@libp2p/tls 2.0.18-2fbcdb687 → 2.0.18-48cd9b652
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/index.d.ts +2 -1
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js.map +1 -1
- package/dist/src/tls.d.ts.map +1 -1
- package/dist/src/tls.js +45 -3
- package/dist/src/tls.js.map +1 -1
- package/package.json +7 -6
- package/src/index.ts +2 -1
- package/src/tls.ts +57 -4
package/dist/src/index.d.ts
CHANGED
|
@@ -17,11 +17,12 @@
|
|
|
17
17
|
* })
|
|
18
18
|
* ```
|
|
19
19
|
*/
|
|
20
|
-
import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey } from '@libp2p/interface';
|
|
20
|
+
import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey, Upgrader } from '@libp2p/interface';
|
|
21
21
|
export declare const PROTOCOL = "/tls/1.0.0";
|
|
22
22
|
export interface TLSComponents {
|
|
23
23
|
privateKey: PrivateKey;
|
|
24
24
|
logger: ComponentLogger;
|
|
25
|
+
upgrader: Upgrader;
|
|
25
26
|
metrics?: Metrics;
|
|
26
27
|
}
|
|
27
28
|
export declare function tls(): (components: TLSComponents) => ConnectionEncrypter;
|
package/dist/src/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAE5G,eAAO,MAAM,QAAQ,eAAe,CAAA;AAEpC,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,UAAU,CAAA;IACtB,MAAM,EAAE,eAAe,CAAA;IACvB,QAAQ,EAAE,QAAQ,CAAA;IAClB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,wBAAgB,GAAG,IAAK,CAAC,UAAU,EAAE,aAAa,KAAK,mBAAmB,CAEzE"}
|
package/dist/src/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAA;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAA;AAG9B,MAAM,CAAC,MAAM,QAAQ,GAAG,YAAY,CAAA;AASpC,MAAM,UAAU,GAAG;IACjB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,CAAA;AAC5C,CAAC"}
|
package/dist/src/tls.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,
|
|
1
|
+
{"version":3,"file":"tls.d.ts","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAA8B,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AAInF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC/C,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,iBAAiB,EAAU,uBAAuB,EAAoC,MAAM,mBAAmB,CAAA;AACvK,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAC7C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAEpD,qBAAa,GAAI,YAAW,mBAAmB;IACtC,QAAQ,EAAE,MAAM,CAAW;IAClC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAQ;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAe;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CASvB;gBAEY,UAAU,EAAE,aAAa;IA2BtC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,iBAAgB;IAE7C,QAAQ,CAAC,CAAC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAEvC;IAEK,aAAa,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAI9L,cAAc,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAIrM;;OAEG;IACG,QAAQ,CAAE,MAAM,SAAS,MAAM,CAAC,cAAc,CAAC,UAAU,GAAG,cAAc,CAAC,CAAC,GAAG,mBAAmB,EAAG,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;CAqJnN"}
|
package/dist/src/tls.js
CHANGED
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
* ```
|
|
19
19
|
*/
|
|
20
20
|
import { TLSSocket, connect } from 'node:tls';
|
|
21
|
-
import { serviceCapabilities } from '@libp2p/interface';
|
|
21
|
+
import { InvalidCryptoExchangeError, serviceCapabilities } from '@libp2p/interface';
|
|
22
22
|
import { HandshakeTimeoutError } from './errors.js';
|
|
23
23
|
import { generateCertificate, verifyPeerCertificate, itToStream, streamToIt } from './utils.js';
|
|
24
24
|
import { PROTOCOL } from './index.js';
|
|
@@ -67,6 +67,7 @@ export class TLS {
|
|
|
67
67
|
* Encrypt connection
|
|
68
68
|
*/
|
|
69
69
|
async _encrypt(conn, isServer, options) {
|
|
70
|
+
let streamMuxer;
|
|
70
71
|
const opts = {
|
|
71
72
|
...await generateCertificate(this.components.privateKey),
|
|
72
73
|
isServer,
|
|
@@ -74,7 +75,27 @@ export class TLS {
|
|
|
74
75
|
