@push.rocks/smartproxy 12.0.0 → 13.1.2

package/dist_ts/tls/alerts/tls-alert.d.ts

@@ -0,0 +1,150 @@
+import * as plugins from '../../plugins.js';
+import { TlsAlertLevel, TlsAlertDescription } from '../utils/tls-utils.js';
+/**
+ * TlsAlert class for creating and sending TLS alert messages
+ */
+export declare class TlsAlert {
+    static readonly LEVEL_WARNING = TlsAlertLevel.WARNING;
+    static readonly LEVEL_FATAL = TlsAlertLevel.FATAL;
+    static readonly CLOSE_NOTIFY = TlsAlertDescription.CLOSE_NOTIFY;
+    static readonly UNEXPECTED_MESSAGE = TlsAlertDescription.UNEXPECTED_MESSAGE;
+    static readonly BAD_RECORD_MAC = TlsAlertDescription.BAD_RECORD_MAC;
+    static readonly DECRYPTION_FAILED = TlsAlertDescription.DECRYPTION_FAILED;
+    static readonly RECORD_OVERFLOW = TlsAlertDescription.RECORD_OVERFLOW;
+    static readonly DECOMPRESSION_FAILURE = TlsAlertDescription.DECOMPRESSION_FAILURE;
+    static readonly HANDSHAKE_FAILURE = TlsAlertDescription.HANDSHAKE_FAILURE;
+    static readonly NO_CERTIFICATE = TlsAlertDescription.NO_CERTIFICATE;
+    static readonly BAD_CERTIFICATE = TlsAlertDescription.BAD_CERTIFICATE;
+    static readonly UNSUPPORTED_CERTIFICATE = TlsAlertDescription.UNSUPPORTED_CERTIFICATE;
+    static readonly CERTIFICATE_REVOKED = TlsAlertDescription.CERTIFICATE_REVOKED;
+    static readonly CERTIFICATE_EXPIRED = TlsAlertDescription.CERTIFICATE_EXPIRED;
+    static readonly CERTIFICATE_UNKNOWN = TlsAlertDescription.CERTIFICATE_UNKNOWN;
+    static readonly ILLEGAL_PARAMETER = TlsAlertDescription.ILLEGAL_PARAMETER;
+    static readonly UNKNOWN_CA = TlsAlertDescription.UNKNOWN_CA;
+    static readonly ACCESS_DENIED = TlsAlertDescription.ACCESS_DENIED;
+    static readonly DECODE_ERROR = TlsAlertDescription.DECODE_ERROR;
+    static readonly DECRYPT_ERROR = TlsAlertDescription.DECRYPT_ERROR;
+    static readonly EXPORT_RESTRICTION = TlsAlertDescription.EXPORT_RESTRICTION;
+    static readonly PROTOCOL_VERSION = TlsAlertDescription.PROTOCOL_VERSION;
+    static readonly INSUFFICIENT_SECURITY = TlsAlertDescription.INSUFFICIENT_SECURITY;
+    static readonly INTERNAL_ERROR = TlsAlertDescription.INTERNAL_ERROR;
+    static readonly INAPPROPRIATE_FALLBACK = TlsAlertDescription.INAPPROPRIATE_FALLBACK;
+    static readonly USER_CANCELED = TlsAlertDescription.USER_CANCELED;
+    static readonly NO_RENEGOTIATION = TlsAlertDescription.NO_RENEGOTIATION;
+    static readonly MISSING_EXTENSION = TlsAlertDescription.MISSING_EXTENSION;
+    static readonly UNSUPPORTED_EXTENSION = TlsAlertDescription.UNSUPPORTED_EXTENSION;
+    static readonly CERTIFICATE_REQUIRED = TlsAlertDescription.CERTIFICATE_REQUIRED;
+    static readonly UNRECOGNIZED_NAME = TlsAlertDescription.UNRECOGNIZED_NAME;
+    static readonly BAD_CERTIFICATE_STATUS_RESPONSE = TlsAlertDescription.BAD_CERTIFICATE_STATUS_RESPONSE;
+    static readonly BAD_CERTIFICATE_HASH_VALUE = TlsAlertDescription.BAD_CERTIFICATE_HASH_VALUE;
+    static readonly UNKNOWN_PSK_IDENTITY = TlsAlertDescription.UNKNOWN_PSK_IDENTITY;
+    static readonly CERTIFICATE_REQUIRED_1_3 = TlsAlertDescription.CERTIFICATE_REQUIRED_1_3;
+    static readonly NO_APPLICATION_PROTOCOL = TlsAlertDescription.NO_APPLICATION_PROTOCOL;
+    /**
+     * Create a TLS alert buffer with the specified level and description code
+     *
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
+     * @returns Buffer containing the TLS alert message
+     */
+    static create(level: number, description: number, tlsVersion?: [number, number]): Buffer;
+    /**
+     * Create a warning-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the warning-level TLS alert message
+     */
+    static createWarning(description: number): Buffer;
+    /**
+     * Create a fatal-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the fatal-level TLS alert message
+     */
+    static createFatal(description: number): Buffer;
+    /**
+     * Send a TLS alert to a socket and optionally close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param closeAfterSend Whether to close the connection after sending the alert
