBAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAA;gBAE1C,qBAAqB,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,CAAC;qBAClD,IAAI,CAAC,UAAU,CAAC,EAAE;oBACjB,IAAI,CAAC,GAAG,CAAC,uCAAuC,EAAE,UAAU,CAAC,CAAA;oBAE7D,OAAO,CAAC;wBACN,UAAU;wBACV,IAAI,EAAE;4BACJ,GAAG,IAAI;4BACP,GAAG,UAAU,CAAC,MAAM,CAAC;yBACtB;qBACF,CAAC,CAAA;gBACJ,CAAC,CAAC;qBACD,KAAK,CAAC,GAAG,CAAC,EAAE;oBACX,MAAM,CAAC,GAAG,CAAC,CAAA;gBACb,CAAC,CAAC;qBACD,OAAO,CAAC,GAAG,EAAE;oBACZ,YAAY,CAAC,YAAY,CAAC,CAAA;gBAC5B,CAAC,CAAC,CAAA;YACN,CAAC,CAAA;YAED,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;gBACvB,MAAM,CAAC,GAAG,CAAC,CAAA;gBACX,YAAY,CAAC,YAAY,CAAC,CAAA;YAC5B,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC1B,IAAI,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;gBACxC,YAAY,EAAE,CAAA;YAChB,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;CACF"}

package/dist/src/utils.d.ts

@@ -1,5 +1,9 @@
-import type { PeerId } from '@libp2p/interface';
-export declare function verifyPeerCertificate(rawCertificate: Uint8Array): Promise<PeerId>;
+/// <reference types="node" />
+import { Duplex as DuplexStream } from 'node:stream';
+import type { PeerId, Logger } from '@libp2p/interface';
+import type { Duplex } from 'it-stream-types';
+import type { Uint8ArrayList } from 'uint8arraylist';
+export declare function verifyPeerCertificate(rawCertificate: Uint8Array, expectedPeerId?: PeerId, log?: Logger): Promise<PeerId>;
 export declare function generateCertificate(peerId: PeerId): Promise<{
     cert: string;
     key: string;
@@ -8,4 +12,6 @@ export declare function generateCertificate(peerId: PeerId): Promise<{
  * @see https://github.com/libp2p/specs/blob/master/tls/tls.md#libp2p-public-key-extension
  */
 export declare function encodeSignatureData(certPublicKey: ArrayBuffer): Uint8Array;
+export declare function itToStream(conn: Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>>): DuplexStream;
+export declare function streamToIt(stream: DuplexStream): Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>>;
 //# sourceMappingURL=utils.d.ts.map

package/dist/src/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,MAAM,EAAgC,MAAM,mBAAmB,CAAA;AAY7E,wBAAsB,qBAAqB,CAAE,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAmDxF;AAED,wBAAsB,mBAAmB,CAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CA8EjG;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAE,aAAa,EAAE,WAAW,GAAG,UAAU,CAQ3E"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":";AAAA,OAAO,EAAE,MAAM,IAAI,YAAY,EAAE,MAAM,aAAa,CAAA;AAcpD,OAAO,KAAK,EAAE,MAAM,EAAgC,MAAM,EAAE,MAAM,mBAAmB,CAAA;AACrF,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAYpD,wBAAsB,qBAAqB,CAAE,cAAc,EAAE,UAAU,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA0E/H;AAED,wBAAsB,mBAAmB,CAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CA8EjG;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAE,aAAa,EAAE,WAAW,GAAG,UAAU,CAQ3E;AAmBD,wBAAgB,UAAU,CAAE,IAAI,EAAE,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,YAAY,CAgCnG;AAED,wBAAgB,UAAU,CAAE,MAAM,EAAE,YAAY,GAAG,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,CA+CrG"}

package/dist/src/utils.js

@@ -1,11 +1,13 @@
+import { Duplex as DuplexStream } from 'node:stream';
 import { Ed25519PublicKey, Secp256k1PublicKey, marshalPublicKey, supportedKeys, unmarshalPrivateKey, unmarshalPublicKey } from '@libp2p/crypto/keys';
-import { CodeError, InvalidCryptoExchangeError } from '@libp2p/interface';
+import { CodeError, InvalidCryptoExchangeError, UnexpectedPeerError } from '@libp2p/interface';
 import { peerIdFromKeys } from '@libp2p/peer-id';
 import { AsnConvert } from '@peculiar/asn1-schema';
 import * as asn1X509 from '@peculiar/asn1-x509';
 import { Crypto } from '@peculiar/webcrypto';
 import * as x509 from '@peculiar/x509';
 import * as asn1js from 'asn1js';
+import { pushable } from 'it-pushable';
 import { concat as uint8ArrayConcat } from 'uint8arrays/concat';
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string';
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string';
@@ -18,48 +20,67 @@ const CERT_PREFIX = 'libp2p-tls-handshake:';
 const CERT_VALIDITY_PERIOD_FROM = 60 * 60 * 1000; // ~1 hour
 // https://github.com/libp2p/go-libp2p/blob/28c0f6ab32cd69e4b18e9e4b550ef6ce059a9d1a/p2p/security/tls/crypto.go#L24C28-L24C44
 const CERT_VALIDITY_PERIOD_TO = 100 * 365 * 24 * 60 * 60 * 1000; // ~100 years
-export async function verifyPeerCertificate(rawCertificate) {
+export async function verifyPeerCertificate(rawCertificate, expectedPeerId, log) {
     const now = Date.now();
     const x509Cert = new x509.X509Certificate(rawCertificate);
     if (x509Cert.notBefore.getTime() > now) {
+        log?.error('the certificate was not valid yet');
         throw new CodeError('The certificate is not valid yet', 'ERR_INVALID_CERTIFICATE');
     }
     if (x509Cert.notAfter.getTime() < now) {
+        log?.error('the certificate has expired');
         throw new CodeError('The certificate has expired', 'ERR_INVALID_CERTIFICATE');
     }
-    // TODO: assert chain is only one certificate long
+    const certSignatureValid = await x509Cert.verify();
+    if (!certSignatureValid) {
+        log?.error('certificate self signature was invalid');
+        throw new InvalidCryptoExchangeError('Invalid certificate self signature');
+    }
+    const certIsSelfSigned = await x509Cert.isSelfSigned();
+    if (!certIsSelfSigned) {
+        log?.error('certificate must be self signed');
+        throw new InvalidCryptoExchangeError('Certificate must be self signed');
+    }
     const libp2pPublicKeyExtension = x509Cert.extensions[0];