minVersion: 'TLSv1.3',
|
|
75
76
|
maxVersion: 'TLSv1.3',
|
|
76
77
|
// accept self-signed certificates
|
|
77
|
-
rejectUnauthorized: false
|
|
78
|
+
rejectUnauthorized: false,
|
|
79
|
+
// early negotiation of muxer via ALPN protocols
|
|
80
|
+
ALPNProtocols: [
|
|
81
|
+
...this.components.upgrader.getStreamMuxers().keys(),
|
|
82
|
+
'libp2p'
|
|
83
|
+
],
|
|
84
|
+
ALPNCallback: ({ protocols }) => {
|
|
85
|
+
this.log.trace('received protocols %s', protocols);
|
|
86
|
+
let chosenProtocol;
|
|
87
|
+
for (const protocol of protocols) {
|
|
88
|
+
if (protocol === 'libp2p') {
|
|
89
|
+
chosenProtocol = 'libp2p';
|
|
90
|
+
}
|
|
91
|
+
streamMuxer = this.components.upgrader.getStreamMuxers().get(protocol);
|
|
92
|
+
if (streamMuxer != null) {
|
|
93
|
+
chosenProtocol = protocol;
|
|
94
|
+
break;
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
return chosenProtocol;
|
|
98
|
+
}
|
|
78
99
|
};
|
|
79
100
|
let socket;
|
|
80
101
|
if (isServer) {
|
|
@@ -105,12 +126,33 @@ export class TLS {
|
|
|
105
126
|
verifyPeerCertificate(remote.raw, options?.remotePeer, this.log)
|
|
106
127
|
.then(remotePeer => {
|
|
107
128
|
this.log('remote certificate ok, remote peer %p', remotePeer);
|
|
129
|
+
if (!isServer && typeof socket.alpnProtocol === 'string') {
|
|
130
|
+
streamMuxer = this.components.upgrader.getStreamMuxers().get(socket.alpnProtocol);
|
|
131
|
+
if (streamMuxer == null) {
|
|
132
|
+
this.log.error('selected muxer that did not exist');
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
// 'libp2p' is a special protocol - if it's sent the remote does not
|
|
136
|
+
// support early muxer negotiation
|
|
137
|
+
if (!isServer && typeof socket.alpnProtocol === 'string' && socket.alpnProtocol !== 'libp2p') {
|
|
138
|
+
this.log.trace('got early muxer', socket.alpnProtocol);
|
|
139
|
+
streamMuxer = this.components.upgrader.getStreamMuxers().get(socket.alpnProtocol);
|
|
140
|
+
if (streamMuxer == null) {
|
|
141
|
+
const err = new InvalidCryptoExchangeError(`Selected muxer ${socket.alpnProtocol} did not exist`);
|
|
142
|
+
this.log.error(`Selected muxer ${socket.alpnProtocol} did not exist - %e`, err);
|
|
143
|
+
if (isAbortable(conn)) {
|
|
144
|
+
conn.abort(err);
|
|
145
|
+
reject(err);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
}
|
|
108
149
|
resolve({
|
|
109
150
|
remotePeer,
|
|
110
151
|
conn: {
|
|
111
152
|
...conn,
|
|
112
153
|
...streamToIt(socket)
|
|
113
|
-
}
|
|
154
|
+
},
|
|
155
|
+
streamMuxer
|
|
114
156
|
});
|
|
115
157
|
})
|
|
116
158
|
.catch((err) => {
|
package/dist/src/tls.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAyB,OAAO,EAAE,MAAM,UAAU,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;
|
|
1
|
+
{"version":3,"file":"tls.js","sourceRoot":"","sources":["../../src/tls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,SAAS,EAAyB,OAAO,EAAE,MAAM,UAAU,CAAA;AACpE,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAA;AACnF,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAA;AACnD,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC/F,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAMrC,MAAM,OAAO,GAAG;IACP,QAAQ,GAAW,QAAQ,CAAA;IACjB,GAAG,CAAQ;IACX,UAAU,CAAe;IACzB,OAAO,CASvB;IAED,YAAa,UAAyB;QACpC,IAAI,CAAC,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;QACvD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,OAAO,GAAG;YACb,MAAM,EAAE;gBACN,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;aACH;YACD,MAAM,EAAE;gBACN,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,OAAO,EAAE,oBAAoB,CAAC,gCAAgC,EAAE;oBACjF,KAAK,EAAE,OAAO;oBACd,IAAI,EAAE,yDAAyD;iBAChE,CAAC;aACH;SACF,CAAA;IACH,CAAC;IAEQ,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,aAAa,CAAA;IAEpC,CAAC,mBAAmB,CAAC,GAAa;QACzC,