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static send(socket: plugins.net.Socket, level: number, description: number, closeAfterSend?: boolean, closeDelay?: number): Promise<void>;
+    /**
+     * Pre-defined TLS alert messages
+     */
+    static readonly alerts: {
+        closeNotify: Buffer<ArrayBufferLike>;
+        unsupportedExtension: Buffer<ArrayBufferLike>;
+        certificateRequired: Buffer<ArrayBufferLike>;
+        unrecognizedName: Buffer<ArrayBufferLike>;
+        noRenegotiation: Buffer<ArrayBufferLike>;
+        userCanceled: Buffer<ArrayBufferLike>;
+        certificateExpiredWarning: Buffer<ArrayBufferLike>;
+        handshakeFailureWarning: Buffer<ArrayBufferLike>;
+        insufficientSecurityWarning: Buffer<ArrayBufferLike>;
+        unexpectedMessage: Buffer<ArrayBufferLike>;
+        badRecordMac: Buffer<ArrayBufferLike>;
+        recordOverflow: Buffer<ArrayBufferLike>;
+        handshakeFailure: Buffer<ArrayBufferLike>;
+        badCertificate: Buffer<ArrayBufferLike>;
+        certificateExpired: Buffer<ArrayBufferLike>;
+        certificateUnknown: Buffer<ArrayBufferLike>;
+        illegalParameter: Buffer<ArrayBufferLike>;
+        unknownCA: Buffer<ArrayBufferLike>;
+        accessDenied: Buffer<ArrayBufferLike>;
+        decodeError: Buffer<ArrayBufferLike>;
+        decryptError: Buffer<ArrayBufferLike>;
+        protocolVersion: Buffer<ArrayBufferLike>;
+        insufficientSecurity: Buffer<ArrayBufferLike>;
+        internalError: Buffer<ArrayBufferLike>;
+        unrecognizedNameFatal: Buffer<ArrayBufferLike>;
+    };
+    /**
+     * Utility method to send a warning-level unrecognized_name alert
+     * Specifically designed for SNI issues to encourage the client to retry with SNI
+     *
+     * @param socket The socket to send the alert to
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static sendSniRequired(socket: plugins.net.Socket): Promise<void>;
+    /**
+     * Utility method to send a close_notify alert and close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static sendCloseNotify(socket: plugins.net.Socket, closeDelay?: number): Promise<void>;
+    /**
+     * Utility method to send a certificate_expired alert to force new TLS session
+     *
+     * @param socket The socket to send the alert to
+     * @param fatal Whether to send as a fatal alert (default: false)
+     * @param closeAfterSend Whether to close the connection after sending the alert (default: true)
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static sendCertificateExpired(socket: plugins.net.Socket, fatal?: boolean, closeAfterSend?: boolean, closeDelay?: number): Promise<void>;
+    /**
+     * Send a sequence of alerts to force SNI from clients
+     * This combines multiple alerts to ensure maximum browser compatibility
+     *
+     * @param socket The socket to send the alerts to
+     * @returns Promise that resolves when all alerts have been sent
+     */
+    static sendForceSniSequence(socket: plugins.net.Socket): Promise<void>;
+    /**
+     * Send a fatal level alert that immediately terminates the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param description Alert description code
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 100ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static sendFatalAndClose(socket: plugins.net.Socket, description: number, closeDelay?: number): Promise<void>;
+}

package/dist_ts/tls/alerts/tls-alert.js

@@ -0,0 +1,226 @@
+import * as plugins from '../../plugins.js';
+import { TlsAlertLevel, TlsAlertDescription, TlsVersion } from '../utils/tls-utils.js';
+/**
+ * TlsAlert class for creating and sending TLS alert messages
+ */
+export class TlsAlert {
+    // Use enum values from TlsAlertLevel
+    static { this.LEVEL_WARNING = TlsAlertLevel.WARNING; }
+    static { this.LEVEL_FATAL = TlsAlertLevel.FATAL; }
+    // Use enum values from TlsAlertDescription
+    static { this.CLOSE_NOTIFY = TlsAlertDescription.CLOSE_NOTIFY; }
+    static { this.UNEXPECTED_MESSAGE = TlsAlertDescription.UNEXPECTED_MESSAGE; }
