@libp2p/tls 2.0.17 → 2.0.18-3f127b610
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/index.d.ts +2 -1
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js.map +1 -1
- package/dist/src/tls.d.ts +2 -1
- package/dist/src/tls.d.ts.map +1 -1
- package/dist/src/tls.js +57 -11
- package/dist/src/tls.js.map +1 -1
- package/package.json +5 -5
- package/src/index.ts +2 -1
- package/src/tls.ts +69 -12
- package/dist/typedoc-urls.json +0 -8
package/dist/src/index.d.ts
CHANGED
|
@@ -17,11 +17,12 @@
|
|
|
17
17
|
* })
|
|
18
18
|
* ```
|
|
19
19
|
*/
|
|
20
|
-
import type { ComponentLogger, ConnectionEncrypter, PrivateKey } from '@libp2p/interface';
|
|
20
|
+
import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey } from '@libp2p/interface';
|
|
21
21
|
export declare const PROTOCOL = "/tls/1.0.0";
|
|
22
22
|
export interface TLSComponents {
|
|
23
23
|
privateKey: PrivateKey;
|
|
24
24
|
logger: ComponentLogger;
|
|
25
|
+
metrics?: Metrics;
|
|
25
26
|
}
|
|
26
27
|
export declare function tls(): (components: TLSComponents) => ConnectionEncrypter;
|
|
27
28
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/src/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAElG,eAAO,MAAM,QAAQ,eAAe,CAAA;AAEpC,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,UAAU,CAAA;IACtB,MAAM,EAAE,eAAe,CAAA;IACvB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,wBAAgB,GAAG,IAAK,CAAC,UAAU,EAAE,aAAa,KAAK,mBAAmB,CAEzE"}
|
package/dist/src/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAA;AAQpC,MAAM,UAAU,GAAG;IACjB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAA;AAC5C,CAAC"}
|
package/dist/src/tls.d.ts
CHANGED
|
@@ -25,7 +25,8 @@ import type { Uint8ArrayList } from 'uint8arraylist';
|
|
|
25
25
|
export declare class TLS implements ConnectionEncrypter {
|
|
26
26
|
protocol: string;
|
|
27
27
|
private readonly log;
|
|
28
|
-
private readonly
|
|
28
|
+
private readonly components;
|
|
29
|
+
private readonly metrics;
|
|
29
30
|
constructor(components: TLSComponents);
|
|
30
31
|
readonly [Symbol.toStringTag] = "@libp2p/tls";
|
|
31
32
|
readonly [serviceCapabilities]: string[];
|
package/dist/src/tls.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAIvD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC/C,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,iBAAiB,EAAU,uBAAuB,
|
|
1
|
+
{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAIvD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC/C,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,iBAAiB,EAAU,uBAAuB,EAAgB,MAAM,mBAAmB,CAAA;AACnJ,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAEpD,qBAAa,GAAI,YAAW,mBAAmB;IACtC,QAAQ,EAAE,MAAM,CAAW;IAClC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAQ;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAe;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CASvB;gBAEY,UAAU,EAAE,aAAa;IA2BtC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,iBAAgB;IAE7C,QAAQ,CAAC,CAAC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAEvC;IAEK,aAAa,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAI9L,cAAc,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAIrM;;OAEG;IACG,QAAQ,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;CA2FnN"}
|
package/dist/src/tls.js
CHANGED
|
@@ -25,10 +25,33 @@ import { PROTOCOL } from './index.js';
|
|
|
25
25
|
export class TLS {
|
|
26
26
|
protocol = PROTOCOL;
|
|
27
27
|
log;
|
|
28
|
-
|
|
28
|
+
components;
|
|
29
|
+
metrics;
|
|
29
30
|
constructor(components) {
|
|
30
31
|
this.log = components.logger.forComponent('libp2p:tls');
|
|
31
|
-
this.