     if (libp2pPublicKeyExtension == null || libp2pPublicKeyExtension.type !== LIBP2P_PUBLIC_KEY_EXTENSION) {
+        log?.error('the certificate did not include the libp2p public key extension');
         throw new CodeError('The certificate did not include the libp2p public key extension', 'ERR_INVALID_CERTIFICATE');
     }
     const { result: libp2pKeySequence } = asn1js.fromBER(libp2pPublicKeyExtension.value);
     // @ts-expect-error deep chain
     const remotePeerIdPb = libp2pKeySequence.valueBlock.value[0].valueBlock.valueHex;
     const marshalledPeerId = new Uint8Array(remotePeerIdPb, 0, remotePeerIdPb.byteLength);
-    const remotePeerId = PublicKey.decode(marshalledPeerId);
-    const remotePeerIdData = remotePeerId.data ?? new Uint8Array(0);
-    let remotePublicKey;
-    if (remotePeerId.type === KeyType.Ed25519) {
-        remotePublicKey = new Ed25519PublicKey(remotePeerIdData);
+    const remotePublicKey = PublicKey.decode(marshalledPeerId);
+    const remotePublicKeyData = remotePublicKey.data ?? new Uint8Array(0);
+    let remoteLibp2pPublicKey;
+    if (remotePublicKey.type === KeyType.Ed25519) {
+        remoteLibp2pPublicKey = new Ed25519PublicKey(remotePublicKeyData);
     }
-    else if (remotePeerId.type === KeyType.Secp256k1) {
-        remotePublicKey = new Secp256k1PublicKey(remotePeerIdData);
+    else if (remotePublicKey.type === KeyType.Secp256k1) {
+        remoteLibp2pPublicKey = new Secp256k1PublicKey(remotePublicKeyData);
     }
-    else if (remotePeerId.type === KeyType.RSA) {
-        remotePublicKey = supportedKeys.rsa.unmarshalRsaPublicKey(remotePeerIdData);
+    else if (remotePublicKey.type === KeyType.RSA) {
+        remoteLibp2pPublicKey = supportedKeys.rsa.unmarshalRsaPublicKey(remotePublicKeyData);
     }
     else {
-        throw new Error('Unknown or unsupported key type');
+        log?.error('unknown or unsupported key type', remotePublicKey.type);
+        throw new InvalidCryptoExchangeError('Unknown or unsupported key type');
     }
     // @ts-expect-error deep chain
     const remoteSignature = libp2pKeySequence.valueBlock.value[1].valueBlock.valueHex;
     const dataToVerify = encodeSignatureData(x509Cert.publicKey.rawData);
-    const result = await remotePublicKey.verify(dataToVerify, new Uint8Array(remoteSignature, 0, remoteSignature.byteLength));
+    const result = await remoteLibp2pPublicKey.verify(dataToVerify, new Uint8Array(remoteSignature, 0, remoteSignature.byteLength));
     if (!result) {
-        throw new Error('Could not verify signature');
+        log?.error('invalid libp2p signature');
+        throw new InvalidCryptoExchangeError('Could not verify signature');
+    }
+    const marshalled = marshalPublicKey(remoteLibp2pPublicKey);
+    const remotePeerId = await peerIdFromKeys(marshalled);
+    if (expectedPeerId?.equals(remotePeerId) === false) {
+        log?.error('invalid peer id');
+        throw new UnexpectedPeerError();
     }
-    const marshalled = marshalPublicKey(remotePublicKey);
-    return peerIdFromKeys(marshalled);
+    return remotePeerId;
 }
 export async function generateCertificate(peerId) {
     const now = Date.now();
@@ -154,4 +175,100 @@ function formatAsPem(str) {
     finalString = finalString + '-----END PRIVATE KEY-----';
     return finalString;
 }
+export function itToStream(conn) {
+    const output = pushable();
+    const iterator = conn.source[Symbol.asyncIterator]();
+    const stream = new DuplexStream({
+        autoDestroy: false,
+        allowHalfOpen: true,
+        write(chunk, encoding, callback) {
+            output.push(chunk);
+            callback();
+        },
+        read() {
+            iterator.next()
+                .then(result => {
+                if (result.done === true) {
+                    this.push(null);
+                }
+                else {
+                    this.push(result.value);
+                }
+            }, (err) => {
+                this.destroy(err);
+            });
+        }
+    });
+    // @ts-expect-error return type of sink is unknown
+    conn.sink(output)
+        .catch((err) => {
+        stream.destroy(err);
+    });
+    return stream;
+}
+export function streamToIt(stream) {
+    const output = {
+        source: (async function* () {
+            const output = pushable();
+            stream.addListener('data', (buf) => {
+                output.push(buf.subarray());
+            });
+            // both ends closed
+            stream.addListener('close', () => {
+                output.end();
+            });
+            stream.addListener('error', (err) => {
+                output.end(err);
+            });
+            // just writable end closed
+            stream.addListener('finish', () => {
+                output.end();
+            });
+            try {
+                yield* output;
+            }
+            catch (err) {
+                stream.destroy(err);
+                throw err;
+            }
+        })(),
+        sink: async (source) => {
+            try {
+                for await (const buf of source) {
+                    const sendMore = stream.write(buf.subarray());
+                    if (!sendMore) {
+                        await waitForBackpressure(stream);
+                    }
+                }
+                // close writable end
+                stream.end();
+            }
+            catch (err) {
+                stream.destroy(err);
+                throw err;
+            }
+        }
+    };
+    return output;
+}
+async function waitForBackpressure(stream) {
+    await new Promise((resolve, reject) => {
+        const continueListener = () => {
+            cleanUp();