+BAA+B;KAChC,CAAA;IAED,KAAK,CAAC,aAAa,CAA6F,IAAY,EAAE,OAAiC;QAC7J,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAA;IAC3C,CAAC;IAED,KAAK,CAAC,cAAc,CAA6F,IAAY,EAAE,OAAiC;QAC9J,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAA;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAA6F,IAAY,EAAE,QAAiB,EAAE,OAAiC;QAC3K,IAAI,WAA2C,CAAA;QAE/C,MAAM,IAAI,GAAqB;YAC7B,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YACxD,QAAQ;YACR,2BAA2B;YAC3B,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,kCAAkC;YAClC,kBAAkB,EAAE,KAAK;YAEzB,gDAAgD;YAChD,aAAa,EAAE;gBACb,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,IAAI,EAAE;gBACpD,QAAQ;aACT;YACD,YAAY,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE;gBAC9B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,SAAS,CAAC,CAAA;gBAClD,IAAI,cAAkC,CAAA;gBAEtC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACjC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;wBAC1B,cAAc,GAAG,QAAQ,CAAA;oBAC3B,CAAC;oBAED,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;oBAEtE,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;wBACxB,cAAc,GAAG,QAAQ,CAAA;wBACzB,MAAK;oBACP,CAAC;gBACH,CAAC;gBAED,OAAO,cAAc,CAAA;YACvB,CAAC;SACF,CAAA;QAED,IAAI,MAAiB,CAAA;QAErB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,GAAG,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;gBACvC,GAAG,IAAI;gBACP,uCAAuC;gBACvC,WAAW,EAAE,IAAI;aAClB,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,OAAO,CAAC;gBACf,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC;gBACxB,GAAG,IAAI;aACR,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,IAAI,OAAO,CAA4B,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAChE,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC9C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,KAAK,EAAE,IAAI;iBACZ,CAAC,CAAA;gBACF,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,aAAa,EAAE,IAAI;iBACpB,CAAC,CAAA;gBACF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,qBAAqB,EAAE,CAAC,CAAA;YACnD,CAAC,CAAC,CAAA;YAEF,MAAM,YAAY,GAAG,GAAS,EAAE;gBAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,EAAE,CAAA;gBAE1C,qBAAqB,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,CAAC;qBAC7D,IAAI,CAAC,UAAU,CAAC,EAAE;oBACjB,IAAI,CAAC,GAAG,CAAC,uCAAuC,EAAE,UAAU,CAAC,CAAA;oBAE7D,IAAI,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;wBACzD,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;wBAEjF,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;4BACxB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAA;wBACrD,CAAC;oBACH,CAAC;oBAED,oEAAoE;oBACpE,kCAAkC;oBAClC,IAAI,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,YAAY,KAAK,QAAQ,IAAI,MAAM,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;wBAC7F,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,EAAE,MAAM,CAAC,YAAY,CAAC,CAAA;wBACtD,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;wBAEjF,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;4BACxB,MAAM,GAAG,GAAG,IAAI,0BAA0B,CAAC,kBAAkB,MAAM,CAAC,YAAY,gBAAgB,CAAC,CAAA;4BACjG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,YAAY,qBAAqB,EAAE,GAAG,CAAC,CAAA;4BAE/E,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gCACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gCACf,MAAM,CAAC,GAAG,CAAC,CAAA;4BACb,CAAC;wBACH,CAAC;oBACH,CAAC;oBAED,OAAO,CAAC;wBACN,UAAU;wBACV,IAAI,EAAE;4BACJ,GAAG,IAAI;4BACP,GAAG,UAAU,CAAC,MAAM,CAAC;yBACtB;wBACD,WAAW;qBACZ,CAAC,CAAA;gBACJ,CAAC,CAAC;qBACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;oBACpB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;wBAC7D,uBAAuB,EAAE,IAAI;qBAC9B,CAAC,CAAA;oBACF,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;gBAC3B,CAAC,CAAC,CAAA;YACN,CAAC,CAAA;YAED,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAChC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