|
|
32
|
+
this.components = components;
|
|
33
|
+
this.metrics = {
|
|
34
|
+
server: {
|
|
35
|
+
events: components.metrics?.registerCounterGroup('libp2p_tls_server_events_total', {
|
|
36
|
+
label: 'event',
|
|
37
|
+
help: 'Total count of TLS connection encryption events by type'
|
|
38
|
+
}),
|
|
39
|
+
errors: components.metrics?.registerCounterGroup('libp2p_tls_server_errors_total', {
|
|
40
|
+
label: 'event',
|
|
41
|
+
help: 'Total count of TLS connection encryption errors by type'
|
|
42
|
+
})
|
|
43
|
+
},
|
|
44
|
+
client: {
|
|
45
|
+
events: components.metrics?.registerCounterGroup('libp2p_tls_server_events_total', {
|
|
46
|
+
label: 'event',
|
|
47
|
+
help: 'Total count of TLS connection encryption events by type'
|
|
48
|
+
}),
|
|
49
|
+
errors: components.metrics?.registerCounterGroup('libp2p_tls_server_errors_total', {
|
|
50
|
+
label: 'event',
|
|
51
|
+
help: 'Total count of TLS connection encryption errors by type'
|
|
52
|
+
})
|
|
53
|
+
}
|
|
54
|
+
};
|
|
32
55
|
}
|
|
33
56
|
[Symbol.toStringTag] = '@libp2p/tls';
|
|
34
57
|
[serviceCapabilities] = [
|
|
@@ -45,7 +68,7 @@ export class TLS {
|
|
|
45
68
|
*/
|
|
46
69
|
async _encrypt(conn, isServer, options) {
|
|
47
70
|
const opts = {
|
|
48
|
-
...await generateCertificate(this.privateKey),
|
|
71
|
+
...await generateCertificate(this.components.privateKey),
|
|
49
72
|
isServer,
|
|
50
73
|
// require TLS 1.3 or later
|
|
51
74
|
minVersion: 'TLSv1.3',
|
|
@@ -69,9 +92,13 @@ export class TLS {
|
|
|
69
92
|
}
|
|
70
93
|
return new Promise((resolve, reject) => {
|
|
71
94
|
options?.signal?.addEventListener('abort', () => {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
95
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
96
|
+
abort: true
|
|
97
|
+
});
|
|
98
|
+
this.metrics[isServer ? 'server' : 'client'].errors?.increment({
|
|
99
|
+
encrypt_abort: true
|
|
100
|
+
});
|
|
101
|
+
socket.emit('error', new HandshakeTimeoutError());
|
|
75
102
|
});
|
|
76
103
|
const verifyRemote = () => {
|
|
77
104
|
const remote = socket.getPeerCertificate();
|
|
@@ -87,20 +114,39 @@ export class TLS {
|
|
|
87
114
|
});
|
|
88
115
|
})
|
|
89
116
|
.catch((err) => {
|
|
90
|
-
|
|
117
|
+
this.metrics[isServer ? 'server' : 'client'].errors?.increment({
|
|
118
|
+
verify_peer_certificate: true
|
|
119
|
+
});
|
|
120
|
+
socket.emit('error', err);
|
|
91
121
|
});
|
|
92
122
|
};
|
|
93
123
|
socket.on('error', (err) => {
|
|
124
|
+
this.log.error('error encrypting %s connection - %e', isServer ? 'server' : 'client', err);
|
|
125
|
+
if (err.name !== 'HandshakeTimeoutError') {
|
|
126
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
127
|
+
error: true
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
socket.destroy(err);
|
|
94
131
|
reject(err);
|
|
95
132
|
});
|
|
96
133
|
socket.once('secure', () => {
|
|
97
134
|
this.log('verifying remote certificate');
|
|
135
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
136
|
+
secure: true
|
|
137
|
+
});
|
|
98
138
|
verifyRemote();
|
|
99
139
|
});
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
140
|
+
socket.on('connect', () => {
|
|
141
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
142
|
+
connect: true
|
|
143
|
+
});
|
|
144
|
+
});
|
|
145
|
+
socket.on('close', () => {
|
|
146
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
147
|
+