+            resolve();
+        };
+        const stopListener = (err) => {
+            cleanUp();
+            reject(err ?? new Error('Stream ended'));
+        };
+        const cleanUp = () => {
+            stream.removeListener('drain', continueListener);
+            stream.removeListener('end', stopListener);
+            stream.removeListener('error', stopListener);
+        };
+        stream.addListener('drain', continueListener);
+        stream.addListener('end', stopListener);
+        stream.addListener('error', stopListener);
+    });
+}
 //# sourceMappingURL=utils.js.map

package/dist/src/utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AACpJ,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAA;AACzE,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,KAAK,QAAQ,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAChC,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,QAAQ,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AACtE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAGvD,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAA;AAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AAE/B,MAAM,2BAA2B,GAAG,uBAAuB,CAAA;AAC3D,MAAM,WAAW,GAAG,uBAAuB,CAAA;AAC3C,oHAAoH;AACpH,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,UAAU;AAC3D,6HAA6H;AAC7H,MAAM,uBAAuB,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,aAAa;AAE7E,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAE,cAA0B;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAA;IAEzD,IAAI,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC,kCAAkC,EAAE,yBAAyB,CAAC,CAAA;IACpF,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC;QACtC,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,yBAAyB,CAAC,CAAA;IAC/E,CAAC;IAED,kDAAkD;IAElD,MAAM,wBAAwB,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAEvD,IAAI,wBAAwB,IAAI,IAAI,IAAI,wBAAwB,CAAC,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACtG,MAAM,IAAI,SAAS,CAAC,iEAAiE,EAAE,yBAAyB,CAAC,CAAA;IACnH,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAA;IAEpF,8BAA8B;IAC9B,MAAM,cAAc,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAA;IAChF,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAA;IACrF,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;IACvD,MAAM,gBAAgB,GAAG,YAAY,CAAC,IAAI,IAAI,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IAC/D,IAAI,eAAgC,CAAA;IAEpC,IAAI,YAAY,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC;QAC1C,eAAe,GAAG,IAAI,gBAAgB,CAAC,gBAAgB,CAAC,CAAA;IAC1D,CAAC;SAAM,IAAI,YAAY,CAAC,IAAI,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;QACnD,eAAe,GAAG,IAAI,kBAAkB,CAAC,gBAAgB,CAAC,CAAA;IAC5D,CAAC;SAAM,IAAI,YAAY,CAAC,IAAI,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,qBAAqB,CAAC,gBAAgB,CAAC,CAAA;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;IACpD,CAAC;IAED,8BAA8B;IAC9B,MAAM,eAAe,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAA;IACjF,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACpE,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,CAAA;IAEzH,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;IAC/C,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,eAAe,CAAC,CAAA;IAEpD,OAAO,cAAc,CAAC,UAAU,CAAC,CAAA;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAE,MAAc;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAEtB,MAAM,GAAG,GAAG;QACV,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,OAAO;QACnB,IAAI,EAAE,SAAS;KAChB,CAAA;IAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IAEjE,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IAC/E,MAAM,UAAU,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,CAAA;IAEzD,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAA;IAC7E,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAC/D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAE7C,IAAI,OAAgB,CAAA;IACpB,IAAI,OAAmB,CAAA;IAEvB,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,gCAAgC,EAAE,qBAAqB,CAAC,CAAA;IAC9E,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAEtD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,+CAA+C;QAC/C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QACzB,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAA;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QACvC,mEAAmE;QACnE,OAAO,GAAG,OAAO,CAAC,SAAS,CAAA;QAC3B,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAA;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QACjC,gGAAgG;QAChG,OAAO,GAAG,OAAO,CAAC,GAAG,CAAA;QACrB,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAA;IAC/B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;QACpE,YAAY,EAAE,kBAAkB,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;QACrF,IAAI,EAAE,EAAE;QACR,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,yBAAyB,CAAC;QACpD,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,uBAAuB,CAAC;QACjD,gBAAgB,EAAE,GAAG;QACrB,IAAI;QACJ,UAAU,EAAE;YACV,IAAI,IAAI,CAAC,SAAS,CAAC,2BAA2B,EAAE,IAAI,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC;gBACxE,KAAK,EAAE;oBACL,YAAY;oBACZ,IAAI,MAAM,CAAC,WAAW,CAAC;wBACrB,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC;4BACzB,IAAI,EAAE,OAAO;4BACb,IAAI,EAAE,OAAO;yBACd,CAAC;qBACH,CAAC;oBACF,YAAY;oBACZ,IAAI,MAAM,CAAC,WAAW,CAAC;wBACrB,QAAQ,EAAE,GAAG;qBACd,CAAC;iBACH;aACF,CAAC,CAAC,KAAK,EAAE,CAAC;SACZ;KACF,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;IAEjF,OAAO;QACL,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE;QACzB,GAAG,EAAE,SAAS,CAAC,kBAAkB,CAAC;KACnC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAE,aAA0B;IAC7D,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,oBAAoB,CAAC,CAAA;IAC9E,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAE3C,OAAO,gBAAgB,CAAC;QACtB,oBAAoB,CAAC,WAAW,CAAC;QACjC,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,SAAS,CAAE,OAAoB;IACtC,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAA;AAC3E,CAAC;AAED,SAAS,WAAW,CAAE,GAAW;IAC/B,IAAI,WAAW,GAAG,+BAA+B,CAAA;IAEjD,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,WAAW,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAA;QAC1C,GAAG,GAAG,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IACzB,CAAC;IAED,WAAW,GAAG,WAAW,GAAG,2BAA2B,CAAA;IAEvD,OAAO,WAAW,CAAA;AACpB,CAAC"}