+    static { this.BAD_RECORD_MAC = TlsAlertDescription.BAD_RECORD_MAC; }
+    static { this.DECRYPTION_FAILED = TlsAlertDescription.DECRYPTION_FAILED; }
+    static { this.RECORD_OVERFLOW = TlsAlertDescription.RECORD_OVERFLOW; }
+    static { this.DECOMPRESSION_FAILURE = TlsAlertDescription.DECOMPRESSION_FAILURE; }
+    static { this.HANDSHAKE_FAILURE = TlsAlertDescription.HANDSHAKE_FAILURE; }
+    static { this.NO_CERTIFICATE = TlsAlertDescription.NO_CERTIFICATE; }
+    static { this.BAD_CERTIFICATE = TlsAlertDescription.BAD_CERTIFICATE; }
+    static { this.UNSUPPORTED_CERTIFICATE = TlsAlertDescription.UNSUPPORTED_CERTIFICATE; }
+    static { this.CERTIFICATE_REVOKED = TlsAlertDescription.CERTIFICATE_REVOKED; }
+    static { this.CERTIFICATE_EXPIRED = TlsAlertDescription.CERTIFICATE_EXPIRED; }
+    static { this.CERTIFICATE_UNKNOWN = TlsAlertDescription.CERTIFICATE_UNKNOWN; }
+    static { this.ILLEGAL_PARAMETER = TlsAlertDescription.ILLEGAL_PARAMETER; }
+    static { this.UNKNOWN_CA = TlsAlertDescription.UNKNOWN_CA; }
+    static { this.ACCESS_DENIED = TlsAlertDescription.ACCESS_DENIED; }
+    static { this.DECODE_ERROR = TlsAlertDescription.DECODE_ERROR; }
+    static { this.DECRYPT_ERROR = TlsAlertDescription.DECRYPT_ERROR; }
+    static { this.EXPORT_RESTRICTION = TlsAlertDescription.EXPORT_RESTRICTION; }
+    static { this.PROTOCOL_VERSION = TlsAlertDescription.PROTOCOL_VERSION; }
+    static { this.INSUFFICIENT_SECURITY = TlsAlertDescription.INSUFFICIENT_SECURITY; }
+    static { this.INTERNAL_ERROR = TlsAlertDescription.INTERNAL_ERROR; }
+    static { this.INAPPROPRIATE_FALLBACK = TlsAlertDescription.INAPPROPRIATE_FALLBACK; }
+    static { this.USER_CANCELED = TlsAlertDescription.USER_CANCELED; }
+    static { this.NO_RENEGOTIATION = TlsAlertDescription.NO_RENEGOTIATION; }
+    static { this.MISSING_EXTENSION = TlsAlertDescription.MISSING_EXTENSION; }
+    static { this.UNSUPPORTED_EXTENSION = TlsAlertDescription.UNSUPPORTED_EXTENSION; }
+    static { this.CERTIFICATE_REQUIRED = TlsAlertDescription.CERTIFICATE_REQUIRED; }
+    static { this.UNRECOGNIZED_NAME = TlsAlertDescription.UNRECOGNIZED_NAME; }
+    static { this.BAD_CERTIFICATE_STATUS_RESPONSE = TlsAlertDescription.BAD_CERTIFICATE_STATUS_RESPONSE; }
+    static { this.BAD_CERTIFICATE_HASH_VALUE = TlsAlertDescription.BAD_CERTIFICATE_HASH_VALUE; }
+    static { this.UNKNOWN_PSK_IDENTITY = TlsAlertDescription.UNKNOWN_PSK_IDENTITY; }
+    static { this.CERTIFICATE_REQUIRED_1_3 = TlsAlertDescription.CERTIFICATE_REQUIRED_1_3; }
+    static { this.NO_APPLICATION_PROTOCOL = TlsAlertDescription.NO_APPLICATION_PROTOCOL; }
+    /**
+     * Create a TLS alert buffer with the specified level and description code
+     *
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param tlsVersion TLS version bytes (default is TLS 1.2: 0x0303)
+     * @returns Buffer containing the TLS alert message
+     */
+    static create(level, description, tlsVersion = [TlsVersion.TLS1_2[0], TlsVersion.TLS1_2[1]]) {
+        return Buffer.from([
+            0x15, // Alert record type
+            tlsVersion[0],
+            tlsVersion[1], // TLS version (default to TLS 1.2: 0x0303)
+            0x00,
+            0x02, // Length
+            level, // Alert level
+            description, // Alert description
+        ]);
+    }
+    /**
+     * Create a warning-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the warning-level TLS alert message
+     */
+    static createWarning(description) {
+        return this.create(this.LEVEL_WARNING, description);
+    }
+    /**
+     * Create a fatal-level TLS alert
+     *
+     * @param description Alert description code
+     * @returns Buffer containing the fatal-level TLS alert message
+     */
+    static createFatal(description) {
+        return this.create(this.LEVEL_FATAL, description);
+    }
+    /**
+     * Send a TLS alert to a socket and optionally close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param level Alert level (warning or fatal)