close: true
|
|
148
|
+
});
|
|
149
|
+
});
|
|
104
150
|
});
|
|
105
151
|
}
|
|
106
152
|
}
|
package/dist/src/tls.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAyB,OAAO,EAAE,MAAM,UAAU,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAMrC,MAAM,OAAO,GAAG;IACP,QAAQ,GAAW,QAAQ,CAAA;IACjB,GAAG,CAAQ;IACX,UAAU,
|
|
1
|
+
{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAyB,OAAO,EAAE,MAAM,UAAU,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAMrC,MAAM,OAAO,GAAG;IACP,QAAQ,GAAW,QAAQ,CAAA;IACjB,GAAG,CAAQ;IACX,UAAU,CAAe;IACzB,OAAO,CASvB;IAED,YAAa,UAAyB;QACpC,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;QACvD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,OAAO,GAAG;YACb,MAAM,EAAE;gBACN,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;aACH;YACD,MAAM,EAAE;gBACN,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;aACH;SACF,CAAA;IACH,CAAC;IAEQ,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,aAAa,CAAA;IAEpC,CAAC,mBAAmB,CAAC,GAAa;QACzC,+BAA+B;KAChC,CAAA;IAED,KAAK,CAAC,aAAa,CAA6F,IAAY,EAAE,OAAiC;QAC7J,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,cAAc,CAA6F,IAAY,EAAE,OAAiC;QAC9J,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAA6F,IAAY,EAAE,QAAiB,EAAE,OAAiC;QAC3K,MAAM,IAAI,GAAqB;YAC7B,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YACxD,QAAQ;YACR,2BAA2B;YAC3B,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,kCAAkC;YAClC,kBAAkB,EAAE,KAAK;SAC1B,CAAA;QAED,IAAI,MAAiB,CAAA;QAErB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,GAAG,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;gBACvC,GAAG,IAAI;gBACP,uCAAuC;gBACvC,WAAW,EAAE,IAAI;aAClB,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC;gBACf,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC;gBACxB,GAAG,IAAI;aACR,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAChE,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC9C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,KAAK,EAAE,IAAI;iBACZ,CAAC,CAAA;gBACF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,aAAa,EAAE,IAAI;iBACpB,CAAC,CAAA;gBACF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,qBAAqB,EAAE,CAAC,CAAA;YACnD,CAAC,CAAC,CAAA;YAEF,MAAM,YAAY,GAAG,GAAS,EAAE;gBAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAA;gBAE1C,qBAAqB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC;qBAC7D,IAAI,CAAC,UAAU,CAAC,EAAE;oBACjB,IAAI,CAAC,GAAG,CAAC,uCAAuC,EAAE,UAAU,CAAC,CAAA;oBAE7D,OAAO,CAAC;wBACN,UAAU;wBACV,IAAI,EAAE;4BACJ,GAAG,IAAI;4BACP,GAAG,UAAU,CAAC,MAAM,CAAC;yBACtB;qBACF,CAAC,CAAA;gBACJ,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;oBACpB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;wBAC7D,uBAAuB,EAAE,IAAI;qBAC9B,CAAC,CAAA;oBACF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;gBAC3B,CAAC,CAAC,CAAA;YACN,CAAC,CAAA;YAED,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAChC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,qCAAqC,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;gBAE1F,IAAI,GAAG,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;oBACzC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;wBAC7D,KAAK,EAAE,IAAI;qBACZ,CAAC,CAAA;gBACJ,CAAC;gBAED,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBACnB,MAAM,CAAC,GAAG,CAAC,CAAA;YACb,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACzB,IAAI,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;gBACxC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;gBACF,YAAY,EAAE,CAAA;YAChB,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,OAAO,EAAE,IAAI;iBACd,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,KAAK,EAAE,IAAI;iBACZ,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;CACF"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@libp2p/tls",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.18-3f127b610",