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,YAAY,EAAE,MAAM,aAAa,CAAA;AACpD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,aAAa,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAA;AACpJ,OAAO,EAAE,SAAS,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAC9F,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,KAAK,QAAQ,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAA;AAC5C,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAA;AACtC,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAA;AAChC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AACtC,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAC5E,OAAO,EAAE,QAAQ,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AACtE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAA;AAKvD,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAA;AAC3B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;AAE/B,MAAM,2BAA2B,GAAG,uBAAuB,CAAA;AAC3D,MAAM,WAAW,GAAG,uBAAuB,CAAA;AAC3C,oHAAoH;AACpH,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,UAAU;AAC3D,6HAA6H;AAC7H,MAAM,uBAAuB,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,aAAa;AAE7E,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAE,cAA0B,EAAE,cAAuB,EAAE,GAAY;IAC5G,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,QAAQ,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAA;IAEzD,IAAI,QAAQ,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC;QACvC,GAAG,EAAE,KAAK,CAAC,mCAAmC,CAAC,CAAA;QAC/C,MAAM,IAAI,SAAS,CAAC,kCAAkC,EAAE,yBAAyB,CAAC,CAAA;IACpF,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,GAAG,EAAE,CAAC;QACtC,GAAG,EAAE,KAAK,CAAC,6BAA6B,CAAC,CAAA;QACzC,MAAM,IAAI,SAAS,CAAC,6BAA6B,EAAE,yBAAyB,CAAC,CAAA;IAC/E,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAA;IAElD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,GAAG,EAAE,KAAK,CAAC,wCAAwC,CAAC,CAAA;QACpD,MAAM,IAAI,0BAA0B,CAAC,oCAAoC,CAAC,CAAA;IAC5E,CAAC;IAED,MAAM,gBAAgB,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,CAAA;IAEtD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,GAAG,EAAE,KAAK,CAAC,iCAAiC,CAAC,CAAA;QAC7C,MAAM,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAA;IACzE,CAAC;IAED,MAAM,wBAAwB,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAEvD,IAAI,wBAAwB,IAAI,IAAI,IAAI,wBAAwB,CAAC,IAAI,KAAK,2BAA2B,EAAE,CAAC;QACtG,GAAG,EAAE,KAAK,CAAC,iEAAiE,CAAC,CAAA;QAC7E,MAAM,IAAI,SAAS,CAAC,iEAAiE,EAAE,yBAAyB,CAAC,CAAA;IACnH,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAA;IAEpF,8BAA8B;IAC9B,MAAM,cAAc,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAA;IAChF,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAA;IACrF,MAAM,eAAe,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;IAC1D,MAAM,mBAAmB,GAAG,eAAe,CAAC,IAAI,IAAI,IAAI,UAAU,CAAC,CAAC,CAAC,CAAA;IACrE,IAAI,qBAAsC,CAAA;IAE1C,IAAI,eAAe,CAAC,IAAI,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC;QAC7C,qBAAqB,GAAG,IAAI,gBAAgB,CAAC,mBAAmB,CAAC,CAAA;IACnE,CAAC;SAAM,IAAI,eAAe,CAAC,IAAI,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;QACtD,qBAAqB,GAAG,IAAI,kBAAkB,CAAC,mBAAmB,CAAC,CAAA;IACrE,CAAC;SAAM,IAAI,eAAe,CAAC,IAAI,KAAK,OAAO,CAAC,GAAG,EAAE,CAAC;QAChD,qBAAqB,GAAG,aAAa,CAAC,GAAG,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,CAAA;IACtF,CAAC;SAAM,CAAC;QACN,GAAG,EAAE,KAAK,CAAC,iCAAiC,EAAE,eAAe,CAAC,IAAI,CAAC,CAAA;QACnE,MAAM,IAAI,0BAA0B,CAAC,iCAAiC,CAAC,CAAA;IACzE,CAAC;IAED,8BAA8B;IAC9B,MAAM,eAAe,GAAG,iBAAiB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAA;IACjF,MAAM,YAAY,GAAG,mBAAmB,CAAC,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IACpE,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,CAAA;IAE/H,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,EAAE,KAAK,CAAC,0BAA0B,CAAC,CAAA;QACtC,MAAM,IAAI,0BAA0B,CAAC,4BAA4B,CAAC,CAAA;IACpE,CAAC;IAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,qBAAqB,CAAC,CAAA;IAC1D,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,UAAU,CAAC,CAAA;IAErD,IAAI,cAAc,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK,KAAK,EAAE,CAAC;QACnD,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,CAAA;QAC7B,MAAM,IAAI,mBAAmB,EAAE,CAAA;IACjC,CAAC;IAED,OAAO,YAAY,CAAA;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAE,MAAc;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAEtB,MAAM,GAAG,GAAG;QACV,IAAI,EAAE,OAAO;QACb,UAAU,EAAE,OAAO;QACnB,IAAI,EAAE,SAAS;KAChB,CAAA;IAED,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAA;IAEjE,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IAC/E,MAAM,UAAU,GAAG,mBAAmB,CAAC,iBAAiB,CAAC,CAAA;IAEzD,IAAI,MAAM,CAAC,UAAU,IAAI,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAA;IAC7E,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAC/D,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IAE7C,IAAI,OAAgB,CAAA;IACpB,IAAI,OAAmB,CAAA;IAEvB,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,gCAAgC,EAAE,qBAAqB,CAAC,CAAA;IAC9E,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IAEtD,IAAI,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,+CAA+C;QAC/C,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;QACzB,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAA;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QACvC,mEAAmE;QACnE,OAAO,GAAG,OAAO,CAAC,SAAS,CAAA;QAC3B,