+     * @param description Alert description code
+     * @param closeAfterSend Whether to close the connection after sending the alert
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static async send(socket, level, description, closeAfterSend = false, closeDelay = 200) {
+        const alert = this.create(level, description);
+        return new Promise((resolve, reject) => {
+            try {
+                // Ensure the alert is written as a single packet
+                socket.cork();
+                const writeSuccessful = socket.write(alert, (err) => {
+                    if (err) {
+                        reject(err);
+                        return;
+                    }
+                    if (closeAfterSend) {
+                        setTimeout(() => {
+                            socket.end();
+                            resolve();
+                        }, closeDelay);
+                    }
+                    else {
+                        resolve();
+                    }
+                });
+                socket.uncork();
+                // If write wasn't successful immediately, wait for drain
+                if (!writeSuccessful && !closeAfterSend) {
+                    socket.once('drain', () => {
+                        resolve();
+                    });
+                }
+            }
+            catch (err) {
+                reject(err);
+            }
+        });
+    }
+    /**
+     * Pre-defined TLS alert messages
+     */
+    static { this.alerts = {
+        // Warning level alerts
+        closeNotify: TlsAlert.createWarning(TlsAlert.CLOSE_NOTIFY),
+        unsupportedExtension: TlsAlert.createWarning(TlsAlert.UNSUPPORTED_EXTENSION),
+        certificateRequired: TlsAlert.createWarning(TlsAlert.CERTIFICATE_REQUIRED),
+        unrecognizedName: TlsAlert.createWarning(TlsAlert.UNRECOGNIZED_NAME),
+        noRenegotiation: TlsAlert.createWarning(TlsAlert.NO_RENEGOTIATION),
+        userCanceled: TlsAlert.createWarning(TlsAlert.USER_CANCELED),
+        // Warning level alerts for session resumption
+        certificateExpiredWarning: TlsAlert.createWarning(TlsAlert.CERTIFICATE_EXPIRED),
+        handshakeFailureWarning: TlsAlert.createWarning(TlsAlert.HANDSHAKE_FAILURE),
+        insufficientSecurityWarning: TlsAlert.createWarning(TlsAlert.INSUFFICIENT_SECURITY),
+        // Fatal level alerts
+        unexpectedMessage: TlsAlert.createFatal(TlsAlert.UNEXPECTED_MESSAGE),
+        badRecordMac: TlsAlert.createFatal(TlsAlert.BAD_RECORD_MAC),
+        recordOverflow: TlsAlert.createFatal(TlsAlert.RECORD_OVERFLOW),
+        handshakeFailure: TlsAlert.createFatal(TlsAlert.HANDSHAKE_FAILURE),
+        badCertificate: TlsAlert.createFatal(TlsAlert.BAD_CERTIFICATE),
+        certificateExpired: TlsAlert.createFatal(TlsAlert.CERTIFICATE_EXPIRED),
+        certificateUnknown: TlsAlert.createFatal(TlsAlert.CERTIFICATE_UNKNOWN),
+        illegalParameter: TlsAlert.createFatal(TlsAlert.ILLEGAL_PARAMETER),
+        unknownCA: TlsAlert.createFatal(TlsAlert.UNKNOWN_CA),
+        accessDenied: TlsAlert.createFatal(TlsAlert.ACCESS_DENIED),
+        decodeError: TlsAlert.createFatal(TlsAlert.DECODE_ERROR),
+        decryptError: TlsAlert.createFatal(TlsAlert.DECRYPT_ERROR),
+        protocolVersion: TlsAlert.createFatal(TlsAlert.PROTOCOL_VERSION),
+        insufficientSecurity: TlsAlert.createFatal(TlsAlert.INSUFFICIENT_SECURITY),
+        internalError: TlsAlert.createFatal(TlsAlert.INTERNAL_ERROR),
+        unrecognizedNameFatal: TlsAlert.createFatal(TlsAlert.UNRECOGNIZED_NAME),
+    }; }
+    /**
+     * Utility method to send a warning-level unrecognized_name alert
+     * Specifically designed for SNI issues to encourage the client to retry with SNI
+     *
+     * @param socket The socket to send the alert to
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static async sendSniRequired(socket) {
+        return this.send(socket, this.LEVEL_WARNING, this.UNRECOGNIZED_NAME);
+    }
+    /**