,qCAAqC,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;gBAE1F,IAAI,GAAG,CAAC,IAAI,KAAK,uBAAuB,EAAE,CAAC;oBACzC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;wBAC7D,KAAK,EAAE,IAAI;qBACZ,CAAC,CAAA;gBACJ,CAAC;gBAED,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;gBAEnB,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;oBACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBACjB,CAAC;gBAED,MAAM,CAAC,GAAG,CAAC,CAAA;YACb,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE;gBACzB,IAAI,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAA;gBACxC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,MAAM,EAAE,IAAI;iBACb,CAAC,CAAA;gBACF,YAAY,EAAE,CAAA;YAChB,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;gBACxB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,OAAO,EAAE,IAAI;iBACd,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;YACF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,SAAS,CAAC;oBAC7D,KAAK,EAAE,IAAI;iBACZ,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;QACJ,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AAMD,SAAS,WAAW,CAAM,GAA2B;IACnD,OAAO,OAAO,GAAG,EAAE,KAAK,KAAK,UAAU,CAAA;AACzC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@libp2p/tls",
|
|
3
|
-
"version": "2.0.18-
|
|
3
|
+
"version": "2.0.18-48cd9b652",
|
|
4
4
|
"description": "A connection encrypter that uses TLS 1.3",
|
|
5
5
|
"license": "Apache-2.0 OR MIT",
|
|
6
6
|
"homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/connection-encrypter-tls#readme",
|
|
@@ -48,9 +48,9 @@
|
|
|
48
48
|
"doc-check": "aegir doc-check"
|
|
49
49
|
},
|
|
50
50
|
"dependencies": {
|
|
51
|
-
"@libp2p/crypto": "5.0.14-
|
|
52
|
-
"@libp2p/interface": "2.6.1-
|
|
53
|
-
"@libp2p/peer-id": "5.0.15-
|
|
51
|
+
"@libp2p/crypto": "5.0.14-48cd9b652",
|
|
52
|
+
"@libp2p/interface": "2.6.1-48cd9b652",
|
|
53
|
+
"@libp2p/peer-id": "5.0.15-48cd9b652",
|
|
54
54
|
"@peculiar/asn1-schema": "^2.3.13",
|
|
55
55
|
"@peculiar/asn1-x509": "^2.3.13",
|
|
56
56
|
"@peculiar/webcrypto": "^1.5.0",
|
|
@@ -63,11 +63,12 @@
|
|
|
63
63
|
"uint8arrays": "^5.1.0"
|
|
64
64
|
},
|
|
65
65
|
"devDependencies": {
|
|
66
|
-
"@libp2p/logger": "5.1.11-
|
|
66
|
+
"@libp2p/logger": "5.1.11-48cd9b652",
|
|
67
67
|
"aegir": "^45.1.1",
|
|
68
68
|
"it-pair": "^2.0.6",
|
|
69
69
|
"protons": "^7.6.0",
|
|
70
|
-
"sinon": "^19.0.2"
|
|
70
|
+
"sinon": "^19.0.2",
|
|
71
|
+
"sinon-ts": "^2.0.0"
|
|
71
72
|
},
|
|
72
73
|
"browser": {
|
|
73
74
|
"./dist/src/tls.js": "./dist/src/tls.browser.js"
|
package/src/index.ts
CHANGED
|
@@ -19,13 +19,14 @@
|
|
|
19
19
|
*/
|
|
20
20
|
|
|
21
21
|
import { TLS } from './tls.js'
|
|
22
|
-
import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey } from '@libp2p/interface'
|
|
22
|
+
import type { ComponentLogger, ConnectionEncrypter, Metrics, PrivateKey, Upgrader } from '@libp2p/interface'
|
|
23
23
|
|
|
24
24
|
export const PROTOCOL = '/tls/1.0.0'
|
|
25
25
|
|
|
26
26
|
export interface TLSComponents {
|
|
27
27
|
privateKey: PrivateKey
|
|
28
28
|
logger: ComponentLogger
|
|
29
|
+
upgrader: Upgrader
|
|
29
30
|
metrics?: Metrics
|
|
30
31
|
}
|
|
31
32
|
|
package/src/tls.ts
CHANGED
|
@@ -19,12 +19,12 @@
|
|
|
19
19
|
*/
|
|
20
20
|
|
|
21
21
|
import { TLSSocket, type TLSSocketOptions, connect } from 'node:tls'
|
|
22
|
-
import { serviceCapabilities } from '@libp2p/interface'
|
|
22
|
+
import { InvalidCryptoExchangeError, serviceCapabilities } from '@libp2p/interface'
|
|
23
23
|
import { HandshakeTimeoutError } from './errors.js'
|
|
24
24
|
import { generateCertificate, verifyPeerCertificate, itToStream, streamToIt } from './utils.js'
|
|
25
25
|
import { PROTOCOL } from './index.js'
|
|
26
26
|
import type { TLSComponents } from './index.js'