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAA;IAC/B,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QACjC,gGAAgG;QAChG,OAAO,GAAG,OAAO,CAAC,GAAG,CAAA;QACrB,OAAO,GAAG,SAAS,CAAC,OAAO,EAAE,CAAA;IAC/B,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;QACpE,YAAY,EAAE,kBAAkB,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC;QACrF,IAAI,EAAE,EAAE;QACR,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,yBAAyB,CAAC;QACpD,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,uBAAuB,CAAC;QACjD,gBAAgB,EAAE,GAAG;QACrB,IAAI;QACJ,UAAU,EAAE;YACV,IAAI,IAAI,CAAC,SAAS,CAAC,2BAA2B,EAAE,IAAI,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC;gBACxE,KAAK,EAAE;oBACL,YAAY;oBACZ,IAAI,MAAM,CAAC,WAAW,CAAC;wBACrB,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC;4BACzB,IAAI,EAAE,OAAO;4BACb,IAAI,EAAE,OAAO;yBACd,CAAC;qBACH,CAAC;oBACF,YAAY;oBACZ,IAAI,MAAM,CAAC,WAAW,CAAC;wBACrB,QAAQ,EAAE,GAAG;qBACd,CAAC;iBACH;aACF,CAAC,CAAC,KAAK,EAAE,CAAC;SACZ;KACF,CAAC,CAAA;IAEF,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;IAEjF,OAAO;QACL,IAAI,EAAE,QAAQ,CAAC,QAAQ,EAAE;QACzB,GAAG,EAAE,SAAS,CAAC,kBAAkB,CAAC;KACnC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAE,aAA0B;IAC7D,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,oBAAoB,CAAC,CAAA;IAC9E,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,CAAC,OAAO,CAAC,CAAA;IAE3C,OAAO,gBAAgB,CAAC;QACtB,oBAAoB,CAAC,WAAW,CAAC;QACjC,IAAI,UAAU,CAAC,KAAK,EAAE,CAAC,EAAE,KAAK,CAAC,UAAU,CAAC;KAC3C,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,SAAS,CAAE,OAAoB;IACtC,OAAO,WAAW,CAAC,kBAAkB,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAA;AAC3E,CAAC;AAED,SAAS,WAAW,CAAE,GAAW;IAC/B,IAAI,WAAW,GAAG,+BAA+B,CAAA;IAEjD,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,WAAW,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,IAAI,CAAA;QAC1C,GAAG,GAAG,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IACzB,CAAC;IAED,WAAW,GAAG,WAAW,GAAG,2BAA2B,CAAA;IAEvD,OAAO,WAAW,CAAA;AACpB,CAAC;AAED,MAAM,UAAU,UAAU,CAAE,IAAyD;IACnF,MAAM,MAAM,GAAG,QAAQ,EAAE,CAAA;IACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,EAAgC,CAAA;IAElF,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC;QAC9B,WAAW,EAAE,KAAK;QAClB,aAAa,EAAE,IAAI;QACnB,KAAK,CAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ;YAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YAClB,QAAQ,EAAE,CAAA;QACZ,CAAC;QACD,IAAI;YACF,QAAQ,CAAC,IAAI,EAAE;iBACZ,IAAI,CAAC,MAAM,CAAC,EAAE;gBACb,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,EAAE,CAAC;oBACzB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBACjB,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;gBACzB,CAAC;YACH,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE;gBACT,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YACnB,CAAC,CAAC,CAAA;QACN,CAAC;KACF,CAAC,CAAA;IAEF,kDAAkD;IAClD,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;SACd,KAAK,CAAC,CAAC,GAAQ,EAAE,EAAE;QAClB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACrB,CAAC,CAAC,CAAA;IAEJ,OAAO,MAAM,CAAA;AACf,CAAC;AAED,MAAM,UAAU,UAAU,CAAE,MAAoB;IAC9C,MAAM,MAAM,GAAwD;QAClE,MAAM,EAAE,CAAC,KAAK,SAAU,CAAC;YACvB,MAAM,MAAM,GAAG,QAAQ,EAAc,CAAA;YAErC,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;gBACjC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC7B,CAAC,CAAC,CAAA;YACF,mBAAmB;YACnB,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC/B,MAAM,CAAC,GAAG,EAAE,CAAA;YACd,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAClC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YACjB,CAAC,CAAC,CAAA;YACF,2BAA2B;YAC3B,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,GAAG,EAAE;gBAChC,MAAM,CAAC,GAAG,EAAE,CAAA;YACd,CAAC,CAAC,CAAA;YAEF,IAAI,CAAC;gBACH,KAAM,CAAC,CAAC,MAAM,CAAA;YAChB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACnB,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC,CAAC,EAAE;QACJ,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YACrB,IAAI,CAAC;gBACH,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;oBAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAA;oBAE7C,IAAI,CAAC,QAAQ,EAAE,CAAC;wBACd,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAA;oBACnC,CAAC;gBACH,CAAC;gBAED,qBAAqB;gBACrB,MAAM,CAAC,GAAG,EAAE,CAAA;YACd,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACnB,MAAM,GAAG,CAAA;YACX,CAAC;QACH,CAAC;KACF,CAAA;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAE,MAAoB;IACtD,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,gBAAgB,GAAG,GAAS,EAAE;YAClC,OAAO,EAAE,CAAA;YACT,OAAO,EAAE,CAAA;QACX,CAAC,CAAA;QACD,MAAM,YAAY,GAAG,CAAC,GAAW,EAAQ,EAAE;YACzC,OAAO,EAAE,CAAA;YACT,MAAM,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC,CAAA;QAC1C,CAAC,CAAA;QAED,MAAM,OAAO,GAAG,GAAS,EAAE;YACzB,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;YAChD,MAAM,CAAC,cAAc,CAAC,KAAK,EAAE,YAAY,CAAC,CAAA;YAC1C,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAC9C,CAAC,CAAA;QAED,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAA;QAC7C,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,YAAY,CAAC,CAAA;QACvC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IAC3C,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@libp2p/tls",
-  "version": "0.0.0",
+  "version": "1.0.0-0c7bbbb07",
   "description": "A connection encrypter that uses TLS 1.3",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/connection-encrypter-tls#readme",
@@ -11,6 +11,10 @@
   "bugs": {
     "url": "https://github.com/libp2p/js-libp2p/issues"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "type": "module",
   "types": "./dist/src/index.d.ts",
   "files": [
@@ -43,28 +47,27 @@
     "dep-check": "aegir dep-check"
   },
   "dependencies": {
-    "@libp2p/crypto": "^4.0.1",
-    "@libp2p/interface": "^1.1.2",
-    "@libp2p/peer-id": "^4.0.5",