|
|
4
4
|
"description": "A connection encrypter that uses TLS 1.3",
|
|
5
5
|
"license": "Apache-2.0 OR MIT",
|
|
6
6
|
"homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/connection-encrypter-tls#readme",
|
|
@@ -48,9 +48,9 @@
|
|
|
48
48
|
"doc-check": "aegir doc-check"
|
|
49
49
|
},
|
|
50
50
|
"dependencies": {
|
|
51
|
-
"@libp2p/crypto": "
|
|
52
|
-
"@libp2p/interface": "
|
|
53
|
-
"@libp2p/peer-id": "
|
|
51
|
+
"@libp2p/crypto": "5.0.14-3f127b610",
|
|
52
|
+
"@libp2p/interface": "2.6.1-3f127b610",
|
|
53
|
+
"@libp2p/peer-id": "5.0.15-3f127b610",
|
|
54
54
|
"@peculiar/asn1-schema": "^2.3.13",
|
|
55
55
|
"@peculiar/asn1-x509": "^2.3.13",
|
|
56
56
|
"@peculiar/webcrypto": "^1.5.0",
|
|
@@ -63,7 +63,7 @@
|
|
|
63
63
|
"uint8arrays": "^5.1.0"
|
|
64
64
|
},
|
|
65
65
|
"devDependencies": {
|
|
66
|
-
"@libp2p/logger": "
|
|
66
|
+
"@libp2p/logger": "5.1.11-3f127b610",
|
|
67
67
|
"aegir": "^45.1.1",
|
|
68
68
|
"it-pair": "^2.0.6",
|
|
69
69
|
"protons": "^7.6.0",
|
package/src/index.ts
CHANGED
|
@@ -19,13 +19,14 @@
|
|
|
19
19
|
*/
|
|
20
20
|
|
|
21
21
|
import { TLS } from './tls.js'
|
|
22
|
-
import type { ComponentLogger, ConnectionEncrypter, PrivateKey } from '@libp2p/interface'
|
|
22
|
+
import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey } from '@libp2p/interface'
|
|
23
23
|
|
|
24
24
|
export const PROTOCOL = '/tls/1.0.0'
|
|
25
25
|
|
|
26
26
|
export interface TLSComponents {
|
|
27
27
|
privateKey: PrivateKey
|
|
28
28
|
logger: ComponentLogger
|
|
29
|
+
metrics?: Metrics
|
|
29
30
|
}
|
|
30
31
|
|
|
31
32
|
export function tls (): (components: TLSComponents) => ConnectionEncrypter {
|
package/src/tls.ts
CHANGED
|
@@ -24,18 +24,50 @@ import { HandshakeTimeoutError } from './errors.js'
|
|
|
24
24
|
import { generateCertificate, verifyPeerCertificate, itToStream, streamToIt } from './utils.js'
|
|
25
25
|
import { PROTOCOL } from './index.js'
|
|
26
26
|
import type { TLSComponents } from './index.js'
|
|
27
|
-
import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, Logger, SecureConnectionOptions,
|
|
27
|
+
import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, Logger, SecureConnectionOptions, CounterGroup } from '@libp2p/interface'
|
|
28
28
|
import type { Duplex } from 'it-stream-types'
|
|
29
29
|
import type { Uint8ArrayList } from 'uint8arraylist'
|
|
30
30
|
|
|
31
31
|
export class TLS implements ConnectionEncrypter {
|
|
32
32
|
public protocol: string = PROTOCOL
|
|
33
33
|
private readonly log: Logger
|
|
34
|
-
private readonly
|
|
34
|
+
private readonly components: TLSComponents
|
|
35
|
+
private readonly metrics: {
|
|
36
|
+
server: {
|
|
37
|
+
events?: CounterGroup
|
|
38
|
+
errors?: CounterGroup
|
|
39
|
+
}
|
|
40
|
+
client: {
|
|
41
|
+
events?: CounterGroup
|
|
42
|
+
errors?: CounterGroup
|
|
43
|
+
}
|
|
44
|
+
}
|
|
35
45
|
|
|
36
46
|
constructor (components: TLSComponents) {
|
|
37
47
|
this.log = components.logger.forComponent('libp2p:tls')
|
|
38
|
-
this.