+     * Utility method to send a close_notify alert and close the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static async sendCloseNotify(socket, closeDelay = 200) {
+        return this.send(socket, this.LEVEL_WARNING, this.CLOSE_NOTIFY, true, closeDelay);
+    }
+    /**
+     * Utility method to send a certificate_expired alert to force new TLS session
+     *
+     * @param socket The socket to send the alert to
+     * @param fatal Whether to send as a fatal alert (default: false)
+     * @param closeAfterSend Whether to close the connection after sending the alert (default: true)
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 200ms)
+     * @returns Promise that resolves when the alert has been sent
+     */
+    static async sendCertificateExpired(socket, fatal = false, closeAfterSend = true, closeDelay = 200) {
+        const level = fatal ? this.LEVEL_FATAL : this.LEVEL_WARNING;
+        return this.send(socket, level, this.CERTIFICATE_EXPIRED, closeAfterSend, closeDelay);
+    }
+    /**
+     * Send a sequence of alerts to force SNI from clients
+     * This combines multiple alerts to ensure maximum browser compatibility
+     *
+     * @param socket The socket to send the alerts to
+     * @returns Promise that resolves when all alerts have been sent
+     */
+    static async sendForceSniSequence(socket) {
+        try {
+            // Send unrecognized_name (warning)
+            socket.cork();
+            socket.write(this.alerts.unrecognizedName);
+            socket.uncork();
+            // Give the socket time to send the alert
+            return new Promise((resolve) => {
+                setTimeout(resolve, 50);
+            });
+        }
+        catch (err) {
+            return Promise.reject(err);
+        }
+    }
+    /**
+     * Send a fatal level alert that immediately terminates the connection
+     *
+     * @param socket The socket to send the alert to
+     * @param description Alert description code
+     * @param closeDelay Milliseconds to wait before closing the connection (default: 100ms)
+     * @returns Promise that resolves when the alert has been sent and the connection closed
+     */
+    static async sendFatalAndClose(socket, description, closeDelay = 100) {
+        return this.send(socket, this.LEVEL_FATAL, description, true, closeDelay);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGxzLWFsZXJ0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvdGxzL2FsZXJ0cy90bHMtYWxlcnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxrQkFBa0IsQ0FBQztBQUM1QyxPQUFPLEVBQUUsYUFBYSxFQUFFLG1CQUFtQixFQUFFLFVBQVUsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBRXZGOztHQUVHO0FBQ0gsTUFBTSxPQUFPLFFBQVE7SUFDbkIscUNBQXFDO2FBQ3JCLGtCQUFhLEdBQUcsYUFBYSxDQUFDLE9BQU8sQ0FBQzthQUN0QyxnQkFBVyxHQUFHLGFBQWEsQ0FBQyxLQUFLLENBQUM7SUFFbEQsMkNBQTJDO2FBQzNCLGlCQUFZLEdBQUcsbUJBQW1CLENBQUMsWUFBWSxDQUFDO2FBQ2hELHVCQUFrQixHQUFHLG1CQUFtQixDQUFDLGtCQUFrQixDQUFDO2FBQzVELG1CQUFjLEdBQUcsbUJBQW1CLENBQUMsY0FBYyxDQUFDO2FBQ3BELHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELG9CQUFlLEdBQUcsbUJBQW1CLENBQUMsZUFBZSxDQUFDO2FBQ3RELDBCQUFxQixHQUFHLG1CQUFtQixDQUFDLHFCQUFxQixDQUFDO2FBQ2xFLHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELG1CQUFjLEdBQUcsbUJBQW1CLENBQUMsY0FBYyxDQUFDO2FBQ3BELG9CQUFlLEdBQUcsbUJBQW1CLENBQUMsZUFBZSxDQUFDO2FBQ3RELDRCQUF1QixHQUFHLG1CQUFtQixDQUFDLHVCQUF1QixDQUFDO2FBQ3RFLHdCQUFtQixHQUFHLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDO2FBQzlELHdCQUFtQixHQUFHLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDO2FBQzlELHdCQUFtQixHQUFHLG1CQUFtQixDQUFDLG1CQUFtQixDQUFDO2FBQzlELHNCQUFpQixHQUFHLG1CQUFtQixDQUFDLGlCQUFpQixDQUFDO2FBQzFELGVBQVUsR0FBRyxtQkFBbUIsQ0FBQyxVQUFVLENBQUM7YUFDNUMsa0JBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLENBQUM7YUFDbEQsaUJBQVksR0FBRyxtQkFBbUIsQ0FBQyxZQUFZLENBQUM7YUFDaEQsa0JBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLENBQUM7YUFDbEQsdUJBQWtCLEdBQUcsbUJBQW1CLENBQUMsa0JBQWtCLENBQUM7YUFDNUQscUJBQWdCLEdBQUcsbUJBQW1CLENBQUMsZ0JBQWdCLENBQUM7YUFDeEQsMEJBQXFCLEdBQUcsbUJBQW1CLENBQUMscUJBQXFCLENBQUM7YUFDbEUsbUJBQWMsR0FBRyxtQkFBbUIsQ0FBQyxjQUFjLENBQUM7YUFDcEQsMkJBQXNCLEdBQUcsbUJBQW1CLENBQUMsc0JBQXNCLENBQUM7YUFDcEUsa0JBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLENBQUM7YUFDbEQscUJBQWdCLEdBQUcsbUJBQW1CLENBQUMsZ0JBQWdCLENBQUM7YUFDeEQsc0JBQWlCLEdBQUcsbUJBQW1CLENBQUMsaUJBQWlCLENBQUM7YUFDMUQsMEJBQXFCLEdBQUcsbUJBQW1CLENBQUMscUJBQXFCLENBQUM7YUFDbEUseUJBQW9CLEdBQUcsbUJBQW1CLENBQUMsb0JBQW9CLENBQUM7YUFDaEUsc0JBQWlCLEdBQUcsbUJBQW1CLENBQUMsaUJBQWlCLENBQUM7YUFDMUQsb0NBQStCLEdBQUcsbUJBQW1CLENBQUMsK0JBQStCLENBQUM7YUFDdEYsK0JBQTBCLEdBQUcsbUJBQW1CLENBQUMsMEJBQTBCLENBQUM7YUFDNUUseUJBQW9CLEdBQUcsbUJBQW1CLENBQUMsb0JBQW9CLENBQUM7YUFDaEUsNkJBQXdCLEdBQUcsbUJBQW1CLENBQUMsd0JBQXdCLENBQUM7YUFDeEUsNEJBQXVCLEdBQUcsbUJBQW1CLENBQUMsdUJBQXVCLENBQUM7SUFFdEY7Ozs7Ozs7T0FPRztJQUNILE1BQU0sQ0FBQyxNQUFNLENBQ1gsS0FBYSxFQUNiLFdBQW1CLEVBQ25CLGFBQStCLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRTNFLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQztZQUNqQixJQUFJLEVBQUUsb0JBQW9CO1lBQzFCLFVBQVUsQ0FBQyxDQUFDLENBQUM7WUFDYixVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQUUsMkNBQTJDO1lBQzFELElBQUk7WUFDSixJQUFJLEVBQUUsU0FBUztZQUNmLEtBQUssRUFBRSxjQUFjO1lBQ3JCLFdBQVcsRUFBRSxvQkFBb0I7U0FDbEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsTUFBTSxDQUFDLGFBQWEsQ0FBQyxXQUFtQjtRQUN0QyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGFBQWEsRUFBRSxXQUFXLENBQUMsQ0FBQztJQUN0RCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxNQUFNLENBQUMsV0FBVyxDQUFDLFdBQW1CO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FDZixNQUEwQixFQUMxQixLQUFhLEVBQ2IsV0FBbUIsRUFDbkIsaUJBQTBCLEtBQUssRUFDL0IsYUFBcUIsR0FBRztRQUV4QixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxXQUFXLENBQUMsQ0FBQztRQUU5QyxPQUFPLElBQUksT0FBTyxDQUFPLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQzNDLElBQUksQ0FBQztnQkFDSCxpREFBaUQ7Z0JBQ2pELE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDZCxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO29CQUNsRCxJQUFJLEdBQUcsRUFBRSxDQUFDO3dCQUNSLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQzt3QkFDWixPQUFPO29CQUNULENBQUM7b0JBRUQsSUFBSSxjQUFjLEVBQUUsQ0FBQzt3QkFDbkIsVUFBVSxDQUFDLEdBQUcsRUFBRTs0QkFDZCxNQUFNLENBQUMsR0FBRyxFQUFFLENBQUM7NEJBQ2IsT0FBTyxFQUFFLENBQUM7d0JBQ1osQ0FBQyxFQUFFLFVBQVUsQ0FBQyxDQUFDO29CQUNqQixDQUFDO3lCQUFNLENBQUM7d0JBQ04sT0FBTyxFQUFFLENBQUM7b0JBQ1osQ0FBQztnQkFDSCxDQUFDLENBQUMsQ0FBQztnQkFDSCxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBRWhCLHlEQUF5RDtnQkFDekQsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO29CQUN4QyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUU7d0JBQ3hCLE9BQU8sRUFBRSxDQUFDO29CQUNaLENBQUMsQ0FBQyxDQUFDO2dCQUNMLENBQUM7WUFDSCxDQUFDO1lBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztnQkFDYixNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDZCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7YUFDYSxXQUFNLEdBQUc7UUFDdkIsdUJBQXVCO1FBQ3ZCLFdBQVcsRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDMUQsb0JBQW9CLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMscUJBQXFCLENBQUM7UUFDNUUsbUJBQW1CLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsb0JBQW9CLENBQUM7UUFDMUUsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDcEUsZUFBZSxFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDO1FBQ2xFLFlBQVksRUFBRSxRQUFRLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFFNUQsOENBQThDO1FBQzlDLHlCQUF5QixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLG1CQUFtQixDQUFDO1FBQy9FLHVCQUF1QixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO1FBQzNFLDJCQUEyQixFQUFFLFFBQVEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDO1FBRW5GLHFCQUFxQjtRQUNyQixpQkFBaUIsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxrQkFBa0IsQ0FBQztRQUNwRSxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO1FBQzNELGNBQWMsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQUM7UUFDOUQsZ0JBQWdCLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsaUJBQWlCLENBQUM7UUFDbEUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FBQztRQUM5RCxrQkFBa0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUN0RSxrQkFBa0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxtQkFBbUIsQ0FBQztRQUN0RSxnQkFBZ0