+    "@libp2p/crypto": "4.0.2-0c7bbbb07",
+    "@libp2p/interface": "1.1.3-0c7bbbb07",
+    "@libp2p/peer-id": "4.0.6-0c7bbbb07",
     "@peculiar/asn1-schema": "^2.3.8",
     "@peculiar/asn1-x509": "^2.3.8",
     "@peculiar/webcrypto": "^1.4.5",
-    "@peculiar/x509": "^1.9.6",
+    "@peculiar/x509": "^1.9.7",
     "asn1js": "^3.0.5",
+    "it-pushable": "^3.2.3",
     "it-stream-types": "^2.0.1",
-    "it-to-stream": "^1.0.0",
-    "protons-runtime": "^5.0.0",
-    "stream-to-it": "^0.2.4",
-    "uint8arraylist": "^2.4.7",
+    "protons-runtime": "^5.4.0",
+    "uint8arraylist": "^2.4.8",
     "uint8arrays": "^5.0.1"
   },
   "devDependencies": {
-    "@libp2p/interface-compliance-tests": "^5.2.0",
-    "@libp2p/logger": "^4.0.5",
-    "@libp2p/peer-id-factory": "^4.0.5",
-    "@multiformats/multiaddr": "^12.1.10",
-    "aegir": "^42.0.0",
-    "protons": "^7.3.0",
+    "@libp2p/interface-compliance-tests": "5.3.0-0c7bbbb07",
+    "@libp2p/logger": "4.0.6-0c7bbbb07",
+    "@libp2p/peer-id-factory": "4.0.6-0c7bbbb07",
+    "@multiformats/multiaddr": "^12.1.14",
+    "aegir": "^42.2.3",
+    "protons": "^7.5.0",
     "sinon": "^17.0.1"
   },
   "sideEffects": false

package/src/index.ts

@@ -18,18 +18,10 @@
  * ```
  */
 
-import { TLSSocket, type TLSSocketOptions, connect } from 'node:tls'
-import { UnexpectedPeerError } from '@libp2p/interface'
-// @ts-expect-error no types
-import itToStream from 'it-to-stream'
-// @ts-expect-error no types
-import streamToIt from 'stream-to-it'
-import { generateCertificate, verifyPeerCertificate } from './utils.js'
-import type { ComponentLogger, MultiaddrConnection, ConnectionEncrypter, SecuredConnection, PeerId } from '@libp2p/interface'
-import type { Duplex } from 'it-stream-types'
-import type { Uint8ArrayList } from 'uint8arraylist'
+import { TLS } from './tls.js'
+import type { ComponentLogger, ConnectionEncrypter } from '@libp2p/interface'
 
-const PROTOCOL = '/tls/1.0.0'
+export const PROTOCOL = '/tls/1.0.0'
 
 export interface TLSComponents {
   logger: ComponentLogger
@@ -43,83 +35,6 @@ export interface TLSInit {
   timeout?: number
 }
 
-class TLS implements ConnectionEncrypter {
-  public protocol: string = PROTOCOL
-  // private readonly log: Logger
-  // private readonly timeout: number
-
-  // constructor (components: TLSComponents, init: TLSInit = {}) {
-  //   this.log = components.logger.forComponent('libp2p:tls')
-  //   this.timeout = init.timeout ?? 1000
-  // }
-
-  async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
-    return this._encrypt(localId, conn, false, remoteId)
-  }
-
-  async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
-    return this._encrypt(localId, conn, true, remoteId)
-  }
-
-  /**
-   * Encrypt connection
-   */
-  async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, isServer: boolean, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
-    const opts: TLSSocketOptions = {
-      ...await generateCertificate(localId),
-      isServer,
-      requestCert: true,
-      // accept self-signed certificates from clients
-      rejectUnauthorized: false,
-      // require TLS 1.3 or later
-      minVersion: 'TLSv1.3'
-    }
-
-    let socket: TLSSocket
-
-    if (isServer) {
-      socket = new TLSSocket(itToStream.duplex(conn), opts)
-    } else {
-      socket = connect({
-        socket: itToStream.duplex(conn),
-        ...opts
-      })
-    }
-
-    return new Promise((resolve, reject) => {
-      function verifyRemote (): void {
-        const remote = socket.getPeerCertificate()
-
-        verifyPeerCertificate(remote.raw)
-          .then(remotePeer => {
-            if (remoteId?.equals(remotePeer) === false) {
-              throw new UnexpectedPeerError()
-            }
-
-            const outputStream = streamToIt.duplex(socket)
-            conn.source = outputStream.source
-            conn.sink = outputStream.sink
-
-            resolve({
-              remotePeer,
-              conn
-            })
-          })
-          .catch(err => {
-            reject(err)
-          })
-      }
-
-      socket.on('error', err => {
-        reject(err)
-      })
-      socket.on('secure', (evt) => {
-        verifyRemote()
-      })
-    })
-  }
-}
-
 export function tls (init?: TLSInit): (components: TLSComponents) => ConnectionEncrypter {
-  return (components) => new TLS()
+  return (components) => new TLS(components, init)
 }

package/src/tls.ts

@@ -0,0 +1,115 @@
+/**
+ * @packageDocumentation
+ *
+ * Implements the spec at https://github.com/libp2p/specs/blob/master/tls/tls.md
+ *
+ * @example
+ *
+ * ```typescript
+ * import { createLibp2p } from 'libp2p'
+ * import { tls } from '@libp2p/tls'
+ *
+ * const node = await createLibp2p({
+ *   // ...other options
+ *   connectionEncryption: [
+ *     tls()
+ *   ]
+ * })
+ * ```
+ */
+
+import { TLSSocket, type TLSSocketOptions, connect } from 'node:tls'
+import { CodeError } from '@libp2p/interface'
+import { generateCertificate, verifyPeerCertificate, itToStream, streamToIt } from './utils.js'
+import { PROTOCOL } from './index.js'
+import type { TLSComponents, TLSInit } from './index.js'
+import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, PeerId, Logger } from '@libp2p/interface'
+import type { Duplex } from 'it-stream-types'
+import type { Uint8ArrayList } from 'uint8arraylist'
+
+export class TLS implements ConnectionEncrypter {
+  public protocol: string = PROTOCOL
+  private readonly log: Logger
+  private readonly timeout: number
+
+  constructor (components: TLSComponents, init: TLSInit = {}) {
+    this.log = components.logger.forComponent('libp2p:tls')