|
|
48
|
+
this.components = components
|
|
49
|
+
this.metrics = {
|
|
50
|
+
server: {
|
|
51
|
+
events: components.metrics?.registerCounterGroup('libp2p_tls_server_events_total', {
|
|
52
|
+
label: 'event',
|
|
53
|
+
help: 'Total count of TLS connection encryption events by type'
|
|
54
|
+
}),
|
|
55
|
+
errors: components.metrics?.registerCounterGroup('libp2p_tls_server_errors_total', {
|
|
56
|
+
label: 'event',
|
|
57
|
+
help: 'Total count of TLS connection encryption errors by type'
|
|
58
|
+
})
|
|
59
|
+
},
|
|
60
|
+
client: {
|
|
61
|
+
events: components.metrics?.registerCounterGroup('libp2p_tls_server_events_total', {
|
|
62
|
+
label: 'event',
|
|
63
|
+
help: 'Total count of TLS connection encryption events by type'
|
|
64
|
+
}),
|
|
65
|
+
errors: components.metrics?.registerCounterGroup('libp2p_tls_server_errors_total', {
|
|
66
|
+
label: 'event',
|
|
67
|
+
help: 'Total count of TLS connection encryption errors by type'
|
|
68
|
+
})
|
|
69
|
+
}
|
|
70
|
+
}
|
|
39
71
|
}
|
|
40
72
|
|
|
41
73
|
readonly [Symbol.toStringTag] = '@libp2p/tls'
|
|
@@ -57,7 +89,7 @@ export class TLS implements ConnectionEncrypter {
|
|
|
57
89
|
*/
|
|
58
90
|
async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, isServer: boolean, options?: SecureConnectionOptions): Promise<SecuredConnection<Stream>> {
|
|
59
91
|
const opts: TLSSocketOptions = {
|
|
60
|
-
...await generateCertificate(this.privateKey),
|
|
92
|
+
...await generateCertificate(this.components.privateKey),
|
|
61
93
|
isServer,
|
|
62
94
|
// require TLS 1.3 or later
|
|
63
95
|
minVersion: 'TLSv1.3',
|
|
@@ -83,9 +115,13 @@ export class TLS implements ConnectionEncrypter {
|
|
|
83
115
|
|
|
84
116
|
return new Promise<SecuredConnection<Stream>>((resolve, reject) => {
|
|
85
117
|
options?.signal?.addEventListener('abort', () => {
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
118
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
119
|
+
abort: true
|
|
120
|
+
})
|
|
121
|
+
this.metrics[isServer ? 'server' : 'client'].errors?.increment({
|
|
122
|
+
encrypt_abort: true
|
|
123
|
+
})
|
|
124
|
+
socket.emit('error', new HandshakeTimeoutError())
|
|
89
125
|
})
|
|
90
126
|
|
|
91
127
|
const verifyRemote = (): void => {
|
|
@@ -104,21 +140,42 @@ export class TLS implements ConnectionEncrypter {
|
|
|
104
140
|
})
|
|
105
141
|
})
|
|
106
142
|
.catch((err: Error) => {
|
|
107
|
-
|
|
143
|
+
this.metrics[isServer ? 'server' : 'client'].errors?.increment({
|
|
144
|
+
verify_peer_certificate: true
|
|
145
|
+
})
|
|
146
|
+
socket.emit('error', err)
|
|
108
147
|
})
|
|
109
148
|
}
|
|
110
149
|
|
|
111
150
|
socket.on('error', (err: Error) => {
|
|
151
|
+
this.log.error('error encrypting %s connection - %e', isServer ? 'server' : 'client', err)
|
|
152
|
+
|
|
153
|
+
if (err.name !== 'HandshakeTimeoutError') {
|
|
154
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
155
|
+
error: true
|
|
156
|
+
})
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
socket.destroy(err)
|
|
112
160
|
reject(err)
|
|
113
161
|
})
|
|
114
162
|
socket.once('secure', () => {
|
|
115
163
|
this.log('verifying remote certificate')
|
|
164
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
165
|
+
secure: true
|
|
166
|
+
})
|
|
116
167
|
verifyRemote()
|
|
117
168
|
})
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
169
|
+
socket.on('connect', () => {
|
|
170
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
171
|
+
connect: true
|
|
172
|
+
})
|
|
122
173
|
})
|
|
174
|
+
socket.on('close', () => {
|
|
175
|
+
this.metrics[isServer ? 'server' : 'client'].events?.increment({
|
|
176
|
+
close: true
|
|
177
|
+
})
|
|
178
|
+
})
|
|
179
|
+
})
|
|
123
180
|
}
|
|
124
181
|
}
|
package/dist/typedoc-urls.json
DELETED
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"TLSComponents": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_tls.TLSComponents.html",
|
|
3
|
-
".:TLSComponents": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_tls.TLSComponents.html",
|
|
4
|
-
"PROTOCOL": "https://libp2p.github.io/js-libp2p/variables/_libp2p_tls.PROTOCOL.html",
|
|
5
|
-
".:PROTOCOL": "https://libp2p.github.io/js-libp2p/variables/_libp2p_tls.PROTOCOL.html",
|
|
6
|
-
"tls": "https://libp2p.github.io/js-libp2p/functions/_libp2p_tls.tls.html",
|
|
7
|
-
".:tls": "https://libp2p.github.io/js-libp2p/functions/_libp2p_tls.tls.html"
|
|
8
|
-
}
|