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxpQkFBaUIsQ0FBQztRQUNsRSxTQUFTLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDO1FBQ3BELFlBQVksRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7UUFDMUQsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQztRQUN4RCxZQUFZLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDO1FBQzFELGVBQWUsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQztRQUNoRSxvQkFBb0IsRUFBRSxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQztRQUMxRSxhQUFhLEVBQUUsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDO1FBQzVELHFCQUFxQixFQUFFLFFBQVEsQ0FBQyxXQUFXLENBQUMsUUFBUSxDQUFDLGlCQUFpQixDQUFDO0tBQ3hFLENBQUM7SUFFRjs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxNQUEwQjtRQUNyRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDdkUsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLE1BQTBCLEVBQUUsYUFBcUIsR0FBRztRQUMvRSxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLElBQUksQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLFlBQVksRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FDakMsTUFBMEIsRUFDMUIsUUFBaUIsS0FBSyxFQUN0QixpQkFBMEIsSUFBSSxFQUM5QixhQUFxQixHQUFHO1FBRXhCLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQztRQUM1RCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssRUFBRSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsY0FBYyxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ3hGLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLE1BQTBCO1FBQzFELElBQUksQ0FBQztZQUNILG1DQUFtQztZQUNuQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDZCxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztZQUMzQyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7WUFFaEIseUNBQXlDO1lBQ3pDLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtnQkFDN0IsVUFBVSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQztZQUMxQixDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsT0FBTyxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQzVCLE1BQTBCLEVBQzFCLFdBQW1CLEVBQ25CLGFBQXFCLEdBQUc7UUFFeEIsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsV0FBVyxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDNUUsQ0FBQyJ9

package/dist_ts/tls/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * TLS module providing SNI extraction, TLS alerts, and other TLS-related utilities
+ */
+export * from './alerts/tls-alert.js';
+export * from './sni/sni-handler.js';
+export * from './sni/sni-extraction.js';
+export * from './sni/client-hello-parser.js';
+export * from './utils/tls-utils.js';
+import { SniHandler } from './sni/sni-handler.js';
+import { SniExtraction } from './sni/sni-extraction.js';
+import { ClientHelloParser } from './sni/client-hello-parser.js';
+export declare const SNI: {
+    Handler: typeof SniHandler;
+    Extraction: typeof SniExtraction;
+    Parser: typeof ClientHelloParser;
+    extractSNI: typeof SniHandler.extractSNI;
+    processTlsPacket: typeof SniHandler.processTlsPacket;
+};

package/dist_ts/tls/index.js

@@ -0,0 +1,27 @@
+/**
+ * TLS module providing SNI extraction, TLS alerts, and other TLS-related utilities
+ */
+// Export TLS alert functionality
+export * from './alerts/tls-alert.js';
+// Export SNI handling
+export * from './sni/sni-handler.js';
+export * from './sni/sni-extraction.js';
+export * from './sni/client-hello-parser.js';
+// Export TLS utilities
+export * from './utils/tls-utils.js';
+// Create a namespace for SNI utilities
+import { SniHandler } from './sni/sni-handler.js';
+import { SniExtraction } from './sni/sni-extraction.js';
+import { ClientHelloParser } from './sni/client-hello-parser.js';
+// Export utility objects for convenience
+export const SNI = {
+    // Main handler class (for backward compatibility)
+    Handler: SniHandler,
+    // Utility classes
+    Extraction: SniExtraction,
+    Parser: ClientHelloParser,
+    // Convenience functions
+    extractSNI: SniHandler.extractSNI,
+    processTlsPacket: SniHandler.processTlsPacket,