+    this.timeout = init.timeout ?? 1000
+  }
+
+  async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
+    return this._encrypt(localId, conn, false, remoteId)
+  }
+
+  async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
+    return this._encrypt(localId, conn, true, remoteId)
+  }
+
+  /**
+   * Encrypt connection
+   */
+  async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, isServer: boolean, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
+    const opts: TLSSocketOptions = {
+      ...await generateCertificate(localId),
+      isServer,
+      // require TLS 1.3 or later
+      minVersion: 'TLSv1.3',
+      maxVersion: 'TLSv1.3',
+      // accept self-signed certificates
+      rejectUnauthorized: false
+    }
+
+    let socket: TLSSocket
+
+    if (isServer) {
+      socket = new TLSSocket(itToStream(conn), {
+        ...opts,
+        // require clients to send certificates
+        requestCert: true
+      })
+    } else {
+      socket = connect({
+        socket: itToStream(conn),
+        ...opts
+      })
+    }
+
+    return new Promise((resolve, reject) => {
+      const abortTimeout = setTimeout(() => {
+        socket.destroy(new CodeError('Handshake timeout', 'ERR_HANDSHAKE_TIMEOUT'))
+      }, this.timeout)
+
+      const verifyRemote = (): void => {
+        const remote = socket.getPeerCertificate()
+
+        verifyPeerCertificate(remote.raw, remoteId, this.log)
+          .then(remotePeer => {
+            this.log('remote certificate ok, remote peer %p', remotePeer)
+
+            resolve({
+              remotePeer,
+              conn: {
+                ...conn,
+                ...streamToIt(socket)
+              }
+            })
+          })
+          .catch(err => {
+            reject(err)
+          })
+          .finally(() => {
+            clearTimeout(abortTimeout)
+          })
+      }
+
+      socket.on('error', err => {
+        reject(err)
+        clearTimeout(abortTimeout)
+      })
+      socket.on('secure', (evt) => {
+        this.log('verifying remote certificate')
+        verifyRemote()
+      })
+    })
+  }
+}

package/src/utils.ts

@@ -1,16 +1,20 @@
+import { Duplex as DuplexStream } from 'node:stream'
 import { Ed25519PublicKey, Secp256k1PublicKey, marshalPublicKey, supportedKeys, unmarshalPrivateKey, unmarshalPublicKey } from '@libp2p/crypto/keys'
-import { CodeError, InvalidCryptoExchangeError } from '@libp2p/interface'
+import { CodeError, InvalidCryptoExchangeError, UnexpectedPeerError } from '@libp2p/interface'
 import { peerIdFromKeys } from '@libp2p/peer-id'
 import { AsnConvert } from '@peculiar/asn1-schema'
 import * as asn1X509 from '@peculiar/asn1-x509'
 import { Crypto } from '@peculiar/webcrypto'
 import * as x509 from '@peculiar/x509'
 import * as asn1js from 'asn1js'
+import { pushable } from 'it-pushable'
 import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { KeyType, PublicKey } from '../src/pb/index.js'
-import type { PeerId, PublicKey as Libp2pPublicKey } from '@libp2p/interface'
+import type { PeerId, PublicKey as Libp2pPublicKey, Logger } from '@libp2p/interface'
+import type { Duplex } from 'it-stream-types'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 const crypto = new Crypto()
 x509.cryptoProvider.set(crypto)
@@ -22,23 +26,38 @@ const CERT_VALIDITY_PERIOD_FROM = 60 * 60 * 1000 // ~1 hour
 // https://github.com/libp2p/go-libp2p/blob/28c0f6ab32cd69e4b18e9e4b550ef6ce059a9d1a/p2p/security/tls/crypto.go#L24C28-L24C44
 const CERT_VALIDITY_PERIOD_TO = 100 * 365 * 24 * 60 * 60 * 1000 // ~100 years
 
-export async function verifyPeerCertificate (rawCertificate: Uint8Array): Promise<PeerId> {
+export async function verifyPeerCertificate (rawCertificate: Uint8Array, expectedPeerId?: PeerId, log?: Logger): Promise<PeerId> {
   const now = Date.now()
   const x509Cert = new x509.X509Certificate(rawCertificate)
 
   if (x509Cert.notBefore.getTime() > now) {
+    log?.error('the certificate was not valid yet')
     throw new CodeError('The certificate is not valid yet', 'ERR_INVALID_CERTIFICATE')
   }
 
   if (x509Cert.notAfter.getTime() < now) {
+    log?.error('the certificate has expired')
     throw new CodeError('The certificate has expired', 'ERR_INVALID_CERTIFICATE')
   }
 
-  // TODO: assert chain is only one certificate long
+  const certSignatureValid = await x509Cert.verify()
+
+  if (!certSignatureValid) {
+    log?.error('certificate self signature was invalid')
+    throw new InvalidCryptoExchangeError('Invalid certificate self signature')
+  }
+
+  const certIsSelfSigned = await x509Cert.isSelfSigned()
+
+  if (!certIsSelfSigned) {
+    log?.error('certificate must be self signed')
+    throw new InvalidCryptoExchangeError('Certificate must be self signed')
+  }
 
   const libp2pPublicKeyExtension = x509Cert.extensions[0]
 
   if (libp2pPublicKeyExtension == null || libp2pPublicKeyExtension.type !== LIBP2P_PUBLIC_KEY_EXTENSION) {
+    log?.error('the certificate did not include the libp2p public key extension')
     throw new CodeError('The certificate did not include the libp2p public key extension', 'ERR_INVALID_CERTIFICATE')
   }
 
@@ -47,32 +66,40 @@ export async function verifyPeerCertificate (rawCertificate: Uint8Array): Promis
   // @ts-expect-error deep chain
   const remotePeerIdPb = libp2pKeySequence.valueBlock.value[0].valueBlock.valueHex
   const marshalledPeerId = new Uint8Array(remotePeerIdPb, 0, remotePeerIdPb.byteLength)
-  const remotePeerId = PublicKey.decode(marshalledPeerId)
-  const remotePeerIdData = remotePeerId.data ?? new Uint8Array(0)
-  let remotePublicKey: Libp2pPublicKey
-
-  if (remotePeerId.type === KeyType.Ed25519) {