|
|
27
|
-
import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, Logger, SecureConnectionOptions, CounterGroup } from '@libp2p/interface'
|
|
27
|
+
import type { MultiaddrConnection, ConnectionEncrypter, SecuredConnection, Logger, SecureConnectionOptions, CounterGroup, StreamMuxerFactory } from '@libp2p/interface'
|
|
28
28
|
import type { Duplex } from 'it-stream-types'
|
|
29
29
|
import type { Uint8ArrayList } from 'uint8arraylist'
|
|
30
30
|
|
|
@@ -88,6 +88,8 @@ export class TLS implements ConnectionEncrypter {
|
|
|
88
88
|
* Encrypt connection
|
|
89
89
|
*/
|
|
90
90
|
async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (conn: Stream, isServer: boolean, options?: SecureConnectionOptions): Promise<SecuredConnection<Stream>> {
|
|
91
|
+
let streamMuxer: StreamMuxerFactory | undefined
|
|
92
|
+
|
|
91
93
|
const opts: TLSSocketOptions = {
|
|
92
94
|
...await generateCertificate(this.components.privateKey),
|
|
93
95
|
isServer,
|
|
@@ -95,7 +97,32 @@ export class TLS implements ConnectionEncrypter {
|
|
|
95
97
|
minVersion: 'TLSv1.3',
|
|
96
98
|
maxVersion: 'TLSv1.3',
|
|
97
99
|
// accept self-signed certificates
|
|
98
|
-
rejectUnauthorized: false
|
|
100
|
+
rejectUnauthorized: false,
|
|
101
|
+
|
|
102
|
+
// early negotiation of muxer via ALPN protocols
|
|
103
|
+
ALPNProtocols: [
|
|
104
|
+
...this.components.upgrader.getStreamMuxers().keys(),
|
|
105
|
+
'libp2p'
|
|
106
|
+
],
|
|
107
|
+
ALPNCallback: ({ protocols }) => {
|
|
108
|
+
this.log.trace('received protocols %s', protocols)
|
|
109
|
+
let chosenProtocol: string | undefined
|
|
110
|
+
|
|
111
|
+
for (const protocol of protocols) {
|
|
112
|
+
if (protocol === 'libp2p') {
|
|
113
|
+
chosenProtocol = 'libp2p'
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
streamMuxer = this.components.upgrader.getStreamMuxers().get(protocol)
|
|
117
|
+
|
|
118
|
+
if (streamMuxer != null) {
|
|
119
|
+
chosenProtocol = protocol
|
|
120
|
+
break
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
return chosenProtocol
|
|
125
|
+
}
|
|
99
126
|
}
|
|
100
127
|
|
|
101
128
|
let socket: TLSSocket
|
|
@@ -131,12 +158,38 @@ export class TLS implements ConnectionEncrypter {
|
|
|
131
158
|
.then(remotePeer => {
|
|
132
159
|
this.log('remote certificate ok, remote peer %p', remotePeer)
|
|
133
160
|
|
|
161
|
+
if (!isServer && typeof socket.alpnProtocol === 'string') {
|
|
162
|
+
streamMuxer = this.components.upgrader.getStreamMuxers().get(socket.alpnProtocol)
|
|
163
|
+
|
|
164
|
+
if (streamMuxer == null) {
|
|
165
|
+
this.log.error('selected muxer that did not exist')
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
|
|
169
|
+
// 'libp2p' is a special protocol - if it's sent the remote does not
|
|
170
|
+
// support early muxer negotiation
|
|
171
|
+
if (!isServer && typeof socket.alpnProtocol === 'string' && socket.alpnProtocol !== 'libp2p') {
|
|
172
|
+
this.log.trace('got early muxer', socket.alpnProtocol)
|
|
173
|
+
streamMuxer = this.components.upgrader.getStreamMuxers().get(socket.alpnProtocol)
|
|
174
|
+
|
|
175
|
+
if (streamMuxer == null) {
|
|
176
|
+
const err = new InvalidCryptoExchangeError(`Selected muxer ${socket.alpnProtocol} did not exist`)
|
|
177
|
+
this.log.error(`Selected muxer ${socket.alpnProtocol} did not exist - %e`, err)
|
|
178
|
+
|
|
179
|
+
if (isAbortable(conn)) {
|
|
180
|
+
conn.abort(err)
|
|
181
|
+
reject(err)
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
}
|
|
185
|
+
|
|
134
186
|
resolve({
|
|
135
187
|
remotePeer,
|
|
136
188
|
conn: {
|
|
137
189
|
...conn,
|
|
138
190
|
...streamToIt(socket)
|
|
139
|
-
}
|
|
191
|
+
},
|
|
192
|
+
streamMuxer
|
|
140
193
|
})
|
|
141
194
|
})
|
|
142
195
|
.catch((err: Error) => {
|