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy90bHMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7O0dBRUc7QUFFSCxpQ0FBaUM7QUFDakMsY0FBYyx1QkFBdUIsQ0FBQztBQUV0QyxzQkFBc0I7QUFDdEIsY0FBYyxzQkFBc0IsQ0FBQztBQUNyQyxjQUFjLHlCQUF5QixDQUFDO0FBQ3hDLGNBQWMsOEJBQThCLENBQUM7QUFFN0MsdUJBQXVCO0FBQ3ZCLGNBQWMsc0JBQXNCLENBQUM7QUFFckMsdUNBQXVDO0FBQ3ZDLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRCxPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDeEQsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sOEJBQThCLENBQUM7QUFFakUseUNBQXlDO0FBQ3pDLE1BQU0sQ0FBQyxNQUFNLEdBQUcsR0FBRztJQUNqQixrREFBa0Q7SUFDbEQsT0FBTyxFQUFFLFVBQVU7SUFFbkIsa0JBQWtCO0lBQ2xCLFVBQVUsRUFBRSxhQUFhO0lBQ3pCLE1BQU0sRUFBRSxpQkFBaUI7SUFFekIsd0JBQXdCO0lBQ3hCLFVBQVUsRUFBRSxVQUFVLENBQUMsVUFBVTtJQUNqQyxnQkFBZ0IsRUFBRSxVQUFVLENBQUMsZ0JBQWdCO0NBQzlDLENBQUMifQ==

package/dist_ts/tls/sni/client-hello-parser.d.ts

@@ -0,0 +1,100 @@
+import { Buffer } from 'buffer';
+/**
+ * Interface for logging functions used by the parser
+ */
+export type LoggerFunction = (message: string) => void;
+/**
+ * Result of a session resumption check
+ */
+export interface SessionResumptionResult {
+    isResumption: boolean;
+    hasSNI: boolean;
+}
+/**
+ * Information about parsed TLS extensions
+ */
+export interface ExtensionInfo {
+    type: number;
+    length: number;
+    data: Buffer;
+}
+/**
+ * Result of a ClientHello parse operation
+ */
+export interface ClientHelloParseResult {
+    isValid: boolean;
+    version?: [number, number];
+    random?: Buffer;
+    sessionId?: Buffer;
+    hasSessionId: boolean;
+    cipherSuites?: Buffer;
+    compressionMethods?: Buffer;
+    extensions: ExtensionInfo[];
+    serverNameList?: string[];
+    hasSessionTicket: boolean;
+    hasPsk: boolean;
+    hasEarlyData: boolean;
+    error?: string;
+}
+/**
+ * Fragment tracking information
+ */
+export interface FragmentTrackingInfo {
+    buffer: Buffer;
+    timestamp: number;
+    connectionId: string;
+}
+/**
+ * Class for parsing TLS ClientHello messages
+ */
+export declare class ClientHelloParser {
+    private static fragmentedBuffers;
+    private static fragmentTimeout;
+    /**
+     * Clean up expired fragments
+     */
+    private static cleanupExpiredFragments;
+    /**
+     * Handles potential fragmented ClientHello messages by buffering and reassembling
+     * TLS record fragments that might span multiple TCP packets.
+     *
+     * @param buffer The current buffer fragment
+     * @param connectionId Unique identifier for the connection
+     * @param logger Optional logging function
+     * @returns A complete buffer if reassembly is successful, or undefined if more fragments are needed
+     */
+    static handleFragmentedClientHello(buffer: Buffer, connectionId: string, logger?: LoggerFunction): Buffer | undefined;
+    /**
+     * Parses a TLS ClientHello message and extracts all components
+     *
+     * @param buffer The buffer containing the ClientHello message
+     * @param logger Optional logging function
+     * @returns Parsed ClientHello or undefined if parsing failed
+     */
+    static parseClientHello(buffer: Buffer, logger?: LoggerFunction): ClientHelloParseResult;
+    /**
+     * Parses the server name extension data and extracts hostnames
+     *
+     * @param data Extension data buffer
+     * @param serverNames Array to populate with found server names
+     * @param logger Optional logging function
+     * @returns true if parsing succeeded
+     */
+    private static parseServerNameExtension;
+    /**
+     * Determines if a ClientHello contains session resumption indicators
+     *
+     * @param buffer The ClientHello buffer
+     * @param logger Optional logging function
+     * @returns Session resumption result
+     */
+    static hasSessionResumption(buffer: Buffer, logger?: LoggerFunction): SessionResumptionResult;
+    /**
+     * Checks if a ClientHello appears to be from a tab reactivation
+     *
+     * @param buffer The ClientHello buffer
+     * @param logger Optional logging function
+     * @returns true if it appears to be a tab reactivation
+     */
+    static isTabReactivationHandshake(buffer: Buffer, logger?: LoggerFunction): boolean;
+}