-    remotePublicKey = new Ed25519PublicKey(remotePeerIdData)
-  } else if (remotePeerId.type === KeyType.Secp256k1) {
-    remotePublicKey = new Secp256k1PublicKey(remotePeerIdData)
-  } else if (remotePeerId.type === KeyType.RSA) {
-    remotePublicKey = supportedKeys.rsa.unmarshalRsaPublicKey(remotePeerIdData)
+  const remotePublicKey = PublicKey.decode(marshalledPeerId)
+  const remotePublicKeyData = remotePublicKey.data ?? new Uint8Array(0)
+  let remoteLibp2pPublicKey: Libp2pPublicKey
+
+  if (remotePublicKey.type === KeyType.Ed25519) {
+    remoteLibp2pPublicKey = new Ed25519PublicKey(remotePublicKeyData)
+  } else if (remotePublicKey.type === KeyType.Secp256k1) {
+    remoteLibp2pPublicKey = new Secp256k1PublicKey(remotePublicKeyData)
+  } else if (remotePublicKey.type === KeyType.RSA) {
+    remoteLibp2pPublicKey = supportedKeys.rsa.unmarshalRsaPublicKey(remotePublicKeyData)
   } else {
-    throw new Error('Unknown or unsupported key type')
+    log?.error('unknown or unsupported key type', remotePublicKey.type)
+    throw new InvalidCryptoExchangeError('Unknown or unsupported key type')
   }
 
   // @ts-expect-error deep chain
   const remoteSignature = libp2pKeySequence.valueBlock.value[1].valueBlock.valueHex
   const dataToVerify = encodeSignatureData(x509Cert.publicKey.rawData)
-  const result = await remotePublicKey.verify(dataToVerify, new Uint8Array(remoteSignature, 0, remoteSignature.byteLength))
+  const result = await remoteLibp2pPublicKey.verify(dataToVerify, new Uint8Array(remoteSignature, 0, remoteSignature.byteLength))
 
   if (!result) {
-    throw new Error('Could not verify signature')
+    log?.error('invalid libp2p signature')
+    throw new InvalidCryptoExchangeError('Could not verify signature')
   }
 
-  const marshalled = marshalPublicKey(remotePublicKey)
+  const marshalled = marshalPublicKey(remoteLibp2pPublicKey)
+  const remotePeerId = await peerIdFromKeys(marshalled)
 
-  return peerIdFromKeys(marshalled)
+  if (expectedPeerId?.equals(remotePeerId) === false) {
+    log?.error('invalid peer id')
+    throw new UnexpectedPeerError()
+  }
+
+  return remotePeerId
 }
 
 export async function generateCertificate (peerId: PeerId): Promise<{ cert: string, key: string }> {
@@ -184,3 +211,109 @@ function formatAsPem (str: string): string {
 
   return finalString
 }
+
+export function itToStream (conn: Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>>): DuplexStream {
+  const output = pushable()
+  const iterator = conn.source[Symbol.asyncIterator]() as AsyncGenerator<Uint8Array>
+
+  const stream = new DuplexStream({
+    autoDestroy: false,
+    allowHalfOpen: true,
+    write (chunk, encoding, callback) {
+      output.push(chunk)
+      callback()
+    },
+    read () {
+      iterator.next()
+        .then(result => {
+          if (result.done === true) {
+            this.push(null)
+          } else {
+            this.push(result.value)
+          }
+        }, (err) => {
+          this.destroy(err)
+        })
+    }
+  })
+
+  // @ts-expect-error return type of sink is unknown
+  conn.sink(output)
+    .catch((err: any) => {
+      stream.destroy(err)
+    })
+
+  return stream
+}
+
+export function streamToIt (stream: DuplexStream): Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> {
+  const output: Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = {
+    source: (async function * () {
+      const output = pushable<Uint8Array>()
+
+      stream.addListener('data', (buf) => {
+        output.push(buf.subarray())
+      })
+      // both ends closed
+      stream.addListener('close', () => {
+        output.end()
+      })
+      stream.addListener('error', (err) => {
+        output.end(err)
+      })
+      // just writable end closed
+      stream.addListener('finish', () => {
+        output.end()
+      })
+
+      try {
+        yield * output
+      } catch (err: any) {
+        stream.destroy(err)
+        throw err
+      }
+    })(),
+    sink: async (source) => {
+      try {
+        for await (const buf of source) {
+          const sendMore = stream.write(buf.subarray())
+
+          if (!sendMore) {
+            await waitForBackpressure(stream)
+          }
+        }
+
+        // close writable end
+        stream.end()
+      } catch (err: any) {
+        stream.destroy(err)
+        throw err
+      }
+    }
+  }
+
+  return output
+}
+
+async function waitForBackpressure (stream: DuplexStream): Promise<void> {
+  await new Promise<void>((resolve, reject) => {
+    const continueListener = (): void => {
+      cleanUp()
+      resolve()
+    }
+    const stopListener = (err?: Error): void => {
+      cleanUp()
+      reject(err ?? new Error('Stream ended'))
+    }
+
+    const cleanUp = (): void => {
+      stream.removeListener('drain', continueListener)
+      stream.removeListener('end', stopListener)
+      stream.removeListener('error', stopListener)
+    }
+
+    stream.addListener('drain', continueListener)
+    stream.addListener('end', stopListener)
+    stream.addListener('error', stopListener)
+  })
+}

package/dist/typedoc-urls.json

@@ -1,8 +0,0 @@
-{
-  "TLSComponents": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_tls.TLSComponents.html",
-  ".:TLSComponents": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_tls.TLSComponents.html",
-  "TLSInit": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_tls.TLSInit.html",
-  ".:TLSInit": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_tls.TLSInit.html",
-  "tls": "https://libp2p.github.io/js-libp2p/functions/_libp2p_tls.tls.html",
-  ".:tls": "https://libp2p.github.io/js-libp2p/functions/_libp2p_tls.tls.html"
-}